You are here: Home Services Data Storage and File Services sciebo - The Campus Cloud Best Practice - Encryption with Cryptomator

Best Practice - Encryption with Cryptomator

Cryptomator is software developed for a cloud like Sciebo to encrypt files and directories. It can also be used licence-free at the university.

Basic tips:

  • A Cryptomator vault should be located relatively "high up" in the directory tree so that the length of the internal file names does not collide with the length of the operating system. Cryptomator does adjust the file length to a certain extent, but this can be a problem, especially when transferring vaults to other operating systems that have different naming rules or file name lengths, or when the files are copied to backup paths ("Backup").
  • Special characters in file names should be avoided as long as different operating systems are used. The use of UTF-8 file names on all systems reduces the problem, but it still occurs in unfavourable cases.
  • For all actions consisting of a combination of "Cryptomator encryption" and "Synchronisation", it is important that both encryption/decryption and synchronisation are completed before a computer is switched off or taken off the Internet. As long as one works with only one computer, the process can be continued later. However, working with multiple computers (or creating a backup) will result in errors if these steps are not completed.
  • The same Cryptomator and synchronisation tool versions should be used on all computers working with this data. Cryptomator has (so far) compatible Vault structures, but this does not have to remain so.
  • When working with Sciebo, it is necessary to dispense with the "virtual files" function so that the file and folder structure fit together. At the same time, this means that not only must the entire disk space be available for a vault, but also that synchronisation can take a very long time depending on the file size.
  • Open problems: It looks as if it is not always possible to delete a folder in the Cryptomator Vault and then create it again later under the same name. In cases that cannot yet be specifically traced, synchronisation of such folders then seems to be impossible.


Working on shared files with the Sciebo client:

  • Cryptomator Vaults can only be edited via the Sciebo client. Thus, collaboration via the browser with OnlyOffice is not applicable.
  • The problems with collaboration via the Sciebo client are identical with Cryptomator as without the encryption. If "_conflict" files are created, Cryptomator recognises them in the encrypted file name and "corrects" them automatically so that they become visible again in the vault drive.
Document Actions