Vault empty after changing password

After changing my password the vault stays empty ! Using the recovery key (old or new) does not help. So these options are useless. So, what else can I do to recover my data?

There is no “old” or “new” recovery key. The recovery key stays the same, no matter what your password is. The recovery key is “bind” to the vault, not to the password.
Please read this:

So, assumeing you used a different recovery key than the one that is suitable for the vault, you can just use the correct recovery key and perform the process to have access to your data again.

If you use a different recovery key, the data already stored in the vault will be inaccessible. It can be made accessible again by re-running the recovery mechanism with the original and correct recovery key.

Thanks for reacting so quick. I used version 1.5.1 on a PC running Windows 7 64. The recovery key actually did change after changing my password. (I can show you if you want). Last night I tried to install version 1.5.3, knowing this later version should not work under Windows 7. In fact it did install and I even succeeded to open my vault with the first recovery key made under 1.5.1., which was not possible under v. 1.5.1. Now I have to figure out how to unlock the synced vault on my Google Drive = external cloud. To me it is confusing why having to migrate content is necessary or why not, in case of changing passwords. Can I keep using the first (original) recovery key even after changing passwords and even after upgrading to newer versions in the future?

I was unsure if I have missed something, so I just tested it.
I created a vault, revealed the recovery key and saved it. I closed the vault, revealed the recovery key again and saved it (just to be sure). Then I changed the password.
After that I revealed the recovery key and saved it.
All 3 recovery keys are identical.
So I stay with my statement: changing a vaults password does not change the recovery key.
As it is written in the documentation:

Additionally for each vault a unique recovery key can be derived. This key ensures that if you forget your password, you are able to create a new one. It is a human readable form of your decrypted masterkey and therefore independent of the current vault password and highly confidential.

If your recovery key has changed then there must be an other reason than a password change.
I can imagine some masterkey-mismatch might cause that. Means: for some reason the masterkey file of a foreign vault, or a masterkey file of the version 1.4.x vault found its way into the suspicious vault.
This would explain why there’s a different recovery key shown, because the recovery key is derived from the masterkey, and why your vault is shown as empty.
At least this is the only idea I have what might cause the problems with your vault.

Not sure if I understand you correctly. But:
A password change does not cause a vault migration. This is only triggered if you change the vault format, which is the case if you try to open a vault created with Cryptomator Version 1.4.x with a Cryptomator Version 1.5.x or later, because Version 1.4.x was vault format 6 and version 1.5.x is vault format 7.If you come from 1.5.1 there is no vault migration. Coming back to my theory of an “old version 1.4.x masterkey file” in your 1.5.3 vault. The vault format is recognized by the masterkey file Open it with a text editor and you’ll see the version. In my shown scenario the migration process would be triggered

yes, see documentation

Well, its hard to tell the future, but if the upgrade is only minor version (1.5.x) I’d probably say “yes”.
We will have to see what Version 1.6 will bring. If for what every reason the recovery key changes during an update, Im pretty sure that there will be a mechanism that ensures that users will receive a message and have to confirm it.

What exactly is you problem with that?

Thank you Michael for your patient explanation. My problem could have been related to the bug in version 1.5.1 (see attached screenshot below; don’t know how to link to that topic)?
Do I understand it correctly that if I change my password for the local vault, that also applies for the synced copy in Google Drive? In other words, are the passwords also synced? or do I first have to delete Drive en resync every time I change the password ?

No, you don’t have to „sync“ the password manually or delete encrypted files in your google drive. Just let the sync tool of google do its job :smile:. Means: if you change your password, the Masterkey file changes and this will be synced via the google client. if the sync is done, you can open the vault eg with the android app with the new password. There is no change of the encrypted files, so if you only change your password, the sync will process very fast. You might not recognise it.

In case of you have chosen a weak password initially and want to change the „strength“ of the encryption: please read this.

1 Like
© 2020 Skymatic GmbH • Privacy PolicyImpressum