Malformed masterkey file

Hi I setup a Cryptomator vault. I then added an Owncloud sync. All worked perfectly.

I then, added S3 storage support for Owncloud. I then copied the encrypted directory including the masterkeyfile into the S3 folder.

I now get this error when trying to access the vault:

I still have the files, but it seems like the binary format got transcoded to a wrong charset? Malformed masterkey file /OwnCloud/masterkey.cryptomator
	at org.cryptomator.cryptofs.migration.Migrators.needsMigration(
	at org.cryptomator.common.vaults.VaultListManager.determineVaultState(
	at org.cryptomator.common.vaults.VaultListManager.create(
	at java.base/$3$1.accept(Unknown Source)
	at java.base/java.util.AbstractList$RandomAccessSpliterator.forEachRemaining(Unknown Source)
	at java.base/ Source)
	at java.base/ Source)
	at java.base/$ReduceOp.evaluateSequential(Unknown Source)
	at java.base/ Source)
	at java.base/ Source)
	at org.cryptomator.common.vaults.VaultListManager.addAll(
	at org.cryptomator.common.vaults.VaultListManager.<init>(
	at org.cryptomator.common.vaults.VaultListManager_Factory.get(
	at org.cryptomator.common.vaults.VaultListManager_Factory.get(
	at dagger.internal.DoubleCheck.get(
	at org.cryptomator.common.CommonsModule_ProvideVaultListFactory.get(
	at org.cryptomator.common.CommonsModule_ProvideVaultListFactory.get(
	at dagger.internal.DoubleCheck.get(
	at org.cryptomator.ui.launcher.UiLauncher_Factory.get(
	at org.cryptomator.ui.launcher.UiLauncher_Factory.get(
	at dagger.internal.DoubleCheck.get(
	at org.cryptomator.launcher.Cryptomator_Factory.get(
	at org.cryptomator.launcher.Cryptomator_Factory.get(
	at dagger.internal.DoubleCheck.get(
	at org.cryptomator.launcher.DaggerCryptomatorComponent.application(
	at org.cryptomator.launcher.Cryptomator.main(
Caused by: java.lang.IllegalArgumentException: Unable to parse key file.
	at org.cryptomator.cryptolib.api.KeyFile.parse(
	at org.cryptomator.cryptofs.migration.Migrators.needsMigration(
	... 25 more
Caused by: Use JsonReader.setLenient(true) to accept malformed JSON at line 1 column 8 path $
	at org.cryptomator.cryptolib.api.KeyFile.parse(
	... 26 more


when I open the file in a text editor, I get a warning about invalid characters

If you talk about the masterkey.cryptomator file, then the file is corrupted and you need to recover it.

For other files located in the d directory, these are encrypted and not inteded to be opened by a text editor, thus it is highly likable that any program will complain about non-printable symbols.

Hi @infeo, thanks for your response.

the file is corrupted and you need to recover it.

how can I go about recovering it? I have the files, but when I open the vault, Cryptomator complains with the exception “Malformed masterkey file”.

There should be backups of the masterkey in the same directory. Something like masterkey.cryptomator.6376D857.bkup. They’re created when Cryptomator was successfully able to unlock the vault. So they have to be valid.

Hi @tobihagemann,

Thanks for your reply. I renamed the backup and I get the same error as with the original masterkey, as they were both in the same folder I copied into Owncloud.

I think the issue is that the transfer somehow messed up the character set, and some of the data in the masterkey got corrupted.

My understanding is that the masterkey contains no sensitive info about my data, correct? Could I send you the masterkey files I have so you can see what I mean?



Yes (please use a PM for it), but from my perspective the case is clear and so don’t get your hopes too high.

If the masterkey and its backup are corrupted, you can only try to recover them from your harddrive with some recovery tool. If a valid version of the masterkey file was stored in the cloud, you can use their mechanism of recover an older file version.

I looked into one of the masterkey files (I assume the other one is the same) and the file seems to have been encrypted by ownCloud. The file begins with:


When googling this string, there are all sorts of posts regarding ownCloud/Nextcloud. You have to decrypt them with ownCloud again. This file in that form has nothing to do with our cryptography.

A masterkey.cryptomator file should look something like this:

    "version": 7,
    "scryptSalt": "QGk...jY=",
    "scryptCostParam": 16384,
    "scryptBlockSize": 8,
    "primaryMasterKey": "QDi...Q==",
    "hmacMasterKey": "L83...Q==",
    "versionMac": "3/U...9Q="

Edit: After reading your original post again, you probably copied the encrypted directory (encrypted by ownCloud!) to the S3 folder and ownCloud didn’t automatically decrypt the directory while doing so. So yeah, that’s the issue… either you need to decrypt the directory or you need some kind of way to use this encrypted directory so that it’s transparently decrypted by ownCloud (as before).

1 Like