Multiple master key backup entries?

Most of my Cryptomator databases have two master key files: a masterkey.cryptomator and a .bkup backup file. But some of them have two or more .bkup files; why?

In the past, we only created a single masterkey.cryptomator.bkup file. Beginning with Cryptomator 1.4.15, we introduced a new naming scheme. Several reasons for this come to mind:

  • When upgrading the vault format, a new masterkey file (with the new version number) will be written. In rare cases, it’d be helpful if the “old” masterkey file is accessible for recovery purposes.
  • When somehow the original masterkey file had been overwritten and the vault then unlocked, the actual masterkey file would’ve been overwritten as well. This led in some cases to confused users seeing an “empty” vault. Restoring the original masterkey file would’ve solved this easily (and thankfully most cloud storage services have a version history as well) but since the backup file had already been overwritten, a restoration would’ve been impossible.

The backup files are indeed just backup files. Only the masterkey.cryptomator file is actually being used. A backup file will be generated with every successful vault unlock. If you’d like to clean up your vault folder and are absolutely sure that you don’t need the backups of older versions, you can delete them. But I’d advise to always keep a backup of the latest working masterkey file.