What is "512 bit raw masterkey"?

Hello. I am currently developing my own version of Cryptomator library in Typescript so I can access it on browser. However, one thing I seriously cannot figure out is how to verify the JWT stored in vault.cryptomator. All I can find online is the following:

The JWT is signed using the 512 bit raw masterkey.

I have no idea how this is derived. Of course I tried both encryption master key and MAC key (though I expected them to not work considering they are 256 bits), their concat variant. Can someone tell me how this signing key is derived? Thank you.

Welcome to the Cryptomatort Community :slightly_smiling_face:,

the raw key is the conactenation of the encryption and the mac key, see also cryptolib/src/main/java/org/cryptomator/cryptolib/api/Masterkey.java at develop · cryptomator/cryptolib · GitHub

Hence,

should work. The verification in Cryptomator also looks at the vault version, see cryptofs/src/main/java/org/cryptomator/cryptofs/VaultConfig.java at 528de401ef5b603ed67d0d5e96bbe095f4a83e66 · cryptomator/cryptofs · GitHub


You might be also interested in the following thread, where a user already implemented a prototype to read vaults in js/ts:

Damn, I must have messed something up. Thank you.
In terms of that project, yep, I am aware of it. That inspired me to start this project. I am doing a rewrite of it, because it’s missing some features and could use some stricter typing. That, and lack of things to do on a PC where I can’t install anything.

Edit: Solved! I re-used the one I used for AES-SIV, which uses those two in the other way around, which is why it originally did not work.