Access Keys:
Skip to content (Access Key - 0)

Cryptomator for Cloud-Sharable Encrypted Volumes

Cryptomator is free software for Mac or Windows that allows you to create an encrypted volume to be shared on Dropbox. Data is protected by a passphrase known only to the owner and collaborators. It allows high risk data to be stored in the cloud while still maintaining compliance with various governmental and contractual mandates for secure storage.

Context

  • Many people ask if they can share sensitive data on Dropbox.
  • Data identified as high risk on InfoProtect must meet the following criteria:
    • Use file level encryption when sharing files on platforms like email, Dropbox, Slack. Encryption keys must be shared via another method
  • MIT provides Dropbox Enterprise to the community for file sharing. This strong encryption technology extends its capability.
  • Passwords for encrypted volumes should be stored and shared in a secure manner such as LastPass, which is provided freely by IS&T to the MIT community.

Installation

MacOS

  • Double click the dmg image of it doesn't automatically open
  • A window opens up. Drag the Cryptomator Robot icon into the Applications folder in that window. Do the same for FUSE at the bottom.
  • Eject the Cryptomator disk install image from the desktop by right-click and selecting eject.
  • Click the launcher and search for Cryptomator and launch it
  • NOTE: If you get "System Extension Blocked" for FUSE, follow the instructions on the screen for enabling it in System Preferences.
  • NOTE: Note that there may be a window about success that pops up underneath. If it seems like you can't click anything, try clicking on the Cryptomator icon in the task bar on the bottom to reveal it.

Windows

  • Run the installer executable (Cryptomator-VERISON-NUMBER-x64.exe)
    • Accept the License Agreement. Click Next.
    • Select Destination Location: Default is C:\Program Files\Cryptomator\. Click Next.
    • Select Components: Select Dokan File System Driver and WebDAV system configuration if not already selected. Click Next.
    • Install Dokan Driver - Dokan File System Driver installer starts. Click Next.
      • Default is to install Dokan Core. Installing Development Tools is optional. Click Next.
      • When Dokan install is complete click Finish.
    • Completing the Cryptomator Setup Wizard: To start Cryptomator after install, check Launch Cryptomator. Click Finish.
  • Depending on your Windows setup, you may get a Windows Security Alert about Windows Firewall blocking Cryptomator on first start. You will be asked whether or not to allow private or public network access. Best to start with private network access and then adjust access as needed. Choose Private networks or Public networks and click Allow access.

Adding Encrypted Vaults

  • To add a vault
    • Add Vault->New Vault
    • Choose a name, Next
    • Choose a custom location. This should be a Dropbox folder you've already created.
    • Enter a password. This should be strong and unique to this volume. It will also need to be shared with others.
    • Reveal Drive. The drive will show up on your desktop
    • It's very important you interact with the volume this way, rather than going through Dropbox directly, so that the files remain encrypted.
    • You can share the Dropbox folder with collaborators in the normal matter, but you will also need to share the password for this Volume over LastPass.
  • To use a vault shared by others
    • Add Vault -> Open Existing Vault. Navigate to the shared Dropbox link with the Choose button. It asks you to open the "masterkey.cryptomator" file, which should be obvious.
    • Once it adds the Vault, Click unlock now. Enter the Volume password shared via LastPass by your collaborator.
    • Once it is unlocked successfully, click Reveal Vault. This will open up a special finder window. You must navigate and open everything from this window.

Accessing a Decrypted Vault

  • macOS will show a decrypted vault as a mounted volume in Finder.
  • Windows will assign a drive letter to a decrypted vault.

Important Note: You must access a vault by either method above depending on your operating system. Browsing directly to the Dropbox location will only show the encrypted vaults. Any files added to directly to the Dropbox location will not encrypt these files. Adding new files must be done through one of the decrypted drives in the MacOS Finder or Windows Explorer.

Links

IS&T Contributions

Documentation and information provided by IS&T staff members

Last Modified:

July 07, 2021

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
encryption encryption Delete
dropbox dropbox Delete
cryptomator cryptomator Delete
encrypted encrypted Delete
volumes volumes Delete
security security Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use
This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki