Recover masterkey file with recovery key?

If I understand correctly, I could use an old masterkey and its corresponding password to unlock a vault including any new files, even if in the meantime I changed the password.
However, is it possible to recreate a masterkey file using the recovery code ? I can’t see that option in the app though. Just trying to understand if it makes more sense to backup the masterkey along with its password, or the recovery code, or if its the same.

You need the Masterkey file. You cannot recreate it just from the recovery key. You can open the vault with the recovery key (and the Masterkey file of course) in case you lost the password. But if you lost the Masterkey file (and it’s backups) you are screwed.

2 Likes

As Michael said. Always backup the masterkey.

When creating a new vault I do the following:

1.Create the vault, drop 1 small text file in there to make sure its working, then lock it.
2.Wait for cloud software to fully sync. (Should only take seconds unless you have an existing queue)
3.Create a ZipFile of the initial vault structure (consisting of the initial folder, masterkey and D subfolder)
4.Move the zipfile to an offline backup (or another cloud provider)

If you are using a password manager, such as Keepass, you could even store this as a secure attachment .

Occasionally the vault format is updated on version upgrades. (you will be prompted to upgrade your vault) You would need to backup your new masterkey after doing so.

Even without a backup ,many cloud providers have recycle bins, or document versioning if you accidently delete or corrupt your masterkey,

Honestly, it’s a limitation on an application level. In theory, you could create a masterkey file out of the recovery key. So if you really only have the recovery key and lost your masterkey file, you could do the following workaround:

  1. Create a new vault.
  2. Copy masterkey file from new vault to old vault that has a missing masterkey file.
  3. Select old vault in Cryptomator.
  4. Go to “Vault Options” and select “Password”.
  5. Select “Recover Password”.
  6. Use the recovery key.
  7. Assign a new password.

Edit: You should only use this workaround if you are absolutely sure that your vault contents match the latest vault version. If you recover a masterkey file via this method and your vault contents actually match an older vault version, the new masterkey file won’t necessarily “fit” the vault contents.

5 Likes

Thanks for your reply, that’s good to understand.

How do I do step 2 copying the masterkey file to the old vault if I can’t open the vault = the reason I’m here?

Not into your vault.
To your vault files.
The Masterkey file is stored in your vault root, where the folder „d“ is located.
Here you can read about the vault structure.
https://docs.cryptomator.org/en/latest/security/architecture/