What is Cryptomator? A Close Look at the Cloud Encryption Solution
Cryptomator is a German encryption solution that was launched in 2016 by the start-up Skymatic GmbH. Boxcryptor (exists since 2011) and Cryptomator are currently the most popular encryption solutions for cloud storage for private users. We give an overview of what exactly the solution is and what similarities and differences there are to Boxcryptor.
Cryptomator and Boxcryptor in Quick Comparison
The essential advantages of Boxcryptor and Cryptomator are quickly brought to the point and may help you to decide which solution suits you best.
- Cryptomator is Open Source, which for some people is a decision relevant criterion.
- Boxcryptor is the more mature solution, which is longer on the market, contains more features and is in some respects easier to use.
- Boxcryptor supports a larger number of cloud providers.
- Boxcryptor is ready for enterprise use.
How Cryptomator Works
If you use Cryptomator, you can create vaults that are hosted on a virtual drive. The data stored in the vault is then encrypted. The user can specify the location of the vault, for example a cloud provider. Since version 1.5.0, released in April 2020, selected vaults can be locked and unlocked – not all vaults lock or unlock at the same time.
Just like with Boxcryptor, all files are encrypted individually. So, if a file is changed, not the whole content has to be re-encrypted and synchronized – as with many other encryption tools – but only the file that changed.
Encryption and Password Protection in Cryptomator
In Cryptomator files are encrypted with AES with 256-bit key length. According to the website, the password is protected with scrypt – a password-based key derivation function – and path structures are obfuscated. A short technical overview can be found on the help pages docs.cryptomator. However, this is probably not understandable for all users without IT knowledge, as it is written on a high technical level.
Boxcryptor encrypts files with AES and RSA encryption. The user’s password is hashed several times on the user’s device and is set differently to obtain a password hash and a password key. The password hash is transmitted, hashed a second time on the Boxcryptor servers, and the result is stored. This way, the password remains exclusively on the user’s device and we at Boxcryptor itself cannot access your password and therefore cannot access your cloud content. For this reason, Boxcryptor is – just like Cryptomator – a zero knowledge provider. You can read all details and information about how exactly the encryption of files works in the technical overview of Boxcryptor.
Info: The term zero knowledge in the context of data encryption was first coined by Edward Snowden. It describes a cloud storage or a cloud encryption solution where the provider of the solution itself does not have access to the users’ password and content. This means that the provider has no knowledge – zero knowledge – and the users’ own data remains completely private.
Cryptomator and Boxcryptor in Comparison
In this chapter we compare relevant criteria such as the supported platforms, the features of the respective mobile apps, as well as relevant general features such as file sharing. Depending on what is important for your particular use case and setup, you will be able to choose the solution that is right for you.
Supported Cloud Providers
Cryptomator: Dropbox, OneDrive, Google Drive and WebDAV based cloud storages
Boxcryptor: Dropbox, OneDrive, Google Drive, WebDAV based cloud storages and in addition over 30 more cloud providers in total, such as iCloud and SharePoint
Cryptomator: Windows, macOS, iOS, Android, Linux
Boxcryptor: Windows, macOS, iOS, Android, (Linux with the Boxcryptor Portable and limited functionality)
In Cryptomator you can share files and folders with other Cryptomator users by giving them access to your Vault (by sharing your password). The Vault should not be open to two people at the same time. In Boxcryptor, on the other hand, users can share individual files securely and specifically via email address, just like Dropbox and the common cloud providers. It is not necessary to give other users access to Boxcryptor and share your password.
Sharing files with people who are not using Cryptomator is not possible with Cryptomator. This was also not possible in Boxcryptor until 2016, until we developed Whisply for this purpose. Whisply is an end-to-end encrypted file transfer service that can be used in the browser, but is also integrated into Boxcryptor. It allows sharing files with non Boxcryptor users directly from the Boxcryptor drive.
Cryptomator works without an account, but with Boxcryptor it is necessary to create an account. The reason for this is that Boxcryptor offers the option to share individual files and folders via email address. To share files with other users, we have to encrypt the file key with the public key of the other user. The Boxcryptor server is primarily a central location where these public keys are stored. By registering with Boxcryptor, you register your public key so that other users can retrieve it from there.
The main difference between Boxcryptor and Cryptomator in this respect is that Cryptomator does not require or offer an account creation. However, Cryptomator does not allow targeted (secure) and easy file sharing.
