How to encrypt files in the cloud with Cryptomator step by step

Informatec Digital » Resources » How to encrypt files in the cloud with Cryptomator step by step

Most people upload documents, photos, or backups to the cloud without thinking about it too much, but Blindly trusting services like Google Drive, OneDrive, or Dropbox isn't always a good idea. If you're even remotely concerned about privacy, keep in mind that while these platforms offer some encryption, you don't control the keys, and ultimately, your files depend on how they handle security.

To have real control over your data, the most sensible thing to do is Encrypt your files before they leave your computer or mobile deviceThat's where Cryptomator comes in, an open-source tool designed precisely for that purpose: to protect what you upload to the cloud without complicating your life, with a simple interface and robust encryption technology that meets the most demanding standards and the GDPR.

What is Cryptomator and why use it with the cloud?

Cryptomator is a client-side encryption program designed specifically for cloud servicesServices like OneDrive, Google Drive, Dropbox, Box, iCloud Drive, ownCloud, or Nextcloud work as long as there's a sync folder on your computer. Instead of relying on the provider's security, your files are encrypted locally on your device before syncing.

One of the great advantages is that You don't need to create additional accounts or register personal data. to use it. There is no central Cryptomator server that receives your files: the entire encryption and decryption process happens on your computer or mobile device, and the cloud provider only sees seemingly meaningless encrypted data.

The tool create a "vault" or safe inside a folder (for example, within your OneDrive folder) and mount that vault as a virtual drive on your system. When the vault is unlocked, you see your files in plain text on that virtual drive; when it's locked, all that remains visible are encrypted files and names that are impossible to interpret.

Cryptomator is cross-platform and open sourceIt's available for Windows, macOS, and Linux, and also has apps for iOS and Android. It's free on desktop; on mobile, the Android app is paid (around €14,99), while the iOS app is also paid, although it's generally considered a small investment compared to the value of protecting your personal data.

The encryption system is based on AES with 256-bit keysOne of the most widely used standards in modern security, it's considered strong enough to protect sensitive data. Furthermore, it not only encrypts file contents but also folder names and part of the folder structure, making it even harder for anyone to deduce what you're storing in your cloud.

Main technical and safety features

From a technical standpoint, Cryptomator offers a range of features that make it a very robust option for encrypting files in the cloud, both for individual users and for professionals who handle sensitive information and need to comply with data protection requirements such as the GDPR.

The core functionality revolves around the creation of encrypted vaults. Each vault is a special folder where All files you save are individually encryptedThis means that if you change a single file, only that file is synchronized and not the entire vault, which improves performance and reduces bandwidth consumption.

The AES-256 encryption applied to each file is complemented by mechanisms for Hide file names, paths, and file sizesThe resulting directory structure, as seen by the cloud provider, appears "confusing," without recognizable patterns, making it difficult to infer the nature of the documents.

Cryptomator has been audited by independent third parties and is considered suitable for synchronizing personal data in accordance with the European Union's General Data Protection Regulation (GDPR). This is especially relevant if you are self-employed, work with customer information, or manage medical, legal, or financial data.

Another important advantage is that The tool works entirely on the client side.There are no additional cloud services, no extra transfers, and no need to rely on a new intermediary; only the data you're already uploading to your existing cloud provider is encrypted. This reduces the attack surface and simplifies the threat model.

Compatible platforms and basic requirements

Cryptomator is available for most systems used on a daily basis, making it easy use the same encrypted vault from different devices No headaches. You can start on a Windows PC and then access the same data from your mobile device, as long as you use the same vault password.

On computers, the application is offered for Windows, macOS and LinuxFully functional desktop versions are available. On Windows, you can download installers in EXE or MSI format, while macOS and Linux use the standard packages for each platform. For Linux, there are DEB packages that can be easily installed on distributions like Ubuntu and its derivatives.

On mobile devices, Cryptomator offers specific apps for Android and iOSThese apps allow you to access your encrypted vaults, view, add or modify files from your smartphone or tablet, thus maintaining a consistent user experience across all your devices.

