File restore from backup - how to know which file?

Let’s say I have a large directory of files in a Cryptomator vault. If I run into an issue and have a single file I need to restore from a backup, how will I know which file to restore given the filenames are encrypted also?

1 Like

There isn’t really a comfortable way of doing this just yet. At the moment I see the following two options:

  1. Modify the (decrypted) file in question and watch the (encrypted) files for changes (e.g. the Dropbox or Google Drive sync client provides a list of most recent modifications). Of course this is a rather crappy approach and may not be 100% accurate.

  2. Use the sanitizer to encrypt a known plaintext path. This requires some basic command line knowledge and isn’t as easy as we’d like it to be.

In the future we want to implement a feature into Cryptomator, that allows you to reveal the encrypted file that belongs to a given plaintext file (GitHub issue).

1 Like

That would be great! It’s little things like this that can prevent people from wholeheartedly adopting this software and rolling it out en masse. Thanks for the quick response.

Another suggestion that could work for still existing files (not deleted): for the desktop apps save the encrypted file name as a file property so it can be viewed in the file explorer / finder?

For windows this could be done with custom properties and for macOS tags could be used.

hey I dont understand what the OP is talking.

Cant he mount the vault and browse to the file he want?

Why he want to obtain (which he dont know the path) of the encrypted file,
and then asking for how to decrypt it?

I want to do the same due to air gap security.

I wanna use a “air gapped” password with cryptomator. however,
I am encrypting it in an air gapped PC.

then I move the HDD to a connected PC but will NEVER type the password.
Then upload the vault to google drive.

In this way, Google, the connected PC have never seen my “air gapped” password,
even there is key logger, I will be safe.

problem is, when I only want to get 1 single file from the vault.
What can I do?

the situation is quite like the OP (But I duno why he ask so).

I am figuring out from the old posts and will try with sanitizer.

Indeed I suggest to make this easier for users as this provide another level of security.

It is unsafe to type a cryptomator password into a connected PC.
Microsoft is watching, avast is watching, everyone is watching.

air gap the password is what I feel safer.

ps: youtube got many air gap breach like LED, HDD LED, CPU temperature change etc.

If you people think I am over paranoid-ed and making trouble here,

please let me know.

It seems that I worried too much.

It’s likely the OP backs up his encrypted files only (say to the cloud). Now he finds that he deleted or changed one of his plaintext files. He wants to restore only that file from the backup. There are thousands of encrypted file names in his backup. How does he know which one to restore? That’s why the developers want to integrate a feature into the CLI and GUI that maps encrypted paths to plaintext paths and vice versa.

Personally, I use Cryptomator on Google drive, primarily for safe access everywhere but I do versioned, encrypted backups on the plain text to a separate cloud service using Duplicati. There is a short window of about 6 hours inside which I could theoretically lose work, but that is acceptable to me.

1 Like

You may be a little paranoid. Two-factor authentication will largely accomplish what you want. Nothing is perfect but you need your protection to be commensurate with the importance of what you’re trying to protect.

Is there a way to get the .jar file of sanitizer 0.16? Only 0.15 is available

I uploaded the jar to GitHub releases:

A post was split to a new topic: Sanitizer: How to use decryptFile command