- Beta Version 0.4.0

- Obfuscates file size (fixes #18)

LICENSE

@@ -1,20 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2014 Sebastian Stenzel
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

LICENSES/Apache-2.0-License.txt

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

LICENSES/BSD-License.txt

@@ -0,0 +1,12 @@
+Copyright (c) <YEAR>, <OWNER>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

LICENSES/MIT-X-Consortium-License.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

NOTICE.md

@@ -0,0 +1,96 @@
+# CRYPTOMATOR
+Copyright (c) 2014, Sebastian Stenzel
+
+Cryptomator is licensed under the MIT license. The details can be found in the accompanying license file.
+
+## Third party softwares
+
+Cryptomator uses third party softwares that may be licensed under different licenses.
+
+
+### Jackson
+Jackson is a high-performance, Free/Open Source JSON processing library.
+It was originally written by Tatu Saloranta (tatu.saloranta@iki.fi), and has
+been in development since 2007.
+It is currently developed by a community of developers, as well as supported
+commercially by FasterXML.com.
+
+**Licensing:** Jackson core and extension components may licensed under different licenses.
+To find the details that apply to this artifact see the accompanying Apache 2.0 license file.
+For more information, including possible other licensing options, contact
+FasterXML.com (http://fasterxml.com).
+
+**Credits:** A list of contributors may be found from CREDITS file, which is included
+in some artifacts (usually source distributions); but is always available
+from the source code management (SCM) system project uses.
+
+
+### Jetty
+Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
+
+All rights reserved. This program and the accompanying materials
+are made available under the terms of the Eclipse Public License v1.0
+and Apache License v2.0 which accompanies this distribution.
+
+The UnixCrypt.java code implements the one way cryptography used by
+Unix systems for simple password protection.  Copyright 1996 Aki Yoshida,
+modified April 2001  by Iris Van den Broeke, Daniel Deville.
+Permission to use, copy, modify and distribute UnixCrypt
+for non-commercial or commercial purposes and without fee is
+granted provided that the copyright notice appears in all copies.
+
+
+### Jackrabbit WebDAV Library
+Copyright 2004-2014 The Apache Software Foundation
+
+This product includes software developed at The Apache Software Foundation (http://www.apache.org/).
+
+Based on source code originally developed by Day Software (http://www.day.com/).
+
+### Apache Jakarta HttpClient
+Copyright 1999-2007 The Apache Software Foundation
+
+This product includes software developed by The Apache Software Foundation (http://www.apache.org/).
+
+### Apache Commons Collections
+Copyright 2001-2013 The Apache Software Foundation
+
+This product includes software developed at The Apache Software Foundation (http://www.apache.org/).
+
+### Apache Commons Codec
+Copyright 2002-2013 The Apache Software Foundation
+
+This product includes software developed at The Apache Software Foundation (http://www.apache.org/).
+
+src/test/org/apache/commons/codec/language/DoubleMetaphoneTest.java contains test data
+from http://aspell.net/test/orig/batch0.tab. Copyright (C) 2002 Kevin Atkinson (kevina@gnu.org)
+
+### Apache Commons IO
+Copyright 2002-2012 The Apache Software Foundation
+
+This product includes software developed by The Apache Software Foundation (http://www.apache.org/).
+
+### Apache Commons Lang
+Copyright 2001-2011 The Apache Software Foundation
+
+This product includes software developed by The Apache Software Foundation (http://www.apache.org/).
+
+This product includes software from the Spring Framework,
+under the Apache License 2.0 (see: StringUtils.containsWhitespace())
+
+### ControlsFX
+Copyright (c) 2013, ControlsFX
+
+Licensed under the accompanying BSD license file.
+
+### Apache Log4j
+Copyright 1999-2012 Apache Software Foundation
+
+This product includes software developed at The Apache Software Foundation (http://www.apache.org/).
+
+ResolverUtil.java Copyright 2005-2006 Tim Fennell
+
+### JUnit
+Copyright (c) 2000-2006, www.hamcrest.org
+
+Licensed under the accompanying BSD license file.

README.md

@@ -3,7 +3,7 @@ Cryptomator
 
 Multiplatform transparent client-side encryption of your files in the cloud. You need Java 8 in order to run the application. Get the runtime environment here: http://www.oracle.com/technetwork/java/javase/downloads/index.html
 
-If you want to take a look at the current beta version, go ahead and download [Cryptomator.dmg](https://github.com/totalvoidness/cryptomator/releases/download/v0.2.0/Cryptomator.dmg), [Cryptomator.exe](https://github.com/totalvoidness/cryptomator/releases/download/v0.2.0/Cryptomator.exe) or [Cryptomator.jar](https://github.com/totalvoidness/cryptomator/releases/download/v0.2.0/Cryptomator.jar).
+If you want to take a look at the current beta version, go ahead and download [Cryptomator.dmg](https://github.com/totalvoidness/cryptomator/releases/download/v0.3.0/Cryptomator.dmg), [Cryptomator.exe](https://github.com/totalvoidness/cryptomator/releases/download/v0.3.0/Cryptomator.exe) or [Cryptomator.jar](https://github.com/totalvoidness/cryptomator/releases/download/v0.3.0/Cryptomator.jar).
 
 ## Features
 - Totally transparent: Just work on the encrypted volume, as if it was an USB drive
@@ -18,7 +18,7 @@ If you want to take a look at the current beta version, go ahead and download [C
 
 ## Security
 - Default key length is 256 bit (falls back to 128 bit, if JCE isn't installed)
-- PBKDF2 key generation
+- Scrypt key generation
 - Cryptographically secure random numbers for salts, IVs and the masterkey of course
 - Sensitive data is swiped from the heap asap
 - Lightweight: Complexity kills security
@@ -42,6 +42,6 @@ If you want to take a look at the current beta version, go ahead and download [C
 
 ## License
 
-Distributed under the MIT license. See the LICENSE file for more info.
+Distributed under the MIT X Consortium license license. See the LICENSE file for more info.
 
 [![Build Status](https://travis-ci.org/totalvoidness/cryptomator.svg?branch=master)](https://travis-ci.org/totalvoidness/cryptomator)

main/core/pom.xml

@@ -12,7 +12,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>0.3.0-SNAPSHOT</version>
+		<version>0.4.0</version>
 	</parent>
 	<artifactId>core</artifactId>
 	<name>Cryptomator core I/O module</name>

main/core/src/main/java/org/cryptomator/webdav/WebDavServer.java

@@ -45,7 +45,7 @@ public final class WebDavServer {
 	 * @param cryptor A fully initialized cryptor instance ready to en- or decrypt streams.
 	 * @return <code>true</code> upon success
 	 */
-	public synchronized boolean start(final String workDir, final Cryptor cryptor) {
+	public synchronized boolean start(final String workDir, final boolean checkFileIntegrity, final Cryptor cryptor) {
 		final ServerConnector connector = new ServerConnector(server);
 		connector.setHost(LOCALHOST);
 
@@ -53,7 +53,7 @@ public final class WebDavServer {
 		final String servletPathSpec = "/*";
 
 		final ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
-		context.addServlet(getWebDavServletHolder(workDir, contextPath, cryptor), servletPathSpec);
+		context.addServlet(getWebDavServletHolder(workDir, contextPath, checkFileIntegrity, cryptor), servletPathSpec);
 		context.setContextPath(contextPath);
 		server.setHandler(context);
 
@@ -82,10 +82,11 @@ public final class WebDavServer {
 		return server.isStopped();
 	}
 
-	private ServletHolder getWebDavServletHolder(final String workDir, final String contextPath, final Cryptor cryptor) {
+	private ServletHolder getWebDavServletHolder(final String workDir, final String contextPath, final boolean checkFileIntegrity, final Cryptor cryptor) {
 		final ServletHolder result = new ServletHolder("Cryptomator-WebDAV-Servlet", new WebDavServlet(cryptor));
 		result.setInitParameter(WebDavServlet.CFG_FS_ROOT, workDir);
 		result.setInitParameter(WebDavServlet.CFG_HTTP_ROOT, contextPath);
+		result.setInitParameter(WebDavServlet.CFG_CHECK_FILE_INTEGRITY, Boolean.toString(checkFileIntegrity));
 		return result;
 	}
 

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/AbstractSessionAwareWebDavResourceFactory.java

@@ -1,36 +0,0 @@
-package org.cryptomator.webdav.jackrabbit;
-
-import org.apache.jackrabbit.webdav.DavException;
-import org.apache.jackrabbit.webdav.DavResource;
-import org.apache.jackrabbit.webdav.DavResourceFactory;
-import org.apache.jackrabbit.webdav.DavResourceLocator;
-import org.apache.jackrabbit.webdav.DavServletRequest;
-import org.apache.jackrabbit.webdav.DavServletResponse;
-import org.apache.jackrabbit.webdav.DavSession;
-
-abstract class AbstractSessionAwareWebDavResourceFactory implements DavResourceFactory {
-
-	@Override
-	public DavResource createResource(DavResourceLocator locator, DavServletRequest request, DavServletResponse response) throws DavException {
-		final DavSession session = request.getDavSession();
-		if (session != null && session instanceof WebDavSession) {
-			return createDavResource(locator, (WebDavSession) session, request, response);
-		} else {
-			throw new DavException(DavServletResponse.SC_INTERNAL_SERVER_ERROR, "Unsupported session type.");
-		}
-	}
-
-	protected abstract DavResource createDavResource(DavResourceLocator locator, WebDavSession session, DavServletRequest request, DavServletResponse response) throws DavException;
-
-	@Override
-	public DavResource createResource(DavResourceLocator locator, DavSession session) throws DavException {
-		if (session != null && session instanceof WebDavSession) {
-			return createDavResource(locator, (WebDavSession) session);
-		} else {
-			throw new DavException(DavServletResponse.SC_INTERNAL_SERVER_ERROR, "Unsupported session type.");
-		}
-	}
-
-	protected abstract DavResource createDavResource(DavResourceLocator locator, WebDavSession session);
-
-}

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/DavLocatorFactoryImpl.java

@@ -21,14 +21,14 @@ import org.cryptomator.crypto.Cryptor;
 import org.cryptomator.crypto.CryptorIOSupport;
 import org.cryptomator.crypto.SensitiveDataSwipeListener;
 
-class WebDavLocatorFactory extends AbstractLocatorFactory implements SensitiveDataSwipeListener, CryptorIOSupport {
+class DavLocatorFactoryImpl extends AbstractLocatorFactory implements SensitiveDataSwipeListener, CryptorIOSupport {
 
 	private static final int MAX_CACHED_PATHS = 10000;
 	private final Path fsRoot;
 	private final Cryptor cryptor;
 	private final BidiMap<String, String> pathCache = new BidiLRUMap<>(MAX_CACHED_PATHS); // <decryptedPath, encryptedPath>
 
-	WebDavLocatorFactory(String fsRoot, String httpRoot, Cryptor cryptor) {
+	DavLocatorFactoryImpl(String fsRoot, String httpRoot, Cryptor cryptor) {
 		super(httpRoot);
 		this.fsRoot = FileSystems.getDefault().getPath(fsRoot);
 		this.cryptor = cryptor;

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/DavResourceFactoryImpl.java

@@ -30,13 +30,15 @@ import org.cryptomator.webdav.jackrabbit.resources.NonExistingNode;
 import org.cryptomator.webdav.jackrabbit.resources.ResourcePathUtils;
 import org.eclipse.jetty.http.HttpHeader;
 
-class WebDavResourceFactory implements DavResourceFactory {
+class DavResourceFactoryImpl implements DavResourceFactory {
 
 	private final LockManager lockManager = new SimpleLockManager();
 	private final Cryptor cryptor;
+	private final boolean checkFileIntegrity;
 
-	WebDavResourceFactory(Cryptor cryptor) {
+	DavResourceFactoryImpl(Cryptor cryptor, boolean checkFileIntegrity) {
 		this.cryptor = cryptor;
+		this.checkFileIntegrity = checkFileIntegrity;
 	}
 
 	@Override
@@ -70,11 +72,11 @@ class WebDavResourceFactory implements DavResourceFactory {
 	}
 
 	private EncryptedFile createFilePart(DavResourceLocator locator, DavSession session, DavServletRequest request) {
-		return new EncryptedFilePart(this, locator, session, request, lockManager, cryptor);
+		return new EncryptedFilePart(this, locator, session, request, lockManager, cryptor, checkFileIntegrity);
 	}
 
 	private EncryptedFile createFile(DavResourceLocator locator, DavSession session) {
-		return new EncryptedFile(this, locator, session, lockManager, cryptor);
+		return new EncryptedFile(this, locator, session, lockManager, cryptor, checkFileIntegrity);
 	}
 
 	private EncryptedDir createDirectory(DavResourceLocator locator, DavSession session) {

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/DavSessionImpl.java

@@ -8,49 +8,38 @@
  ******************************************************************************/
 package org.cryptomator.webdav.jackrabbit;
 
+import java.util.HashSet;
+
 import org.apache.jackrabbit.webdav.DavSession;
-import org.apache.jackrabbit.webdav.WebdavRequest;
 
-class WebDavSession implements DavSession {
-
-	private final WebdavRequest request;
-
-	WebDavSession(WebdavRequest request) {
-		this.request = request;
-	}
+class DavSessionImpl implements DavSession {
+	
+	private final HashSet<String> lockTokens = new HashSet<String>();
+	private final HashSet<Object> references = new HashSet<Object>();
 
 	@Override
 	public void addReference(Object reference) {
-		// TODO Auto-generated method stub
-
+		references.add(reference);
 	}
 
 	@Override
 	public void removeReference(Object reference) {
-		// TODO Auto-generated method stub
-
+		references.remove(reference);
 	}
 
 	@Override
 	public void addLockToken(String token) {
-		// TODO Auto-generated method stub
-
+		lockTokens.add(token);
 	}
 
 	@Override
 	public String[] getLockTokens() {
-		// TODO Auto-generated method stub
-		return null;
+		return lockTokens.toArray(new String[lockTokens.size()]);
 	}
 
 	@Override
 	public void removeLockToken(String token) {
-		// TODO Auto-generated method stub
-
-	}
-
-	public WebdavRequest getRequest() {
-		return request;
+		lockTokens.remove(token);
 	}
 
 }

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/DavSessionProviderImpl.java

@@ -9,21 +9,28 @@
 package org.cryptomator.webdav.jackrabbit;
 
 import org.apache.jackrabbit.webdav.DavException;
+import org.apache.jackrabbit.webdav.DavSession;
 import org.apache.jackrabbit.webdav.DavSessionProvider;
 import org.apache.jackrabbit.webdav.WebdavRequest;
 
-class WebDavSessionProvider implements DavSessionProvider {
+class DavSessionProviderImpl implements DavSessionProvider {
 
 	@Override
 	public boolean attachSession(WebdavRequest request) throws DavException {
 		// every request gets a session
-		request.setDavSession(new WebDavSession(request));
+		final DavSession session = new DavSessionImpl();
+		session.addReference(request);
+		request.setDavSession(session);
 		return true;
 	}
 
 	@Override
 	public void releaseSession(WebdavRequest request) {
-		// do nothing
+		final DavSession session = request.getDavSession();
+		if (session != null) {
+			session.removeReference(request);
+			request.setDavSession(null);
+		}
 	}
 
