Summary

As an admin, I would like to be able to unlock a Cryptomator Hub vault, e.g. to create backups.

Motivation

In certain circumstances, in very secure environments, it may be useful to create backups of the contents of the vaults. For this purpose it is necessary that Cryptomator CLI can unlock Hub vaults.

Anything else?

If you need this feature in a timely manner, you may want to consider sponsoring this feature. Contact us at [email protected] for further information.

With sponsored features, the requirements are driven by the sponsor, but the resulting feature is available to everyone using Cryptomator. Instead of custom work, sponsors are willing to contribute features back to our platform so that all Cryptomator users can benefit! Also, sponsoring a feature is cheaper than custom development.

Hi, i'm trying to unlock and mount multiple vaults with the cli, it seems as it is only possible to serve two vaults at the time?

Hello everyone,

As said in the title, and after having done

echo | sudo mount -t davfs -o username=,user,gid=1000,uid=1000 http://localhost:8080/demoVault/ /media/your/mounted/folder

with the right option, my encrypted folder is mounted.

The problem: I have symlinks in this original folder, and when I mount it with cryptomator cli (not the original), well... there are no symlinks inside!

I've done some research, and I think davfs supports symlink (if I'm not mistaken), so it would come from cryptomator cli.

Thanks in advance for your reply.

Nothing to add here since the header has all the information.

My masterkey.cryptomator file is located at /home/me/vaults/cryptomator/masterkey.cryptomator

I run the cli jar like so:

java -jar cryptomator-cli-0.2.1.jar --bind 0.0.0.0 --port 8080 --vault cryptomator=/home/me/vaults/cryptomator/ --password=abc

I copied the path and mountName from ~/.Cryptomator/settings.json

This produces the error:

ERROR [CryptomatorCli:36] No vault specified.

Am I doing something wrong or is this a bug?

I would be interested in using Cryptomator for encrypting/decrypting a single file with a password. Is this possible with a one-liner on the (linux) command line? If not, is there a tool you could recommend?

For better inter-operability with tools like rclone it would be brilliant if alongside a directory as the vault path, one could specify a WebDAV url.

This would mean, one could use a combination of rclone and cryptomator-cli in limited environments, where a mount is not possible. (Perhaps foe permission reasons, or simply because of using something like Termux)

Hi,

I reviewed another case from someone with a similar issue, vault name, password and hostname changed for reporting issue. I would like to use cryptomator, so if anyone can provide details on how to use cryptomator on headless CentOS 7 server - I would appreciate it. Sorry for any unprofessional formatting of the issue ahead of time.

I'am using google-drive-ocamlfuse to mount my google drive /home/plex/mnt/drive/MySecretVault
UnlimitedJCEPolicyJDK8
http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip

BASH
[user@hostname ~]$ sudo update-alternatives --config java
There is 1 program that provides 'java'.
Selection Command

*+ 1 java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre/bin/java)
END BASH

copied US_export_policy.jar & local_policy.jar to both directories
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre/lib/security/
/usr/lib/jvm/jre-1.8.0/lib/security/

BASH
[plex@hostname ~]$ java -jar cryptomator-cli-0.3.1.jar --bind 0.0.0.0 --port 42427 --vault MySecretVault=/home/plex/mnt/drive/MySecretVault/ --password MySecretVault=PASSWORD 09:43:00.519 [main] INFO org.eclipse.jetty.util.log - Logging initialized @1241ms to org.eclipse.jetty.util. log.Slf4jLog
09:43:00.585 [main] INFO o.c.frontend.webdav.WebDavServer - Binding server socket to 0.0.0.0:42427
09:43:00.603 [main] INFO o.e.jetty.server.AbstractConnector - Started ServerConnector@5ec0a365{HTTP/1.1,[htt p/1.1]}{0.0.0.0:42427}
09:43:00.605 [main] INFO org.eclipse.jetty.server.Server - jetty-9.4.z-SNAPSHOT
09:43:00.652 [main] INFO o.e.j.server.handler.ContextHandler - Started o.e.j.s.ServletContextHandler@6325a3e e{/,null,AVAILABLE}
09:43:00.653 [main] INFO org.eclipse.jetty.server.Server - Started @1379ms
09:43:00.653 [main] INFO o.c.frontend.webdav.WebDavServer - WebDavServer started.
09:43:00.653 [main] INFO org.cryptomator.cli.CryptomatorCli - Unlocking vault "MySecretVault" located at /home/plex/mnt/drive/MySecretVault
Exception in thread "main" org.cryptomator.cryptolib.api.InvalidPassphraseException
at org.cryptomator.cryptolib.v1.CryptorProviderImpl.createFromKeyFile(CryptorProviderImpl.java:98)
at org.cryptomator.cryptolib.v1.CryptorProviderImpl.createFromKeyFile(CryptorProviderImpl.java:75)
at org.cryptomator.cryptolib.v1.CryptorProviderImpl.createFromKeyFile(CryptorProviderImpl.java:35)
at org.cryptomator.cryptofs.CryptoFileSystemModule.lambda$provideCryptor$0(CryptoFileSystemModule.jav a:36)
at org.cryptomator.cryptofs.UncheckedThrows$2.from(UncheckedThrows.java:58)
at org.cryptomator.cryptofs.CryptoFileSystemModule.provideCryptor(CryptoFileSystemModule.java:31)
at org.cryptomator.cryptofs.CryptoFileSystemModule_ProvideCryptorFactory.get(CryptoFileSystemModule_P rovideCryptorFactory.java:42)
at org.cryptomator.cryptofs.CryptoFileSystemModule_ProvideCryptorFactory.get(CryptoFileSystemModule_P rovideCryptorFactory.java:11)
at dagger.internal.DoubleCheck.get(DoubleCheck.java:47)
at org.cryptomator.cryptofs.CryptoFileSystemImpl_Factory.get(CryptoFileSystemImpl_Factory.java:121)
at org.cryptomator.cryptofs.CryptoFileSystemImpl_Factory.get(CryptoFileSystemImpl_Factory.java:11)
at dagger.internal.DoubleCheck.get(DoubleCheck.java:47)
at org.cryptomator.cryptofs.DaggerCryptoFileSystemProviderComponent$CryptoFileSystemComponentImpl.cry ptoFileSystem(DaggerCryptoFileSystemProviderComponent.java:283)
at org.cryptomator.cryptofs.CryptoFileSystems.lambda$null$0(CryptoFileSystems.java:37)
at java.util.concurrent.ConcurrentHashMap.compute(ConcurrentHashMap.java:1853)
at org.cryptomator.cryptofs.CryptoFileSystems.lambda$create$1(CryptoFileSystems.java:30)
at org.cryptomator.cryptofs.UncheckedThrows$1.from(UncheckedThrows.java:38)
at org.cryptomator.cryptofs.CryptoFileSystems.create(CryptoFileSystems.java:30)
at org.cryptomator.cryptofs.CryptoFileSystemProvider.newFileSystem(CryptoFileSystemProvider.java:274)
at org.cryptomator.cryptofs.CryptoFileSystemProvider.newFileSystem(CryptoFileSystemProvider.java:88)
at java.nio.file.FileSystems.newFileSystem(FileSystems.java:326)
at java.nio.file.FileSystems.newFileSystem(FileSystems.java:276)
at org.cryptomator.cryptofs.CryptoFileSystemProvider.newFileSystem(CryptoFileSystemProvider.java:124)
at org.cryptomator.cli.CryptomatorCli.startup(CryptomatorCli.java:72)
at org.cryptomator.cli.CryptomatorCli.main(CryptomatorCli.java:32)
END BASH

