First off: thanks for making Cryptomator!
To know where I’m coming from: I already used a home-grown solution similar to Crytomator for quite a few years now on my Windows machines. I have a Python script that uses Veracrypt and junction.exe to have double-clickable “.encfol” files (actually Veracrypt volume files). When you double-click them, the script asks for the volume password, finds a free drive letter to mount the volume on, calls junction.exe to make a same-named folder junction to that drive (next to the activated .encfol file itself), and finally opens that folder too (with some optional custom menu support baked in). I use this a lot for my freelance development work; each project gets it’s own vault to not have all the sensitive data from all my clients in plaintext on my machine all at once when I need to work on something. And I also have separate vaults for my Thunderbird mail folder, a vault with all license keys, one with my website subscriber’s info, one with sensitive private info, etc.
Rather similar and just as secure, but since Veracrypt volumes are fixed-size, it is quite a nuisance to manage the ever-changing volume sizes. The script does suggest automatically resizing the volume when closing the vault when it’s free space gets above/below certain limits, but that involves setting up a new volume, formatting it, mounting it in parallel, copying over the content (robocopy) and then verifying the copy was OK (winmerge), all with lots of non-suppressible prompts from the used apps.
All that is now history for me with automatically resizing Cryptomator vaults – again, thank you, and my donation has already been made
Though I do miss some of the functionality I have with my own custom solution… Maybe some of it is worth adding to Cryptomator?
- When unlocking a vault, my script mounts it onto the highest available drive letter instead of the lowest. This because the lowest ones are also used by USB devices, and I have Sandboxie configured to force-start everything from the first few drive letters in a sandbox because of this. With Cryptomator I can assign a drive letter to each vault, but I have dozens of vaults, so clashes are bound to happen that way. (Then again the drive letter is just an intermediate step for my script; with Cryptomator I will mount directly into dedicated folders anyway).
- When my script makes the folder junction, it doesn’t require that an empty folder already be present at that location; it automatically creates the designated folder if it is missing. This might be a nice addition that shouldn’t have any drawbacks I think?
- Since my “vaults” are single (Veracrypt) files I give them a dedicated file extension and associated my script+icon with that, so that I can just double-click them to open them. You can also double-click the masterkey file in Cryptomator vaults, but that only adds the vault to Cryptomator if it’s not already added. Since Cryptomator has no CLI I cannot make my own script to e.g. associate a dummy file with opening a same-named vault next to it. I know of the separate Cryptomator CLI project, but it’s not quite ready for prime time yet I suppose? Anyway, some basic CLI support would be very nice.
- As an alternative to or just an extra to the above: maybe a per-vault option to have a post-open hook, where you can point it to a script or such? We now have the option to “Do nothing” or “Reveal drive”. My encrypted folders also have optional post-open menu support (via a per-vault options file), where I can list all available actions to choose from after unlocking the vault (auto-choosing the 1st if there is only 1). Each action is just a key/value pair; a label for the GUI button and either a cmdline for a shell action or a path to open (folder -> explorer; file -> start executable, open doc, etc.). These command strings can contain a known token that gets replaced with the final mount location. The null / default action is to just launch the mounted folder in Explorer. My Thunderbird vault has just one action: launch Thunderbird itself; this way unlocking the Thunderbird vault also immediately starts Thunderbird. Another vault has a choice of opening a database file in it, start a website backup within the vault, or just browse the vault’s files.
- Recycle bin support. I know this feature is already underway with Dokany and already preliminary available via the custom mount option MOUNT_MANAGER, but it would be really nice if that would become the default.
- Some way to detect when the folder can be locked again. My script launches a post-mount background “Click OK to close” msgbox (with “cancel” the default for accidental enter presses), and even like this I already forget these prompts from time to time, thus having a certain folder unlocked the whole day when not needed. I know scanning for open file handles into the mounted folder is not fail-proof enough and probably still not what a user really wants, so it can’t probably be 100% automated, but some GUI reminders could add some benefit?
- When I just now copied some Excel files from one of my own vaults into a new Cryptomator vault, Explorer told me not all of the file’s properties could be copied along. I suspect that this e.g. also concerns the NTFS alternate steam data; these Excel files were saved from a mail client, and thus got tagged with extra zone info. I also saw the “Security” tab in Explorer’s properties menu is missing. I suspect these folders get mounted via Dokany more like in a FAT than NTFS style? I tried adding the mount option
ALT_STREAM, but that made the vault unmountable (Cryptomator “unexpected error” dialog with
IllegalArgumentException: Dokany option ALT_STREAM not supported). And
REMOVABLE_DRIVEseems to conflict with
MOUNT_MANAGERand/or mounting in a folder (the mount folder showed no files; removing the option made the vault work again).
Anyway, Cryptomator already gives me more benefits than drawbacks right now, so no complaints from my side, but maybe you find the above inspirational?