Merge branch 'hotfix/1.9.2'

Fix LPE in win installer

.github/no-response.yml

@@ -1,13 +0,0 @@
-# Configuration for probot-no-response - https://github.com/probot/no-response
-
-# Number of days of inactivity before an Issue is closed for lack of response
-daysUntilClose: 14
-# Label requiring a response
-responseRequiredLabel: state:awaiting-response
-# Comment to post when closing an Issue for lack of response. Set to `false` to disable
-closeComment: >
-  This issue has been automatically closed because there has been no response
-  to our request for more information from the original author. With only the
-  information that is currently in the issue, we don't have enough information
-  to take action. Please reach out if you have or find the answers we need so
-  that we can investigate further.

.github/release.yml

@@ -0,0 +1,29 @@
+# .github/release.yml
+# see https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes#configuring-automatically-generated-release-notes
+
+changelog:
+  exclude:
+    authors:
+      - cryptobot
+      - dependabot
+      - github-actions
+  categories:
+    - title: What's New 🎉
+      labels:
+        - type:feature-request
+        - type:enhancement
+    - title: Bugfixes 🐛
+      labels:
+        - type:security-issue
+        - type:bug
+        - type:minor-bug
+    - title: Other Changes 📎
+      labels:
+        - "*"
+      exclude:
+        labels:
+          - type:feature-request
+          - type:enhancement
+          - type:security-issue
+          - type:bug
+          - type:minor-bug

.github/stale.yml

@@ -1,24 +0,0 @@
-# Number of days of inactivity before an issue becomes stale
-daysUntilStale: 365
-# Number of days of inactivity before a stale issue is closed
-daysUntilClose: 90
-# Issues with these labels will never be considered stale
-exemptLabels:
-  - type:security-issue # never close automatically
-  - type:feature-request # never close automatically
-  - type:enhancement # never close automatically
-  - type:upstream-bug # never close automatically
-  - state:awaiting-response # handled by different bot
-  - state:blocked
-  - state:confirmed
-# Set to true to ignore issues in a milestone (defaults to false)
-exemptMilestones: true
-# Label to use when marking an issue as stale
-staleLabel: state:stale
-# Comment to post when marking an issue as stale. Set to `false` to disable
-markComment: >
-  This issue has been automatically marked as stale because it has not had
-  recent activity. It will be closed if no further activity occurs. Thank you
-  for your contributions.
-# Comment to post when closing a stale issue. Set to `false` to disable
-closeComment: false

.github/workflows/appimage.yml

@@ -10,7 +10,7 @@ on:
         required: false
 
 env:
-  JAVA_VERSION: 19
+  JAVA_VERSION: 20
 
 jobs:
   get-version:

.github/workflows/build.yml

@@ -6,7 +6,7 @@ on:
     types: [labeled]
 
 env:
-  JAVA_VERSION: 19
+  JAVA_VERSION: 20
 
 defaults:
   run:
@@ -53,4 +53,9 @@ jobs:
           body: |-
             :construction: Work in Progress
             
+            ⏳ Please be patient, the builds are still [running](https://github.com/cryptomator/cryptomator/actions). New versions of Cryptomator can be found here in a few moments. ⏳
+            
+            As usual, the GPG signatures can be checked using [our public key `5811 7AFA 1F85 B3EE C154  677D 615D 449F E6E6 A235`](https://gist.github.com/cryptobot/211111cf092037490275f39d408f461a).
+            
             ---
+            <!-- Don't forget to include the 💾 SHA-256 checksums of release artifacts: -->

.github/workflows/debian.yml

@@ -19,9 +19,9 @@ on:
         type: boolean
 
 env:
-  JAVA_VERSION: 19
-  OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/19.0.2.1/openjfx-19.0.2.1_linux-x64_bin-jmods.zip'
-  OPENJFX_JMODS_AARCH64: 'https://download2.gluonhq.com/openjfx/19.0.2.1/openjfx-19.0.2.1_linux-aarch64_bin-jmods.zip'
+  JAVA_VERSION: 20
+  OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/20.0.1/openjfx-20.0.1_linux-x64_bin-jmods.zip'
+  OPENJFX_JMODS_AARCH64: 'https://download2.gluonhq.com/openjfx/20.0.1/openjfx-20.0.1_linux-aarch64_bin-jmods.zip'
 
 jobs:
   build:
@@ -45,7 +45,7 @@ jobs:
         run: |
           sudo add-apt-repository ppa:coffeelibs/openjdk
           sudo apt-get update
-          sudo apt-get install debhelper devscripts dput coffeelibs-jdk-19 libgtk2.0-0
+          sudo apt-get install debhelper devscripts dput coffeelibs-jdk-${{ env.JAVA_VERSION }} libgtk2.0-0
       - name: Setup Java
         uses: actions/setup-java@v3
         with:

.github/workflows/get-version.yml

@@ -22,7 +22,7 @@ on:
         value: ${{ jobs.determine-version.outputs.type }}
 
 env:
-  JAVA_VERSION: 19
+  JAVA_VERSION: 20
   JAVA_DIST: 'temurin'
   JAVA_CACHE: 'maven'
 