Hi,

I'm trying to run this from powershell with a bunch of spaces in the paths and this happens:

> & "C:\Users\TCB13\Desktop\jdk-16.0.1\bin\java.exe" .\cryptomator-cli-0.4.0.jar --vault vault="C:\Users\TCB13\Documents\Vault" --bind 192.168.1.2 --port 8080
Error: Could not find or load main class .\cryptomator-cli-0.4.0.jar
Caused by: java.lang.ClassNotFoundException: /\cryptomator-cli-0/4/0/jar
"C:\Users\TCB13\Documents

Same happens with java at C:\jdk-16.0.1\bin\java.exe.

Using Java Open SDK 16 from https://jdk.java.net/16/. Also tried the official Java SDK, same issue.

Thank you.

To prevent passwords being visible in automation scripts I would like to be able to specify the name of a file containing the password instead of the actual password itself on the command line. This means other people can look at the script itself and not see any passwords. The script itself can even be publicly version controlled as long as the password file remains secure.

Many other tools allow this, with the password file typically placed in a chmod 700 folder (I currently use ~/.secure for other software tools) with chmod 600 permissions on the file itself (something for the docs maybe)

It looks like the Cryptomator CLI project isn't getting as much attention as we may have hoped for. I would suggest that given there isn't enough interest in the cli aspect to gain critical mass, it would be better if it wasn't a split project in the first place but instead the primary Cryptomator Java project simply handled detection of no graphical interface and/or console invocation depending on what makes sense for the platform and command line parameters, and acted accordingly. Cryptomator could either take all of the necessary inputs as command line parameters the way it appears CLI was doing, and/or it could provide a REPL for runtime mount/unmount etc. You could run it with screen for the REPL, or we could make a CLI option that connects to a running instance of Cryptomator to launch a REPL. The CLI mode of operation would want to be included in any CICD testing as part of the releases to ensure that changes to the GUI interface and backend code don't break the CLI scenario.

Does this seem like a rational suggestion? The CLI based consumers would have a larger app than they might have got from a dedicated CLI app, but this way they get a maintained app that should remain at parity with the GUI version. In my experience, if you can't keep critical mass the solution is to minimize your deviation from the "upstream" so you don't need as much critical mass.

it has been almost a year since the last release -- 0.5.1 released Dec 22, 2021 -- latest as of writing
some dependent libraries receive bugfixes at the mean time(e.g. cryptomator/cryptofs#141

is it possible to make a new release containing all latest fixes? thx

Use case: fully automated scripts. I want to use this for backups of sensitive files with the vault being visible/readable only as long as necessary and unmounted without user intervention as soon as the backup is finished.

The current cli starts the server process and then waits for user intervention to stop it. I would like to have some way to also stop the server. I can use a unix kill command to stop the running process, but I don't know how safe that is, and it just feels a bit too forceful. It would be better to have this as part of the cli.

I don't know enough about your webdav server implementation to know what is possible. Maybe the cli can check if a server is already running on host:port and send some kind of stop command to the running server?

Hi,
Do you plan to update this program to work with the last Cryptomator vault format?
Thk.

Issue not related to cryptomator, that was the problem with osx keychain access.

Thanks for this amazing tool!

As in the title, regarding this excerpt from the readme:

This project is in an early stage and not ready for production use. We recommend to use it only for testing and evaluation purposes.

What is the potential danger of using this CLI? Of course, once there is FUSE 😃 #highSierraGate

Hi, there should be a command like
--password demoVault=myOldPassword --newpassword demoVault=myNewPassword

If there already is a way to change the password without access to a gui it would be nice if you let me know.

