Decrypting Single Files

Good evening!

I’ve recently discovered Cryptomator and I’ve been using it in conjunction with Cyberduck to have an encrypted vault in Google Drive. I’d like to commend you for making such a fantastic piece of software completely free and open source.

In any case, I’m having an issue that I’ve not been able to solve by myself and thus I’m taking to this forum in the hopes of solving it.

One of the key benefits of using Google cloud drives is that you can easily share files with contributors or external parties simply by selecting Share, either in the web panel or directly through Cyberduck.

However, the issue is of course, since the file is encrypted and the user must have a means of decrypting it. Is there a way I could have for them to easily decrypt that single file, without having to give them access to the entire vault or having to install Cryptomator on their end, just to decrypt one file?

While researching possible solutions, I discovered this thread, in which someone had much the same issue, and attempted to follow the instructions. This seemed very promising to me and would have been able to do what I’m looking for, however my efforts were thwarted by this Sanitizer software not supporting the latest vault format (v7).

From what I understand, this would have been perfect for my use case. I could have sent my contributors a link to this one .jar file along with the vault password and they would have been able to decrypt the file, without having given them full access to the Vault or having to install Cyberduck or Cryptomator.

Thus, I’d like to ask for support for this latest vault format to be added to this tool. It appears I’m not alone in this request (Incidentally, someone mentions being able to decrypt still using a backup key file, but I was not able to do so).

Or at the very least an easy way of decrypting single files, without having to install the full version of Cryptomator to accomplish this, preferably through a small external executable, with which you could drag the encrypted file to, it would prompt for the password, and spit out the decrypted version.

Thank you very much for your attention and the continued efforts with this software.

1 Like

Welcome to the Cryptomator community :slight_smile:

The bad news:

As you already found out by yourself, the linked workaround can’t be used currently.

The good news:

You are really not the only one asking for an updated sanitizer^^ There were already a bunch of request in the forum. The pressure is rising :smile:

Right now I can only point you to a workaround: Use an encrypted zip file for sharing, i.e. zip and encrypt the targeted file to the “normal” google drive storage and share it. The benefit of such an approach is that you do not have to disclose your vault password. On the other hand, you must manually update it.

If this is a good/easy/etc workaround is on a different note, but from my point of view it is at least feasible, since zip-archives are quite common.

Thank you for the prompt response.

That workaround assumes you currently have access to the local files to upload a new copy, as opposed to just access to the remote drive though. Being able to decrypt a previously uploaded file on demand would be extremely useful. I really hope support is added for the new vault type is added soon.

Upon further research I’ve discovered this project that does appear to be able to decrypt v7 Vaults. But rather than allowing for single file decryption it instead hosts a web server to expose the contents of the vault?

Surely it shouldn’t be too difficult to link the required dependencies to the Sanitizer or add functionality to this Cryptomator CLI to simply decrypt the files locally?