Additional Account Security
Boxcryptor offers 2-factor authentication (2FA) with Authenticator Apps (TOTP) on all platforms. Security keys with the WebAuthN standard (for example YubiKeys) are currently supported on Windows and macOS.
Cryptomator currently does not offer 2-factor authentication.
The pricing model at Cryptomator for the desktop versions is on a donation basis. On the website 0-25€ are suggested and a higher amount can be entered. For the apps for the mobile versions, a one-time fixed price is due, namely 9.99€ each, for iOS or Android. Since the update to Cryptomator 1.5.0 a Dark Mode feature is available. However, only users who have made a donation will receive it. The free version does not include the dark mode.
Boxcryptor on the other hand has a freemium pricing model. On the one hand, the software can be used free of charge on all platforms. In the free version you can integrate one cloud storage and use it on two devices. The most important security features are included in the basic version. Example: Encrypting Dropbox with Boxcryptor and accessing it on Windows and Android is free.
Besides the free version, there are different subscriptions for different purposes. The full version for private use costs 36€ per year or 27€ per year for a 3-year subscription. With the subscription, as many cloud providers as desired can be integrated and an unlimited number of devices can be used. File name encryption is also added as an additional feature. There is a 25% discount for students. The Business Version for self-employed persons costs 72€ with annual payment and 54€ per year with a 3-year subscription.
Depending on your use case, one or the other version is cheaper. Boxcryptor can be used completely free of charge if only one cloud storage is used on two devices – even with the mobile apps. Cryptomator can be used free of charge on desktop, with the mobile versions a one-time payment is always due. But the loyalty of our customers shows us that price is not the only decision criterion.
Trust – How Do We Establish Trust in our Solutions?
Cryptomator is open source software, which means that the code is accessible and freely available to everyone. The obvious advantage of this is that it is harder for the vendor to build in backdoors, as the community could discover them – if the code is indeed checked regularly and carefully.
Boxcryptor is proprietary, which means that the code cannot be seen by the public. Instead, Boxcryptor focuses on transparent and comprehensible communication in the technical overview. As a consequence, the way Boxcryptor works is publicly available and can be checked for security by experts. Furthermore, the software was tested in an independent audit in spring 2020. The audit was conducted by the renowned security company Kudelski Security. Additionally, the basic encryption code can be viewed as a minimal implementation and tested on Boxcryptor files.
Cryptomator: English, German, Dutch, Russian, Chinese
Boxcryptor: English, German, French, Italian, Spanish, Russian
The Features of the Mobile Apps in Comparison
The functionality of the encryption apps for mobile is similar for Cryptomator and Boxcryptor. While Cryptomator relies on donations for the desktop apps, the mobile app, however, requires an immediate payment of 9.99€. The Boxcryptor app itself is completely free of charge and can be used with the free license, also for testing purposes, in the mentioned functionality. Also, the single user and team licenses with costs can be used with the same app.
Since Cryptomator does not offer a free trial version of the mobile apps, it is worth taking a look at the features offered in the app in advance. Here you can see the available features in direct comparison.
Cloud Encryption for Teams and Companies
With Cryptomator Server, Cryptomator offers the possibility for companies to encrypt their own servers with Cryptomator. Available features are user rights management, audit logs and encrypted cloud backups. Workspaces can be set up which correspond to the functional scope of the Cryptomator vaults, but for which access rights can be assigned to individual users. In short: Your own servers can be secured with Cryptomator and connected to a cloud backup. Secure collaboration in the cloud does not seem to be possible, however.
Boxcryptor, on the other hand, is suitable for the encryption of company data of any kind and for secure working and collaboration in the cloud due to its many collaboration and management features. Among other things, user management is simplified by Active Directory support, Single Sign-on, Account Capture and group features that can be managed in the admin interface. Auditing functions, customizable policies, 2FA and the Master Key guarantee full control over company data. Boxcryptor can therefore be used in any area, whether private or corporate, without any problems or major hurdles.
The encryption solutions are similar, but there are small, relevant differences. For one person it may be more important that he or she uses an open source solution. For others, it is more important that files can also be shared with people who do not use the encryption software or that certain features are available. One person appreciates the work in the vault, the other one gets along better with Boxcryptor’s virtual drive. One person wants to be able to take photos in the encrypted app, the next one doesn’t care so much. We hope that this article could help you to decide between Cryptomator and Boxcryptor.