 }

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/WebDavServlet.java

@@ -22,8 +22,9 @@ import org.cryptomator.crypto.Cryptor;
 public class WebDavServlet extends AbstractWebdavServlet {
 
 	private static final long serialVersionUID = 7965170007048673022L;
-	public static final String CFG_FS_ROOT = "oce.fs.root";
-	public static final String CFG_HTTP_ROOT = "oce.http.root";
+	public static final String CFG_FS_ROOT = "cfg.fs.root";
+	public static final String CFG_HTTP_ROOT = "cfg.http.root";
+	public static final String CFG_CHECK_FILE_INTEGRITY = "cfg.checkFileIntegrity";
 	private DavSessionProvider davSessionProvider;
 	private DavLocatorFactory davLocatorFactory;
 	private DavResourceFactory davResourceFactory;
@@ -38,13 +39,14 @@ public class WebDavServlet extends AbstractWebdavServlet {
 	public void init(ServletConfig config) throws ServletException {
 		super.init(config);
 
-		davSessionProvider = new WebDavSessionProvider();
+		davSessionProvider = new DavSessionProviderImpl();
 
 		final String fsRoot = config.getInitParameter(CFG_FS_ROOT);
 		final String httpRoot = config.getInitParameter(CFG_HTTP_ROOT);
-		this.davLocatorFactory = new WebDavLocatorFactory(fsRoot, httpRoot, cryptor);
+		final boolean checkFileIntegrity = Boolean.parseBoolean(config.getInitParameter(CFG_CHECK_FILE_INTEGRITY));
+		this.davLocatorFactory = new DavLocatorFactoryImpl(fsRoot, httpRoot, cryptor);
 
-		this.davResourceFactory = new WebDavResourceFactory(cryptor);
+		this.davResourceFactory = new DavResourceFactoryImpl(cryptor, checkFileIntegrity);
 	}
 
 	@Override

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/resources/AbstractEncryptedNode.java

@@ -11,8 +11,11 @@ package org.cryptomator.webdav.jackrabbit.resources;
 import java.io.IOException;
 import java.nio.file.AtomicMoveNotSupportedException;
 import java.nio.file.Files;
+import java.nio.file.LinkOption;
 import java.nio.file.Path;
 import java.nio.file.StandardCopyOption;
+import java.nio.file.attribute.BasicFileAttributeView;
+import java.nio.file.attribute.FileTime;
 import java.util.List;
 
 import org.apache.commons.io.FilenameUtils;
@@ -132,6 +135,27 @@ abstract class AbstractEncryptedNode implements DavResource {
 	@Override
 	public void setProperty(DavProperty<?> property) throws DavException {
 		getProperties().add(property);
+
+		LOG.info("Set property {}", property.getName());
+
+		try {
+			final Path path = ResourcePathUtils.getPhysicalPath(this);
+			if (DavPropertyName.CREATIONDATE.equals(property.getName()) && property.getValue() instanceof String) {
+				final String createDateStr = (String) property.getValue();
+				final FileTime createTime = FileTimeUtils.fromRfc1123String(createDateStr);
+				final BasicFileAttributeView attrView = Files.getFileAttributeView(path, BasicFileAttributeView.class, LinkOption.NOFOLLOW_LINKS);
+				attrView.setTimes(null, null, createTime);
+				LOG.info("Updating Creation Date: {}", createTime.toString());
+			} else if (DavPropertyName.GETLASTMODIFIED.equals(property.getName()) && property.getValue() instanceof String) {
+				final String lastModifiedTimeStr = (String) property.getValue();
+				final FileTime lastModifiedTime = FileTimeUtils.fromRfc1123String(lastModifiedTimeStr);
+				final BasicFileAttributeView attrView = Files.getFileAttributeView(path, BasicFileAttributeView.class, LinkOption.NOFOLLOW_LINKS);
+				attrView.setTimes(lastModifiedTime, null, null);
+				LOG.info("Updating Last Modified Date: {}", lastModifiedTime.toString());
+			}
+		} catch (IOException e) {
+			throw new DavException(DavServletResponse.SC_INTERNAL_SERVER_ERROR);
+		}
 	}
 
 	@Override

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/resources/EncryptedFile.java

@@ -29,6 +29,7 @@ import org.apache.jackrabbit.webdav.lock.LockManager;
 import org.apache.jackrabbit.webdav.property.DavPropertyName;
 import org.apache.jackrabbit.webdav.property.DefaultDavProperty;
 import org.cryptomator.crypto.Cryptor;
+import org.cryptomator.crypto.exceptions.DecryptFailedException;
 import org.cryptomator.webdav.exceptions.IORuntimeException;
 import org.eclipse.jetty.http.HttpHeader;
 import org.eclipse.jetty.http.HttpHeaderValue;
@@ -39,8 +40,11 @@ public class EncryptedFile extends AbstractEncryptedNode {
 
 	private static final Logger LOG = LoggerFactory.getLogger(EncryptedFile.class);
 
-	public EncryptedFile(DavResourceFactory factory, DavResourceLocator locator, DavSession session, LockManager lockManager, Cryptor cryptor) {
+	protected final boolean checkIntegrity;
+
+	public EncryptedFile(DavResourceFactory factory, DavResourceLocator locator, DavSession session, LockManager lockManager, Cryptor cryptor, boolean checkIntegrity) {
 		super(factory, locator, session, lockManager, cryptor);
+		this.checkIntegrity = checkIntegrity;
 	}
 
 	@Override
@@ -72,15 +76,17 @@ public class EncryptedFile extends AbstractEncryptedNode {
 			SeekableByteChannel channel = null;
 			try {
 				channel = Files.newByteChannel(path, StandardOpenOption.READ);
+				if (checkIntegrity && !cryptor.authenticateContent(channel)) {
+					throw new DecryptFailedException("File content compromised: " + path.toString());
+				}
 				outputContext.setContentLength(cryptor.decryptedContentLength(channel));
 				if (outputContext.hasStream()) {
 					cryptor.decryptedFile(channel, outputContext.getOutputStream());
 				}
 			} catch (EOFException e) {
 				LOG.warn("Unexpected end of stream (possibly client hung up).");
-			} catch (IOException e) {
-				LOG.error("Error reading file " + path.toString(), e);
-				throw new IORuntimeException(e);
+			} catch (DecryptFailedException e) {
+				throw new IOException("Error decrypting file " + path.toString(), e);
 			} finally {
 				IOUtils.closeQuietly(channel);
 			}

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/resources/EncryptedFilePart.java

@@ -21,7 +21,7 @@ import org.apache.jackrabbit.webdav.DavSession;
 import org.apache.jackrabbit.webdav.io.OutputContext;
 import org.apache.jackrabbit.webdav.lock.LockManager;
 import org.cryptomator.crypto.Cryptor;
-import org.cryptomator.webdav.exceptions.IORuntimeException;
+import org.cryptomator.crypto.exceptions.DecryptFailedException;
 import org.eclipse.jetty.http.HttpHeader;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -50,8 +50,8 @@ public class EncryptedFilePart extends EncryptedFile {
 
 	private final Set<Pair<Long, Long>> requestedContentRanges = new HashSet<Pair<Long, Long>>();
 
-	public EncryptedFilePart(DavResourceFactory factory, DavResourceLocator locator, DavSession session, DavServletRequest request, LockManager lockManager, Cryptor cryptor) {
-		super(factory, locator, session, lockManager, cryptor);
+	public EncryptedFilePart(DavResourceFactory factory, DavResourceLocator locator, DavSession session, DavServletRequest request, LockManager lockManager, Cryptor cryptor, boolean checkIntegrity) {
+		super(factory, locator, session, lockManager, cryptor, checkIntegrity);
 		final String rangeHeader = request.getHeader(HttpHeader.RANGE.asString());
 		if (rangeHeader == null) {
 			throw new IllegalArgumentException("HTTP request doesn't contain a range header");
@@ -116,6 +116,9 @@ public class EncryptedFilePart extends EncryptedFile {
 			SeekableByteChannel channel = null;
 			try {
 				channel = Files.newByteChannel(path, StandardOpenOption.READ);
+				if (checkIntegrity && !cryptor.authenticateContent(channel)) {
+					throw new DecryptFailedException("File content compromised: " + path.toString());
+				}
 				final Long fileSize = cryptor.decryptedContentLength(channel);
 				final Pair<Long, Long> range = getUnionRange(fileSize);
 				final Long rangeLength = range.getRight() - range.getLeft() + 1;
@@ -128,9 +131,8 @@ public class EncryptedFilePart extends EncryptedFile {
 				if (LOG.isDebugEnabled()) {
 					LOG.debug("Unexpected end of stream during delivery of partial content (client hung up).");
 				}
-			} catch (IOException e) {
-				LOG.error("Error reading file " + path.toString(), e);
-				throw new IORuntimeException(e);
+			} catch (DecryptFailedException e) {
+				throw new IOException("Error decrypting file " + path.toString(), e);
 			} finally {
 				IOUtils.closeQuietly(channel);
 			}

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/resources/FileTimeUtils.java

@@ -9,6 +9,7 @@
 package org.cryptomator.webdav.jackrabbit.resources;
 
 import java.nio.file.attribute.FileTime;
+import java.time.Instant;
 import java.time.OffsetDateTime;
 import java.time.ZoneOffset;
 import java.time.format.DateTimeFormatter;
@@ -25,4 +26,9 @@ final class FileTimeUtils {
 		return DateTimeFormatter.RFC_1123_DATE_TIME.format(date);
 	}
 
+	static FileTime fromRfc1123String(String string) {
+		final Instant instant = Instant.from(DateTimeFormatter.RFC_1123_DATE_TIME.parse(string));
+		return FileTime.from(instant);
+	}
+
 }

main/crypto-aes/pom.xml

@@ -12,17 +12,28 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>0.3.0-SNAPSHOT</version>
+		<version>0.4.0</version>
 	</parent>
 	<artifactId>crypto-aes</artifactId>
 	<name>Cryptomator cryptographic module (AES)</name>
 	<description>Provides stream ciphers and filename pseudonymization functions.</description>
+	
+	<properties>
+		<bouncycastle.version>1.51</bouncycastle.version>
+	</properties>
 
 	<dependencies>
 		<dependency>
 			<groupId>org.cryptomator</groupId>
 			<artifactId>crypto-api</artifactId>
 		</dependency>
+		
+		<!-- Bouncycastle -->
+		<dependency>
+			<groupId>org.bouncycastle</groupId>
+			<artifactId>bcprov-jdk15on</artifactId>
+			<version>${bouncycastle.version}</version>
+		</dependency>
 
 		<!-- Commons -->
 		<dependency>

main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/Aes256Cryptor.java

@@ -11,9 +11,7 @@ package org.cryptomator.crypto.aes256;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
-import java.nio.BufferOverflowException;
 import java.nio.ByteBuffer;
-import java.nio.CharBuffer;
 import java.nio.channels.SeekableByteChannel;
 import java.nio.file.DirectoryStream.Filter;
 import java.nio.file.Path;
@@ -21,8 +19,6 @@ import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.KeySpec;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -35,16 +31,20 @@ import javax.crypto.Cipher;
 import javax.crypto.CipherInputStream;
 import javax.crypto.CipherOutputStream;
 import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.Mac;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
+import javax.security.auth.DestroyFailedException;
+import javax.security.auth.Destroyable;
 
 import org.apache.commons.io.Charsets;
 import org.apache.commons.io.IOUtils;
+import org.apache.commons.io.output.NullOutputStream;
+import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.bouncycastle.crypto.generators.SCrypt;
 import org.cryptomator.crypto.AbstractCryptor;
 import org.cryptomator.crypto.CryptorIOSupport;
 import org.cryptomator.crypto.exceptions.DecryptFailedException;
@@ -66,18 +66,10 @@ public class Aes256Cryptor extends AbstractCryptor implements AesCryptographicCo
 	private static final SecureRandom SECURE_PRNG;
 
 	/**
-	 * Factory for deriveing keys. Defaults to PBKDF2/HMAC-SHA1.
-	 * 
-	 * @see PKCS #5, defined in RFC 2898
-	 * @see http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SecretKeyFactory
+	 * Defined in static initializer. Defaults to 256, but falls back to maximum value possible, if JCE Unlimited Strength Jurisdiction
+	 * Policy Files isn't installed. Those files can be downloaded here: http://www.oracle.com/technetwork/java/javase/downloads/.
 	 */
-	private static final SecretKeyFactory PBKDF2_FACTORY;
-
-	/**
-	 * Defined in static initializer. Defaults to 256, but falls back to maximum value possible, if JCE isn't installed. JCE can be
-	 * installed from here: http://www.oracle.com/technetwork/java/javase/downloads/.
-	 */
-	private static final int AES_KEY_LENGTH;
+	private static final int AES_KEY_LENGTH_IN_BITS;
 
 	/**
 	 * Jackson JSON-Mapper.
@@ -85,19 +77,21 @@ public class Aes256Cryptor extends AbstractCryptor implements AesCryptographicCo
 	private final ObjectMapper objectMapper = new ObjectMapper();
 
 	/**
-	 * The decrypted master key. Its lifecycle starts with {@link #randomData(int)} or {@link #encryptMasterKey(Path, CharSequence)}. Its
-	 * lifecycle ends with {@link #swipeSensitiveData()}.
+	 * The decrypted master key. Its lifecycle starts with the construction of an Aes256Cryptor instance or
+	 * {@link #decryptMasterKey(InputStream, CharSequence)}. Its lifecycle ends with {@link #swipeSensitiveData()}.
 	 */
-	private final byte[] masterKey = new byte[MASTER_KEY_LENGTH];
+	private SecretKey primaryMasterKey;
 
-	private static final int SIZE_OF_LONG = Long.BYTES;
+	/**
+	 * Decrypted secondary key used for hmac operations.
+	 */
+	private SecretKey hMacMasterKey;
 
 	static {
 		try {
-			PBKDF2_FACTORY = SecretKeyFactory.getInstance(KEY_FACTORY_ALGORITHM);
 			SECURE_PRNG = SecureRandom.getInstance(PRNG_ALGORITHM);
-			final int maxKeyLen = Cipher.getMaxAllowedKeyLength(CRYPTO_ALGORITHM);
-			AES_KEY_LENGTH = (maxKeyLen >= 256) ? 256 : maxKeyLen;
+			final int maxKeyLength = Cipher.getMaxAllowedKeyLength(AES_KEY_ALGORITHM);
+			AES_KEY_LENGTH_IN_BITS = (maxKeyLength >= PREF_MASTER_KEY_LENGTH_IN_BITS) ? PREF_MASTER_KEY_LENGTH_IN_BITS : maxKeyLength;
 		} catch (NoSuchAlgorithmException e) {
 			throw new IllegalStateException("Algorithm should exist.", e);
 		}
@@ -108,7 +102,16 @@ public class Aes256Cryptor extends AbstractCryptor implements AesCryptographicCo
 	 */
 	public Aes256Cryptor() {
 		SECURE_PRNG.setSeed(SECURE_PRNG.generateSeed(PRNG_SEED_LENGTH));
-		SECURE_PRNG.nextBytes(this.masterKey);
+		byte[] bytes = new byte[AES_KEY_LENGTH_IN_BITS / Byte.SIZE];
+		try {
+			SECURE_PRNG.nextBytes(bytes);
+			this.primaryMasterKey = new SecretKeySpec(bytes, AES_KEY_ALGORITHM);
+
+			SECURE_PRNG.nextBytes(bytes);
+			this.hMacMasterKey = new SecretKeySpec(bytes, HMAC_KEY_ALGORITHM);
+		} finally {
+			Arrays.fill(bytes, (byte) 0);
+		}
 	}
 
 	/**
@@ -118,7 +121,16 @@ public class Aes256Cryptor extends AbstractCryptor implements AesCryptographicCo
 	 * @param prng Fast, possibly insecure PRNG.
 	 */
 	Aes256Cryptor(Random prng) {
-		prng.nextBytes(this.masterKey);
+		byte[] bytes = new byte[AES_KEY_LENGTH_IN_BITS / Byte.SIZE];
+		try {
+			prng.nextBytes(bytes);
+			this.primaryMasterKey = new SecretKeySpec(bytes, AES_KEY_ALGORITHM);
+
+			prng.nextBytes(bytes);
+			this.hMacMasterKey = new SecretKeySpec(bytes, HMAC_KEY_ALGORITHM);
+		} finally {
+			Arrays.fill(bytes, (byte) 0);
+		}
 	}
 
