How to backup Cryptomator files with SpiderOak One?

Hi there,

I use Cryptomator to crypt personal files stored in my hard drive. I use the desktop application (version 1.4.9), on Ubuntu 18.04.
Plus, I use SpiderOak One (https://spideroak.com/) to backup files in my computer.
I would like to backup the files generated by Cryptomator, in case of an outage/steal of my hard drive. But actually, it is not possible.

I don’t know how it works, but SpiderOak One detects when a file is created, updated or deleted in my filesystem (in a tree of directories I defined). Let’s say I backup 2 directories :

  • home/myuser/
  • /media/myuser/hardrive/

So any file in these directory is automatically backup.
In the second directory, I have these files :

  • /media/myuser/hardrive/myvault
    => with the “d” and “m” directories, and the masterkey.cryptomator file (and the bkup version).

In Spideroak One, I cannot select the “myvault” directory, so I cannot backup it (the same for every vault I created). Maybe it’s a security ? I asked to the SpiderOak support team, but they say it could be a protection of Cryptomator. I have not the problem of all the others directories in my hard drive.

So I would like to know if this is really something on the Cryptomator side, because it seems it’s not on the Spideroak side. I hope my explanations are quite clear :slight_smile:

Thank you for your answer.

Hmmm, I able to backup cryptomator files to both iDrive and Google Drive. Not that the completely exonerates cryptomator, but some cloud folks see all the files just fine :slight_smile:

If you are using linux, perhaps your system permissions got tighted down a little to hard? Something like you have have user access (yourself) to your cryptomator files, but the spideroak bup program/daemon is running as root or something?

Hello
I don’t know how iDrive and Google Drive work, afaik they not crypt anything (Spider Oak does) so we cannot really compare them in their own operation.
The Spider Oak program can access and backup all my files, including those on external drives. I have this issue only ont the cryptomator directories, as if the scan of them cannot be performed (for a reason I don’t know).

The point was it’s not clear to me that it’s spider oak or cryptomators problem. There could be something unexpected in the directory tree structure that spider oak doesn’t like (IE doesn’t read), or something that spider oak writes that cryptomator doesn’t like.

If you donated $$ for your use of cryptomator, then the author might provide actual support, and possibly tell you about some logging features to enable. Does dmesg say anything? If you run fsck on the disk does it find any disk errors (that’s a stretch). You can run “strace -v cryptomator”, and grovel through the file system calls. Maybe you’ll see a file error of a particular sort (exactly what I don’t know).

Good luck.

Just to make somethign clear: If you donate money, there is no guaranteed support. There is a reason why it is called donation and not payment. That doesn’t mean we do not give any support ( otherwise we wouldn’t bother with this forum), but we choose how much time we spend on it.

@mentalo Putting this aside, Cryptomator does not lock any directories or alter it’s permissions. Can you see the directory and are unable to pick it in the directory picker dialogue? Or isn’t it even displayed? And what are the permissions of the vault directory? (they can be accessed with the terminal command ls -l | grep "myvault" executed in the /media/myuser/hardrive/directory)

Sorry, I didn’t mean for that comment to sound snide or aggressive. I appreciate cryptomator and was trying to suggest that people donate (as I did) to help y’all out in doing the work that you are doing for the good of everyone.

But I also realize “support” is a very loaded word in today’s environment. I should probably never use it again because people can often expect people to move earth and sky to solve every little problem ever (and I was trying to help by answering this question myself by suggestion that the user check permissions, dmesg, strace, etc).

2 Likes

Hello,

In SpiderOak, I see all my directories, those from cryptomator or not. But I cannot tick those from cryptomator (those have “d” and “m” directories + the keys).

To be more precise : here I have 2 directories

  • Achats_cryptomator -> this one has “d”, “m” directories and the keys
  • Audio -> this one is a classic directory, with others dirs and files, not encrypted

Their permissions :
drwxrwxr-x 4 mentalo mentalo 4096 juin 24 16:30 Achats__cryptomator/
drwxrwxrwx 60 mentalo mentalo 4096 mai 5 21:39 Audio/

I try to 777 the first one, same result.

Here what I see in SpiderOak :

As you can see, the parent directory is already checked : I have already backup all this content. But “Achats__cryptomator” stays unticked. I cannot tick it with my mouse. If with the keyboard, I push once the down arrow, I will select “Audio” directory, and not “Achats__cryptomator”.

I contact SpiderOak support team, they say on their side nothing is done to exclude Cryptomator directories.

However there must be a reason to this problem. But from both sides, I am told “this isn’t our fault”, so I don’t know what I can do to solde this.

Note : for the “donate money” topic, I really would to give, but it’s not possible for me because I want to use the app on my Android system, because I use LineageOS without Google Play services. I made a topic on this, and the answer was very clear : there is not another way to use the app.

Hi there,

I spoke with to Spider Oak support team, and they said their program doesn’t exclude itself Cryptomator directories. Their message :

Our theory is that Cryptomator locks down the whole drive and prevents ONE from accessing it, essentially making Cryptomator the “gatekeeper” to the fortress it has created.
Is there any way to tell Cryptomator to allow other programs access to the files? Perhaps inform it that some processes (namely SpiderOak ONE) are allowed to see and read the encrypted version of the file?

is there a way to check this?

Thank you for your help.

Sorry, your post before just got a little lost.

Did the actual permissions changed now for /Achats_cryptomator granting for everyone write access ? (the last missing w should then be present)

That quite the bummer. But as already stated, Cryptomator does not lock any files.It is no gatekeeper.
If it is nor SpiderOak neither Cryptomator, the reason lies somewhere in your system. Did you tried synchronise a newly created, empty vault in the same directory? Coming back to the permissions, it is probably the missing write permission for everyone.

Don’t worry, that is totally fine! We even talked recently about publishing an apk and introduce a license system. It is definitely on our long term roadmap.

Hello,

Thank you for your help. What I just did :

  1. create a new vault called “test__cryptomator” (in the same directory the others vaults)
  2. chmod a+w test__cryptomator
  3. chmod a+w test__cryptomator/*
    => now it’s 777 and I am the owner + group
    The new vault is empty.
  4. Run SpiderOak ONE
    => I still cannot select test__cryptomator

So what should I do now for another tests?

Thank you

For the apk, it’s a great news! I give regularly for the projects I love, so I can’t wait to do it for Cryptomator!