Cryptomator Roadmap Early 2021

Development on Cryptomator 1.5.x is coming to an end and we are now working on the next major version 1.6.x. Read more about it in this roadmap!

This is a companion discussion topic for the original entry at

Any chance the vaults will accept the APFS file system? so many thing of Mac need that fs to work properly. Webdav or fuse won’t do. Please!

I assume you are asking, if Cryptomator will ever integrate an unlocked vault into macOS as an APFS volume. The answer to this question is “no”, at least for the near future. It would require a lot of work to develop such filesystem driver (not only implementing it, it needs to be rock stable) with our currently used technologies.

Ok, thank you for your answer. Do you have any idea on how to use CM with the Apple Photos database? Since fuse won’t work and WebDAV doesn’t work well. It’s the last part of the puzzle for a 100% encryption life for me.

Thank you so much

Unfortunately not, but another user reported it works with WebDAV on our Issue-Tracker:

You can ask there for more details on how or if it still works.

This might be solved once we offer encryption of extended file attributes (which we’re already actively working on.

Another interesting issue in this context might be this one (don’t know if it works yet, but we’ll give it a try):

This looks promising! I hope CM team get on this.

Yes but sooner or later it gives errors or it doesn’t load photos well. It’s not a stable solution. I have tried it.

Hello everyone, and thanks + congratulations for this amazing service!

I have an important question about vault format 8 vs. 7, that I was unable to find by browsing the web:

Last time when I converted from format 6 to 7, all the data must have been locally downloaded from the cloud for the conversion to work. this was likely because the conversion required deleting everything under the “m” folder (millions of small size files) and (if I remember correctly) some adjustments to filenames in the “D” folder.

now I am worried about what the new format conversion because my current setup uses cryptomator over icloud drive, and I only have an iPhone and and iPad (I no longer use a Mac) therefore very few files are locally downloaded, and it’s impossible to enforce full download behavior on iOS. also, the current standalone implementation of your ios app doesn’t allow batch rename of files stored in icloud drive.

my questions is, how is this conversion supposed to take place, and what would you suggest in situations like mine. is there any risk that the conversion may fail if not all files are available locally? have you provisioned a solution to start/trigger the conversion from ios for users who are not using other systems?

thank you so much and looking forward to your answer!

The upcoming vault format 8 is not different to vault format 7 in regards to the encrypted files. We will introduce a new file named vault.cryptomator, which will be the “main” file of a vault. More technical info here:

But that’s actually it. Nothing else will change. But these seemingly minor changes allows us to add “other” sources than the masterkey.cryptomator file for the key material. And also add more cipher combinations in the future.

In short, the “vault upgrade” will only create a new vault.cryptomator file and update the masterkey.cryptomator file, which won’t lead to any massive sync problems.

But can the update run via the apps? Last time the migration was done via the local app only (as far as I remember :))

Oh, fair point. We usually don’t upgrade vaults inside the mobile apps. Especially upgrading vault format 6 to 7 would’ve been problematic (as mentioned before due to the missing “batch” renames).

Currently, we don’t have plans to add an upgrade option in the mobile apps since they’re not critical for security. We might come back to it when we add new features to the mobile app that would require the newest vault format.

This souns promising, especially since the files don’t have to change.

I would like to understand better what you mean by “no plans to add upgrade option in mobile app”. It looks like the migration is simple and straight forward (take info from one file, build two files with copied content and new content) which doesn’t seem impossible to do on iOS or Android.

In case you still don’t plan to do this, I would like to understand:

  • would newer iOS apps be able to still decode legacy version 7?
  • would someone be able to copy their v7 masterkey to a temporary location on a computer (windows / mac) WITHOUT the encrypted files, open it with the win/mac cryptomator which will be able to convert to v8, take the files resulting from the conversion and put them back to where the original v7 keys were [next to encrypted data] and use the new format with the newer iOS / Android versions of cryptomator?


Our mobiles apps are compatible with multiple vault formats. If I’m not mistaken, the current iOS app still works with vault format 3. However, we’re going to bump this soon with the new iOS app, which will work with vault format 6 and higher (similar to the Android app). To answer your questions:


Actually, yes. :smiley: But only in that exact case. :wink: