From 8e4bff8c19b4dfbab695ef3762a0dbe8f0c59823 Mon Sep 17 00:00:00 2001 From: Sebastian Stenzel Date: Thu, 12 Mar 2026 09:58:52 +0100 Subject: [PATCH 1/2] don't load masterkey from arbitrary paths --- .../masterkeyfile/MasterkeyFileLoadingStrategy.java | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingStrategy.java b/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingStrategy.java index a13f3e223..a6600712d 100644 --- a/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingStrategy.java +++ b/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingStrategy.java @@ -33,6 +33,7 @@ import java.util.concurrent.ExecutionException; public class MasterkeyFileLoadingStrategy implements KeyLoadingStrategy { public static final String SCHEME = "masterkeyfile"; + public static final String DEFAULT_MASTERKEY_PATH = "masterkey.cryptomator"; // relative to vault.cryptomator private final Vault vault; private final MasterkeyFileAccess masterkeyFileAccess; @@ -63,16 +64,21 @@ public class MasterkeyFileLoadingStrategy implements KeyLoadingStrategy { public Masterkey loadKey(URI keyId) throws MasterkeyLoadingFailedException { window.setTitle(resourceBundle.getString("unlock.title").formatted(vault.getDisplayName())); Preconditions.checkArgument(SCHEME.equalsIgnoreCase(keyId.getScheme()), "Only supports keys with scheme " + SCHEME); + if (!DEFAULT_MASTERKEY_PATH.equals(keyId.getSchemeSpecificPart())) { + LOG.warn("unsupported masterkey path found in vault.cryptomator: {}", keyId.getSchemeSpecificPart()); + } try { - Path filePath = vault.getPath().resolve(keyId.getSchemeSpecificPart()); + // determine masterkey file path: + Path filePath = vault.getPath().resolve(DEFAULT_MASTERKEY_PATH); if (!Files.exists(filePath)) { filePath = askUserForMasterkeyFilePath(); } + // unlock: if (passphrase == null) { askForPassphrase(); } var masterkey = masterkeyFileAccess.load(filePath, passphrase); - //backup + // backup on successful unlock: if (filePath.startsWith(vault.getPath())) { try { BackupHelper.attemptBackup(filePath); From 5c75eeab273f56c37c801583262cee525e6ed707 Mon Sep 17 00:00:00 2001 From: Sebastian Stenzel Date: Thu, 12 Mar 2026 10:18:19 +0100 Subject: [PATCH 2/2] reuse existing constant --- .../masterkeyfile/MasterkeyFileLoadingStrategy.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingStrategy.java b/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingStrategy.java index a6600712d..16c7d6256 100644 --- a/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingStrategy.java +++ b/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingStrategy.java @@ -1,6 +1,7 @@ package org.cryptomator.ui.keyloading.masterkeyfile; import com.google.common.base.Preconditions; +import org.cryptomator.common.Constants; import org.cryptomator.common.Passphrase; import org.cryptomator.common.keychain.KeychainManager; import org.cryptomator.common.vaults.Vault; @@ -33,7 +34,6 @@ import java.util.concurrent.ExecutionException; public class MasterkeyFileLoadingStrategy implements KeyLoadingStrategy { public static final String SCHEME = "masterkeyfile"; - public static final String DEFAULT_MASTERKEY_PATH = "masterkey.cryptomator"; // relative to vault.cryptomator private final Vault vault; private final MasterkeyFileAccess masterkeyFileAccess; @@ -64,12 +64,12 @@ public class MasterkeyFileLoadingStrategy implements KeyLoadingStrategy { public Masterkey loadKey(URI keyId) throws MasterkeyLoadingFailedException { window.setTitle(resourceBundle.getString("unlock.title").formatted(vault.getDisplayName())); Preconditions.checkArgument(SCHEME.equalsIgnoreCase(keyId.getScheme()), "Only supports keys with scheme " + SCHEME); - if (!DEFAULT_MASTERKEY_PATH.equals(keyId.getSchemeSpecificPart())) { + if (!Constants.MASTERKEY_FILENAME.equals(keyId.getSchemeSpecificPart())) { LOG.warn("unsupported masterkey path found in vault.cryptomator: {}", keyId.getSchemeSpecificPart()); } try { // determine masterkey file path: - Path filePath = vault.getPath().resolve(DEFAULT_MASTERKEY_PATH); + Path filePath = vault.getPath().resolve(Constants.MASTERKEY_FILENAME); if (!Files.exists(filePath)) { filePath = askUserForMasterkeyFilePath(); }