 	/**
@@ -128,26 +140,25 @@ public class Aes256Cryptor extends AbstractCryptor implements AesCryptographicCo
 	public void encryptMasterKey(OutputStream out, CharSequence password) throws IOException {
 		try {
 			// derive key:
-			final byte[] userSalt = randomData(SALT_LENGTH);
-			final SecretKey userKey = pbkdf2(password, userSalt, PBKDF2_PW_ITERATIONS, AES_KEY_LENGTH);
+			final byte[] kekSalt = randomData(SCRYPT_SALT_LENGTH);
+			final SecretKey kek = scrypt(password, kekSalt, SCRYPT_COST_PARAM, SCRYPT_BLOCK_SIZE, AES_KEY_LENGTH_IN_BITS);
 
 			// encrypt:
-			final byte[] iv = randomData(AES_BLOCK_LENGTH);
-			final Cipher encCipher = this.cipher(MASTERKEY_CIPHER, userKey, iv, Cipher.ENCRYPT_MODE);
-			byte[] encryptedUserKey = encCipher.doFinal(userKey.getEncoded());
-			byte[] encryptedMasterKey = encCipher.doFinal(this.masterKey);
+			final Cipher encCipher = aesKeyWrapCipher(kek, Cipher.WRAP_MODE);
+			byte[] wrappedPrimaryKey = encCipher.wrap(primaryMasterKey);
+			byte[] wrappedSecondaryKey = encCipher.wrap(hMacMasterKey);
 
 			// save encrypted masterkey:
-			final Key key = new Key();
-			key.setIterations(PBKDF2_PW_ITERATIONS);
-			key.setIv(iv);
-			key.setKeyLength(AES_KEY_LENGTH);
-			key.setMasterkey(encryptedMasterKey);
-			key.setSalt(userSalt);
-			key.setPwVerification(encryptedUserKey);
-			objectMapper.writeValue(out, key);
-		} catch (IllegalBlockSizeException | BadPaddingException ex) {
-			throw new IllegalStateException("Block size hard coded. Padding irrelevant in ENCRYPT_MODE. IV must exist in CBC mode.", ex);
+			final KeyFile keyfile = new KeyFile();
+			keyfile.setScryptSalt(kekSalt);
+			keyfile.setScryptCostParam(SCRYPT_COST_PARAM);
+			keyfile.setScryptBlockSize(SCRYPT_BLOCK_SIZE);
+			keyfile.setKeyLength(AES_KEY_LENGTH_IN_BITS);
+			keyfile.setPrimaryMasterKey(wrappedPrimaryKey);
+			keyfile.setHMacMasterKey(wrappedSecondaryKey);
+			objectMapper.writeValue(out, keyfile);
+		} catch (InvalidKeyException | IllegalBlockSizeException ex) {
+			throw new IllegalStateException("Invalid hard coded configuration.", ex);
 		}
 	}
 
@@ -162,55 +173,63 @@ public class Aes256Cryptor extends AbstractCryptor implements AesCryptographicCo
 	 */
 	@Override
 	public void decryptMasterKey(InputStream in, CharSequence password) throws DecryptFailedException, WrongPasswordException, UnsupportedKeyLengthException, IOException {
-		byte[] decrypted = new byte[0];
 		try {
 			// load encrypted masterkey:
-			final Key key = objectMapper.readValue(in, Key.class);
+			final KeyFile keyfile = objectMapper.readValue(in, KeyFile.class);
 
 			// check, whether the key length is supported:
-			final int maxKeyLen = Cipher.getMaxAllowedKeyLength(CRYPTO_ALGORITHM);
-			if (key.getKeyLength() > maxKeyLen) {
-				throw new UnsupportedKeyLengthException(key.getKeyLength(), maxKeyLen);
+			final int maxKeyLen = Cipher.getMaxAllowedKeyLength(AES_KEY_ALGORITHM);
+			if (keyfile.getKeyLength() > maxKeyLen) {
+				throw new UnsupportedKeyLengthException(keyfile.getKeyLength(), maxKeyLen);
 			}
 
 			// derive key:
-			final SecretKey userKey = pbkdf2(password, key.getSalt(), key.getIterations(), key.getKeyLength());
+			final SecretKey kek = scrypt(password, keyfile.getScryptSalt(), keyfile.getScryptCostParam(), keyfile.getScryptBlockSize(), AES_KEY_LENGTH_IN_BITS);
 
-			// check password:
-			final Cipher encCipher = this.cipher(MASTERKEY_CIPHER, userKey, key.getIv(), Cipher.ENCRYPT_MODE);
-			byte[] encryptedUserKey = encCipher.doFinal(userKey.getEncoded());
-			if (!Arrays.equals(key.getPwVerification(), encryptedUserKey)) {
-				throw new WrongPasswordException();
-			}
+			// decrypt and check password by catching AEAD exception
+			final Cipher decCipher = aesKeyWrapCipher(kek, Cipher.UNWRAP_MODE);
+			SecretKey primary = (SecretKey) decCipher.unwrap(keyfile.getPrimaryMasterKey(), AES_KEY_ALGORITHM, Cipher.SECRET_KEY);
+			SecretKey secondary = (SecretKey) decCipher.unwrap(keyfile.getHMacMasterKey(), HMAC_KEY_ALGORITHM, Cipher.SECRET_KEY);
 
-			// decrypt:
-			final Cipher decCipher = this.cipher(MASTERKEY_CIPHER, userKey, key.getIv(), Cipher.DECRYPT_MODE);
-			decrypted = decCipher.doFinal(key.getMasterkey());
-
-			// everything ok, move decrypted data to masterkey:
-			final ByteBuffer masterKeyBuffer = ByteBuffer.wrap(this.masterKey);
-			masterKeyBuffer.put(decrypted);
-		} catch (IllegalBlockSizeException | BadPaddingException | BufferOverflowException ex) {
-			throw new DecryptFailedException(ex);
+			// everything ok, assign decrypted keys:
+			this.primaryMasterKey = primary;
+			this.hMacMasterKey = secondary;
 		} catch (NoSuchAlgorithmException ex) {
 			throw new IllegalStateException("Algorithm should exist.", ex);
-		} finally {
-			Arrays.fill(decrypted, (byte) 0);
+		} catch (InvalidKeyException e) {
+			throw new WrongPasswordException();
 		}
 	}
 
-	/**
-	 * Overwrites the {@link #masterKey} with zeros. As masterKey is a final field, this operation is ensured to work on its actual data.
-	 * Otherwise developers could accidentally just assign a new object to the variable.
-	 */
 	@Override
 	public void swipeSensitiveDataInternal() {
-		Arrays.fill(this.masterKey, (byte) 0);
+		destroyQuietly(primaryMasterKey);
+		destroyQuietly(hMacMasterKey);
 	}
 
-	private Cipher cipher(String cipherTransformation, SecretKey key, byte[] iv, int cipherMode) {
+	private void destroyQuietly(Destroyable d) {
 		try {
-			final Cipher cipher = Cipher.getInstance(cipherTransformation);
+			d.destroy();
+		} catch (DestroyFailedException e) {
+			// ignore
+		}
+	}
+
+	private Cipher aesKeyWrapCipher(SecretKey key, int cipherMode) {
+		try {
+			final Cipher cipher = Cipher.getInstance(AES_KEYWRAP_CIPHER);
+			cipher.init(cipherMode, key);
+			return cipher;
+		} catch (InvalidKeyException ex) {
+			throw new IllegalArgumentException("Invalid key.", ex);
+		} catch (NoSuchAlgorithmException | NoSuchPaddingException ex) {
+			throw new IllegalStateException("Algorithm/Padding should exist and accept GCM specs.", ex);
+		}
+	}
+
+	private Cipher aesCtrCipher(SecretKey key, byte[] iv, int cipherMode) {
+		try {
+			final Cipher cipher = Cipher.getInstance(AES_CTR_CIPHER);
 			cipher.init(cipherMode, key, new IvParameterSpec(iv));
 			return cipher;
 		} catch (InvalidKeyException ex) {
@@ -220,6 +239,31 @@ public class Aes256Cryptor extends AbstractCryptor implements AesCryptographicCo
 		}
 	}
 
+	private Cipher aesEcbCipher(SecretKey key, int cipherMode) {
+		try {
+			final Cipher cipher = Cipher.getInstance(AES_ECB_CIPHER);
+			cipher.init(cipherMode, key);
+			return cipher;
+		} catch (InvalidKeyException ex) {
+			throw new IllegalArgumentException("Invalid key.", ex);
+		} catch (NoSuchAlgorithmException | NoSuchPaddingException ex) {
+			throw new AssertionError("Every implementation of the Java platform is required to support AES/ECB/PKCS5Padding.", ex);
+		}
+
+	}
+
+	private Mac hmacSha256(SecretKey key) {
+		try {
+			final Mac mac = Mac.getInstance(HMAC_KEY_ALGORITHM);
+			mac.init(key);
+			return mac;
+		} catch (NoSuchAlgorithmException e) {
+			throw new AssertionError("Every implementation of the Java platform is required to support HmacSHA256.", e);
+		} catch (InvalidKeyException e) {
+			throw new IllegalArgumentException("Invalid key", e);
+		}
+	}
+
 	private byte[] randomData(int length) {
 		final byte[] result = new byte[length];
 		SECURE_PRNG.setSeed(SECURE_PRNG.generateSeed(PRNG_SEED_LENGTH));
@@ -227,38 +271,19 @@ public class Aes256Cryptor extends AbstractCryptor implements AesCryptographicCo
 		return result;
 	}
 
-	private SecretKey pbkdf2(byte[] password, byte[] salt, int iterations, int keyLength) {
-		final char[] pw = new char[password.length];
+	private SecretKey scrypt(CharSequence password, byte[] salt, int costParam, int blockSize, int keyLengthInBits) {
+		// use sb, as password.toString's implementation is unknown
+		final StringBuilder sb = new StringBuilder(password);
+		final byte[] pw = sb.toString().getBytes();
 		try {
-			byteToChar(password, pw);
-			return pbkdf2(CharBuffer.wrap(pw), salt, iterations, keyLength);
+			final byte[] key = SCrypt.generate(pw, salt, costParam, blockSize, 1, keyLengthInBits / Byte.SIZE);
+			return new SecretKeySpec(key, AES_KEY_ALGORITHM);
 		} finally {
-			Arrays.fill(pw, (char) 0);
-		}
-	}
-
-	private SecretKey pbkdf2(CharSequence password, byte[] salt, int iterations, int keyLength) {
-		final int pwLen = password.length();
-		final char[] pw = new char[pwLen];
-		CharBuffer.wrap(password).get(pw, 0, pwLen);
-		try {
-			final KeySpec specs = new PBEKeySpec(pw, salt, iterations, keyLength);
-			final SecretKey pbkdf2Key = PBKDF2_FACTORY.generateSecret(specs);
-			final SecretKey aesKey = new SecretKeySpec(pbkdf2Key.getEncoded(), CRYPTO_ALGORITHM);
-			return aesKey;
-		} catch (InvalidKeySpecException ex) {
-			throw new IllegalStateException("Specs are hard-coded.", ex);
-		} finally {
-			Arrays.fill(pw, (char) 0);
-		}
-	}
-
-	private void byteToChar(byte[] source, char[] destination) {
-		if (source.length != destination.length) {
-			throw new IllegalArgumentException("char[] needs to be the same length as byte[]");
-		}
-		for (int i = 0; i < source.length; i++) {
-			destination[i] = (char) (source[i] & 0xFF);
+			// destroy copied bytes of the plaintext password:
+			Arrays.fill(pw, (byte) 0);
+			for (int i = 0; i < password.length(); i++) {
+				sb.setCharAt(i, (char) 0);
+			}
 		}
 	}
 
@@ -271,11 +296,10 @@ public class Aes256Cryptor extends AbstractCryptor implements AesCryptographicCo
 	@Override
 	public String encryptPath(String cleartextPath, char encryptedPathSep, char cleartextPathSep, CryptorIOSupport ioSupport) {
 		try {
-			final SecretKey key = this.pbkdf2(masterKey, EMPTY_SALT, PBKDF2_MASTERKEY_ITERATIONS, AES_KEY_LENGTH);
 			final String[] cleartextPathComps = StringUtils.split(cleartextPath, cleartextPathSep);
 			final List<String> encryptedPathComps = new ArrayList<>(cleartextPathComps.length);
 			for (final String cleartext : cleartextPathComps) {
-				final String encrypted = encryptPathComponent(cleartext, key, ioSupport);
+				final String encrypted = encryptPathComponent(cleartext, primaryMasterKey, ioSupport);
 				encryptedPathComps.add(encrypted);
 			}
 			return StringUtils.join(encryptedPathComps, encryptedPathSep);
@@ -300,31 +324,34 @@ public class Aes256Cryptor extends AbstractCryptor implements AesCryptographicCo
 	 * {@link FileNamingConventions#LONG_NAME_FILE_EXT}.
 	 */
 	private String encryptPathComponent(final String cleartext, final SecretKey key, CryptorIOSupport ioSupport) throws IllegalBlockSizeException, BadPaddingException, IOException {
-		final Cipher cipher = this.cipher(FILE_NAME_CIPHER, key, EMPTY_IV, Cipher.ENCRYPT_MODE);
+		final byte[] mac = hmacSha256(hMacMasterKey).doFinal(cleartext.getBytes());
+		final byte[] partialIv = ArrayUtils.subarray(mac, 0, 10);
+		final ByteBuffer iv = ByteBuffer.allocate(AES_BLOCK_LENGTH);
+		iv.put(partialIv);
+		final Cipher cipher = this.aesCtrCipher(key, iv.array(), Cipher.ENCRYPT_MODE);
 		final byte[] cleartextBytes = cleartext.getBytes(Charsets.UTF_8);
 		final byte[] encryptedBytes = cipher.doFinal(cleartextBytes);
-		final String encrypted = ENCRYPTED_FILENAME_CODEC.encodeAsString(encryptedBytes) + BASIC_FILE_EXT;
+		final String ivAndCiphertext = ENCRYPTED_FILENAME_CODEC.encodeAsString(partialIv) + IV_PREFIX_SEPARATOR + ENCRYPTED_FILENAME_CODEC.encodeAsString(encryptedBytes);
 
-		if (encrypted.length() > ENCRYPTED_FILENAME_LENGTH_LIMIT) {
-			final String crc32 = Long.toHexString(crc32Sum(encrypted.getBytes()));
+		if (ivAndCiphertext.length() + BASIC_FILE_EXT.length() > ENCRYPTED_FILENAME_LENGTH_LIMIT) {
+			final String crc32 = Long.toHexString(crc32Sum(ivAndCiphertext.getBytes()));
 			final String metadataFilename = crc32 + METADATA_FILE_EXT;
 			final LongFilenameMetadata metadata = this.getMetadata(ioSupport, metadataFilename);
-			final String alternativeFileName = crc32 + LONG_NAME_PREFIX_SEPARATOR + metadata.getOrCreateUuidForEncryptedFilename(encrypted).toString() + LONG_NAME_FILE_EXT;
+			final String alternativeFileName = crc32 + LONG_NAME_PREFIX_SEPARATOR + metadata.getOrCreateUuidForEncryptedFilename(ivAndCiphertext).toString() + LONG_NAME_FILE_EXT;
 			this.storeMetadata(ioSupport, metadataFilename, metadata);
 			return alternativeFileName;
 		} else {
-			return encrypted;
+			return ivAndCiphertext + BASIC_FILE_EXT;
 		}
 	}
 
 	@Override
 	public String decryptPath(String encryptedPath, char encryptedPathSep, char cleartextPathSep, CryptorIOSupport ioSupport) {
 		try {
-			final SecretKey key = this.pbkdf2(masterKey, EMPTY_SALT, PBKDF2_MASTERKEY_ITERATIONS, AES_KEY_LENGTH);
 			final String[] encryptedPathComps = StringUtils.split(encryptedPath, encryptedPathSep);
 			final List<String> cleartextPathComps = new ArrayList<>(encryptedPathComps.length);
 			for (final String encrypted : encryptedPathComps) {
-				final String cleartext = decryptPathComponent(encrypted, key, ioSupport);
+				final String cleartext = decryptPathComponent(encrypted, primaryMasterKey, ioSupport);
 				cleartextPathComps.add(new String(cleartext));
 			}
 			return StringUtils.join(cleartextPathComps, cleartextPathSep);
@@ -337,21 +364,26 @@ public class Aes256Cryptor extends AbstractCryptor implements AesCryptographicCo
 	 * @see #encryptPathComponent(String, SecretKey, CryptorIOSupport)
 	 */
 	private String decryptPathComponent(final String encrypted, final SecretKey key, CryptorIOSupport ioSupport) throws IllegalBlockSizeException, BadPaddingException, IOException {
-		final String ciphertext;
+		final String ivAndCiphertext;
 		if (encrypted.endsWith(LONG_NAME_FILE_EXT)) {
 			final String basename = StringUtils.removeEnd(encrypted, LONG_NAME_FILE_EXT);
 			final String crc32 = StringUtils.substringBefore(basename, LONG_NAME_PREFIX_SEPARATOR);
 			final String uuid = StringUtils.substringAfter(basename, LONG_NAME_PREFIX_SEPARATOR);
 			final String metadataFilename = crc32 + METADATA_FILE_EXT;
 			final LongFilenameMetadata metadata = this.getMetadata(ioSupport, metadataFilename);
-			ciphertext = metadata.getEncryptedFilenameForUUID(UUID.fromString(uuid));
+			ivAndCiphertext = metadata.getEncryptedFilenameForUUID(UUID.fromString(uuid));
 		} else if (encrypted.endsWith(BASIC_FILE_EXT)) {
-			ciphertext = StringUtils.removeEndIgnoreCase(encrypted, BASIC_FILE_EXT);
+			ivAndCiphertext = StringUtils.removeEndIgnoreCase(encrypted, BASIC_FILE_EXT);
 		} else {
 			throw new IllegalArgumentException("Unsupported path component: " + encrypted);
 		}
 
-		final Cipher cipher = this.cipher(FILE_NAME_CIPHER, key, EMPTY_IV, Cipher.DECRYPT_MODE);
+		final String partialIvStr = StringUtils.substringBefore(ivAndCiphertext, IV_PREFIX_SEPARATOR);
+		final String ciphertext = StringUtils.substringAfter(ivAndCiphertext, IV_PREFIX_SEPARATOR);
+		final ByteBuffer iv = ByteBuffer.allocate(AES_BLOCK_LENGTH);
+		iv.put(ENCRYPTED_FILENAME_CODEC.decode(partialIvStr));
+
+		final Cipher cipher = this.aesCtrCipher(key, iv.array(), Cipher.DECRYPT_MODE);
 		final byte[] encryptedBytes = ENCRYPTED_FILENAME_CODEC.decode(ciphertext);
 		final byte[] cleartextBytes = cipher.doFinal(encryptedBytes);
 		return new String(cleartextBytes, Charsets.UTF_8);
@@ -370,63 +402,109 @@ public class Aes256Cryptor extends AbstractCryptor implements AesCryptographicCo
 		ioSupport.writePathSpecificMetadata(metadataFile, objectMapper.writeValueAsBytes(metadata));
 	}
 
+	@Override
+	public boolean authenticateContent(SeekableByteChannel encryptedFile) throws IOException {
+		// read file size:
+		final Long fileSize = decryptedContentLength(encryptedFile);
+
+		// init mac:
+		final Mac mac = this.hmacSha256(hMacMasterKey);
+
+		// read stored mac:
+		encryptedFile.position(16);
+		final ByteBuffer macBuffer = ByteBuffer.allocate(mac.getMacLength());
+		final int numMacBytesRead = encryptedFile.read(macBuffer);
+
+		// check validity of header:
+		if (numMacBytesRead != mac.getMacLength() || fileSize == null) {
+			throw new IOException("Failed to read file header.");
+		}
+
+		// read all encrypted data and calculate mac:
+		encryptedFile.position(64);
+		final InputStream in = new SeekableByteChannelInputStream(encryptedFile);
+		final InputStream macIn = new MacInputStream(in, mac);
+		IOUtils.copyLarge(macIn, new NullOutputStream(), 0, fileSize);
+
+		// compare:
+		return Arrays.equals(macBuffer.array(), mac.doFinal());
+	}
+
 	@Override
 	public Long decryptedContentLength(SeekableByteChannel encryptedFile) throws IOException {
-		final ByteBuffer sizeBuffer = ByteBuffer.allocate(SIZE_OF_LONG);
-		final int read = encryptedFile.read(sizeBuffer);
-		if (read == SIZE_OF_LONG) {
-			return sizeBuffer.getLong(0);
-		} else {
+		// skip 128bit IV + 256 bit MAC:
+		encryptedFile.position(48);
+
+		// read encrypted value:
+		final ByteBuffer encryptedFileSizeBuffer = ByteBuffer.allocate(AES_BLOCK_LENGTH);
+		final int numFileSizeBytesRead = encryptedFile.read(encryptedFileSizeBuffer);
+
+		// return "unknown" value, if EOF
+		if (numFileSizeBytesRead != encryptedFileSizeBuffer.capacity()) {
 			return null;
 		}
+
+		// decrypt size:
+		try {
+			final Cipher sizeCipher = aesEcbCipher(primaryMasterKey, Cipher.DECRYPT_MODE);
+			final byte[] decryptedFileSize = sizeCipher.doFinal(encryptedFileSizeBuffer.array());
+			final ByteBuffer fileSizeBuffer = ByteBuffer.wrap(decryptedFileSize);
+			return fileSizeBuffer.getLong();
+		} catch (IllegalBlockSizeException | BadPaddingException e) {
+			throw new IllegalStateException(e);
+		}
 	}
 
 	@Override
 	public Long decryptedFile(SeekableByteChannel encryptedFile, OutputStream plaintextFile) throws IOException {
-		// skip content size:
-		encryptedFile.position(SIZE_OF_LONG);
-
 		// read iv:
+		encryptedFile.position(0);
 		final ByteBuffer countingIv = ByteBuffer.allocate(AES_BLOCK_LENGTH);
-		final int read = encryptedFile.read(countingIv);
-		if (read != AES_BLOCK_LENGTH) {
-			throw new IOException("Failed to read encrypted file header.");
+		final int numIvBytesRead = encryptedFile.read(countingIv);
+
+		// read file size:
+		final Long fileSize = decryptedContentLength(encryptedFile);
+
+		// check validity of header:
+		if (numIvBytesRead != AES_BLOCK_LENGTH || fileSize == null) {
+			throw new IOException("Failed to read file header.");
 		}
 
-		// derive secret key and generate cipher:
-		final SecretKey key = this.pbkdf2(masterKey, EMPTY_SALT, PBKDF2_MASTERKEY_ITERATIONS, AES_KEY_LENGTH);
-		final Cipher cipher = this.cipher(FILE_CONTENT_CIPHER, key, countingIv.array(), Cipher.DECRYPT_MODE);
+		// go to begin of content:
+		encryptedFile.position(64);
+
+		// generate cipher:
+		final Cipher cipher = this.aesCtrCipher(primaryMasterKey, countingIv.array(), Cipher.DECRYPT_MODE);
 
 		// read content
 		final InputStream in = new SeekableByteChannelInputStream(encryptedFile);
 		final InputStream cipheredIn = new CipherInputStream(in, cipher);
-		return IOUtils.copyLarge(cipheredIn, plaintextFile);
+		return IOUtils.copyLarge(cipheredIn, plaintextFile, 0, fileSize);
 	}
 
 	@Override
 	public Long decryptRange(SeekableByteChannel encryptedFile, OutputStream plaintextFile, long pos, long length) throws IOException {
-		// skip content size:
-		encryptedFile.position(SIZE_OF_LONG);
-
 		// read iv:
+		encryptedFile.position(0);
 		final ByteBuffer countingIv = ByteBuffer.allocate(AES_BLOCK_LENGTH);
-		final int read = encryptedFile.read(countingIv);
-		if (read != AES_BLOCK_LENGTH) {
-			throw new IOException("Failed to read encrypted file header.");
+		final int numIvBytesRead = encryptedFile.read(countingIv);
+
+		// check validity of header:
+		if (numIvBytesRead != AES_BLOCK_LENGTH) {
+			throw new IOException("Failed to read file header.");
 		}
 
 		// seek relevant position and update iv:
 		long firstRelevantBlock = pos / AES_BLOCK_LENGTH; // cut of fraction!
 		long beginOfFirstRelevantBlock = firstRelevantBlock * AES_BLOCK_LENGTH;
 		long offsetInsideFirstRelevantBlock = pos - beginOfFirstRelevantBlock;
-		countingIv.putLong(AES_BLOCK_LENGTH - SIZE_OF_LONG, firstRelevantBlock);
+		countingIv.putLong(AES_BLOCK_LENGTH - Long.BYTES, firstRelevantBlock);
 
 		// fast forward stream:
-		encryptedFile.position(SIZE_OF_LONG + AES_BLOCK_LENGTH + beginOfFirstRelevantBlock);
+		encryptedFile.position(64 + beginOfFirstRelevantBlock);
 
-		// derive secret key and generate cipher:
-		final SecretKey key = this.pbkdf2(masterKey, EMPTY_SALT, PBKDF2_MASTERKEY_ITERATIONS, AES_KEY_LENGTH);
-		final Cipher cipher = this.cipher(FILE_CONTENT_CIPHER, key, countingIv.array(), Cipher.DECRYPT_MODE);
+		// generate cipher:
+		final Cipher cipher = this.aesCtrCipher(primaryMasterKey, countingIv.array(), Cipher.DECRYPT_MODE);
 
 		// read content
 		final InputStream in = new SeekableByteChannelInputStream(encryptedFile);
@@ -441,33 +519,58 @@ public class Aes256Cryptor extends AbstractCryptor implements AesCryptographicCo
 
 		// use an IV, whose last 8 bytes store a long used in counter mode and write initial value to file.
 		final ByteBuffer countingIv = ByteBuffer.wrap(randomData(AES_BLOCK_LENGTH));
-		countingIv.putLong(AES_BLOCK_LENGTH - SIZE_OF_LONG, 0l);
+		countingIv.putLong(AES_BLOCK_LENGTH - Long.BYTES, 0l);
 		countingIv.position(0);
-
-		// derive secret key and generate cipher:
-		final SecretKey key = this.pbkdf2(masterKey, EMPTY_SALT, PBKDF2_MASTERKEY_ITERATIONS, AES_KEY_LENGTH);
-		final Cipher cipher = this.cipher(FILE_CONTENT_CIPHER, key, countingIv.array(), Cipher.ENCRYPT_MODE);
-
-		// 8 bytes (file size: temporarily -1):
-		final ByteBuffer fileSize = ByteBuffer.allocate(SIZE_OF_LONG);
-		fileSize.putLong(-1L);
-		fileSize.position(0);
-		encryptedFile.write(fileSize);
-
-		// 16 bytes (iv):
 		encryptedFile.write(countingIv);
 
+		// init crypto stuff:
+		final Mac mac = this.hmacSha256(hMacMasterKey);
+		final Cipher cipher = this.aesCtrCipher(primaryMasterKey, countingIv.array(), Cipher.ENCRYPT_MODE);
+
+		// init mac buffer and skip 32 bytes
+		final ByteBuffer macBuffer = ByteBuffer.allocate(mac.getMacLength());
+		encryptedFile.write(macBuffer);
+
+		// init filesize buffer and skip 16 bytes
+		final ByteBuffer encryptedFileSizeBuffer = ByteBuffer.allocate(AES_BLOCK_LENGTH);
+		encryptedFile.write(encryptedFileSizeBuffer);
+
 		// write content:
 		final OutputStream out = new SeekableByteChannelOutputStream(encryptedFile);
-		final OutputStream cipheredOut = new CipherOutputStream(out, cipher);
+		final OutputStream macOut = new MacOutputStream(out, mac);
+		final OutputStream cipheredOut = new CipherOutputStream(macOut, cipher);
 		final Long actualSize = IOUtils.copyLarge(plaintextFile, cipheredOut);
 
-		// write filesize
-		fileSize.position(0);
-		fileSize.putLong(actualSize);
-		fileSize.position(0);
-		encryptedFile.position(0);
-		encryptedFile.write(fileSize);
+		// copy MAC:
+		macBuffer.position(0);
+		macBuffer.put(mac.doFinal());
+
+		// append fake content:
+		final int randomContentLength = (int) Math.ceil((Math.random() + 1.0) * actualSize / 20.0);
+		final byte[] emptyBytes = new byte[AES_BLOCK_LENGTH];
+		for (int i = 0; i < randomContentLength; i += AES_BLOCK_LENGTH) {
+			cipheredOut.write(emptyBytes);
+		}
+		cipheredOut.flush();
+
+		// encrypt actualSize
+		try {
+			final ByteBuffer fileSizeBuffer = ByteBuffer.allocate(Long.BYTES);
+			fileSizeBuffer.putLong(actualSize);
+			final Cipher sizeCipher = aesEcbCipher(primaryMasterKey, Cipher.ENCRYPT_MODE);
+			final byte[] encryptedFileSize = sizeCipher.doFinal(fileSizeBuffer.array());
+			encryptedFileSizeBuffer.position(0);
+			encryptedFileSizeBuffer.put(encryptedFileSize);
+		} catch (IllegalBlockSizeException | BadPaddingException e) {
+			throw new IllegalStateException(e);
+		}
+
+		// write file header
+		encryptedFile.position(16); // skip already written 128 bit IV
+		macBuffer.position(0);
+		encryptedFile.write(macBuffer); // 256 bit MAC
+		encryptedFileSizeBuffer.position(0);
+		encryptedFile.write(encryptedFileSizeBuffer); // 128 bit encrypted file size
 
 		return actualSize;
 	}

main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/AesCryptographicConfiguration.java

@@ -11,29 +11,29 @@ package org.cryptomator.crypto.aes256;
 interface AesCryptographicConfiguration {
 
 	/**
-	 * Number of bytes used as seed for the PRNG.
+	 * Number of bytes used as salt, where needed.
 	 */
-	int PRNG_SEED_LENGTH = 16;
+	int SCRYPT_SALT_LENGTH = 8;
+
+	/**
+	 * Scrypt CPU/Memory cost parameter.
+	 */
+	int SCRYPT_COST_PARAM = 1 << 14;
+
+	/**
+	 * Scrypt block size (affects memory consumption)
+	 */
+	int SCRYPT_BLOCK_SIZE = 8;
 
 	/**
 	 * Number of bytes of the master key. Should be the maximum possible AES key length to provide best security.
 	 */
-	int MASTER_KEY_LENGTH = 256;
+	int PREF_MASTER_KEY_LENGTH_IN_BITS = 256;
 
