Why is the masterkey stored in the cloud?

Knowledge Base Security
#1

Inside the storage location of a Cryptomator vault, you will find a file called masterkey.cryptomator. This file is stored in the cloud to allow convenient access to a vault on different devices.

What does this file contain?

This file contains encrypted data, which is needed to derive the masterkey from your password. The file does not contain the decrypted masterkey itself. In addition, some metadata about the vault (e.g., the version of Cryptomator used to create it) is also stored in this file.

Is this a security problem?

No. The encrypted key in masterkey.cryptomator is not more sensitive than the encrypted files themselves.

For more details on how this exactly works, take a look at our security architecture.

2 Likes
Masterkey stored in plain text on iCloud Drive
Keys in the Cloud = Safe?
Master-Key in der Cloud?!
Automatically syncing to the cloud
Secure Key Management
What if PC dies?
Store the masterkey in the cloud?
When vault is locked should I be able to see and read files "IMPORTANT", "masterkey" and "masterkey....bkup
Masterkey in Encrypted Vault
Cannot open vault
Security of the files
Why are the keys from cryptomator public?
[1.6.x] Downgrade to 1.5.x
Cryptomator 2.0 for iOS: Open Source and Beta Release
cloud copy inquiry
Urgent question please
Masterkey.cryptomator Synchronization
Vault files different between laptop and desktop
What happens if my pc crashes and I need to access encrypted files from my cloud
Wiederherstellung der Daten bei Verlust bzw. Defekt des Smartphones
1.5 crashes on my mac
Master password backups
Dateien in Ondrive verschlĂĽsselt, - oder nicht?
Umstieg von Boxcryptor auf Cryptomator - Keine 2FA?
Masterkey.cryptomator in my cloud drive?
Cryptomator Vault files showing up in Files App Recent
Store the master key in the cloud?
#2

It might be good to mutually cross-link this thread with the “Password Advice” and “Security Architecture” pages.

I’ve been reading more than my fair share about encryption, and yet coming to cryptormator I would have naively gravitated towards a “rememberable” password in order to minimize the risk of losing access. For cryptomator, this choice would have been quite wrong.

1 Like