[Desktop] Is my data stored locally unencrypted by Cryptomator?

tl;dr

No.


Longer Answer

There are several posts about optimizing storage when using Cryptomator or concerns about seeing your data unencrypted in the systems default file browser. To address these questions and concerns, we want to share a more hidden fact about Cryptomator.

Cryptomator never stores data inside a vault unencrypted.* It only decrypts on-the-fly, i.e. only on request. As soon as the data is moved into your vault, on your hard drive/cloud storage only the encrypted data is stored. Your data is also not duplicated and you cannot save local space by deleting/moving unencrypted data you see in your vault.

For performance reasons, Cryptomator caches data unencrypted in (volatile) RAM. But reading out this data requires significant effort and if it is possible, your whole system might already be mitigated. Additionally, local security is not the main security target of Cryptomator.

*other applications including your OS might do it nonetheless!

4 Likes

“encrypted data is stored… not duplicated”

Well, what about for files copied into vault?
There are the original files in their respective locations,
and there are the copied files.

Of course.
What’s your point? This topic is supposed to answer the question if Cryptomator (not the user) does create unencrypted versions of a file from within a vault anywhere in the vault.

© 2022 Skymatic GmbH • Privacy Policy • Impressum