Feature request: reverse encryption?

Wondering if its possible to have feature to take a unencrypted directory with contents and mount to a mount point where the target contents are encrypted on the fly. Encfs has the -reverse flag that does this. Its great if you want to store everything natively unecrypted on your local disks, but sync an encrypted “view” to the cloud without having to duplicate the contents.

1 Like

Is there a plan to offer reverse mode?

On my company we are evaluating Cryptomator and since version 1.4 (beta) with the FUSE mode it seems promising.

However lot’s of our data are on already system wide encrypted drives and first we wanted to use Cryptomator as a backup solution. However we don’t want to be dependent on Cryptomator as a component internally and it makes no sense to re-encrypt all of our data but we would be happy to use Cryptomator for all cloud things.

A reverse mode like encfs offers would be ideal for backup purposes. Are there any plans to support this?

hi @therealmarv!

I totally get your point and actually we’re currently evaluating if we can provide a solution that encrypts only when pushing data to the cloud and not locally. The working title of this solution is Defendor and you can think of it as a gateway between your clients and your cloud storage. Everything that passes through it will get encrypted, but your clients only handle decrypted data.

See how security mechanisms are chained at defendor.skymatic.de.

This is an early stage, but we have the tech and knowledge and have successfully implemented an internal prototype. So if you have any thoughts on it, please feel free to share them.



So currently we would need a whole cloud server infra just to get the reverse mount.
From a home user point of view, being able to mount an encrypted view (drive) from a plaintext physical media would be a great and simple way to have promptly available and fast access to my files, while the cloud sync program can slowly backup or update the encrypted mountpoint.
Cryptomator already has all the features needed for this, with the only exception being how to pass the encripted key and vault settings trough the cloud filesystem so one could mount the vault in another PC.
Can you please reconsider adding this feature?
It’s being on my wishlist for a long time, but only when I had to deal with several gigs of files and saw my SSD behaving like an old HD due to CPU throttle that I decided to post a request. But akch got here first.