The current GUI client gives the option of mounting locally as FUSE or WebDAV. However, the CLI only supports WebDAV. I have found FUSE to be almost pain-free, whereas WebDAV is tricky to set up. Any plans to add FUSE mount from CLI, or enabling mounting as FUSE from fstab? This would greatly streamline interacting with encrypted files programmatically.

Summary

There should be a way to access Cryptomator vaults without a UI interface. If I am SSH-ing into a target machine, I find no way to access a Cryptomator vault from there (and SSH x-forward is not an option since Cryptomator will stop after I disconnect over SSH).

The Cryptomator CLI project seems like the perfect fit but it's been inactive for over 2 years already, and given that it uses cryptofs 1.4.0, I don't know if this is even compatible with recently created vaults.

Cyberduck CLI does support Cryptomator vaults over the terminal but it seems only be for specific file transfers, not to mount a decrypted vault.

I see no other viable alternatives and would like to ask how am I to approach this issue.

If neither --password nor --passwordfile are present, the password should be prompted by the program during startup for each vault.

trying to mount the webdav instance via davfs2 on raspberry pi/jessie is not working with the given error... using davfs2.

Maybe something with the webdav implementation has gone wrong.

Does not work on vault paths with spaces in the file path if you pass it as a bash variable.I tried escaping with \ and quotes( double and single too) but doesn't work.
This is on MacOS Mojave with the latest bash 5.0.2(1)

java -version
openjdk version "12" 2019-03-19
OpenJDK Runtime Environment (build 12+33)
OpenJDK 64-Bit Server VM (build 12+33, mixed mode, sharing)

e.g.
CRYPTOMATOR_PATH="cryptomator-cli-0.3.1.jar"
MOUNT_PATH="$HOME/VAULT_$RANDOM"
VAULT_PATH="/Users/abc/some drive/abcvault"
#VAULT_PATH="/Users/abc/some\ drive/abcvault"
#VAULT_PATH='/Users/abc/some drive/abcvault'
VAULT_PASSWORD="secret;"
VAULT_NAME="abcvault"
BIND_HOST="localhost"
BIND_PORT="8198"

/usr/bin/java -jar $CRYPTOMATOR_PATH --vault $VAULT_NAME=$VAULT_PATH --password $VAULT_NAME=$VAULT_PASSWORD --bind $BIND_HOST --port $BIND_PORT

[main] ERROR org.cryptomator.cli.CryptomatorCli - Not a directory: /Users/abc/some

After:

java -jar ~/utils/cryptomator-cli-0.3.1.jar --vault ~/Documents/media --passwordfile /tmp/pwd.yivJH4 --bind 127.0.0.1 --port 8080 &

I see

13:08:12.596 [main] INFO  org.eclipse.jetty.util.log - Logging initialized @313ms to org.eclipse.jetty.util.log.Slf4jLog
13:08:12.654 [main] INFO  o.c.frontend.webdav.WebDavServer - Binding server socket to 127.0.0.1:8080
13:08:12.666 [main] INFO  o.e.jetty.server.AbstractConnector - Started ServerConnector@6fc6f14e{HTTP/1.1,[http/1.1]}{127.0.0.1:8080}
13:08:12.669 [main] INFO  org.eclipse.jetty.server.Server - jetty-9.4.z-SNAPSHOT
13:08:12.710 [main] INFO  o.e.j.server.handler.ContextHandler - Started o.e.j.s.ServletContextHandler@61f8bee4{/,null,AVAILABLE}
13:08:12.710 [main] INFO  org.eclipse.jetty.server.Server - Started @431ms
13:08:12.710 [main] INFO  o.c.frontend.webdav.WebDavServer - WebDavServer started.
13:08:12.710 [main] INFO  org.cryptomator.cli.CryptomatorCli - Unlocking vault "media" located at /home/ul/Documents/media
13:08:13.388 [main] INFO  org.eclipse.jetty.server.session - DefaultSessionIdManager workerName=node0
13:08:13.389 [main] INFO  org.eclipse.jetty.server.session - No SessionScavenger set, using defaults
13:08:13.390 [main] INFO  org.eclipse.jetty.server.session - Scavenging every 600000ms
13:08:13.395 [main] INFO  o.a.j.w.server.AbstractWebdavServlet - authenticate-header = Basic realm="Jackrabbit Webdav Server"
13:08:13.396 [main] INFO  o.a.j.w.server.AbstractWebdavServlet - csrf-protection = null
13:08:13.396 [main] INFO  o.a.j.w.server.AbstractWebdavServlet - createAbsoluteURI = true
13:08:13.396 [main] INFO  o.e.j.server.handler.ContextHandler - Started o.e.j.s.ServletContextHandler@32502377{/media,null,AVAILABLE}
13:08:13.397 [main] INFO  o.c.f.w.s.WebDavServletController - WebDavServlet started: /media
13:08:13.397 [main] INFO  org.cryptomator.cli.CryptomatorCli - Server started. Press Ctrl+C to terminate.