To function correctly on Windows, Cryptomator relies on WinFsp to mount the virtual drive where the decrypted files are displayed. In systems like Linux, WebDAV has traditionally been used for mounting vaults, although this method can cause occasional problems with certain applications, for example, when opening LibreOffice documents directly from the mounted drive.

In any case, the fundamental requirement is that your cloud service have a synchronization client that creates a local folder on your computer (for example, C:\Users\YourUsername\OneDrive). Cryptomator will work on that folder to place the encrypted data there, which will then be synchronized with the cloud.

Install Cryptomator on your computer

The Cryptomator installation process is fairly straightforward on most platforms. Generally, it only requires... Download the official installer, run it, and follow a few steps.without the need for complex configurations. Even so, it's helpful to know some specific details depending on the operating system.

On Windows, after downloading the EXE or MSI file from the project website, simply The wizard launches and the default options are accepted.During the process, the necessary components will be installed, including WinFsp, which is responsible for creating the virtual drive where the decrypted files will be displayed.

On macOS, the procedure involves Download the disk image and drag the application to the Applications folder.As is typical for this platform, once installed, you can open Cryptomator from Launchpad and start creating encrypted vaults in your iCloud Drive, Dropbox, OneDrive, or other providers' sync folders.

On Linux, depending on the distribution, you can install a pre-made DEB package. For Ubuntu-based systems, after Check your system architecture (for example with uname -m)The corresponding package (32 or 64 bits) is downloaded and installed using tools like dpkg. The typical command would be similar to installing any other Debian package, leaving the program ready in the applications menu.

Once installed, the next step will be Open the application and create your first vaultBefore that, make sure your cloud service client (OneDrive, Google Drive, Dropbox, etc.) is already installed and correctly syncing a local folder on your system.

Create your first encrypted vault in the cloud

Once you have Cryptomator installed and configured the cloud service you want to use, it's time to Create a new safe to store your sensitive files.This process is done from the program's main window and only takes a few minutes.

In the Cryptomator interface, you'll see a button to add a new vaultBy clicking, you can choose between opening an existing vault or creating a completely new one. Selecting the new vault option will first prompt you to enter a name for the vault, such as "Private Documents" or something that clearly identifies its contents.

When you choose a name, Cryptomator will create a directory with that name within the location you specify. Typically, this is Place this folder inside your cloud service directoryFor example, in the path C:\Users\YourUsername\OneDrive or in the Google Drive folder. If the program automatically detects the locations of the installed cloud services, you can select them directly; otherwise, you can always use a "Custom Location" and manually navigate to the sync folder.

In the advanced creation options, you can adjust some details, but for most users The default settings are sufficientThe really important part comes in the next step: defining the vault password, which will be your master key to encrypt and decrypt all its contents.

Cryptomator will then ask you to Enter a strong password that will be the basis of the encryptionIt's crucial that it be long, difficult to guess, and that you don't reuse it from other services. Additionally, the program offers the option to generate a recovery or security key, a kind of "emergency key" that will allow you to regain access to the vault if you forget your main password.

It is highly recommended to activate this extra security option and Save the recovery key in a reliable password managerNever store them in the cloud folder itself or on the same unprotected computer. This way, if you ever forget, you won't permanently lose access to all your encrypted files.

Once you confirm your password and the security key generation (if you use one), simply click the button to create the vault. In just a few seconds, Your new safe will be ready to use. and it will appear listed on the Cryptomator main panel.

How to unlock the vault and work with your files

With the vault created, the daily workflow is very simple: all you have to do is unlock it when you need to access your files and lock it when you're finished. While it's unlocked, it functions like any other drive on the system, to which you can copy, move, or delete documents just as you would with any other folder.

In the Cryptomator main window, you'll see a list of all known vaults on the computer. To access one, select it and click the unlock button. The program will then display a field for enter the password associated with that vaultOnce validated, Cryptomator will mount a virtual drive on your system: on Windows, for example, it will appear with a new drive letter, such as E: or F:.

