Hello everyone! I recently saw your app and liked it. However, I have a few questions that I did not find in the documentation. I hope you can help me answer them.
I store encrypted files in the cloud google drive (photos, videos, documents). I use both iOS and Windows. Let’s consider the situation. I unlocked the storage and cached the video for viewing. Are files transferred encrypted when downloaded? Are the files encrypted during download? My Internet provider will not see the information that I download?
A similar situation (but for Windows). I unlocked the storage and cached files for viewing from the cloud. Is this cache encrypted? When I close the storage on Windows, but do not clear the cache, the cache will be encrypted until the next time the storage is unlocked?
A similar situation (but for iOS). When I unlock the storage on the iPhone, then without caching the file from the cloud, how I see all their video thumbnails? How does Apple see them without caching? I need to download the video to the cache first so that it can be decrypted on the device? Is that right?
the encryption and decryption always happens on your local device. So yes, data is encrypted during transfer. At no time your storage provider has access to the unencrypted data.
id like to point out the security target of Cryptomator. It is not designed to encrypt your complete local data. So no: the cache on your local machine is not encrypted by Cryptomator. Only the files in your vault are. I recommend using other solutions that are designed for local system encryption if you want to cover that. Like bitlocker or Veracrypt.
same here as in 2. but there’s a cache inside Cryptomator app so that you do not have to download files always. This cache is also not encrypted and can be cleared in the app. And if the OS is generating thumbnails (for example) of the fotos in your vault to show them in finder, then this is not encryptedby Cryptomator. As in 2: if you like to have your whole device encrypted, I recommend to activate the encryption on your iPhone.
Yes. In order to create thumbnails, iOS needs access to the file. To have access to the file, it has to be decrypted. And to be decrypted, a file needs to be local available to Cryptomator. So yes. To have thumbnails in iOS, you have to download the files.
After you’ve done that, iOS should keep the thumbnails even if you have cleared the Cryptomator cache, as iOS I managing thumbnails by its own.
Thanks for the detailed answers! I didn’t quite understand the answer about the cache for iOS. It turns out that the cache for Windows is not encrypted, but for iOS it is? Or the cache for iOS also stored unencrypted even when the storage is closed?
For example, if my iPhone backed up the cryptomator application (and the application had a cache), will this cache be transferred to iCloud unencrypted?
I apologize again for disturbing you, but I also didn’t understand your answer on the second question. I understand that the cache after downloading from the cloud (for example, OneDrive on Windows) is on my PC in encrypted form. When I unlock the storage, all my files are visible in decrypted form on the virtual disk, I also understand this. However, when I lock the storage, these downloaded files in decrypted form go back to encrypted form and there is no way to access them until the next time the storage is unlocked, am I right? They will remain available only in the OneDrive cache in encrypted form? Is the cache decrypted only after the storage is unlocked and encrypted back after it is locked?
You are talking about different caches here. The OneDrive sync app caches files that are stored in OneDrive. And these are encrypted vault files. The windows cache might cache information about files. For example which word document you have opened last, including the File name. So this information is not encrypted on your local device anymore but still remains encrypted on your cloud storage. Of course if you want to access this file again, and have your vault locked, you’ll get a „file not available“ message. It’s the same when iOS creates thumbnails of pictures once they were opened and cached by the local OS.
iOS cryptomator app cache is excluded from iCloud backup as it is not encrypted. Please not that I have edited my original post because I made a mistake by noting that is was encrypted. I’m sorry. This might interest you. Exclude cache from iCloud backup · Issue #139 · cryptomator/ios · GitHub