 	/**
-	 * Number of bytes used as salt, where needed.
+	 * Number of bytes used as seed for the PRNG.
 	 */
-	int SALT_LENGTH = 8;
-
-	/**
-	 * 0-filled salt.
-	 */
-	byte[] EMPTY_SALT = new byte[SALT_LENGTH];
-
-	/**
-	 * Algorithm used for key derivation.
-	 */
-	String KEY_FACTORY_ALGORITHM = "PBKDF2WithHmacSHA1";
+	int PRNG_SEED_LENGTH = 16;
 
 	/**
 	 * Algorithm used for random number generation.
@@ -45,28 +45,33 @@ interface AesCryptographicConfiguration {
 	 * 
 	 * @see http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#AlgorithmParameters
 	 */
-	String CRYPTO_ALGORITHM = "AES";
+	String AES_KEY_ALGORITHM = "AES";
 
 	/**
-	 * Cipher specs for masterkey encryption.
+	 * Key algorithm for keyed MAC.
+	 */
+	String HMAC_KEY_ALGORITHM = "HmacSHA256";
+
+	/**
+	 * Cipher specs for RFC 3394 masterkey encryption.
 	 * 
 	 * @see http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Cipher
 	 */
-	String MASTERKEY_CIPHER = "AES/CBC/PKCS5Padding";
+	String AES_KEYWRAP_CIPHER = "AESWrap";
 
 	/**
-	 * Cipher specs for file name encryption.
+	 * Cipher specs for file name and file content encryption. Using CTR-mode for random access.
 	 * 
 	 * @see http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Cipher
 	 */
-	String FILE_NAME_CIPHER = "AES/CBC/PKCS5Padding";
+	String AES_CTR_CIPHER = "AES/CTR/NoPadding";
 
 	/**
-	 * Cipher specs for content encryption. Using CTR-mode for random access.
+	 * Cipher specs for single block encryption (like file size).
 	 * 
-	 * @see http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Cipher
+	 * @see http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#impl
 	 */
-	String FILE_CONTENT_CIPHER = "AES/CTR/NoPadding";
+	String AES_ECB_CIPHER = "AES/ECB/PKCS5Padding";
 
 	/**
 	 * AES block size is 128 bit or 16 bytes.
@@ -74,19 +79,10 @@ interface AesCryptographicConfiguration {
 	int AES_BLOCK_LENGTH = 16;
 
 	/**
-	 * 0-filled initialization vector.
+	 * Number of non-zero bytes in the IV used for file name encryption. Less means shorter encrypted filenames, more means higher entropy.
+	 * Maximum length is {@value #AES_BLOCK_LENGTH}. Even the shortest base32 (see {@link FileNamingConventions#ENCRYPTED_FILENAME_CODEC})
+	 * encoded byte array will need 8 chars. The maximum number of bytes that fit in 8 base32 chars is 5. Thus 5 is the ideal length.
 	 */
-	byte[] EMPTY_IV = new byte[AES_BLOCK_LENGTH];
-
-	/**
-	 * Number of iterations for key derived from user pw. High iteration count for better resistance to bruteforcing.
-	 */
-	int PBKDF2_PW_ITERATIONS = 1000;
-
-	/**
-	 * Number of iterations for key derived from masterkey. Low iteration count for better performance. No additional security is added by
-	 * high values.
-	 */
-	int PBKDF2_MASTERKEY_ITERATIONS = 1;
+	int FILE_NAME_IV_LENGTH = 5;
 
 }

main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/FileNamingConventions.java

@@ -22,7 +22,7 @@ interface FileNamingConventions {
 	String MASTERKEY_FILE_EXT = ".masterkey.json";
 
 	/**
-	 * How to encode the encrypted file names safely.
+	 * How to encode the encrypted file names safely. Base32 uses only alphanumeric characters and is case-insensitive.
 	 */
 	BaseNCodec ENCRYPTED_FILENAME_CODEC = new Base32();
 
@@ -37,6 +37,11 @@ interface FileNamingConventions {
 	 */
 	String BASIC_FILE_EXT = ".aes";
 
+	/**
+	 * Prefix in front of the actual encrypted file name used as IV.
+	 */
+	String IV_PREFIX_SEPARATOR = "_";
+
 	/**
 	 * For plaintext file names > {@value #ENCRYPTED_FILENAME_LENGTH_LIMIT} chars.
 	 */

main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/Key.java

@@ -1,67 +0,0 @@
-package org.cryptomator.crypto.aes256;
-
-import java.io.Serializable;
-
-import com.fasterxml.jackson.annotation.JsonPropertyOrder;
-
-@JsonPropertyOrder(value = { "salt", "iv", "iterations", "keyLength", "masterkey" })
-public class Key implements Serializable {
-
-	private static final long serialVersionUID = 8578363158959619885L;
-	private byte[] salt;
-	private byte[] iv;
-	private int iterations;
-	private int keyLength;
-	private byte[] pwVerification;
-	private byte[] masterkey;
-	
-	public byte[] getSalt() {
-		return salt;
-	}
-	
-	public void setSalt(byte[] salt) {
-		this.salt = salt;
-	}
-
-	public byte[] getIv() {
-		return iv;
-	}
-
-	public void setIv(byte[] iv) {
-		this.iv = iv;
-	}
-
-	public int getIterations() {
-		return iterations;
-	}
-
-	public void setIterations(int iterations) {
-		this.iterations = iterations;
-	}
-
-	public int getKeyLength() {
-		return keyLength;
-	}
-
-	public void setKeyLength(int keyLength) {
-		this.keyLength = keyLength;
-	}
-
-	public byte[] getPwVerification() {
-		return pwVerification;
-	}
-
-	public void setPwVerification(byte[] pwVerification) {
-		this.pwVerification = pwVerification;
-	}
-
-	public byte[] getMasterkey() {
-		return masterkey;
-	}
-
-	public void setMasterkey(byte[] masterkey) {
-		this.masterkey = masterkey;
-	}
-
-	
-}

main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/KeyFile.java

@@ -0,0 +1,66 @@
+package org.cryptomator.crypto.aes256;
+
+import java.io.Serializable;
+
+import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+
+@JsonPropertyOrder(value = {"scryptSalt", "scryptCostParam", "scryptBlockSize", "keyLength", "primaryMasterKey", "hMacMasterKey"})
+public class KeyFile implements Serializable {
+
+	private static final long serialVersionUID = 8578363158959619885L;
+	private byte[] scryptSalt;
+	private int scryptCostParam;
+	private int scryptBlockSize;
+	private int keyLength;
+	private byte[] primaryMasterKey;
+	private byte[] hMacMasterKey;
+
+	public byte[] getScryptSalt() {
+		return scryptSalt;
+	}
+
+	public void setScryptSalt(byte[] scryptSalt) {
+		this.scryptSalt = scryptSalt;
+	}
+
+	public int getScryptCostParam() {
+		return scryptCostParam;
+	}
+
+	public void setScryptCostParam(int scryptCostParam) {
+		this.scryptCostParam = scryptCostParam;
+	}
+
+	public int getScryptBlockSize() {
+		return scryptBlockSize;
+	}
+
+	public void setScryptBlockSize(int scryptBlockSize) {
+		this.scryptBlockSize = scryptBlockSize;
+	}
+
+	public int getKeyLength() {
+		return keyLength;
+	}
+
+	public void setKeyLength(int keyLength) {
+		this.keyLength = keyLength;
+	}
+
+	public byte[] getPrimaryMasterKey() {
+		return primaryMasterKey;
+	}
+
+	public void setPrimaryMasterKey(byte[] primaryMasterKey) {
+		this.primaryMasterKey = primaryMasterKey;
+	}
+
+	public byte[] getHMacMasterKey() {
+		return hMacMasterKey;
+	}
+
+	public void setHMacMasterKey(byte[] hMacMasterKey) {
+		this.hMacMasterKey = hMacMasterKey;
+	}
+
+}

main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/MacInputStream.java

@@ -0,0 +1,39 @@
+package org.cryptomator.crypto.aes256;
+
+import java.io.FilterInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import javax.crypto.Mac;
+
+/**
+ * Updates a {@link Mac} with the bytes read from this stream.
+ */
+class MacInputStream extends FilterInputStream {
+
+	private final Mac mac;
+
+	/**
+	 * @param in Stream from which to read contents, which will update the Mac.
+	 * @param mac Mac to be updated during writes.
+	 */
+	public MacInputStream(InputStream in, Mac mac) {
+		super(in);
+		this.mac = mac;
+	}
+
+	@Override
+	public int read() throws IOException {
+		int b = in.read();
+		mac.update((byte) b);
+		return b;
+	}
+
+	@Override
+	public int read(byte[] b, int off, int len) throws IOException {
+		int read = in.read(b, off, len);
+		mac.update(b, off, len);
+		return read;
+	}
+
+}

main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/MacOutputStream.java

@@ -0,0 +1,37 @@
+package org.cryptomator.crypto.aes256;
+
+import java.io.FilterOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+import javax.crypto.Mac;
+
+/**
+ * Updates a {@link Mac} with the bytes written to this stream.
+ */
+class MacOutputStream extends FilterOutputStream {
+
+	private final Mac mac;
+
+	/**
+	 * @param out Stream to redirect contents to after updating the mac.
+	 * @param mac Mac to be updated during writes.
+	 */
+	public MacOutputStream(OutputStream out, Mac mac) {
+		super(out);
+		this.mac = mac;
+	}
+
+	@Override
+	public void write(int b) throws IOException {
+		mac.update((byte) b);
+		out.write(b);
+	}
+
+	@Override
+	public void write(byte[] b, int off, int len) throws IOException {
+		mac.update(b, off, len);
+		out.write(b, off, len);
+	}
+
+}

main/crypto-aes/src/test/java/org/cryptomator/crypto/aes256/Aes256CryptorTest.java

@@ -47,21 +47,66 @@ public class Aes256CryptorTest {
 		IOUtils.closeQuietly(in);
 	}
 
-	@Test(expected = WrongPasswordException.class)
+	@Test
 	public void testWrongPassword() throws IOException, DecryptFailedException, WrongPasswordException, UnsupportedKeyLengthException {
 		final String pw = "asd";
 		final Aes256Cryptor cryptor = new Aes256Cryptor(TEST_PRNG);
 		final ByteArrayOutputStream out = new ByteArrayOutputStream();
 		cryptor.encryptMasterKey(out, pw);
 		cryptor.swipeSensitiveData();
-
-		final String wrongPw = "foo";
-		final Aes256Cryptor decryptor = new Aes256Cryptor(TEST_PRNG);
-		final InputStream in = new ByteArrayInputStream(out.toByteArray());
-		decryptor.decryptMasterKey(in, wrongPw);
-
 		IOUtils.closeQuietly(out);
-		IOUtils.closeQuietly(in);
+
+		// all these passwords are expected to fail.
+		final String[] wrongPws = {"a", "as", "asdf", "sdf", "das", "dsa", "foo", "bar", "baz"};
+		final Aes256Cryptor decryptor = new Aes256Cryptor(TEST_PRNG);
+		for (final String wrongPw : wrongPws) {
+			final InputStream in = new ByteArrayInputStream(out.toByteArray());
+			try {
+				decryptor.decryptMasterKey(in, wrongPw);
+				Assert.fail("should not succeed.");
+			} catch (WrongPasswordException e) {
+				continue;
+			} finally {
+				IOUtils.closeQuietly(in);
+			}
+		}
+	}
+
+	@Test
+	public void testIntegrityAuthentication() throws IOException {
+		// our test plaintext data:
+		final byte[] plaintextData = "Hello World".getBytes();
+		final InputStream plaintextIn = new ByteArrayInputStream(plaintextData);
+
+		// init cryptor:
+		final Aes256Cryptor cryptor = new Aes256Cryptor(TEST_PRNG);
+
+		// encrypt:
+		final ByteBuffer encryptedData = ByteBuffer.allocate(64 + plaintextData.length * 4);
+		final SeekableByteChannel encryptedOut = new ByteBufferBackedSeekableChannel(encryptedData);
+		cryptor.encryptFile(plaintextIn, encryptedOut);
+		IOUtils.closeQuietly(plaintextIn);
+		IOUtils.closeQuietly(encryptedOut);
+
+		encryptedData.position(0);
+
+		// authenticate unmodified content:
+		final SeekableByteChannel encryptedIn1 = new ByteBufferBackedSeekableChannel(encryptedData);
+		final boolean isContentUnmodified1 = cryptor.authenticateContent(encryptedIn1);
+		Assert.assertTrue(isContentUnmodified1);
+
+		// toggle one bit inf first content byte:
+		encryptedData.position(64);
+		final byte fifthByte = encryptedData.get();
+		encryptedData.position(64);
+		encryptedData.put((byte) (fifthByte ^ 0x01));
+
+		encryptedData.position(0);
+
+		// authenticate modified content:
+		final SeekableByteChannel encryptedIn2 = new ByteBufferBackedSeekableChannel(encryptedData);
+		final boolean isContentUnmodified2 = cryptor.authenticateContent(encryptedIn2);
+		Assert.assertFalse(isContentUnmodified2);
 	}
 
 	@Test
@@ -74,19 +119,25 @@ public class Aes256CryptorTest {
 		final Aes256Cryptor cryptor = new Aes256Cryptor(TEST_PRNG);
 
 		// encrypt:
-		final ByteBuffer encryptedData = ByteBuffer.allocate(plaintextData.length + 200);
+		final ByteBuffer encryptedData = ByteBuffer.allocate(64 + plaintextData.length * 4);
 		final SeekableByteChannel encryptedOut = new ByteBufferBackedSeekableChannel(encryptedData);
 		cryptor.encryptFile(plaintextIn, encryptedOut);
 		IOUtils.closeQuietly(plaintextIn);
 		IOUtils.closeQuietly(encryptedOut);
 
-		// decrypt:
+		encryptedData.position(0);
+
+		// decrypt file size:
 		final SeekableByteChannel encryptedIn = new ByteBufferBackedSeekableChannel(encryptedData);
+		final Long filesize = cryptor.decryptedContentLength(encryptedIn);
+		Assert.assertEquals(plaintextData.length, filesize.longValue());
+
+		// decrypt:
 		final ByteArrayOutputStream plaintextOut = new ByteArrayOutputStream();
 		final Long numDecryptedBytes = cryptor.decryptedFile(encryptedIn, plaintextOut);
 		IOUtils.closeQuietly(encryptedIn);
 		IOUtils.closeQuietly(plaintextOut);
-		Assert.assertTrue(numDecryptedBytes > 0);
+		Assert.assertEquals(filesize.longValue(), numDecryptedBytes.longValue());
 
 		// check decrypted data:
 		final byte[] result = plaintextOut.toByteArray();
@@ -107,12 +158,14 @@ public class Aes256CryptorTest {
 		final Aes256Cryptor cryptor = new Aes256Cryptor(TEST_PRNG);
 
 		// encrypt:
-		final ByteBuffer encryptedData = ByteBuffer.allocate(plaintextData.length + 200);
+		final ByteBuffer encryptedData = ByteBuffer.allocate(64 + plaintextData.length * 4);
 		final SeekableByteChannel encryptedOut = new ByteBufferBackedSeekableChannel(encryptedData);
 		cryptor.encryptFile(plaintextIn, encryptedOut);
 		IOUtils.closeQuietly(plaintextIn);
 		IOUtils.closeQuietly(encryptedOut);
 
+		encryptedData.position(0);
+
 		// decrypt:
 		final SeekableByteChannel encryptedIn = new ByteBufferBackedSeekableChannel(encryptedData);
 		final ByteArrayOutputStream plaintextOut = new ByteArrayOutputStream();
@@ -134,15 +187,19 @@ public class Aes256CryptorTest {
 
