I wanted to Encrypt my USB Drive with Good Encryption.
I was looking for an application which can support both Windows & Android and CryptoMator was the one.
In Android Application when I insert my Type C USB Drive to my Phone and Create a Vault & Encrypt files using CryptoMator in External Storage ( USB Drive ).
The problem I found here was when encryption/decryption happens, it is using the Internal Storage for storing the temporary files ( which causes security issues in my case ) and later after decryption it looks like it is moving the files to External Storage folder.
Here I observed large amount of increase in space in internal storage, later post decryption the internal storage came back to normal.
Temp Path : /data/user/0/org.cryptomator/cache/decrypted/ ( I found this from the ref link )
When Encrypting External Type C USB Drive/Memory Card in Android either the temp files should be pointed under external USB itself and not Androids Internal Storage.
I know androids sand box model will not allow accessing but still if the files cache leak or for what so ever reason decryption fails or anything, the files may stay in the Internal Storage.
My Point here is when using external storage as vault for encryption why to encrypt/decrypt at Internal Storage Temp Path and later transfer it to External Storage where as it indeed can be set to External Storage ( the whole purpose is that, why to use internal )
If there can be an option to set the Temp Path it would really be grateful for me.
This would give an extra advantage and security feature for those who need It.
I hope this request can be taken into consideration in next coming build.
( I insert USB into Android phone, Create a Vault, Encrypt few files from the same USB and decrypt if needed. I don’t want CryptoMator to use my files in Internal Storage at any cost, Only want External Storage for everything. I hope you get my point. - Focus is only for External Storage / External SD Card
Please let me know if you did not understand. )
Reference 1 : How to get access to a vault stored on external device like SD card
Reference 2 : Local data storage & security (Android App) - #2 by SailReal
Hey and welcome to the Cryptomator Community ,
As much as I understand your feature request from a storage perspective, e.g. if internal storage is limited and external not so much, I do not understand the security benefit. Could you please explain?
Also, how exactly would this feature work if you have multiple external storages, should the user still choose one or should they use the one where the vault is located?
Hi thanks for reading my request.
My Main focus is only with External Storages, I have multiple External Storage Devices with some sensitive data. This External Storage Devices will be shared with few people around me.
There are chances that their mobiles can be rooted ( Although I’m fine with it ).
But In my case, I don’t want the sensitive files work around in Internal Storage and want every action performed only in the External Storage.
Coming to the 2nd Point, Yes if there are multiple external storages, the user should choose only where the vault is located. But, yes if you can give the option to set, then any option is fine, either choose one default location / set the path or they can choose where the vault is located. These both options sounds good.
or you can also set an option “Use External Storage for every thing”, Enabling this option should not only force app to completely use External Storage but also disable export option to Internal Storage and enable only export under External Storage. [ This disable part can be skipped, Just an Idea ].
But atleast request you to please implement the path option / set path where vault is located i.e., by default for external devices it should use external storage itself for temporary files.
Thanks for your time .
Can you please let me know if it will be possible for you to implement this feature request? i.e., Temp files for external storage should be used with in external storage itself for the vaults under external storage.
Can you please let me know if this can be implemented?
It is quite likely that we will implement and support this in the future, from my point of view more for storage reasons, the general security benefit of this I haven’t really understood yet, but the possible larger storage space is reason enough. Unfortunately, this is not a feature that we will be addressing in the near future, unless someone in the community gets ahead of us and implements it.
So that the feature request doesn’t get lost, it would be great if you could create it in our issue tracker. if not, I can do that too: Create new Issue in GitHub
Thankyou for your kind response, i dont know how to create this. Can you please create it on my behalf.
SD cards are easier to shred in accordance of the highest levels of data destruction requirements/data handling legislation. They are also far easier to use to maintain a clear chain of custody. COTS cards offer larger storage targets than most reasonably priced phone’s onboard capacity. All points are critical to various scenarios when handling sensitive data of unknown file size(s). See attached; video is a form of media accepted by most, if not all, judicial systems.
Please confirm when this basic functionality will be enabled.