Recovering vault when masterkey and vault.cryptomator missing

Hi Everyone,

I created a new vault using cryptomator and transferred a bunch of files/directories to the vault couple of times and during the second large transfer to my new vault, my laptop was shutdown due to low battery and when I plugged my charger back up and started my laptop again, I noticed an error on my vault “Cryptomator couldn’t find a vault at this path” and I went and checked the actual directory, I noticed the masterkey.cryptomator and vault.cryptomator went missing. I have the recovery key and password and about 16GB worth of directories and .c9r files. Unfortunately, I don’t have a backup and need these files. How do I recover my files? Any help is greatly appreciated

Welcome to the Cryptomator Community :slightly_smiling_face:.


@infeo - Thank you for the reply. My vault.cryptomator file is missing, so how do I use my recovery code without having access to this file? is there a way to vault options without the file?

I don’t have the “masterkey.cryptomator” file as well.

vault.cryptomator should be enough.

Cryptomator only needs to detect your vault folder as a vault. The criteria is that a directory named d and a file named vault.cryptomator must be present, where the latter also has a certain structure.

In the end, just create locally a new vault and copy from the vault storage location the vault.cryptomator file to your damaged vault. After restarting Cryptomator, you should be able to open the vault options and can start the recover flow.

Repeated the above steps, however, the new vault.cryptomator recovery options doesn’t recognize my old recovery code, how do I proceed?

Ohh, yeah, we fixed that with Cryptomator 1.6.9. The intention is, that user cannot apply the wrong recovery key.

In your case, of course, it is desired. You have to downgrade Cryptomator to 1.6.8 (e.g. uninstall current version and then install 1.6.8). Then start the app, start for the vault the recover flow and it should work.

@infeo - Thank you for the response. I gave it try, it successfully accepted my recovery key (of my lost vault) and was able to reset my password, however, when I tried to unlock the vault, I got this error.

Error Code G50O:P31S:P31S
org.cryptomator.cryptofs.VaultKeyInvalidException: Failed to verify vault config signature using the provided key.
	at org.cryptomator.cryptofs@2.3.1/org.cryptomator.cryptofs.VaultConfig$UnverifiedVaultConfig.verify(
	at org.cryptomator.cryptofs@2.3.1/org.cryptomator.cryptofs.CryptoFileSystems.create(
	at org.cryptomator.cryptofs@2.3.1/org.cryptomator.cryptofs.CryptoFileSystemProvider.newFileSystem(
	at org.cryptomator.cryptofs@2.3.1/org.cryptomator.cryptofs.CryptoFileSystemProvider.newFileSystem(
	at java.base/java.nio.file.FileSystems.newFileSystem(Unknown Source)
	at java.base/java.nio.file.FileSystems.newFileSystem(Unknown Source)
	at org.cryptomator.cryptofs@2.3.1/org.cryptomator.cryptofs.CryptoFileSystemProvider.newFileSystem(
	at org.cryptomator.desktop@1.6.7/org.cryptomator.common.vaults.Vault.createCryptoFileSystem(
	at org.cryptomator.desktop@1.6.7/org.cryptomator.common.vaults.Vault.unlock(
	at org.cryptomator.desktop@1.6.7/org.cryptomator.ui.keyloading.KeyLoadingStrategy.use(
	at org.cryptomator.desktop@1.6.7/org.cryptomator.ui.unlock.UnlockWorkflow.attemptUnlock(
	at org.cryptomator.desktop@1.6.7/
	at org.cryptomator.desktop@1.6.7/
	at java.base/ Source)
	at java.base/java.util.concurrent.Executors$ Source)
	at java.base/ Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$ Source)
	at java.base/ Source)

I tried this both in both Cryptomator 1.6.8 and 1.6.7. Also, to test this, I created a couple of dummy vaults locally (Test1 (with a test file) and Test2) and tried to recover Test1 file using Test2 vault.cryptomator using Test1’s recovery code and I received the same error, what am I missing?

Ahh, me dumb!