 		// short path components
 		final String originalPath1 = "foo/bar/baz";
-		final String encryptedPath1 = cryptor.encryptPath(originalPath1, '/', '/', ioSupportMock);
-		final String decryptedPath1 = cryptor.decryptPath(encryptedPath1, '/', '/', ioSupportMock);
+		final String encryptedPath1a = cryptor.encryptPath(originalPath1, '/', '/', ioSupportMock);
+		final String encryptedPath1b = cryptor.encryptPath(originalPath1, '/', '/', ioSupportMock);
+		Assert.assertEquals(encryptedPath1a, encryptedPath1b);
+		final String decryptedPath1 = cryptor.decryptPath(encryptedPath1a, '/', '/', ioSupportMock);
 		Assert.assertEquals(originalPath1, decryptedPath1);
 
 		// long path components
 		final String str50chars = "aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee";
 		final String originalPath2 = "foo/" + str50chars + str50chars + str50chars + str50chars + str50chars + "/baz";
-		final String encryptedPath2 = cryptor.encryptPath(originalPath2, '/', '/', ioSupportMock);
-		final String decryptedPath2 = cryptor.decryptPath(encryptedPath2, '/', '/', ioSupportMock);
+		final String encryptedPath2a = cryptor.encryptPath(originalPath2, '/', '/', ioSupportMock);
+		final String encryptedPath2b = cryptor.encryptPath(originalPath2, '/', '/', ioSupportMock);
+		Assert.assertEquals(encryptedPath2a, encryptedPath2b);
+		final String decryptedPath2 = cryptor.decryptPath(encryptedPath2a, '/', '/', ioSupportMock);
 		Assert.assertEquals(originalPath2, decryptedPath2);
 	}
 

main/crypto-api/pom.xml

@@ -12,7 +12,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>0.3.0-SNAPSHOT</version>
+		<version>0.4.0</version>
 	</parent>
 	<artifactId>crypto-api</artifactId>
 	<name>Cryptomator cryptographic module API</name>

main/crypto-api/src/main/java/org/cryptomator/crypto/Cryptor.java

@@ -68,6 +68,11 @@ public interface Cryptor extends SensitiveDataSwipeListener {
 	 */
 	String decryptPath(String encryptedPath, char encryptedPathSep, char cleartextPathSep, CryptorIOSupport ioSupport);
 
+	/**
+	 * @return <code>true</code> If the integrity of the file can be assured.
+	 */
+	boolean authenticateContent(SeekableByteChannel encryptedFile) throws IOException;
+
 	/**
 	 * @param metadataSupport Support object allowing the Cryptor to read and write its own metadata to the location of the encrypted file.
 	 * @return Content length of the decrypted file or <code>null</code> if unknown.
@@ -76,15 +81,17 @@ public interface Cryptor extends SensitiveDataSwipeListener {
 
 	/**
 	 * @return Number of decrypted bytes. This might not be equal to the encrypted file size due to optional metadata written to it.
+	 * @throws DecryptFailedException If decryption failed
 	 */
-	Long decryptedFile(SeekableByteChannel encryptedFile, OutputStream plaintextFile) throws IOException;
+	Long decryptedFile(SeekableByteChannel encryptedFile, OutputStream plaintextFile) throws IOException, DecryptFailedException;
 
 	/**
 	 * @param pos First byte (inclusive)
 	 * @param length Number of requested bytes beginning at pos.
 	 * @return Number of decrypted bytes. This might not be equal to the number of bytes requested due to potential overheads.
+	 * @throws DecryptFailedException If decryption failed
 	 */
-	Long decryptRange(SeekableByteChannel encryptedFile, OutputStream plaintextFile, long pos, long length) throws IOException;
+	Long decryptRange(SeekableByteChannel encryptedFile, OutputStream plaintextFile, long pos, long length) throws IOException, DecryptFailedException;
 
 	/**
 	 * @return Number of encrypted bytes. This might not be equal to the encrypted file size due to optional metadata written to it.

main/crypto-api/src/main/java/org/cryptomator/crypto/SamplingDecorator.java

@@ -76,19 +76,24 @@ public class SamplingDecorator implements Cryptor, CryptorIOSampling {
 		return cryptor.decryptPath(encryptedPath, encryptedPathSep, cleartextPathSep, ioSupport);
 	}
 
+	@Override
+	public boolean authenticateContent(SeekableByteChannel encryptedFile) throws IOException {
+		return cryptor.authenticateContent(encryptedFile);
+	}
+
 	@Override
 	public Long decryptedContentLength(SeekableByteChannel encryptedFile) throws IOException {
 		return cryptor.decryptedContentLength(encryptedFile);
 	}
 
 	@Override
-	public Long decryptedFile(SeekableByteChannel encryptedFile, OutputStream plaintextFile) throws IOException {
+	public Long decryptedFile(SeekableByteChannel encryptedFile, OutputStream plaintextFile) throws IOException, DecryptFailedException {
 		final OutputStream countingInputStream = new CountingOutputStream(decryptedBytes, plaintextFile);
 		return cryptor.decryptedFile(encryptedFile, countingInputStream);
 	}
 
 	@Override
-	public Long decryptRange(SeekableByteChannel encryptedFile, OutputStream plaintextFile, long pos, long length) throws IOException {
+	public Long decryptRange(SeekableByteChannel encryptedFile, OutputStream plaintextFile, long pos, long length) throws IOException, DecryptFailedException {
 		final OutputStream countingInputStream = new CountingOutputStream(decryptedBytes, plaintextFile);
 		return cryptor.decryptRange(encryptedFile, countingInputStream, pos, length);
 	}

main/crypto-api/src/main/java/org/cryptomator/crypto/exceptions/DecryptFailedException.java

@@ -6,4 +6,8 @@ public class DecryptFailedException extends StorageCryptingException {
 	public DecryptFailedException(Throwable t) {
 		super("Decryption failed.", t);
 	}
+
+	public DecryptFailedException(String msg) {
+		super(msg);
+	}
 }

main/crypto-api/src/main/java/org/cryptomator/crypto/exceptions/UnsupportedKeyLengthException.java

@@ -7,7 +7,7 @@ public class UnsupportedKeyLengthException extends StorageCryptingException {
 	private final int supportedLength;
 
 	public UnsupportedKeyLengthException(int length, int maxLength) {
-		super(String.format("Key length (%i) exceeds policy maximum (%i).", length, maxLength));
+		super(String.format("Key length (%d) exceeds policy maximum (%d).", length, maxLength));
 		this.requestedLength = length;
 		this.supportedLength = maxLength;
 	}

main/pom.xml

@@ -4,7 +4,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>main</artifactId>
-	<version>0.3.0-SNAPSHOT</version>
+	<version>0.4.0</version>
 	<packaging>pom</packaging>
 	<name>Cryptomator</name>
 
@@ -27,12 +27,13 @@
 		<!-- dependency versions -->
 		<log4j.version>2.1</log4j.version>
 		<slf4j.version>1.7.7</slf4j.version>
-		<junit.version>4.11</junit.version>
+		<junit.version>4.12</junit.version>
 		<commons-io.version>2.4</commons-io.version>
 		<commons-collections.version>4.0</commons-collections.version>
-		<commons-lang3.version>3.1</commons-lang3.version>
-		<commons-codec.version>1.9</commons-codec.version>
-	</properties>
+		<commons-lang3.version>3.3.2</commons-lang3.version>
+		<commons-codec.version>1.10</commons-codec.version>
+        	<jackson-databind.version>2.4.4</jackson-databind.version>
+        </properties>
 
 	<dependencyManagement>
 		<dependencies>
@@ -106,14 +107,14 @@
 			<dependency>
 				<groupId>com.fasterxml.jackson.core</groupId>
 				<artifactId>jackson-databind</artifactId>
-				<version>2.4.2</version>
+				<version>${jackson-databind.version}</version>
 			</dependency>
 
 			<!-- JUnit -->
 			<dependency>
 				<groupId>junit</groupId>
 				<artifactId>junit</artifactId>
-				<version>4.11</version>
+				<version>${junit.version}</version>
 				<scope>test</scope>
 			</dependency>
 		</dependencies>
@@ -150,7 +151,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.1</version>
+				<version>3.2</version>
 				<configuration>
 					<source>1.8</source>
 					<target>1.8</target>

main/ui/pom.xml

@@ -12,7 +12,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>0.3.0-SNAPSHOT</version>
+		<version>0.4.0</version>
 	</parent>
 	<artifactId>ui</artifactId>
 	<name>Cryptomator GUI</name>
@@ -102,7 +102,7 @@
 								<fx:deploy nativeBundles="all" outdir="${project.build.directory}/dist" outfile="${project.build.finalName}" verbose="false">
 									<fx:application name="${javafx.application.name}" version="${project.version}" mainClass="${exec.mainClass}" />
 									<fx:info title="${javafx.application.name}" vendor="cryptomator.org" copyright="cryptomator.org" license="MIT" category="Utility" />
-									<fx:platform basedir="" javafx="2.2+" j2se="8.0" />
+									<fx:platform javafx="2.2+" j2se="8.0" />
 									<fx:resources>
 										<fx:fileset dir="${project.build.directory}" includes="${javafx.application.name}.jar" />
 									</fx:resources>

main/ui/src/main/java/org/cryptomator/ui/MainApplication.java

@@ -21,6 +21,7 @@ import javafx.stage.Stage;
 
 import org.apache.commons.lang3.SystemUtils;
 import org.cryptomator.ui.settings.Settings;
+import org.cryptomator.ui.util.ActiveWindowStyleSupport;
 import org.cryptomator.ui.util.TrayIconUtil;
 import org.eclipse.jetty.util.ConcurrentHashSet;
 
@@ -48,6 +49,7 @@ public class MainApplication extends Application {
 		primaryStage.sizeToScene();
 		primaryStage.setResizable(false);
 		primaryStage.show();
+		ActiveWindowStyleSupport.startObservingFocus(primaryStage);
 		TrayIconUtil.init(primaryStage, rb, () -> {
 			quit();
 		});

main/ui/src/main/java/org/cryptomator/ui/MainController.java

@@ -77,8 +77,10 @@ public class MainController implements Initializable, InitializationListener, Un
 		final File file = dirChooser.showDialog(stage);
 		if (file != null && file.canWrite()) {
 			final Directory dir = new Directory(file.toPath());
-			directoryList.getItems().add(dir);
-			directoryList.getSelectionModel().selectLast();
+			if (!directoryList.getItems().contains(dir)) {
+				directoryList.getItems().add(dir);
+			}
+			directoryList.getSelectionModel().select(dir);
 		}
 	}
 

main/ui/src/main/java/org/cryptomator/ui/UnlockController.java

@@ -24,6 +24,7 @@ import javafx.event.ActionEvent;
 import javafx.fxml.FXML;
 import javafx.fxml.Initializable;
 import javafx.scene.control.Button;
+import javafx.scene.control.CheckBox;
 import javafx.scene.control.ComboBox;
 import javafx.scene.control.Label;
 import javafx.scene.control.ProgressIndicator;
@@ -55,6 +56,9 @@ public class UnlockController implements Initializable {
 	@FXML
 	private SecPasswordField passwordField;
 
+	@FXML
+	private CheckBox checkIntegrity;
+
 	@FXML
 	private Button unlockButton;
 
@@ -96,6 +100,7 @@ public class UnlockController implements Initializable {
 		try {
 			progressIndicator.setVisible(true);
 			masterKeyInputStream = Files.newInputStream(masterKeyPath, StandardOpenOption.READ);
+			directory.setVerifyFileIntegrity(checkIntegrity.isSelected());
 			directory.getCryptor().decryptMasterKey(masterKeyInputStream, password);
 			if (!directory.startServer()) {
 				messageLabel.setText(rb.getString("unlock.messageLabel.startServerFailed"));
@@ -117,7 +122,7 @@ public class UnlockController implements Initializable {
 			setControlsDisabled(false);
 			progressIndicator.setVisible(false);
 			messageLabel.setText(rb.getString("unlock.errorMessage.wrongPassword"));
-			passwordField.requestFocus();
+			Platform.runLater(passwordField::requestFocus);
 		} catch (UnsupportedKeyLengthException ex) {
 			setControlsDisabled(false);
 			progressIndicator.setVisible(false);
@@ -132,6 +137,7 @@ public class UnlockController implements Initializable {
 	private void setControlsDisabled(boolean disable) {
 		usernameBox.setDisable(disable);
 		passwordField.setDisable(disable);
+		checkIntegrity.setDisable(disable);
 		unlockButton.setDisable(disable);
 	}
 
@@ -170,6 +176,7 @@ public class UnlockController implements Initializable {
 	public void setDirectory(Directory directory) {
 		this.directory = directory;
 		this.findExistingUsernames();
+		this.checkIntegrity.setSelected(directory.shouldVerifyFileIntegrity());
 	}
 
 	public UnlockListener getListener() {

main/ui/src/main/java/org/cryptomator/ui/controls/DirectoryListCell.java

@@ -3,7 +3,6 @@ package org.cryptomator.ui.controls;
 import javafx.beans.value.ChangeListener;
 import javafx.beans.value.ObservableValue;
 import javafx.scene.control.ContentDisplay;
-import javafx.scene.control.ListCell;
 import javafx.scene.control.Tooltip;
 import javafx.scene.paint.Color;
 import javafx.scene.paint.Paint;
@@ -11,7 +10,7 @@ import javafx.scene.shape.Circle;
 
 import org.cryptomator.ui.model.Directory;
 
-public class DirectoryListCell extends ListCell<Directory> implements ChangeListener<Boolean> {
+public class DirectoryListCell extends DraggableListCell<Directory> implements ChangeListener<Boolean> {
 
