[HOW TO] Encrypt individual folders with Cryptomator

Encrypt individual folders with Cryptomator

Cryptomator encrypts your data quickly and easily, so you can safely upload it to your favourite cloud service. Cryptomator was designed to solve privacy issues when saving files to cloud services. The risk that the cloud provider or third parties access the data stored in the cloud without permission is mitigated. Only people who know the vault password are able to read the files in the vault or change the file contents undetected.

Installation

You have several options to install Cryptomator. In the interest of finding the right balance between simplicity and usability, we'll install it via the PPA (personal package archive) provided in the official website. Open a new terminal window and type in the following commands, one at the time:

sudo add-apt-repository ppa:sebastian-stenzel/cryptomator
sudo apt update
sudo apt install cryptomator

Setting up a vault

The following is a quick summary of the official getting started documentation, which is quite easy to read and follow.

Once you have Cryptomator installed you can search for it on the main menu. The first time you open it should appear something like this:

cryptomator

You can start by creating a new vault and choosing the option "Create New Vault", and choose a name for it. I will name mine "OneDrive" as I will be using it to encrypt files that I keep in sync with my OneDrive account, although you can certainly use Cryptomator to encrypt files of any other cloud provider i.e., Google Drive, Dropbox, etc...

Then, it will ask where should Cryptomator store the encrypted files for this vault. You should choose the location where you want to keep these files. As expected I will choose the folder that I use/will use to keep my files in Sync with my OneDrive account. Here, Cryptomator was able to recognize and suggest that as an alternative. Your screen may show different options but you will still have the ability to pick one yourself:

location

Choose a strong password for this vault. The harder to guess, the safer your files will be.

password

You can optionally choose to generate a recovery key in case you ever forget your password. This recovery key is effectively another password. Copy the output text and keep the file somewhere safe.

recovery

Done! After this your vault is created at the specified location.

It's very important to understand that encryption will only apply to those files that are placed inside the vault hereafter. If you already had other files in the chosen directory they won't be immediately encrypted.

Using the Vault

To start using the newly created vault, go ahead and select it from the sidebar menu and unlock it using the correct password. This will open a new window on your file explorer with the contents of the vault. You can treat this as any other directory in your system. You can create, delete, modify, drag and drop files, ...

Do not modify the files inside the encrypted folder directly. Always unlock the vault through Cryptomator, and lock it when you are done working with them. For reference, this is how your vault location actually looks like. Just don't modify files in here.

Changing the encrypted vault location

Oops! I naively named my folder the exact same as my synced folder which means that now I have two folders named exactly the same. This may be confusing the first time you see this, perhaps because you were expecting Cryptomator to complete replace it instead.

To avoid any confusion I'm going to change the name of the folder where my encrypted files are to something like "encrypted_files".

This will create a new problem since Cryptomator is looking for a folder with a different name, so you'll have to change the vault location. Go back to Cryptomator and lock the vault if it wasn't already. You should immediately notice an error message with some options to do exactly what we intend to do, which is "Change Vault Location". Click there and navigate to the location of the encrypted files and choose the "masterkey.cryptomator" file.

That's all your vault should be restored.