Questions on Vault syncing, placing, and recovery

So here’s everything I don’t understand.

1.) If for example I only have 50GB of capacity on one device, but 1TB on another… If I put the full TB of data into cryptomator folder and it syncs to my cloud, will that TB of data now be causing disk full errors on the linked device with only 50GB? I don’t understand how if you need to have data natively, it won’t automatically become native on all linked vaults.

2.) I use pCloud and have my folder set in there, so anything in cryptomator folder is automatically encrypted and backed into the cloud. But I want to backup more things into pCloud than my desktop mas physical memory for. I’d like to just leave encrypted items in my pCloud so i can delete them on my desktop, but it appears I cannot do this with cryptomator. How can I just leave things in my cloud without HAVING to have them in a physical drive?

3.) Is it possible to set my unencrypted vault in an external drive so I can store larger amounts than my desktop natively possesses? I don’t see the ability to select where the unencrypted vault goes, only the encrypted one, in the desktop app.

4.) Also, if my native drive gets corrupted or fails and the files are backed up and encrypted on the cloud, how do I recover that vault? In Linux, if i want to add an existing vault I must choose a vault.cryptomator file but if my drive is dead then that file is no long available.

5.) In my chosen vault location folder, I see the vault.cryptomator as well as the masterkey.cryptomator files which i cannot access, but there are .bkup files of the same name which i can open and I assume the codes inside are the encryption passwords. why allow me or anyone else to open these files and provide the backup that’s readable? doesn’t seem very safe. If i need to backup these files in order to get access to my vaults should a drive die, then whatever drives hold these decrypted texts are compromised?

Thanks for your help!!

To 1 and 2)
Cryptomator desktop needs the vault files local available. If your storage provider does not support „files on demand“, then you can try cyberduck instead of cryptomator. Cyberduck does connect directly to your online vault. See here: How do I use Cryptomator without local sync?

To 3)
Yes you can. You select the vault path when setting up a vault or adding an existing one. The file path is shown in the app on the left side right below the vault name.

To 4)
If your vault is stored online, and your physical drive dies, then you can recover the vault from your online storage (same as it is with any other files). If you do not have your vault online and do not have any backups, wenn then your vault and the files in it are gone. (Again; like with any other file too)

To 5)
The content of your masterkey file is not your key and it’s useless for anybody without the password. But it’s needed to open your vault (together with your password). That’s why it is stored next to your encrypted vault files. See here: Why is the masterkey stored in the cloud?

Thanks, Michael.

1.) If i have more than one device linked to the same vault within my cloud, then the local files only take up space on the origin device, and don’t end up taking space on every device linked, correct? Only the cloud vault will be the total size of all the locally connected vaults?

3.) I can only seem to set the path of the encrypted folder which i usually put in my cloud. The cryptomator mnt folder is always set to /home/.local/share/cryptomator/mnt/ folder. I’d like to set this path to an external drive, that way my local backup files don’t have to occupy my desktop’s internal drive.

5.) I understand the masterkey.bkup might not have my encryption token, but the vault.cryptomator.bkup contains a text string that looks like an encyption key. Is that what it is, and why would it not be encrypted if its readable? Is it safe to delete both .bkup files since the original vault and masterkey files are still there, in an encrypted state?

6.) Another example. If i have an iPhone and put all of the camera roll media into the cryptomator folder which is in my pcloud, the data will physically copy out of my iCloud and into my phone’s physical memory, into the cryptomator app correct? But if I decide to ditch iPhone and iCloud and format and sell the phone, the data will still sit encrypted in my cloud vault and i will not need the local files to maintain it. So the purpose of local files on cryptomator is simply for if you need to access them quickly and locally, but can technically be purged as long as it’s not deleted through the cryptomator app and through external means, which won’t sync the deletion to the encrypted cloud vault correct? In that case, if not looking to keep a local backup then it can either be done through Cyberduck, or by syncing in cryptomator then externally deleting the cryptomator app or its local vault through manual forced means?

As I said: cryptomator desktop needs the vault files LOCAL available. So if your storage provider does not support files on demand, then yes, both pc have to be synced with your online vault, which means every pc has the files local and takes the space of your vault. See my hint about cyberduck if you don’t want that.