 	// fill: #FD4943, stroke: #E1443F
 	private static final Color RED_FILL = Color.rgb(253, 73, 67);

main/ui/src/main/java/org/cryptomator/ui/controls/DraggableListCell.java

@@ -0,0 +1,132 @@
+package org.cryptomator.ui.controls;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javafx.geometry.Insets;
+import javafx.scene.SnapshotParameters;
+import javafx.scene.control.ListCell;
+import javafx.scene.image.Image;
+import javafx.scene.input.ClipboardContent;
+import javafx.scene.input.DragEvent;
+import javafx.scene.input.Dragboard;
+import javafx.scene.input.MouseEvent;
+import javafx.scene.input.TransferMode;
+import javafx.scene.layout.Border;
+import javafx.scene.layout.BorderImage;
+import javafx.scene.layout.BorderStroke;
+import javafx.scene.layout.BorderStrokeStyle;
+import javafx.scene.layout.BorderWidths;
+import javafx.scene.layout.CornerRadii;
+import javafx.scene.paint.Color;
+import javafx.scene.paint.Paint;
+
+class DraggableListCell<T> extends ListCell<T> {
+
+	private static final double DROP_LINE_WIDTH = 4.0;
+	private static final Paint DROP_LINE_COLOR = Color.gray(0.0, 0.6);
+
+	private final List<BorderStroke> defaultBorderStrokes;
+	private final List<BorderImage> defaultBorderImages;
+
+	public DraggableListCell() {
+		setOnDragDetected(this::onDragDetected);
+		setOnDragOver(this::onDragOver);
+		setOnDragEntered(this::onDragEntered);
+		setOnDragExited(this::onDragExited);
+		setOnDragDropped(this::onDragDropped);
+		setOnDragDone(DragEvent::consume);
+		this.defaultBorderStrokes = this.getBorder() == null ? Collections.emptyList() : this.getBorder().getStrokes();
+		this.defaultBorderImages = this.getBorder() == null ? Collections.emptyList() : this.getBorder().getImages();
+	}
+
+	private Border createDropPositionBorder(double verticalCursorPosition) {
+		boolean isUpperHalf = verticalCursorPosition < this.getHeight() / 2.0;
+		final double topBorder = isUpperHalf ? DROP_LINE_WIDTH : 0.0;
+		final double bottomBorder = !isUpperHalf ? DROP_LINE_WIDTH : 0.0;
+		final BorderWidths borderWidths = new BorderWidths(topBorder, 0.0, bottomBorder, 0.0);
+		final BorderStroke dragStroke = new BorderStroke(DROP_LINE_COLOR, BorderStrokeStyle.SOLID, CornerRadii.EMPTY, borderWidths, Insets.EMPTY);
+		final List<BorderStroke> strokes = new ArrayList<BorderStroke>(defaultBorderStrokes);
+		strokes.add(0, dragStroke);
+		return new Border(strokes, defaultBorderImages);
+	}
+
+	private void onDragDetected(MouseEvent event) {
+		if (getItem() == null) {
+			return;
+		}
+
+		final ClipboardContent content = new ClipboardContent();
+		content.putString(Integer.toString(getIndex()));
+		final Image snapshot = this.snapshot(new SnapshotParameters(), null);
+		final Dragboard dragboard = startDragAndDrop(TransferMode.MOVE);
+		dragboard.setDragView(snapshot);
+		dragboard.setContent(content);
+
+		event.consume();
+	}
+
+	private void onDragOver(DragEvent event) {
+		if (getItem() == null) {
+			return;
+		}
+
+		if (event.getGestureSource() instanceof DraggableListCell<?> && event.getGestureSource() != this && event.getDragboard().hasString()) {
+			event.acceptTransferModes(TransferMode.MOVE);
+			setBorder(createDropPositionBorder(event.getY()));
+		}
+
+		event.consume();
+	}
+
+	private void onDragEntered(DragEvent event) {
+		if (getItem() == null) {
+			return;
+		}
+
+		if (event.getGestureSource() instanceof DraggableListCell<?> && event.getGestureSource() != this && event.getDragboard().hasString()) {
+			setBorder(createDropPositionBorder(event.getY()));
+		}
+	}
+
+	private void onDragExited(DragEvent event) {
+		if (getItem() == null) {
+			return;
+		}
+
+		if (event.getGestureSource() instanceof DraggableListCell<?> && event.getGestureSource() != this && event.getDragboard().hasString()) {
+			setBorder(new Border(defaultBorderStrokes, defaultBorderImages));
+		}
+	}
+
+	private void onDragDropped(DragEvent event) {
+		if (getItem() == null) {
+			return;
+		}
+
+		if (event.getGestureSource() instanceof DraggableListCell<?> && event.getDragboard().hasString()) {
+			final List<T> list = getListView().getItems();
+			try {
+				// where to insert what?
+				final int draggedIdx = Integer.parseInt(event.getDragboard().getString());
+				final T currentItem = this.getItem();
+				final T draggedItem = list.remove(draggedIdx);
+				final int currentItemIdx = list.indexOf(currentItem);
+
+				// insert before or after currentItem?
+				boolean insertBefore = event.getY() < this.getHeight() / 2.0;
+				final int insertPosition = insertBefore ? currentItemIdx : currentItemIdx + 1;
+
+				// insert!
+				getListView().getItems().add(insertPosition, draggedItem);
+				getListView().getSelectionModel().select(insertPosition);
+				event.setDropCompleted(true);
+			} catch (NumberFormatException e) {
+				event.setDropCompleted(false);
+			}
+		}
+
+		event.consume();
+	}
+}

main/ui/src/main/java/org/cryptomator/ui/model/Directory.java

@@ -34,7 +34,7 @@ public class Directory implements Serializable {
 	private final Cryptor cryptor = SamplingDecorator.decorate(new Aes256Cryptor());
 	private final ObjectProperty<Boolean> unlocked = new SimpleObjectProperty<Boolean>(this, "unlocked", Boolean.FALSE);
 	private final Path path;
-	// private boolean unlocked;
+	private boolean verifyFileIntegrity;
 	private WebDavMount webDavMount;
 	private final Runnable shutdownTask = new ShutdownTask();
 
@@ -50,7 +50,7 @@ public class Directory implements Serializable {
 	}
 
 	public synchronized boolean startServer() {
-		if (server.start(path.toString(), cryptor)) {
+		if (server.start(path.toString(), verifyFileIntegrity, cryptor)) {
 			MainApplication.addShutdownTask(shutdownTask);
 			return true;
 		} else {
@@ -96,6 +96,14 @@ public class Directory implements Serializable {
 		return path;
 	}
 
+	public boolean shouldVerifyFileIntegrity() {
+		return verifyFileIntegrity;
+	}
+
+	public void setVerifyFileIntegrity(boolean verifyFileIntegrity) {
+		this.verifyFileIntegrity = verifyFileIntegrity;
+	}
+
 	/**
 	 * @return Directory name without preceeding path components
 	 */

main/ui/src/main/java/org/cryptomator/ui/model/DirectoryDeserializer.java

@@ -17,7 +17,10 @@ public class DirectoryDeserializer extends JsonDeserializer<Directory> {
 		final JsonNode node = jp.readValueAsTree();
 		final String pathStr = node.get("path").asText();
 		final Path path = FileSystems.getDefault().getPath(pathStr);
-		return new Directory(path);
+		final Directory dir = new Directory(path);
+		final boolean verifyFileIntegrity = node.has("checkIntegrity") ? node.get("checkIntegrity").asBoolean() : false;
+		dir.setVerifyFileIntegrity(verifyFileIntegrity);
+		return dir;
 	}
 
 }

main/ui/src/main/java/org/cryptomator/ui/model/DirectorySerializer.java

@@ -13,6 +13,7 @@ public class DirectorySerializer extends JsonSerializer<Directory> {
 	public void serialize(Directory value, JsonGenerator jgen, SerializerProvider provider) throws IOException, JsonProcessingException {
 		jgen.writeStartObject();
 		jgen.writeStringField("path", value.getPath().toString());
+		jgen.writeBooleanField("checkIntegrity", value.shouldVerifyFileIntegrity());
 		jgen.writeEndObject();
 	}
 

main/ui/src/main/java/org/cryptomator/ui/settings/Settings.java

@@ -28,7 +28,7 @@ import org.slf4j.LoggerFactory;
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
-@JsonPropertyOrder(value = {"webdavWorkDir"})
+@JsonPropertyOrder(value = {"directories"})
 public class Settings implements Serializable {
 
 	private static final long serialVersionUID = 7609959894417878744L;
@@ -55,7 +55,6 @@ public class Settings implements Serializable {
 	}
 
 	private List<Directory> directories;
-	private String username;
 
 	private Settings() {
 		// private constructor
@@ -82,7 +81,7 @@ public class Settings implements Serializable {
 			try {
 				Files.createDirectories(SETTINGS_DIR);
 				final Path settingsFile = SETTINGS_DIR.resolve(SETTINGS_FILE);
-				final OutputStream out = Files.newOutputStream(settingsFile, StandardOpenOption.WRITE, StandardOpenOption.CREATE);
+				final OutputStream out = Files.newOutputStream(settingsFile, StandardOpenOption.WRITE, StandardOpenOption.TRUNCATE_EXISTING, StandardOpenOption.CREATE);
 				JSON_OM.writeValue(out, INSTANCE);
 			} catch (IOException e) {
 				LOG.error("Failed to save settings.", e);
@@ -107,12 +106,4 @@ public class Settings implements Serializable {
 		this.directories = directories;
 	}
 
-	public String getUsername() {
-		return username;
-	}
-
-	public void setUsername(String username) {
-		this.username = username;
-	}
-
 }

main/ui/src/main/java/org/cryptomator/ui/util/ActiveWindowStyleSupport.java

@@ -0,0 +1,55 @@
+package org.cryptomator.ui.util;
+
+import javafx.beans.value.ChangeListener;
+import javafx.beans.value.ObservableValue;
+import javafx.beans.value.WeakChangeListener;
+import javafx.stage.Window;
+
+public class ActiveWindowStyleSupport implements ChangeListener<Boolean> {
+
+	public static final String ACTIVE_WINDOW_STYLE_CLASS = "active-window";
+	public static final String INACTIVE_WINDOW_STYLE_CLASS = "inactive-window";
+
+	private final Window window;
+
+	private ActiveWindowStyleSupport(Window window) {
+		this.window = window;
+		this.addActiveWindowClassIfFocused(window.isFocused());
+	}
+
+	/**
+	 * Creates and registers a listener on the given window, that will add the class {@value #ACTIVE_WINDOW_STYLE_CLASS} to the scenes root
+	 * element, if the window is active. Otherwise {@value #INACTIVE_WINDOW_STYLE_CLASS} will be added. Allows CSS rules to be defined
+	 * depending on the window's focus.<br/>
+	 * <br/>
+	 * Example:<br/>
+	 * <code>
+	 * .root.inactive-window .button {-fx-background-color: grey;}<br/>
+	 * .root.active-window .button {-fx-background-color: blue;}
+	 * </code>
+	 * 
+	 * @param window The window to observe
+	 * @return The observer
+	 */
+	public static ChangeListener<Boolean> startObservingFocus(final Window window) {
+		final ChangeListener<Boolean> observer = new WeakChangeListener<Boolean>(new ActiveWindowStyleSupport(window));
+		window.focusedProperty().addListener(observer);
+		return observer;
+	}
+
+	@Override
+	public void changed(ObservableValue<? extends Boolean> observable, Boolean oldValue, Boolean newValue) {
+		this.addActiveWindowClassIfFocused(newValue);
+	}
+
+	private void addActiveWindowClassIfFocused(Boolean focused) {
+		if (Boolean.TRUE.equals(focused)) {
+			window.getScene().getRoot().getStyleClass().add(ACTIVE_WINDOW_STYLE_CLASS);
+			window.getScene().getRoot().getStyleClass().remove(INACTIVE_WINDOW_STYLE_CLASS);
+		} else {
+			window.getScene().getRoot().getStyleClass().remove(ACTIVE_WINDOW_STYLE_CLASS);
+			window.getScene().getRoot().getStyleClass().add(INACTIVE_WINDOW_STYLE_CLASS);
+		}
+	}
+
+}

main/ui/src/main/java/org/cryptomator/ui/util/TrayIconUtil.java

@@ -15,6 +15,9 @@ import java.util.ResourceBundle;
 import javafx.application.Platform;
 import javafx.stage.Stage;
 
+import javax.script.ScriptEngine;
+import javax.script.ScriptEngineManager;
+import javax.script.ScriptException;
 import javax.swing.SwingUtilities;
 
 import org.apache.commons.lang3.SystemUtils;
@@ -88,8 +91,14 @@ public final class TrayIconUtil {
 			final String notificationCenterAppleScript = String.format("display notification \"%s\" with title \"%s\"", msg, title);
 			notificationCmd = () -> {
 				try {
-					Runtime.getRuntime().exec(new String[] {"/usr/bin/osascript", "-e", notificationCenterAppleScript});
-				} catch (IOException e) {
+					final ScriptEngineManager mgr = new ScriptEngineManager();
+					final ScriptEngine engine = mgr.getEngineByName("AppleScriptEngine");
+					if (engine != null) {
+						engine.eval(notificationCenterAppleScript);
+					} else {
+						Runtime.getRuntime().exec(new String[] {"/usr/bin/osascript", "-e", notificationCenterAppleScript});
+					}
+				} catch (ScriptException | IOException e) {
 					// ignore, user will notice the tray icon anyway.
 				}
 			};

main/ui/src/main/resources/META-INF/services/javax.script.ScriptEngineFactory

@@ -0,0 +1 @@
+apple.applescript.AppleScriptEngineFactory

main/ui/src/main/resources/css/mac_theme.css

@@ -137,7 +137,7 @@
      * remove the setting -fx-background in all the sections that use
      * -fx-selection-bar.
      */
-    -fx-selection-bar: #2283FB;
+    -fx-selection-bar: #0069D9;
 
     /* The color to use as -fx-text-fill when painting text on top of
      * backgrounds filled with -fx-selection-bar.
@@ -152,8 +152,6 @@
     -fx-background-insets: inherit;
     -fx-padding: inherit;
     
-    -fx-cell-focus-inner-border: -fx-selection-bar;
-
     /***************************************************************************
      *                                                                         *
      * Set the default background color for the scene                          *
@@ -175,8 +173,6 @@
 
 .button,
 .toggle-button,
-.radio-button > .radio,
-.check-box > .box,
 .menu-button,
 .choice-box,
 .color-picker.split-button > .color-picker-label,
@@ -194,7 +190,6 @@
 .button:hover,
 .toggle-button:hover,
 .radio-button:hover > .radio,
-.check-box:hover > .box,
 .menu-button:hover,
 .split-menu-button > .label:hover,
 .split-menu-button > .arrow-button:hover,
@@ -212,8 +207,6 @@
 .button:armed,
 .button:default:armed,
 .toggle-button:armed,
-.radio-button:armed > .radio,
-.check-box:armed .box,
 .menu-button:armed,
 .split-menu-button:armed > .label,
 .split-menu-button > .arrow-button:pressed,
@@ -228,8 +221,6 @@
 }
 .button:focused,
 .toggle-button:focused,
-.radio-button:focused > .radio,
-.check-box:focused > .box,
 .menu-button:focused,
 .choice-box:focused,
 .color-picker.split-button:focused > .color-picker-label {
@@ -242,8 +233,6 @@
 
 .button:disabled,
 .toggle-button:disabled,
-.radio-button:disabled,
-.check-box:disabled,
 .hyperlink:disabled,
 .menu-button:disabled,
 .split-menu-button:disabled,
@@ -270,23 +259,12 @@
 
 .button:show-mnemonics .mnemonic-underline,
 .toggle-button:show-mnemonics .mnemonic-underline,
-.radio-button:show-mnemonics .mnemonic-underline,
-.check-box:show-mnemonics .mnemonic-underline,
 .hyperlink:show-mnemonics > .mnemonic-underline,
 .split-menu-button:show-mnemonics > .mnemonic-underline,
 .menu-button:show-mnemonics > .mnemonic-underline {
     -fx-stroke: -fx-text-base-color;
 } 
 
-/* ====   ARROWS   ========================================================== */
-
-.combo-box-base > .arrow-button > .arrow {
-    -fx-background-color: -fx-light-text-color;
-    -fx-background-insets: 0 0 -1 0, 0;
-    -fx-padding: 9px 6px 0 0;
-    -fx-shape: "M 0 3 l 3 -3 l 3 3 m 0 3 l -3 3 l -3 -3";
-}
-
 /* ====   CHOICE BOX LIKE THINGS   ========================================== */
 
 .combo-box-base {
@@ -324,7 +302,7 @@
 
 /* ====   DEFAULT   ========================================================= */
 
-.button:default {
+.root.active-window .button:default {
 	-fx-background-color: linear-gradient(to bottom, #4AA0F9 0%, #045FFF 100%), linear-gradient(to bottom, #69B2FA 0%, #0D81FF 100%);
     -fx-text-fill: -fx-light-text-color;
 }
@@ -334,6 +312,38 @@
     -fx-text-fill: -fx-mid-text-color;
 }
 