When I try:
sudo mount -t davfs http://localhost:8080/media ~/media

I get

[sudo] password for ul: 
Please enter the username to authenticate with server
http://localhost:8080/media or hit enter for none.
  Username: 
Please enter the password to authenticate user  with server
http://localhost:8080/media or hit enter for none.
  Password:  
13:12:21.497 [pool-1-thread-19] WARN  o.c.cryptofs.CryptoDirectoryStream - Broken directory file /home/ul/Documents/media/d/FR/IXSN3ZMR43ACDHIXHIATQGGGAI43MU/0NDCYT5IWCXWVUJMN7Q5FSX7FVQMSPWBCTXYZPJLHA2DFUU7NZC6T6KOC22VDCZ77J7K7TBHKFOIKKJUKS2CLATZKBW6QPMPVE6ZZGWNPZSYFL7UC3C7G5OXVF6JOA7QI3HKLGZA53KY4S===. Directory /home/ul/Documents/media/d/I3/J6F4YZUILF4MQCQX3VNFL4DQUCENXC does not exist.
13:12:21.504 [pool-1-thread-19] WARN  org.eclipse.jetty.server.HttpChannel - /media/
java.io.UncheckedIOException: java.nio.file.NoSuchFileException: /home/ul/Documents/media/d/FR/IXSN3ZMR43ACDHIXHIATQGGGAI43MU/S4ZA6QPSMO5IDJPYL7LUC2NHUJMAHGGFGPBRSXHLDG75TGV57TUIMGQMJUYPVMNJFP32MGROZ2CRFPK2W5JN2ORKLOAODVIAIXA3QQFAPDIRYKNZEQ67QVZW6RRA====
	at org.cryptomator.frontend.webdav.servlet.DavFolder.getMembers(DavFolder.java:114)
	at org.apache.jackrabbit.webdav.MultiStatus.addResourceProperties(MultiStatus.java:63)
	at org.apache.jackrabbit.webdav.server.AbstractWebdavServlet.doPropFind(AbstractWebdavServlet.java:561)
	at org.apache.jackrabbit.webdav.server.AbstractWebdavServlet.execute(AbstractWebdavServlet.java:349)
	at org.cryptomator.frontend.webdav.servlet.WebDavServlet.execute(WebDavServlet.java:106)
	at org.apache.jackrabbit.webdav.server.AbstractWebdavServlet.service(AbstractWebdavServlet.java:292)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:841)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
	at org.cryptomator.frontend.webdav.servlet.MacChunkedPutCompatibilityFilter.doFilterHttp(MacChunkedPutCompatibilityFilter.java:58)
	at org.cryptomator.frontend.webdav.servlet.HttpFilter.doFilter(HttpFilter.java:26)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at org.cryptomator.frontend.webdav.servlet.AcceptRangeFilter.doFilterHttp(AcceptRangeFilter.java:38)
	at org.cryptomator.frontend.webdav.servlet.HttpFilter.doFilter(HttpFilter.java:26)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at org.cryptomator.frontend.webdav.servlet.MkcolComplianceFilter.doFilterHttp(MkcolComplianceFilter.java:47)
	at org.cryptomator.frontend.webdav.servlet.HttpFilter.doFilter(HttpFilter.java:26)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at org.cryptomator.frontend.webdav.servlet.PostRequestBlockingFilter.doFilterHttp(PostRequestBlockingFilter.java:46)
	at org.cryptomator.frontend.webdav.servlet.HttpFilter.doFilter(HttpFilter.java:26)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at org.cryptomator.frontend.webdav.servlet.UnicodeResourcePathNormalizationFilter.doFilterHttp(UnicodeResourcePathNormalizationFilter.java:68)
	at org.cryptomator.frontend.webdav.servlet.HttpFilter.doFilter(HttpFilter.java:26)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at org.cryptomator.frontend.webdav.servlet.LoggingFilter.doFilterHttp(LoggingFilter.java:44)
	at org.cryptomator.frontend.webdav.servlet.HttpFilter.doFilter(HttpFilter.java:26)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.Server.handle(Server.java:564)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:317)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
	at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:128)
	at org.eclipse.jetty.util.thread.Invocable$InvocableExecutor.invoke(Invocable.java:222)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:294)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:199)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.nio.file.NoSuchFileException: /home/ul/Documents/media/d/FR/IXSN3ZMR43ACDHIXHIATQGGGAI43MU/S4ZA6QPSMO5IDJPYL7LUC2NHUJMAHGGFGPBRSXHLDG75TGV57TUIMGQMJUYPVMNJFP32MGROZ2CRFPK2W5JN2ORKLOAODVIAIXA3QQFAPDIRYKNZEQ67QVZW6RRA====
	at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86)
	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
	at sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:55)
	at sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:144)
	at sun.nio.fs.LinuxFileSystemProvider.readAttributes(LinuxFileSystemProvider.java:99)
	at java.nio.file.Files.readAttributes(Files.java:1737)
	at org.cryptomator.cryptofs.CryptoFileAttributeProvider.readAttributes(CryptoFileAttributeProvider.java:41)
	at org.cryptomator.cryptofs.CryptoFileSystemImpl.readAttributes(CryptoFileSystemImpl.java:237)
	at org.cryptomator.cryptofs.CryptoFileSystemProvider.readAttributes(CryptoFileSystemProvider.java:360)
	at java.nio.file.Files.readAttributes(Files.java:1737)
	at org.cryptomator.frontend.webdav.servlet.DavFolder.getMembers(DavFolder.java:102)
	... 52 common frames omitted
/sbin/mount.davfs: Mounting failed.
500 Server Error

and there is nothing in ~/media.

Note that using the AppImage version 1.4.15, I can mount and see files in this directory.

Also, I have two other vaults both of which I can mount and see files via the cli and appimage variants...

This seems to be related to just the "media" vault.

Any hints about how to fix this?

