Cryptography and Encryption

Cryptomator – Cloud Client Side File Encryption

Multi-platform transparent client-side encryption of your files in the cloud.  Cryptomator provides transparent, client-side encryption for your cloud. Protect your documents from unauthorized access. Cryptomator is free and open source software, so you can rest assured there are no backdoors.

Cryptomator encrypts file contents and names using AES. Your passphrase is protected against bruteforcing attempts using scrypt. Directory structures get obfuscated. The only thing which cannot be encrypted without breaking your cloud synchronization is the modification date of your files. Cryptomator encrypts files and doesn’t care where you store them. This makes it a lightweight application, which we believe is a huge benefit for reliability. Cryptomator is a so-called transparent encryption utility. This means that you don’t have to learn new workflows. Just work with your files as you’re used to.

Cryptomator is a free and open source software licensed under the MIT / X Consortium License. This allows anyone to check our code. It is impossible to introduce backdoors for third parties.  Vendor lock-ins are impossible. Even if this team decide to stop development: The source code is already cloned by hundreds of other developers. As you don’t need an account, you will never stand in front of locked doors.

Today, German startup Skymatic released Cryptomator 1.0 for Android. The encryption app allows users to protect their files securely and easily in any cloud storage.

Cryptomator allows users to securely store even sensitive data in the cloud. The easyto-use app encrypts files on mobile devices before they are uploaded to the cloud storage. Access to encrypted files is equally effortless.  Cryptomator is the first open-source encryption solution for the cloud that is also user-friendly. The open-source encryption implementation ensures that the app does what it is supposed to do. No backdoors are implemented, no weaknesses are concealed. For its user-friendliness and transparency, Cryptomator received the CeBIT Innovation Award 2016 for Usable Security and Privacy.

In version 1.0 for Android, the app is compatible with Dropbox, Google Drive, OneDrive, and WebDAV-based providers.


Cloud Client Side File Encryption



  • Works with Dropbox, Google Drive, OneDrive, Nextcloud and any other cloud storage service which synchronizes with a local directory
  • Open Source means: No backdoors, control is better than trust
  • Client-side: No accounts, no data shared with any online service
  • Totally transparent: Just work on the virtual drive as if it were a USB flash drive
  • AES encryption with 256-bit key length
  • Filenames get encrypted, too
  • Use as many vaults in your Dropbox as you want, each having individual passwords



  • 256-bit keys (unlimited strength policy bundled with native binaries)
  • Scrypt key derivation
  • Cryptographically secure random numbers for salts, IVs and the masterkey of course
  • Sensitive data is wiped from the heap asap
  • Lightweight: Complexity kills security



  • HMAC over file contents to recognize changed ciphertext before decryption
  • I/O operations are transactional and atomic, if the filesystems support it
  • Each file contains all information needed for decryption (except for the key of course), no common metadata means no SPOF



  • Java 8 + JCE unlimited strength policy files (needed for 256-bit keys)
  • Maven 3
  • Optional: OS-dependent build tools for native packaging (see Windows, OS X, Linux)

Download Cryptomator