+/*******************************************************************************
+ *                                                                             *
+ * CheckBox                                                                    *
+ *                                                                             *
+ ******************************************************************************/
+
+.check-box {
+    -fx-label-padding: 0 0 0 3px;
+    -fx-text-fill: -fx-text-background-color;
+}
+.check-box > .box {
+    -fx-padding: 3px;
+    -fx-background-color: linear-gradient(to bottom, #A5A5A5 0%, #B8B8B8 100%), #F3F3F3, #FFFFFF;
+    -fx-background-radius: 2.5, 2.5, 2.5;
+	-fx-background-insets: 0, 1, 2 1 1 1;
+}
+.check-box > .box > .mark {
+    -fx-background-color: transparent;
+    -fx-padding: 4px;
+    -fx-shape: "M-1,4, L-1,5.5 L3.5,8.5 L9,0 L9,-1 L7,-1 L3,6 L1,4 Z";
+}
+.root.active-window .check-box:selected > .box {
+	-fx-background-color: #2C90FC, #3B99FC;
+	-fx-background-insets: 0, 1;
+}
+.root.active-window .check-box:selected > .box > .mark {
+    -fx-background-color: white;
+}
+.root.inactive-window .check-box:selected > .box > .mark {
+    -fx-background-color: #444444;
+}
+
 /*******************************************************************************
  *                                                                             *
  * ToolBar                                                                     *
@@ -569,7 +579,7 @@
 }
 .menu-item:focused {
      -fx-background: -fx-accent;
-     -fx-background-color: -fx-selection-bar;
+     -fx-background-color: #2283FB;
      -fx-text-fill: -fx-selection-bar-text;
 }
 .menu-item:focused > .label {
@@ -594,67 +604,17 @@
     -fx-opacity: -fx-disabled-opacity;
 }
 
-/*******************************************************************************
- *                                                                             *
- * ComboBox                                                                    *
- *                                                                             *
- ******************************************************************************/
-
-/* Customie the ListCell that appears in the ComboBox button itself */
-.combo-box > .list-cell {
-    -fx-background: transparent;
-    -fx-background-color: transparent;
-    -fx-text-fill: -fx-text-base-color;
-	-fx-padding: 0.2em 0.5em 0.2em 0.5em;
-}
-.combo-box-base > .arrow-button  {
-	-fx-background-color: linear-gradient(to bottom, #4AA0F9 0%, #045FFF 100%), linear-gradient(to bottom, #69B2FA 0%, #0D81FF 100%);
-    -fx-background-radius: 0 5 5 0, 0 4 4 0;
-	-fx-padding: 0.2em 0.5em 0.2em 0.5em;
-    -fx-background-insets: 0 0 0 1, 1;
-}
-
-.combo-box-popup > .list-view {
-    -fx-background-color: rgba(255.0, 255.0, 255.0, 0.9);
-    -fx-background-insets: 0;
-    -fx-background-radius: 4.0;
-    -fx-padding: 4px 0 4px 0; 
-    -fx-effect: dropshadow(three-pass-box, rgba(0.0,0.0,0.0,0.6), 8.0, 0.0, 0.0, 0.0);
-}
-.combo-box-popup > .list-view > .virtual-flow > .clipped-container > .sheet > .list-cell {
-    -fx-background-color: transparent;
-    -fx-padding:0.2em 1em 0.2em 1em;
-    -fx-border-color:transparent;
-}
-
-.combo-box-popup > .list-view > .virtual-flow > .clipped-container > .sheet > .list-cell:filled:selected, 
-.combo-box-popup  > .list-view > .virtual-flow > .clipped-container > .sheet > .list-cell:filled:selected:hover {
-	-fx-background: -fx-accent;
-	-fx-background-color: -fx-selection-bar;
-	-fx-text-fill: -fx-selection-bar-text;
-}
-
-/*******************************************************************************
- *                                                                             *
- * SplitPane                                                                   *
- *                                                                             *
- ******************************************************************************/
-
-.split-pane > .split-pane-divider {
-    -fx-padding: 0 0.25em 0 0.25em; /* 0 3 0 3 */
-}
-
 /*******************************************************************************
  *                                                                             *
  * ListView and ListCell                                                       *
  *                                                                             *
  ******************************************************************************/
 
-.list-view > .virtual-flow > .scroll-bar:vertical{
+.list-view > .virtual-flow > .scroll-bar:vertical {
     -fx-background-insets: 0, 0 0 0 1;
     -fx-padding: -1 -1 -1 0;
 }
-.list-view > .virtual-flow > .scroll-bar:horizontal{
+.list-view > .virtual-flow > .scroll-bar:horizontal {
     -fx-background-insets: 0, 1 0 0 0;
     -fx-padding: 0 -1 -1 -1;
 }
@@ -668,29 +628,89 @@
     -fx-text-fill: -fx-text-inner-color;
     -fx-opacity: 1;
 }
-.list-view:focused > .virtual-flow > .clipped-container > .sheet > .list-cell:focused {
-    -fx-background-color: -fx-focus-color, -fx-cell-focus-inner-border, -fx-control-inner-background;
-    -fx-background-insets: 0, 1, 2;
-}
-.list-view > .virtual-flow > .clipped-container > .sheet > .list-cell:filled:selected {
-    -fx-background-color: -fx-focus-color, -fx-cell-focus-inner-border, -fx-selection-bar;
-    -fx-background-insets: 0, 1, 2;
-    -fx-background: -fx-accent;
-    -fx-text-fill: -fx-selection-bar-text;
-}
-.list-view > .virtual-flow > .clipped-container > .sheet > .list-cell:filled:selected, 
-.list-view > .virtual-flow > .clipped-container > .sheet > .list-cell:filled:selected:hover {
-    -fx-background: -fx-accent;
+
+.root.active-window .list-view:focused > .virtual-flow > .clipped-container > .sheet > .list-cell:focused,
+.root.active-window .list-view > .virtual-flow > .clipped-container > .sheet > .list-cell:filled:selected, 
+.root.active-window .list-view > .virtual-flow > .clipped-container > .sheet > .list-cell:filled:selected:hover {
     -fx-background-color: -fx-selection-bar;
     -fx-text-fill: -fx-selection-bar-text;
 }
-.list-view > .virtual-flow > .clipped-container > .sheet > .list-cell:filled:selected:hover {
-    -fx-background: -fx-accent;
-    -fx-background-color: -fx-focus-color, -fx-cell-focus-inner-border, -fx-selection-bar;
-    -fx-background-insets: 0, 1, 2;
+
+.root.inactive-window .list-view:focused > .virtual-flow > .clipped-container > .sheet > .list-cell:focused,
+.root.inactive-window .list-view > .virtual-flow > .clipped-container > .sheet > .list-cell:filled:selected, 
+.root.inactive-window .list-view > .virtual-flow > .clipped-container > .sheet > .list-cell:filled:selected:hover {
+    -fx-background-color: #DCDCDC;
     -fx-text-fill: -fx-selection-bar-text;
 }
 
+/*******************************************************************************
+ *                                                                             *
+ * ComboBox                                                                    *
+ *                                                                             *
+ ******************************************************************************/
+
+/* Customie the ListCell that appears in the ComboBox button itself */
+.combo-box > .list-cell {
+    -fx-background: transparent;
+    -fx-background-color: transparent;
+    -fx-text-fill: -fx-text-base-color;
+	-fx-padding: 0.2em 0.5em 0.2em 0.5em;
+}
+.combo-box-popup > .list-view {
+    -fx-background-color: rgba(255.0, 255.0, 255.0, 0.9);
+    -fx-background-insets: 0;
+    -fx-background-radius: 4.0;
+    -fx-padding: 4px 0 4px 0; 
+    -fx-effect: dropshadow(three-pass-box, rgba(0.0,0.0,0.0,0.6), 8.0, 0.0, 0.0, 0.0);
+}
+.combo-box-popup > .list-view > .virtual-flow > .clipped-container > .sheet > .list-cell {
+    -fx-background-color: transparent;
+    -fx-padding: 0.2em 1em 0.2em 1em;
+    -fx-border-color: transparent;
+}
+
+.root.active-window .combo-box-popup > .list-view:focused > .virtual-flow > .clipped-container > .sheet > .list-cell:focused:filled:selected, 
+.root.active-window .combo-box-popup > .list-view > .virtual-flow > .clipped-container > .sheet > .list-cell:filled:selected, 
+.root.active-window .combo-box-popup  > .list-view > .virtual-flow > .clipped-container > .sheet > .list-cell:filled:selected:hover {
+	-fx-background: -fx-accent;
+	-fx-background-color: #2283FB;
+	-fx-text-fill: -fx-selection-bar-text;
+}
+
+/* Arrow-Button */
+.combo-box-base > .arrow-button  {
+    -fx-background-radius: 0 5 5 0, 0 4 4 0;
+	-fx-padding: 0.2em 0.5em 0.2em 0.5em;
+    -fx-background-insets: 0 0 0 1, 1;
+}
+.combo-box-base > .arrow-button > .arrow {
+    -fx-background-insets: 0 0 -1 0, 0;
+    -fx-padding: 9px 6px 0 0;
+    -fx-shape: "M 0 3 l 3 -3 l 3 3 m 0 3 l -3 3 l -3 -3";
+}
+.root.active-window .combo-box-base > .arrow-button {
+	-fx-background-color: linear-gradient(to bottom, #4AA0F9 0%, #045FFF 100%), linear-gradient(to bottom, #69B2FA 0%, #0D81FF 100%);
+}
+.root.active-window .combo-box-base > .arrow-button > .arrow {
+    -fx-background-color: -fx-light-text-color;
+}
+.root.inactive-window .combo-box-base > .arrow-button {
+	-fx-background-color: transparent;
+}
+.root.inactive-window .combo-box-base > .arrow-button > .arrow {
+    -fx-background-color: #444444;
+}
+
+/*******************************************************************************
+ *                                                                             *
+ * SplitPane                                                                   *
+ *                                                                             *
+ ******************************************************************************/
+
+.split-pane > .split-pane-divider {
+    -fx-padding: 0 0.25em 0 0.25em; /* 0 3 0 3 */
+}
+
 /*******************************************************************************
  *                                                                             *
  * Tooltip                                                                     *

main/ui/src/main/resources/css/win_theme.css

@@ -174,8 +174,6 @@
 
 .button,
 .toggle-button,
-.radio-button > .radio,
-.check-box > .box,
 .menu-button,
 .choice-box,
 .color-picker.split-button > .color-picker-label,
@@ -192,8 +190,6 @@
 }
 .button:hover,
 .toggle-button:hover,
-.radio-button:hover > .radio,
-.check-box:hover > .box,
 .menu-button:hover,
 .split-menu-button > .label:hover,
 .split-menu-button > .arrow-button:hover,
@@ -208,8 +204,6 @@
 .button:armed,
 .button:default:armed,
 .toggle-button:armed,
-.radio-button:armed > .radio,
-.check-box:armed .box,
 .menu-button:armed,
 .split-menu-button:armed > .label,
 .split-menu-button > .arrow-button:pressed,
@@ -221,8 +215,6 @@
 }
 .button:focused,
 .toggle-button:focused,
-.radio-button:focused > .radio,
-.check-box:focused > .box,
 .menu-button:focused,
 .choice-box:focused,
 .color-picker.split-button:focused > .color-picker-label {
@@ -235,8 +227,6 @@
 
 .button:disabled,
 .toggle-button:disabled,
-.radio-button:disabled,
-.check-box:disabled,
 .hyperlink:disabled,
 .menu-button:disabled,
 .split-menu-button:disabled,
@@ -261,8 +251,6 @@
 
 .button:show-mnemonics .mnemonic-underline,
 .toggle-button:show-mnemonics .mnemonic-underline,
-.radio-button:show-mnemonics .mnemonic-underline,
-.check-box:show-mnemonics .mnemonic-underline,
 .hyperlink:show-mnemonics > .mnemonic-underline,
 .split-menu-button:show-mnemonics > .mnemonic-underline,
 .menu-button:show-mnemonics > .mnemonic-underline {
@@ -323,6 +311,35 @@
     -fx-text-fill: -fx-mid-text-color;
 }
 
+/*******************************************************************************
+ *                                                                             *
+ * CheckBox                                                                    *
+ *                                                                             *
+ ******************************************************************************/
+
+/* TODO win L&F */
+.check-box {
+    -fx-label-padding: 0 0 0 3px;
+    -fx-text-fill: -fx-text-background-color;
+}
+.check-box > .box {
+    -fx-padding: 1px;
+    -fx-border-color: -fx-box-border;
+    -fx-background-color: -fx-control-inner-background;
+}
+.check-box:hover > .box,
+.check-box:armed > .box {
+	-fx-border-color: -fx-focus-color;
+}
+.check-box > .box > .mark {
+    -fx-background-color: transparent;
+    -fx-padding: 4px;
+    -fx-shape: "M-1,4, L-1,5.5 L3.5,8.5 L9,0 L9,-1 L7,-1 L3,6 L1,4 Z";
+}
+.check-box:selected > .box > .mark {
+    -fx-background-color: black;
+}
+
 /*******************************************************************************
  *                                                                             *
  * ToolBar                                                                     *

main/ui/src/main/resources/fxml/unlock.fxml

@@ -16,6 +16,7 @@
 <?import org.cryptomator.ui.controls.SecPasswordField?>
 <?import javafx.scene.control.Label?>
 <?import javafx.scene.control.ProgressIndicator?>
+<?import javafx.scene.control.CheckBox?>
 
 
 <GridPane vgap="12.0" hgap="12.0" prefWidth="400.0" fx:controller="org.cryptomator.ui.UnlockController" xmlns:fx="http://javafx.com/fxml">
@@ -38,10 +39,14 @@
 		<SecPasswordField fx:id="passwordField" GridPane.rowIndex="1" GridPane.columnIndex="1" GridPane.hgrow="ALWAYS" maxWidth="Infinity" />
 		
 		<!-- Row 2 -->
-		<Button fx:id="unlockButton" text="%unlock.button.unlock" defaultButton="true" GridPane.rowIndex="2" GridPane.columnIndex="0" GridPane.columnSpan="2" GridPane.halignment="RIGHT" prefWidth="150.0" onAction="#didClickUnlockButton"/>
+		<Label text="%unlock.label.checkIntegrity" GridPane.rowIndex="2" GridPane.columnIndex="0" />
+		<CheckBox fx:id="checkIntegrity" wrapText="true" text="%unlock.checkbox.checkIntegrity" GridPane.rowIndex="2" GridPane.columnIndex="1" GridPane.hgrow="ALWAYS" maxWidth="Infinity" />
 		
 		<!-- Row 3 -->
-		<ProgressIndicator progress="-1" fx:id="progressIndicator" GridPane.rowIndex="3" GridPane.columnIndex="0" GridPane.columnSpan="2" GridPane.halignment="CENTER" visible="false"/>
+		<Button fx:id="unlockButton" text="%unlock.button.unlock" defaultButton="true" GridPane.rowIndex="3" GridPane.columnIndex="0" GridPane.columnSpan="2" GridPane.halignment="RIGHT" prefWidth="150.0" onAction="#didClickUnlockButton"/>
+		
+		<!-- Row 4-->
+		<ProgressIndicator progress="-1" fx:id="progressIndicator" GridPane.rowIndex="4" GridPane.columnIndex="0" GridPane.columnSpan="2" GridPane.halignment="CENTER" visible="false"/>
 		
 		<!-- Row 5 -->
 		<Label fx:id="messageLabel" GridPane.rowIndex="5" GridPane.columnIndex="0" GridPane.columnSpan="2" />

main/ui/src/main/resources/localization.properties

@@ -32,6 +32,8 @@ initialize.alert.directoryIsNotEmpty.content=All existing files inside this dire
 # unlock.fxml
 unlock.label.username=Username
 unlock.label.password=Password
+unlock.label.checkIntegrity=File integrity
+unlock.checkbox.checkIntegrity=Verify checksums (slower, but detects manipulation)
 unlock.button.unlock=Unlock vault
 unlock.errorMessage.wrongPassword=Wrong password.
 unlock.errorMessage.decryptionFailed=Decryption failed.