How to use cryptomator + cloud for air gap-ed files' backup


#1

Hi~

I got an AIR GAP -ed (no internet) PC1, made a ctmt vault “vault1” of password1.
then I encrypted a file say \test.pdf

I then move the vault by HDD to internet connected PC2, and upload-ed to google drive.

!!! I dont want to type the password1 in PC2, as typing password1 in PC2 is danger enough
for me.

Now, suppose the vault is indeep 1TB with 100000+ files,
downloading it is really tough.

I want to just obtain back 1 single file \test.pdf

what should I do?

I will need such a solution and will play with sanitizer around and report here even if no one
could answer me.

But from what I see, it may need running sanitizer in PC2 and type password1 but
that breach my security.

Worst case is download that 1TB of 100000+ files for that 1 single file \test.pdf

any help will be appreciated, thank you.


#2

I dig some old post like

"
overheadhunterAug '17
I added support for vault format 6 in the latest sanitizer version17. You can use this command12 to decrypt all files inside a vault.

To do this, you need to prepare a directory to resemble a vault structure. While the directories may be lost, you can use arbitrary names, as long as they match the expected length (2 characters and 30 characters) and pattern (a-z2-8):

masterkey.cryptomator
d/AA/AAAAABBBBBCCCCCDDDDDEEEEEFFFFF/
Put all your files inside of AAAAABBBBBCCCCCDDDDDEEEEEFFFFF and start the vault decryption."

but another user say it may not be correct…

1 encrypted file =/= 1 decrypted file… sigh…


#3

You really should read this and think about if cryptomator fits your needs. I assume: it does not.


#4

If it can fit my way, it fits me.

I wont use trecrypt etc.

2TB .tc file, need use 7zip to cut into 500x 4GB file.
when get back 1 single file I need download that 500x 4GB file.

a single byte error may ruin your 2TB data. unless use rescue tool but
they may not 100% success?
“all or none” is worrying.

cryptsync neither, in many times it missed processing file but dont warn me.
I cant rely on it.

cryptomator or the paid competitor BC is among my choices.

but open source ofcoz is more trustable.