Saving master password cryptomator

Hello, please tell me when I put the “save password” checkbox exactly how and where the program saves it in technical details. I would look at the source code on github, but you don’t know programming

1 Like

Hi xAmka,

I just looked into the code and can say that it depends on the platform:

For Linux, the system’s internal keychain is used.

For Mac, the system’s keychain is used too.

For Windows, a local file (%appdata%\Cryptomator\keychain.json) contains the encrypted passwords.

I can’t tell you how secure the different methods are. But, the passwords are not saved in plain text.



where does the password for encrypting my password come from?

On Windows, Cryptomator uses a Windows internal function to encrypt the password.
As you can see in the code, the plain-text password and a salt are passed to CryptProtectData.

The salt is randomly generated and saved together with the encrypted password within the keychain.json.

According to the documentation of this function and the fact that the flag CRYPTPROTECT_LOCAL_MACHINE is passed to the function:

Any user on the computer on which CryptProtectData is called can use CryptUnprotectData to decrypt the data.

To sum up, the encryption password is a combination out of the salt, which is saved within keychain.json, and an ID of your local machine. To decrypt the encryption password, any application on your computer knowing the salt can decrypt your password.

Knowing this, it might be better to save your Cryptomator password in a password manager of your choice than saving it through Cryptomator.

I hope, I didn’t get anything wrong about the code. Please correct me if I’m wrong.


thanks for such a detailed and clear answer