How is the vault protected when opened?

If a vault is opened that stores the encrypted files in a location such as DropBox, are the unencrypted files accessible to DropBox?

To clarify, I am aware the Dokan creates a virtual filesystem that the files are stored in and the path is shared with DropBox. When a vault is opened, I am assuming it decrypts (based on my understanding) the filesystem and files. If yes, when files are synchronized across to DropBox when the vault is open, what exposure does this introduce?

The files are decrypted and encrypted locally. So they are never exposed to the storage provider.
Cryptomator desktop does not sync the encrypted files to Dropbox. That’s still the job of the Dropbox client.
In short: unencrypted files do not leave your local system.

You might find the Getting started video interesting, that explains how Cryptomator works.

Thanks @Michael. I did read through the guide and although I suspected that it would be encrypted and decrypted locally, it wasn’t entirely clear. As I understand it the vault is created locally and DropBox is synchronizing the vault as opposed the discrete files. Is this correct?

Yes, Dropbox is syncing only the encrypted files (if you place your vault location into a dropbox synced place). You can check this by setting up a vault, syncing it, and after that checking your dropbox via browser. You should see no clear file, only files and folders with encrypted file names and content.

Thanks @Michael. I am assuming that mounted filesystem simply lists the encrypted file types that DropBox synchronizes. Is this correct?

Yes if you look at your file browser where your vault is located, you’ll see the encrypted files that are synced via Dropbox client.

To clarify a bit futher:
The term “vault” ist just an abstract description for a normal directory containing the (encrypted) masterkey and encrypted files, each corresponds to a real file you saved in the vault.

Everytime you unlock a vault, you only get a decrypted view, meaning that the files stay encrypted on your hard disk and are decrypted on the fly when your browse through it.

1 Like