-
-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cryptomator Trigger #59
Comments
Thanks @Technoprenerd Is there any reason you prefer Cryptomator to Veracrypt? afaik veracrypt is the most popular cross-platform software for creating encrypted volumes |
Is there any command to list all mounts too? That way the trigger could just list them all and iterate through the list, umounting all of them? Also, is there any built-in "shred" command that wipes the area of the encrypted volume that holds the (encrypted?) master keys? I mean something that's faster than overwriting the whole volume, of course. And does Cryptomator have any decent documentation describing the encoding of their volumes? In LUKS there's 8-32 keyslots, and the way LUKS works is very clearly documented in the whitepapers:
Is there an equivalent whitepaper describing Cryptomator so I can wrap my head around its headers/footers/keyslots/encodings/recovery/etc? |
@maltfield : No preference, I've tried them all and it seems that for new users this type of application is more usable (better UI/UX) for creating and encrypting individual files (not volumes). Probably iterate through the /Volumes/ paths to select folders, should be scripted though. Depends if Shred is installed, in osx it is no longer default installed. Cryptomator does have decent documentation: https://docs.cryptomator.org/en/latest/security/architecture/ https://docs.cryptomator.org/en/latest/security/security-target/ |
source: https://docs.cryptomator.org/en/latest/security/security-target/ Because of this, it seems like a self-destruct may be less valuable for Cryptomator. Depending on the adversary, they could just force the cloud provider to hand over a backup of the But I definitely think it would be worthwhile to write a trigger for Cryptomator that simply:
@Technoprenerd Do you have any python experience? I think the first deliverable here is to write a simple python function
(if possible, it would be best if This begs the question: does doing ^ that or unmounting a Cryptomator volume require root access? If so, we have a way to escalate buskill's triggers as root on MacOS (but not Windows or Linux yet): |
@maltfield Agreed, adversary would just copy the backup masterkey from cloud provider and decrypt it. Yes, below is how far I've come and works on OSX.
TODO:
|
It does work with multiple vaults open at the same time
Cryptomator GUI shows everything locked |
@Technoprenerd thanks for your work on this! Would you mind adding your code and iterating directly on this new repo? |
See also #62 |
Moving code from BusKill/buskill-app#59
Idea for Cryptomator trigger.
Cryptomator (https://cryptomator.org/) creates encrypted volumes.
It uses WebDav or Fuse to mount volumes.
On Mac OSX, a script can do the unmounting:
umount --force /Volumes/<CryptomatorVaultName>
orsudo diskutil unmount /Volumes/<CryptomatorVaultName/
The main issue with this, is that the Vault Name should be known for the path to be able to trigger it in a script.
Another idea is to buy and install the Mountain application (https://appgineers.de/mountain/) with HotKeys set for
Unmount external volumes
, it works without knowing all the volume names.The Buskill would trigger a script that presses these hotkeys for the Mountain app to do this.
Remarks on this are appreciated.
The text was updated successfully, but these errors were encountered: