Encrypt your Dropbox

Mountain Duck and Cyberduck allow Cryptomator client-side encryption of your data which is missing in Dropbox and all other popular cloud storage solutions. You will find a description of how to use Cryptomator Vaults in Dropbox and access your documents from your computer and mobile in the following sections.

Encrypt your data with Mountain Duck and Cyberduck

  • Connect to your bookmark and navigate to the location where you want to store your secured data.
  • Right-click on white space and choose New Encrypted Vault in the context menu.

  • As described in the appearing window enter a name for your encrypted folder. Afterward, choose a password and confirm it by retyping it in the last field.

  • Double-click on your newly created Vault and unlock it by typing the password into the corresponding field.

  • The Vault opens. Now you can create or copy the documents you want to secure into the Vault to encrypt them.

Access your encrypted data with the Cryptomator app on your mobile.

  • Install the Cryptomator App on your mobile (IOS, Android).
  • Tab on the plus symbol and choose the option Add existing vault.
  • To open the previously created Cryptomator Vault choose the cloud service Dropbox, log into your account and navigate to the Vault.
  • Open the Vault folder and select the masterkey file which is named masterkey.cryptomator. After that, the app should show automatically the landing page of the Cryptomator app with the previously selected Vault pinned.
  • Tab on the pinned Vault and type the password into the corresponding field. The Vault should open right after you have unlocked it with the password and you have access to your secured data.

This process does not only work with Dropbox but with any other connection supported in Cyberduck and Mountain Duck. You can find more information on Cryptomator support in our wiki.

Connecting using AssumeRole from AWS Security Token Service (STS)

Instead of providing Access Key ID and Secret Access Key, authenticate using temporary credentials from AWS Security Token Service (STS) with optional Multi-Factor Authentication (MFA), making Cyberduck and Mountain Duck more friendly to enterprise deployments. You will need to install the custom connection profile S3 (Credentials from AWS Security Token Service) available from our website.

Our implementation to obtain temporary credentials is interoperable with standard AWS CLI configuration in ~/.aws/credentials. Refer to our wiki for documentation.

Enterprise filesharing with DRACOON

Cyberduck 6.3 features support for DRACOON – a enterprise cloud service made in Germany.

DRACOON is a highly secure, platform-independent enterprise filesharing solution, which has repeatedly won awards as a market leader. It is certified according to the highest compliance guidelines. Unique to the solution is the own developed TripleCrypt technology with an end-to-end encryption as well as the authorization system for high demands in the enterprise business environment.

The storage service is unique providing transparent, zero-knowledge client-side encryption for an enterprise file sharing environment.

Joyent Triton Object Storage

Triton Object Storage (previously named Manta Storage) by Joyent is now supported in Cyberduck 6.3 and Mountain Duck 2.2. Make sure to install the connection profile.

Their storage backend implementation is open source.

All the pieces required to deploy and operate your own Manta are open source

Triton Object storage touts itself as

Proven at production scale, Triton Object Storage delivers replication, clustering, failover, and backup and recovery capabilites. Robust security is built in, including object level security and access, deep role based access control, and client SSH and data encryption.

Update: Read more about the Triton Object Storage and Cyberduck on the Joyent Blog.

Google Team Drives

We have added support for Google Team Drives in both Cyberduck 6.3 and and Mountain Duck 2.2.

Google Team Drives are shared spaces where teams can easily store, search, and access their files. Unlike files in My Drive, files in Team Drive belong to the team instead of an individual. Even if members leave, the files stay exactly where they are so your team can continue to share information and get work done. Team Drives is available on G Suite Enterprise, G Suite Business, or G Suite for Education editions.

Use the regular Google Drive connection type to see the Team Drives besides My Drive and Shared with me.

Search

We have introduced recursive search in version 4.8 which has been improved since to use native protocol features when available for faster results. Hit ⏎ in the browser search input to search recursively for matching filenames in folders. The following protocols have a server side index that is used to give fast results without recursively descending into folders.

 

We are hiring!

Help shaping widely used products in an open source development environment!

We are looking for an experienced Java enthusiast to join our team as an employee or long term freelancer (work from anywhere). You help us to drive the integration of cloud storage services into Cyberduck & build the next major features for Mountain Duck.

Please refer to our job advertisement for more information.

Cyberduck 6.0 ❤️ Cryptomator

Free, foolproof client-side encryption for cloud storage for the rest of us. We are thrilled to announce the availability of transparent, client-side encryption support for Cyberduck to secure your data on any server or cloud storage. The new encryption feature is based on the excellent concepts and work of Cryptomator. Encryption for data at rest prevents unauthorized access regardless of the server or cloud storage infrastructure.

Secure and Trustworthy

The Cryptomator security architecture has many crucial advantages over other client-side encryption solutions. Cryptomator encrypts file contents and names using AES. The passphrase for the vault is protected against bruteforcing attempts using scrypt. Directory structures get obfuscated. The software is open source thus can be audited independently for security – you can rest assured there are no backdoors and no hidden vulnerabilities. No online service subscription or account required with the risk of a service shutting down.

Interoperable and ready for use with any cloud storage

All vaults either created by Cyberduck, Cryptomator or their mobile apps for iOS and Android are fully interoperable. Previously, Cryptomator vaults could only be used with files on your local hard disk, thus limited to Dropbox or Google Drive services where data is locally synchronized with their client applications. Now, with Cryptomator support in Cyberduck, you can create secure vaults on any server or cloud storage available through the the broad protocol support in Cyberduck – including Amazon S3, Backblaze B2, Microsoft Azure and OneDrive or any OpenStack Swift, WebDAV or FTP interoperable hosting solution.

Transparent Encryption

Starting to secure your data is as easy as creating a new Cryptomator vault by selecting New Encrypted Vault and providing a passphrase. As soon as you try to open a folder containing a vault, Cyberduck will prompt for the passphrase to unlock it. Inside a unlocked vault you can work as you are used to with Cyberduck. Uploads and downloads are transparently encrypted and decrypted respectively with no change in your usual workflow required. You can have encrypted vaults and non-encrypted folders reside along on your storage location.

Mountain Duck 2.0 with support for Cryptomator vaults is available as beta today.

Illustration by Katharina Hagemann

Illustration by Katharina Hagemann