I've also tried gio mount dav://127.0.0.1:8080/media but this also fails with:

13:08:20.756 [pool-1-thread-11] WARN  o.c.cryptofs.CryptoDirectoryStream - Broken directory file /home/ul/Documents/media/d/FR/IXSN3ZMR43ACDHIXHIATQGGGAI43MU/0NDCYT5IWCXWVUJMN7Q5FSX7FVQMSPWBCTXYZPJLHA2DFUU7NZC6T6KOC22VDCZ77J7K7TBHKFOIKKJUKS2CLATZKBW6QPMPVE6ZZGWNPZSYFL7UC3C7G5OXVF6JOA7QI3HKLGZA53KY4S===. Directory /home/ul/Documents/media/d/I3/J6F4YZUILF4MQCQX3VNFL4DQUCENXC does not exist.
13:08:20.769 [pool-1-thread-11] WARN  org.eclipse.jetty.server.HttpChannel - /media/
java.io.UncheckedIOException: java.nio.file.NoSuchFileException: /home/ul/Documents/media/d/FR/IXSN3ZMR43ACDHIXHIATQGGGAI43MU/S4ZA6QPSMO5IDJPYL7LUC2NHUJMAHGGFGPBRSXHLDG75TGV57TUIMGQMJUYPVMNJFP32MGROZ2CRFPK2W5JN2ORKLOAODVIAIXA3QQFAPDIRYKNZEQ67QVZW6RRA====
	at org.cryptomator.frontend.webdav.servlet.DavFolder.getMembers(DavFolder.java:114)
	at org.apache.jackrabbit.webdav.MultiStatus.addResourceProperties(MultiStatus.java:63)
	at org.apache.jackrabbit.webdav.server.AbstractWebdavServlet.doPropFind(AbstractWebdavServlet.java:561)
	at org.apache.jackrabbit.webdav.server.AbstractWebdavServlet.execute(AbstractWebdavServlet.java:349)
	at org.cryptomator.frontend.webdav.servlet.WebDavServlet.execute(WebDavServlet.java:106)
	at org.apache.jackrabbit.webdav.server.AbstractWebdavServlet.service(AbstractWebdavServlet.java:292)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:841)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
	at org.cryptomator.frontend.webdav.servlet.MacChunkedPutCompatibilityFilter.doFilterHttp(MacChunkedPutCompatibilityFilter.java:58)
	at org.cryptomator.frontend.webdav.servlet.HttpFilter.doFilter(HttpFilter.java:26)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at org.cryptomator.frontend.webdav.servlet.AcceptRangeFilter.doFilterHttp(AcceptRangeFilter.java:38)
	at org.cryptomator.frontend.webdav.servlet.HttpFilter.doFilter(HttpFilter.java:26)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at org.cryptomator.frontend.webdav.servlet.MkcolComplianceFilter.doFilterHttp(MkcolComplianceFilter.java:47)
	at org.cryptomator.frontend.webdav.servlet.HttpFilter.doFilter(HttpFilter.java:26)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at org.cryptomator.frontend.webdav.servlet.PostRequestBlockingFilter.doFilterHttp(PostRequestBlockingFilter.java:46)
	at org.cryptomator.frontend.webdav.servlet.HttpFilter.doFilter(HttpFilter.java:26)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at org.cryptomator.frontend.webdav.servlet.UnicodeResourcePathNormalizationFilter.doFilterHttp(UnicodeResourcePathNormalizationFilter.java:68)
	at org.cryptomator.frontend.webdav.servlet.HttpFilter.doFilter(HttpFilter.java:26)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at org.cryptomator.frontend.webdav.servlet.LoggingFilter.doFilterHttp(LoggingFilter.java:44)
	at org.cryptomator.frontend.webdav.servlet.HttpFilter.doFilter(HttpFilter.java:26)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.Server.handle(Server.java:564)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:317)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
	at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:128)
	at org.eclipse.jetty.util.thread.Invocable$InvocableExecutor.invoke(Invocable.java:222)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:294)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:199)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.nio.file.NoSuchFileException: /home/ul/Documents/media/d/FR/IXSN3ZMR43ACDHIXHIATQGGGAI43MU/S4ZA6QPSMO5IDJPYL7LUC2NHUJMAHGGFGPBRSXHLDG75TGV57TUIMGQMJUYPVMNJFP32MGROZ2CRFPK2W5JN2ORKLOAODVIAIXA3QQFAPDIRYKNZEQ67QVZW6RRA====
	at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86)
	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
	at sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:55)
	at sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:144)
	at sun.nio.fs.LinuxFileSystemProvider.readAttributes(LinuxFileSystemProvider.java:99)
	at java.nio.file.Files.readAttributes(Files.java:1737)
	at org.cryptomator.cryptofs.CryptoFileAttributeProvider.readAttributes(CryptoFileAttributeProvider.java:41)
	at org.cryptomator.cryptofs.CryptoFileSystemImpl.readAttributes(CryptoFileSystemImpl.java:237)
	at org.cryptomator.cryptofs.CryptoFileSystemProvider.readAttributes(CryptoFileSystemProvider.java:360)
	at java.nio.file.Files.readAttributes(Files.java:1737)
	at org.cryptomator.frontend.webdav.servlet.DavFolder.getMembers(DavFolder.java:102)
	... 52 common frames omitted

(gio mount works well for the other two vaults)

From @SeameX on March 9, 2015 18:8

Hello,

it would be awesome if there could be a command line version!
I want to crypt files on my rpi without GUI.

Best regards

SeameX

Copied from original issue: cryptomator/cryptomator#43

Hello,

my most desired feature is to create vaults from cli and add files into it. That would be the most useable feauture for me and I'm sure for a lot of people, too.

