~~NOCACHE~~ This page last changed ~~LASTMOD~~ [{{counter|today| time| times}} today, {{counter|yesterday| time| times}} yesterday, and {{counter|total| time| total times}}] ~~NOTOC~~ ======Using Cryptomator====== A way for someone with MacOS device(s), iPad(s), and iPhone(s) to secure and access their data from their devices. ===== Set up a Cryptomator Vault on iCloud (macOS, iPhone, iPad) ===== This setup allows iCloud to sync your vault files in encrypted form, while Cryptomator handles local decryption on each device. ----- ==== Requirements ==== Install Cryptomator on each device: macOS: * Download from: https://cryptomator.org/downloads/ iPhone & iPad: * Install **Cryptomator** from the App Store (paid app) Make sure you are logged into the **same Apple ID** and that **iCloud Drive is enabled**: macOS: * System Settings → Apple ID → iCloud → iCloud Drive → ON iPhone/iPad: * Settings → [your name] → iCloud → iCloud Drive → ON ----- ==== Step 1: Create the vault on your Mac (recommended) ==== Creating it on macOS is easier and more reliable. * Open **Cryptomator** * Click **Add Vault → Create new vault** * When asked for a location, choose: * '''iCloud Drive''' * Optionally create a folder named: * ``Cryptomator`` * Name your vault (example: ``SecureVault``) * Create a **strong password** * (Recommended) Save a **recovery key** offline Result: * A folder appears in iCloud Drive: ``SecureVault`` * Inside are encrypted files (this is correct) * When unlocked, the vault appears as a drive (example: ``/Volumes/SecureVault``) ----- ==== Step 2: Let the vault sync fully ==== * Open **Finder → iCloud Drive** * Confirm that ``SecureVault`` is visible * Wait for any cloud icons to disappear (fully synced) IMPORTANT: * Do not proceed until syncing is complete ----- ==== Step 3: Add the vault on iPhone ==== * Open **Cryptomator** * Tap **Add Vault** * Select **iCloud Drive** * Open the ``SecureVault`` folder * Tap the file: * ``SecureVault.cryptomator`` * Enter the same password You can now: * View files * Add photos/documents * Scan into the vault * Use Face ID or Touch ID ----- ==== Step 4: Add the vault on iPad ==== Repeat the same steps: * Cryptomator → Add Vault * iCloud Drive → SecureVault * Select ``.cryptomator`` file * Enter password Your vault is now available on: * macOS * iPhone * iPad ----- ==== Important Usage Rules ==== To avoid data corruption: * Only open the vault on **one device at a time** * Always **lock** the vault after use * Allow iCloud to finish syncing before opening on another device * Do NOT rename or edit vault files in Finder or Files app Think of it as: * Save → Lock → Sync → Open on next device ----- ==== Suggested Folder Structure (inside the vault) ==== * Personal * Scans * Taxes * Medical * Password backups * Encrypted documents All of this is encrypted in iCloud. ----- ==== Optional macOS Tip ==== After unlocking the vault on macOS: * Right-click the mounted vault * Select **Add to Finder Sidebar** Now your vault is one click away. ----- ===== Cryptomator: Password Strategy, Face/Touch ID, and Backup ===== ==== Password & Recovery Key Strategy ==== Your vault password is the ONLY key to your data. If it’s lost → data is permanently inaccessible. === Strong Password Guidelines === Use a long passphrase (recommended: 4–6 random words + symbols) Good example: * ``River!Tulip-Coffee9!Glass`` Avoid: * Pet names * Birthdays * Dictionary-only words * Short passwords Minimum recommendation: * 16+ characters * Include uppercase, lowercase, numbers, symbols === Recovery Key (CRITICAL) === Cryptomator allows you to create a recovery key file. * Store it in TWO offline places: * External USB drive * Printed and locked in a safe * Do NOT store the recovery key in: * iCloud * Email * Your Cryptomator vault Recommended labeling: * ``Cryptomator Recovery Key – SecureVault – [Date Created]`` Think of the recovery key as: * A master key for emergency use only ----- ==== Enable Face ID / Touch ID ==== This improves convenience WITHOUT weakening encryption. === On iPhone / iPad === * Open **Cryptomator** * Click the vault * Go to: * **Settings → Security** * Enable: * Face ID (or Touch ID) * You will still need the password after reboot Now you can: * Unlock the vault with Face/Touch ID * Avoid typing the full password each time === On macOS (Touch ID MacBooks only) === If your Mac has Touch ID: * Open **Cryptomator → Settings** * Enable **Use Touch ID** * You can now unlock using your fingerprint If your Mac does NOT support Touch ID: * Use a long, stored passphrase in your password manager ----- ==== Backup Strategy for Your Vault ==== Important rule: * iCloud sync is NOT a backup * Sync ≠ Backup You need **separate, offline copies**. === Method 1: External Drive Backup (Recommended) === Once a week or month: * Plug in an external drive * Copy the entire: * ``SecureVault`` folder * Paste it to: * External drive only * Safely eject when finished * Keep drive disconnected when not in use IMPORTANT: * Only copy the folder when the vault is CLOSED * Otherwise, encryption files could corrupt === Method 2: Time Machine (macOS) ==== Time Machine WILL back up the encrypted files automatically. This is good because: * It stores the locked, encrypted content only * Even Apple cannot see the data Just be sure: * The vault is locked most of the time * Time Machine is running normally === Optional: Off-site Backup (Extra Safety) ==== You may also store a backup at another loc