Question About Using Cryptomator with CyberDuck

I started using Cryptomator but wanted to replace my synchronization utility for Google Drive with CyberDuck or Mountain Drive. When I installed these utilities, it was asking me to authorize ‘Cyberduck’ to access my Google Drive.

Does this authorization mean that the developers/organization behind the utility could potentially view the files I have not yet encrypted in the Google Drive account in the same way third-party companies are able to read Gmail emails? There are unencrypted sensitive files already in the Google Drive account that have to remain unencrypted before I would start using CyberDuck or Mountain Duck to encrypt the files.


Cyberduck uses the open source code from cryptomator to provide cryptomator encryption direct on you online storage instead of using a local sync client. So the answer is no. Your credentials are not transmitted to cyberduck. They cannot read your encrypted files. And they of course do not have the credentials to access your online storage. You have to enter them every time or you can configure the app (cyberduck) to store them locally and remind them.
It’s like using any other ftp client where you enter your login credentials.

In comparison to some email clients like spark or other „intelligent“ clients. They have to Analyse your mails to be „smart“ and therefore use your credentials to access your mail account and download your mails to their server to analyze them.

1 Like

Thanks for the thorough answer, Michael, it’s appreciated.

Just another quick question: if I were to move files into a Cryptomator vault within Mountain Duck in file explorer, does it use the hard drive to temporarily store those files before making the file operation? (The files are all on Google Drive already.)
The whole reason why I’m using Mountain Duck is to lower the mileage on my hard drive while managing a massive amount of data in a cloud. So, if I move an unencrypted folder in Google Drive to a Cryptomator encrypted file vault, does it need to download the files to my hard drive individual before encrypting them into that vault?

In case the answer to my question is that it uses the hard drive: is there any way to force it to do this in memory instead, or is there any way to get it to do it on an external drive instead of the hard drive the program is installed on?

As far as I know, it’s not possible to move files directly from the cloud storage into the vault with cyberduck. I thought I had tested this a while ago (same thing as you are facing: had massive files online I wanted to encrypt but not wanted to download the first).
As far as I remember there was no way other than download them first, and then place them into the vault within cyberduck. But I might be wrong as this test is a while ago. Just test it :smile:

Unfortunately not

Yes, you can download them temporarily on an other drive.

I want to point out a risk that you should be aware of.
As far as I understand you, you want to encrypt a lot of files online that you do not have stored local and unencrypted as a backup.
If I’m right, please keep in mind that if there’s a defect in you vault, or you loose the masterkey files, or for what ever reason the decryption fails, all your files are gone. So do yourself a favor and backup these files at a safe place for Desaster recovery. Cryptomator is not a Backup Solution.

Got it, danke schön!