Nochmal auf Deutsch:
Das geilste Feature wäre es, über die Kommandozeile Tresore zu kreieren und auch Dateien hinzuzufügen, damit ich einiges automatisieren könnte. Sicherlich würden dieses Feature auch viele andere feiern.

Regards und so.

In Raspberry Pi running Java 8 ARM,

When using strong passwords such as one containing strings such as '(' or ')', Cryptomator CLI command throws Invalid character & if the password is in the file it throws InvalidPassphraseException.

JCE unlimited strength policy files doesn't make any difference.

CLI Functionality for:

Creation of new vaults, specifying location\name, & new password.
Removal of vaults from the GUI list, specifying location\name (& password?)

I've created a Cryptomator Vault with Cryptomator version 1.6.4. Now I want to automate mounting and my backup process with Cryptomator-cli and I get the following exception:

Exception in thread "main" org.cryptomator.cryptolib.api.UnsupportedVaultFormatException: Tried to open vault of version 999, but can only handle version 7
at org.cryptomator.cryptolib.v1.CryptorProviderImpl.createFromKeyFile(CryptorProviderImpl.java:118)
at org.cryptomator.cryptolib.v1.CryptorProviderImpl.createFromKeyFile(CryptorProviderImpl.java:109)
at org.cryptomator.cryptolib.v1.CryptorProviderImpl.createFromKeyFile(CryptorProviderImpl.java:40)
at org.cryptomator.cryptofs.CryptoFileSystemModule.provideCryptor(CryptoFileSystemModule.java:38)
at org.cryptomator.cryptofs.CryptoFileSystemModule_ProvideCryptorFactory.provideCryptor(CryptoFileSystemModule_ProvideCryptorFactory.java:56)
at org.cryptomator.cryptofs.CryptoFileSystemModule_ProvideCryptorFactory.get(CryptoFileSystemModule_ProvideCryptorFactory.java:43)
at org.cryptomator.cryptofs.CryptoFileSystemModule_ProvideCryptorFactory.get(CryptoFileSystemModule_ProvideCryptorFactory.java:11)
at dagger.internal.DoubleCheck.get(DoubleCheck.java:47)
at org.cryptomator.cryptofs.CryptoFileSystemImpl_Factory.get(CryptoFileSystemImpl_Factory.java:110)
at org.cryptomator.cryptofs.CryptoFileSystemImpl_Factory.get(CryptoFileSystemImpl_Factory.java:16)
at dagger.internal.DoubleCheck.get(DoubleCheck.java:47)

Operating System: macOS 11.3
Mount type: Fuse
Java: OpenJDK 17
Cryptomator App version: 1.6.4
Cryptomator-cli version: 0.4.0

Could you please add a --version option?

It would be nice if this would take a mount hook function so that I could start the server and mount it with one command.

Desired Workflow

mount_f(){
    osascript -e 'mount volume "http://localhost:8080/demoVault/"'
}

export -f mount_f
java -jar cryptomator-cli.jar \
    --bind localhost \
    --port 8080 \
    --vault mySecretVault=/path/to/vault \
    --password mySecretVault=FooBar3000 \
    --mount_hook mount_f

Current Workflow

Terminal 1

java -jar cryptomator-cli.jar \
    --bind localhost \
    --port 8080 \
    --vault mySecretVault=/path/to/vault \
     --password mySecretVault=FooBar3000

Terminal 2

osascript -e 'mount volume "http://localhost:8080/mySecretVault/"' 

Maybe I'm just stupid or not experienced enough, but how do I mount the drive via http://localhost:8080/mysupervault3000?

Are there plans of adding FUSE support to the CLI version?

Your cli app works only with WebDAV vaults. Could you please add support for FUSE vaults to?

D:\Downloads>java -jar cryptomator-cli-0.2.1.jar --bind localhost --port 8081 --vault TestVault=D:\cryptotest\ --password TestVault=test
2017-03-29 15:21:17,371 INFO [log:192] Logging initialized @978ms
2017-03-29 15:21:17,419 INFO [Server:346] jetty-9.3.z-SNAPSHOT
2017-03-29 15:21:17,458 INFO [ContextHandler:781] Started o.e.j.s.ServletContextHandler@6025e1b6{/,null,AVAILABLE}
2017-03-29 15:21:17,631 INFO [AbstractConnector:278] Started ServerConnector@6c40365c{HTTP/1.1,[http/1.1]}{localhost:8081}
2017-03-29 15:21:17,632 INFO [Server:414] Started @1241ms
2017-03-29 15:21:17,636 INFO [WebDavServer:94] WebDavServer started on port 8081.
2017-03-29 15:21:17,637 INFO [CryptomatorCli:64] Unlocking vault "TestVault" located at D:\cryptotest
Exception in thread "main" org.cryptomator.cryptofs.UncheckedThrows$ExceptionThrownUnchecked: java.lang.IllegalArgumentException: Invalid key.

The password ("test") is definitely correct. I tried opening the vault with the GUI which works absolutely correct. Tried to open the /same/ vault within Linux works too with the same cryptomator jar. Specifying a wrong password gives a different exception though (wrong passphrase).

D:\Downloads>java -version
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)

it happens somewhere within

Path vaultRoot = CryptoFileSystemProvider.newFileSystem(vaultPath, properties).getPath("/");

I really would like to have a stable cli release for my linux server. As of now I think Cryptomator is the best solution and the safest for cross-platform (linux, Mac & iOS in my case) data encryption. I would love to see this being developed to stable as it is now for desktops. Right now I am stil depending on Rclone which doesn't work on iOS and isn't as user friendly. So please help me 😄

First off, thank you for Cryptomator!