From that moment on, you can Open the file explorer and navigate through the virtual drive. It works just like a USB drive or an additional hard drive. The documents and folders you see there are decrypted in real time, ready to be read, edited, or deleted. Everything you copy to that drive will be automatically encrypted and saved in the vault's actual folder, which in turn syncs with the cloud.

Something important to keep in mind is that You should not directly manipulate the encrypted files you see in the actual cloud folder. (For example, the one inside your OneDrive folder). From there, you'll only see files with strange and incomprehensible names; don't try to modify or move them manually. Always work from the virtual drive that Cryptomator mounts when the vault is unlocked.

When you're finished using the vault, return to the program window and click the option to lock it. It will disassemble the virtual drive and leave the data inaccessible. without the password, even if the cloud provider or someone with access to the computer tries to snoop in the sync folder.

Additional configuration and security options

In addition to the basic vault creation and unlocking functions, Cryptomator offers several configuration options that help adjust the application's behavior to your safety and comfort needs. It's worth taking a few minutes to review them to get the most out of them.

In the specific configuration of each vault you will find, for example, the option to set an automatic lock after a period of inactivityThis feature is very useful if you often leave your computer on and get up frequently, as it reduces the risk of someone accessing the virtual drive while you are not around.

You also have the option to decide if you want the vault to be unlock automatically when the system startsAlthough it may seem convenient, from a security point of view it is best to keep this option disabled, especially if other people have physical access to the device or if it is a laptop that you take outside of your home or office.

On the mounting tab, you can choose whether the unit should be read-only or with write permissionsIn addition to assigning a specific drive letter in systems like Windows, configuring it as read-only can be useful in situations where you only want to view documents without the risk of accidentally deleting or modifying them.

At a global level, in the application settings, you can activate the Cryptomator will start automatically with the operating system.as well as adjusting details related to the interface or mounting method. In some specific environments, for example in certain Linux distributions, it may be necessary to modify how the vault is mounted to avoid incompatibilities with specific programs.

In any case, the general philosophy of the tool is to maintain the Complexity kept under control so as not to sacrifice securityFewer complicated options mean less room for critical configuration errors, and that's good news for users who don't want to become cryptography experts to protect their documents.

Advantages over other encryption solutions

Cryptomator isn't the only option for encrypting files, but it has several features that make it especially attractive when it comes to Protecting data in cloud storage servicesIt's an interesting alternative to tools like Picocrypt or other similar solutions, and even to disk encryption options like BitLocker.

One of the main differences is its strictly cloud-oriented approach, focused on services like Dropbox, Google Drive, or OneDrive. The application integrates seamlessly with the local sync folder, which It allows you to continue using your usual services without changing your workflow.You simply add the encryption layer on top, maintaining the same saving and synchronization habits.

While other tools use different algorithms, such as XChaCha20, Cryptomator opts for AES-256, widely audited and widely used in the area of ​​security. For most users, the performance difference is minimal, but the confidence in such a proven standard is very reassuring.

The fact of being open source software It adds a layer of transparency: anyone can review the code, audit it, or verify that it does exactly what it promises. This contrasts with proprietary solutions where you have to trust the manufacturer's claims without being able to independently verify them.

On the other hand, the possibility of Create as many different vaults as you want, each with its own passwordIt helps to organize and compartmentalize information. You can use one safe for personal documents, another for work, another for backups… If a password is compromised, the impact is limited to that specific safe.

All of this makes Cryptomator a kind of "Swiss Army knife" of cloud encryption, with a very successful balance between ease of use, technical robustness and respect for user privacy.

Protecting your files with Cryptomator before uploading them to the cloud allows you to Maintain control of your data and reduce your reliance on each provider's internal security.With a simple setup, an encrypted vault system, and audited, GDPR-compliant AES-256 encryption, the tool offers a powerful additional layer of defense for anyone who wants to take their digital privacy seriously while still taking advantage of the benefits of the cloud.