cryptomator

Cryptomator for Windows, macOS, and Linux: Secure client-side encryption for your cloud storage, ensuring privacy and control over your data.

11854
1029
Java

cryptomator

Build
Known Vulnerabilities
Quality Gate Status
Twitter
Crowdin
Latest Release
Community

Supporting Cryptomator

Cryptomator is provided free of charge as an open-source project despite the high development effort and is therefore dependent on donations. If you are also interested in further development, we offer you the opportunity to support us:

Gold Sponsors

Become our Gold Sponsor and showcase your brand to a targeted audience! Please contact us if you are interested.

Silver Sponsors

gee-whiz Route4Me

Special Shoutout

Continuous integration hosting for ARM64 builds is provided by MacStadium.

MacStadium


Introduction

Cryptomator offers multi-platform transparent client-side encryption of your files in the cloud.

Download native binaries of Cryptomator on cryptomator.org or clone and build Cryptomator using Maven (instructions below).

Features

  • Works with Dropbox, Google Drive, OneDrive, MEGA, pCloud, ownCloud, Nextcloud and any other cloud storage service which synchronizes with a local directory
  • Open Source means: No backdoors, control is better than trust
  • Client-side: No accounts, no data shared with any online service
  • Totally transparent: Just work on the virtual drive as if it were a USB flash drive
  • AES encryption with 256-bit key length
  • File names get encrypted
  • Folder structure gets obfuscated
  • Use as many vaults in your Dropbox as you want, each having individual passwords
  • Four thousand commits for the security of your data!! 🎉

Privacy

  • 256-bit keys (unlimited strength policy bundled with native binaries)
  • Scrypt key derivation
  • Cryptographically secure random numbers for salts, IVs and the masterkey of course
  • Sensitive data is wiped from the heap asap
  • Lightweight: Complexity kills security

Consistency

  • Authenticated encryption is used for file content to recognize changed ciphertext before decryption
  • I/O operations are transactional and atomic, if the filesystems support it
  • Each file contains all information needed for decryption (except for the key of course), no common metadata means no SPOF

Security Architecture

For more information on the security details visit cryptomator.org.

Building

Dependencies

  • JDK 22 (e.g. temurin, zulu)
  • Maven 3

Run Maven

mvn clean install
# or mvn clean install -Pwin
# or mvn clean install -Pmac
# or mvn clean install -Plinux

This will build all the jars and bundle them together with their OS-specific dependencies under target. This can now be used to build native packages.

License

This project is dual-licensed under the GPLv3 for FOSS projects as well as a commercial license for independent software vendors and resellers. If you want to modify this application under different conditions, feel free to contact our support team.