When following the README to get started with CLI, it seems like #14 (PROPFIND) shows up, perhaps because the correct URL is not something inferable. When I use the Cryptomator GUI app, it seems like the WebDAV URL has some secret prefix path. See screenshots:

When I use the CLI version headless in a raspberry pi, I am not able to mount properly and get that error:

# Config vars
pi@rpi3a:~/cryptomator $ cat variables.sh
CRYPTOMATOR_HOME="/home/pi/cryptomator"
DIR_TO_SYNC_PATH="$CRYPTOMATOR_HOME/syncMe"
CRYPTOMATOR_PATH="$CRYPTOMATOR_HOME/cryptomator-cli-0.3.1.jar"
MOUNT_PATH="$CRYPTOMATOR_HOME/demoVault_mountpoint"
VAULT_PATH="$CRYPTOMATOR_HOME/demoVault"
VAULT_PASSWORD="topSecret"
VAULT_NAME="demoVaultName"
BIND_HOST="localhost"
BIND_PORT="8198"

# START UP THE CLI/WEBDAV SERVER

pi@rpi3a:~/cryptomator $ /usr/bin/java -Dcryptomator.logPath=dcryptodebug.log -jar $CRYPTOMATOR_PATH --vault $VAULT_NAME=$VAULT_PATH  --password $VAULT_NAME=$VAULT_PASSWORD --bind $BIND_HOST --port $BIND_PORT

# different window, all the dirs created, trying to mount:

pi@rpi3a $ sudo mount -t davfs http://localhost:8198/demoVault /home/pi/cryptomator/demoVault_mountpoint/
...
Username: demoVault
Password: topSecret

# returns:
/sbin/mount.davfs: Mounting failed.
501 Method PROPFIND is not defined in RFC 2068 and is not supported by the Servlet API

This is true if I try using http://localhost:8198/ or http://localhost:8198/demoVault as the mount URL. So either the documentation is not clear, or I am not sure how to determine what URL to use. As per screenshots above, I don't know if there is some prefix that needs to be added.

FWIW a comment I left in #22 I'm happy to help contribute but I'll need a few pointers to get started.

Currently, the released jar file has a name with a format of "cryptomator-cli-$VERSION.jar".

This name format causes the name of cryptomator-cli to changes with every version making it hard for other tools that interface with cryptomator-cli to check if it is installed or not.

I think the name should be simply "cryptomator.jar" and this[1] feature request should be used to figure out what version is installed in user's systems.

[1] #37

Thank you for the addition of Fuse , it is working great on my x86/Mint desktop.
However when I mount my vault on Raspberry pi (debian buster on ARM) with the same settings all files in the vault show as 0 bytes.

Steps to reproduce:
I mount my cloud provider with Rclone.
rclone mount CloudProvider: ~/Cloudprovider --vfs-cache-mode writes

I then mount my vault with
java -jar cryptomator-cli --vault CloudVault=~/CloudProvider/CloudVault --fusemount CloudVault=~/CloudVaultMount

The vault unlocks and is browseable, but individual files show as 0 bytes and will not open.

Edit : additional info -

1. Mounting with Webdav works fine, all files show correct sizes and are readable.
2. The maven compile was performed on the PI, copying the JAR over to the Mint 20 x86 machine is working fine.

Could you please add a --help option?

Instead of writing the whole software from scratch, why not just writing a backend for the well-maintained rclone tool? There is huge insterest (rclone/rclone#1647) in this feature.

Creating a new vault requires the user to mkdir the vault directory first. Not really a bug but a little inconvenient so could be fixed in the future. I would suggest to just auto create all missing directories up to the vault location.

When trying to mount a vault via fuse (vault version 8) the following exception is raised and mount fails:

java -jar cryptomator-cli-0.5.0.jar --fusemount BackupNAS=/Volumes/BackupNAS/ --vault BackupNAS=/Volumes/Backup/foo_laptop/BackupNAS/ --password BackupNAS=XXXXX

10:06:16.407 [main] INFO  org.cryptomator.cli.CryptomatorCli - Unlocking vault "BackupNAS" located at /Volumes/Backup/sahra_laptop/BackupNAS
10:06:16.413 [main] INFO  o.c.c.p.PasswordFromPropertyStrategy - Vault 'BackupNAS' password from property.
Exception in thread "main" java.lang.NullPointerException
	at dagger.internal.Preconditions.checkNotNull(Preconditions.java:33)
	at org.cryptomator.frontend.fuse.DaggerFuseNioAdapterComponent$Builder.fileNameTranscoder(DaggerFuseNioAdapterComponent.java:122)
	at org.cryptomator.frontend.fuse.DaggerFuseNioAdapterComponent$Builder.fileNameTranscoder(DaggerFuseNioAdapterComponent.java:101)
	at org.cryptomator.frontend.fuse.AdapterFactory.createReadWriteAdapter(AdapterFactory.java:58)
	at org.cryptomator.frontend.fuse.mount.AbstractMounter.mount(AbstractMounter.java:20)
	at org.cryptomator.frontend.fuse.mount.Mounter.mount(Mounter.java:15)
	at org.cryptomator.frontend.fuse.mount.Mounter.mount(Mounter.java:11)
	at org.cryptomator.cli.frontend.FuseMount.mount(FuseMount.java:36)
	at org.cryptomator.cli.CryptomatorCli.startup(CryptomatorCli.java:106)
	at org.cryptomator.cli.CryptomatorCli.main(CryptomatorCli.java:43)`

Operating System: macOS 11.3
Mount type: Fuse
Java: OpenJDK 17
Cryptomator App version: 1.6.4
Cryptomator-cli version: 0.5.0

Could you please support Bash completion?