If you want to move your vault, just move the vault folder (where your masterkey is stored) to the target location. Then go to your cryptomator app, remove the vault, and add it again (add existing vault). Select the masterkey file on your external drive and your done. Please keep in mind (if not obvious) : if you still want to sync that folder/vault with pcloud, your have to configure the path to your vault on your ssd in your pcloud sync app so it’s included in the sync process

No it’s not. Please see here how the cryptomator encryption works and why no one can get hold of your data with the masterkey or vault file only. Security Architecture — Cryptomator 1.7.0 documentation
The vault file does only hold data to identify your vault.

Yes.

No. You are mixing up the apps. The desktop app need files local available because it does not connect to your cloud storage (maximum storage compatibility). The mobile apps connect directly with your online vault (and your storage provider) to only download files when needed (minimum data transfer, minumum disc space)

As I said. And of course you can delete the local file at any time. Make sure the sync is off, because otherwise your online files will be deleted also. Keep in mind. An encrypted vault file is just a file and will be treated like any other file by your sync client.

Just to make sure I understood correctly, if I do have “files on demand” through my cloud, then each device with local files synced will not have to store the data of other devices, correct?

When you say I can move my vault, where the masterkey is stored, that vault is the vault whose location i chose, and it is the encrypted vault within my cloud. I want to move the other one, the unecrypted/locked local vault with the original copies of the files to the external drive, since I want to save on space on internal drives. As far as I could tell, I cannot move the vaults that automatically are created in Linux directory /home/.local/share/cryptomator/mnt/.

I also cannot add a new vault to any of my network-connected devices such as Google Drive connected accounts, or other built-in cloud services or shared network folders?

When you say the desktop app needs local files becuase it doesnt connect my cloud, I dont know what you mean. The location of my vault is within my cloud folder so every file i place locally on the unlocked and relealed folder will automatically duplicate in encrypted form in my cloud vault. Am I fundamentally misunderstanding what is actually getting stored?

But if on my iPhone i copy camera roll pictures and paste them onto the existing vault using cryptomator app, it will only duplicate the files onto the cloud vault and not onto my iPhone, got it.

edit: I tried copying a folder from my iCloud Drive folder in my iPhone and pasting it into cryptomator app, in the existing vault folder that’s on my cloud. It was able to transfer exactly 100 files but the rest are in status waiting to upload. Is there a limit to how many files at a time the free mobile app can transfer? If it’s only 100 at a time it will take forever to transfer a million phone pictures out to the cloud.

I tried to delete this pasted folder on iphone within cryptomator but it said the operation can’t be completed, couldn’t communicate with a helper program. I tried to delete in Linux in the local unlocked vault and it just gets stuck and cannot delete the folder. Then i tried forcing through command line and got permission denied.

sudo rm /home/admin/.local/share/Cryptomator/mnt/Vault/My Pictures/OldPics
[sudo] password for admin:
rm: cannot remove ‘/home/admin/.local/share/Cryptomator/mnt/Vault/My Pictures/OldPics’: Permission denied

Thanks again!

Why would pc 1 store any data of pc 2?
Files on demand means that the sync client cleans up files that are not used for a while from the local storage. So the disc space is not used for these files. If the files are used again, the sync client will download them.

The virtual drive where your unencrypted files are shown is just a virtual drive. It does not use additional space on your disc. It just shows your encrypted vault files in an unencrypted state so you can work with them. This is why you cannot „move“ this.

The upload of files on iOS is managed by iOS. I am not aware of a limit of parallel uploads, but I guess iOS does schedule the upload of multiple files.

Thanks for the responses, Michael!

I still cannot delete a folder that’s in my cloud vault. I pasted it in there through my iPhone, and now in iOS it says cannot complete operation, couldn’t communicate with a helper application. I also cannot delete it on my desktop, says I don’t have permission. My vault is unlocked on both devices. Apple customer support tells me the cryptomator app isnt giving permissions to allow the folder to be deleted through iPhone.

Also, is it safe to delete the vault and masterkey .bkup files since the originals are still in the vault folder?

A post was split to a new topic: OneDrive on demand causes cryptomator to freeze