You wrote

Are the backups of those also gone? (also stored in the vault storage root directory, ending with .bkup)

@infeo - You’re good, I should have been more clear. Unfortunately no backups, not sure how it happened, the laptop’s battery died and it was shutdown while a file transfer to the vault was goingon (I didn’t notice), next thing I know after plugging back in, no masterkey or vault or any backups. I do have d folder with all the contents. Is there a way to reconstruct the master key?

ow, a bummer.

Mhm, we hardend our app better than i expected :sweat_smile: You see, the vault config is signed with the original masterkey in 1.6.x.

But i looked again a bit into the version history of Cryptomator and i think i have a solution for you:

  1. delete the vault config and masterkey files again from the vault to recover
  2. uninstall current Cryptomator version and install latest 1.5.x version
  3. Recover the vault with your key

In Cryptomator 1.5.x there is no vault config file, it was introduced with 1.6.x. So it cannot prevent the recovery (;

@infeo - I apologize for the delayed response, I tried this so I was successfully able to use 1.5.x to create a master key and unlock the vault, however, vault content was empty.

I followed it up with few more tests, I installed 1.6.x and upgraded the vault format (to Version 8) and did the health check and fixed a bunch of orphan directories, upon, unlocking the vault. I see a directory called Lost+Found, which only has the encrypted files, perhaps the decryption didn’t go through successfully due to change in architecture? it looks like vault formats got upgraded in 1.6.0 and since we created this vault with 1.6.X and trying to decrypt using a key from 1.5.x using 1.6.x and it is failing? Let me know your thoughts. I would love to try if you have any other solutions.

Thank you so much for your support on this. I appreciate it.

I created an faq entry for it, see LOST+FOUND directory.

The files are not encrypted. Your computer just don’t know how to open the files, because the file ending is missing. For an explanation and further help, see Data Lost: How to restore missing Directories

@infeo - This worked, I was able to recover some files. However, majority of the files ended up being Mime Type application/octet-stream and got a .bin extension, is there a way to recover these? I am on Windows OS if that helps

Other than trial and error? (i.e. trying to open the file with different programs) Not that I know of.

But a quick internet search leads to a SO thread with your question. It suggests TrID:

The last app update is from 2017, but file type database seems to be up to date.

It would be cool, if you are testing it, to post your experience here :slightly_smiling_face:

Thank you @infeo I tried the TrID and the JHove tools to identify the files types. I also tried using python’s mimetypes library to see if that would help . Unfortunately, most of them couldn’t seem to be recognized by both tools and my script. I am including a sample output below.

TrID/32 - File Identifier v2.24 - (C) 2003-16 By M.Pontello
Definitions found: 15170

File: E:\bin\License
100.0% (.PDF) Adobe Portable Document Format (5000/1)

File: E:\bin\file100_idr
100.0% (.LNK) Windows Shortcut (20000/1)

File: E:\bin\file100_il6

File: E:\bin\file100_ip7

File: E:\bin\file101_il6

File: E:\bin\file101_ip7

File: E:\bin\file102_idr
100.0% (.LNK) Windows Shortcut (20000/1)

File: E:\bin\file102_il6

File: E:\bin\file102_ip7

File: E:\bin\file103_idr
100.0% (.LNK) Windows Shortcut (20000/1)

File: E:\bin\file103_ip7

File: E:\bin\file104_il6

File: E:\bin\file104_ip7

File: E:\bin\file105_il6

File: E:\bin\file105_ip7

File: E:\bin\file106_il6

File: E:\bin\file106_ip7

File: E:\bin\file107_il6
100.0% (.ARC) ArcMac compressed archive (1001/2)

File: E:\bin\file107_ip7

File: E:\bin\file108_il6

File: E:\bin\file108_ip7

File: E:\bin\file109_il6

File: E:\bin\file109_ip7

File: E:\bin\file10_gi5

File: E:\bin\file10_glp

File: E:\bin\file10_gm1

Again, I am grateful for all support over the last month on this, I just purchased a license as a thank you and show my appreciation to you guys. You guys are doing gods work in the age where big tech takes our data and privacy for granted