I've tried to get the jar to load with every combination of arguments, and having fuse-mounted the chosen directory beforehand or not. The error continues the same regardless.

15:30:57.338 [main] INFO  o.e.jetty.server.AbstractConnector - Started ServerConnector@b729e6{HTTP/1.1, (http/1.1)}{127.0.0.1:8080}
15:30:57.349 [main] INFO  org.eclipse.jetty.server.Server - jetty-10.0.6; built: 2021-06-29T15:28:56.259Z; git: 37e7731b4b142a882d73974ff3bec78d621bd674; jvm 19.0.2+7
15:30:57.549 [main] INFO  o.e.j.server.handler.ContextHandler - Started o.e.j.s.ServletContextHandler@a664f2{/,null,AVAILABLE}
15:30:57.588 [main] INFO  org.eclipse.jetty.server.Server - Started Server@67f029{STARTING}[10.0.6,sto=0] @1965ms
15:30:57.589 [main] INFO  o.c.frontend.webdav.WebDavServer - WebDavServer started.
15:30:57.589 [main] INFO  org.cryptomator.cli.frontend.WebDav - WebDAV server started: 127.0.0.1:8080
15:30:57.639 [main] INFO  org.cryptomator.cli.CryptomatorCli - Unlocking vault "cccliVault" located at /home/synergy/CCLI2NextCloud
15:30:57.640 [main] INFO  o.c.c.p.PasswordFromPropertyStrategy - Vault 'cccliVault' password from property.
Exception in thread "main" java.nio.file.NoSuchFileException: /home/test/vault.cryptomator
	at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
	at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:218)
	at java.base/java.nio.file.Files.newByteChannel(Files.java:380)
	at java.base/java.nio.file.Files.newByteChannel(Files.java:432)
	at java.base/java.nio.file.Files.readAllBytes(Files.java:3287)
	at java.base/java.nio.file.Files.readString(Files.java:3365)
	at org.cryptomator.cryptofs.CryptoFileSystems.readVaultConfigFile(CryptoFileSystems.java:113)
	at org.cryptomator.cryptofs.CryptoFileSystems.create(CryptoFileSystems.java:49)
	at org.cryptomator.cryptofs.CryptoFileSystemProvider.newFileSystem(CryptoFileSystemProvider.java:194)
	at org.cryptomator.cryptofs.CryptoFileSystemProvider.newFileSystem(CryptoFileSystemProvider.java:86)
	at java.base/java.nio.file.FileSystems.newFileSystem(FileSystems.java:339)
	at java.base/java.nio.file.FileSystems.newFileSystem(FileSystems.java:288)
	at org.cryptomator.cryptofs.CryptoFileSystemProvider.newFileSystem(CryptoFileSystemProvider.java:126)
	at org.cryptomator.cli.CryptomatorCli.startup(CryptomatorCli.java:101)
	at org.cryptomator.cli.CryptomatorCli.main(CryptomatorCli.java:43)

Device is a Raspberry Pi 4B inside a Raspad 3 running Raspbian 64.

Host: Raspberry Pi 4 Model B Rev 1.4 
Kernel: 5.10.103-v7l+ 
Uptime: 2 hours, 25 mins 
Packages: 4370 (dpkg), 6 (flatpak), 9 (snap) 
Shell: bash 5.0.3 
Resolution: 1280x800 
DE: LXDE 
WM: Openbox 
Theme: Adwaita-dark [GTK2/3] 
Icons: PiXflat [GTK2/3] 
Terminal: guake 
CPU: BCM2711 (4) @ 1.600GHz 
Memory: 1709MiB / 7720MiB 

Java info (yes, I got OpenJDK 19 running on it):

Maven home: /usr/share/maven
Java version: 19.0.2, vendor: Eclipse Adoptium, runtime: /usr/lib/jvm/jdk-19.0.2+7
Default locale: en_US, platform encoding: UTF-8
OS name: "linux", version: "5.10.103-v7l+", arch: "arm", family: "unix"

Thanks for any info!

From @heinrich-ulbricht on June 10, 2016 13:3

This is a feature proposal concerning interoperability and integration with external tools and scripts.

What about a way to pass a password to Cryptomator without having to enter it manually (=automation) while preventing the password from (accidentally) leaking to log files.

#1 one day probably solves the first requirement: automation. But passing passwords via command line bears the risk of some tools (system log, usual logging tools) capturing the command line and thus the password.

Could we instead provide a pointer to a more volatile location in (shared) memory? Another tool could put the password there and launch Cryptomator with a pointer to the shared memory location. A nice service of Cryptomator could be to erase the memory right after reading the password.

The password thus should be safe from accidental leakage. Only if an attacker explicitly targets this mechanism he would be able to get the password from memory. But usual key loggers, general purpose monitoring tools etc. are no danger anymore.

(Note: key files are no solution for me since even a temporary file might somehow be mirrored by backup software.)

What do you think?

Copied from original issue: cryptomator/cryptomator#290

Since #33 has not made it into a release yet, I built cryptomator-cli myself from the current master. Then I mounted a vault like this:

java -jar cryptomator.jar --vault myVault=/path/to/encrypted/dir --passwordfile myVault=password.txt --fusemount myVault=/path/to/mountpoint

This immediately generates 100% load on one of my eight cores and the CPU load stays at this level until I unmount the vault again, irrespective of actual file access.

Apart from that the vault works as expected. I can access/add files just fine.

This does not happen when mounting the vault with the GUI. In the later case CPU load is very low.