I’ve been using Cryptomator for four months now, and it’s been a wonderful experience. I have no corrupted files, I’m just curious about what the recovery process would be should I ever run into such an issue.
Let’s say I have a Cryptomator vault stored on external media. I mount the vault and add a file named Image.jpg. As a result of a single-event upset, a bit is flipped as (or after) the encrypted version of the file is being written to the disk. This means that on any subsequent decryption attempt of Image.jpg, the checksum match fails. By design, Cryptomator will show that the file exists, but will not read the mismatched file: there’s always the possibility that the file was tampered with maliciously. All other files which pass the checksum match can still be read as normal (a major security advantage of file-based encryption over monolithic vaults like VeraCrypt).
I have tested the behavior described above by intentionally modifying a single character of an encrypted file in Notepad++. My question is: how would I go about recovering Image.jpg? The vault health check in the Windows client reports no errors. The sanitizer hasn’t been updated in two years and doesn’t seem to work with the latest vault format (Exception in thread “main” java.lang.IllegalArgumentException: Unsupported vault version 999).
If the header was corrupted the file would understandably be unrecoverable, but this is statistically unlikely with a 5 MB JPG. A single bit flip in an unencrypted image of this size would probably not even be noticeable in most cases. For the record, I do keep backups. But still, is there any way to attempt a recovery of a file like this?