cloud encryption: cryptomator

Here is a great solution for anyone who wants to encrypt their data before putting it onto the cloud.

https://cryptomator.org/

It’s an open-source encryption software for PC, MAC, Linux, Android, and iOS. So every common plattform is supported.

How is it encrypted?

In short:
You get a realtime de-/encrypted container.

the password: scrypt
the files: AES-GCM (256 Bit)
(the filenames are also encrypted beforehand)

See the full documentation on that here: https://docs.cryptomator.org/en/latest/security/architecture/

pc windows example

Note

There are multiple files generated. good for cloud sync.
The structure looks for similar to the files and folders created with ENC DataVault by ENC Security
You get a “light” Version (which enables AES 256 bit) of that software with buying a Sandisk Cruzer USB Stick. I’ve bought the pro version allowing multiple, military-grade AES 512 and also AES 1024 bit containers.
=> cryptomator has a better usability

Use cases

In my case, I use it to safely share and access data between my windows pc, linux (ubuntu) and android smartphone.

On mobile, you get the option to sync your taken pictures encrypted into one container. for convenience, there is the option of entering your credentials to encrypted containers via fingerprint.

It would be possible to share cloud storage with other family members and keep private data protected.

You could also just encrypt your files locally on an external disk.

About the company: Skymatic GmbH

It’s born as a german startup with the idea: there are a few cloud encryption tools available… but no one has made their code open source to be transparent and also more secure.

They also provide company licenses for implementing their technology into your own software or you can get an enterprise solution for encrypted file storing and sharing: cryptomator server https://server.cryptomator.org/

Pricing

Nov 2019:
PC / Linux / Mac: Pay what you want

0 EUR, 9 EUR, 15 EUR, 25 EUR or what you want

Android and iOS:

iOS 5,99 EUR – 4,99 USD
Android 9,99 EUR
right now there is a discount for 5,99 EUR

Secure E-Mail with Gpg4win

On the 07.05.2019 the BSI (Federal Office for Information Security) has released a press article that federal institutions may use Gpg4win ( https://www.gpg4win.de/ ) to send VS-NfD / restricted data via mail.
which means for us..
-> if it’s safe for restricted federal data…
-> it’s safe to use for everyone’s emails as well 🙂

https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Gpg4win-mit-VS-NfD-070519.html

A note on why you should encrypt and what the software does, can be found here

https://www.bsi.bund.de/DE/Themen/Kryptografie_Kryptotechnologie/Kryptotechnologie/Gpg4win/gpg4win_node.html

Basically.. if you send private messages… in the realworld, you wouldn’t want to send several things readable to everyone on the way either, like on a postcard.

=> On the web.. sending emails is like sending postcards…

Of course, TLS/SSL helps that the way your message is transferred safely.. but on the servers, your emails are still readable in clear text.
Oh.. wait.. there is the patriot act, which allows national agencies to access to those on demand. but not only the USA has such laws..

The thing is, that federal security agencies like the NSA might copy your emails and make profiles from it.
Even your metadata 😉 speaks a lot about you
who you are friend with.. what topics you talk to them.. when you are awake, if you are in vacations, from which location/computer you send your email from… and many more

The goal here is: END to END
private/public key encryption (RSA)

How does RSA work?

You can encrypt with a public key but only decrypt with a private key.
https://www.tutorialspoint.com/cryptography/public_key_encryption.htm

You generate a password-protected private key, which you don’t share.
With this one, you generate a public key.

Now you send your public key to the other person.
The other person encrypts the message with your public key and sends it to you.
You can decrypt the message with your private key.

I’ll make a tutorial on how actually to use Gpg4win