.github/workflows/mac-dmg.yml

@@ -10,7 +10,7 @@ on:
         required: false
 
 env:
-  JAVA_VERSION: 19
+  JAVA_VERSION: 20
 
 jobs:
   get-version:

.github/workflows/no-response.yml

@@ -0,0 +1,22 @@
+# Configuration for close-stale-issues - https://github.com/marketplace/actions/close-stale-issues
+
+name: 'Close awaiting response issues'
+on:
+  schedule:
+    - cron: '00 09 * * *'
+
+jobs:
+  no-response:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v8
+        with:
+          days-before-stale: 14
+          days-before-close: 0
+          days-before-pr-close: -1
+          stale-issue-label: 'state:stale'
+          close-issue-message: "This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further."
+          only-labels: 'state:awaiting-response'

.github/workflows/post-publish.yml

@@ -10,7 +10,7 @@ jobs:
     steps:
       - name: Download source tarball
         run: |
-          curl -L -H "Accept: application/vnd.github+json" ${{ github.event.release.tarball_url }} --output cryptomator-${{ github.event.release.tag_name }}.tar.gz
+          curl -L -H "Accept: application/vnd.github+json" https://github.com/cryptomator/cryptomator/archive/refs/tags/${{ github.event.release.tag_name }}.tar.gz --output cryptomator-${{ github.event.release.tag_name }}.tar.gz
       - name: Sign source tarball with key 615D449FE6E6A235
         run: |
           echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import

.github/workflows/pullrequest.yml

@@ -4,7 +4,7 @@ on:
   pull_request:
 
 env:
-  JAVA_VERSION: 19
+  JAVA_VERSION: 20
 
 defaults:
   run:

.github/workflows/release-check.yml

@@ -7,7 +7,7 @@ on:
       - 'hotfix/**'
 
 env:
-  JAVA_VERSION: 19
+  JAVA_VERSION: 20
 
 defaults:
   run:

.github/workflows/stale.yml

@@ -0,0 +1,24 @@
+# Configuration for close-stale-issues - https://github.com/marketplace/actions/close-stale-issues
+
+name: 'Close stale issues'
+on:
+  schedule:
+    - cron: '00 09 * * *'
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v8
+        with:
+          days-before-stale: 365
+          days-before-close: 90
+          exempt-issue-labels: 'type:security-issue,type:feature-request,type:enhancement,type:upstream-bug,state:awaiting-response,state:blocked,state:confirmed'
+          exempt-all-milestones: true
+          stale-issue-label: 'state:stale'
+          stale-pr-label: 'state:stale'
+          stale-issue-message: 'This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.'
+          stale-pr-message: 'This PR has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.'

.github/workflows/win-exe.yml

@@ -8,11 +8,17 @@ on:
       version:
         description: 'Version'
         required: false
+      isDebug:
+        description: 'Build debug version with console output'
+        type: boolean 
+
 
 env:
-  JAVA_VERSION: 19
-  JAVA_DIST: 'zulu'
+  JAVA_VERSION: 20
+  JAVA_DIST: 'temurin'
   JAVA_CACHE: 'maven'
+  JFX_JMODS_URL: 'https://download2.gluonhq.com/openjfx/20.0.1/openjfx-20.0.1_windows-x64_bin-jmods.zip'
+  JFX_JMODS_HASH: 'D00767334C43B8832B5CF10267D34CA8F563D187C4655B73EB6020DD79C054B5'
 
 defaults:
   run:
@@ -30,6 +36,7 @@ jobs:
     needs: [get-version]
     env:
       LOOPBACK_ALIAS: 'cryptomator-vault'
+      WIN_CONSOLE_FLAG: ''
     steps:
       - uses: actions/checkout@v3
       - name: Setup Java
@@ -37,17 +44,31 @@ jobs:
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
-          java-package: 'jdk+fx'
+          java-package: 'jdk'
           cache: ${{ env.JAVA_CACHE }}
-      - name: Ensure major jfx version in pom equals in jdk
-        shell: pwsh
+      - name: Download and extract JavaFX jmods from Gluon
+        #In the last step we move all jmods files a dir level up because jmods are placed inside a directory in the zip
         run: |
-          $jfxPomVersion = (&mvn help:evaluate "-Dexpression=javafx.version" -q -DforceStdout) -split "\."
-          $jfxJdkVersion = ((Get-Content -path "${env:JAVA_HOME}/lib/javafx.properties" | Where-Object {$_ -like 'javafx.version=*' }) -replace '.*=','') -split "\."
-          if ($jfxPomVersion[0] -ne $jfxJdkVersion[0]) {
-            Write-Error "Major part of JavaFX version in pom($($jfxPomVersion[0])) does not match the version in JDK($($jfxJdkVersion[0])) "
-            exit 1
+          curl --output jfxjmods.zip -L "${{ env.JFX_JMODS_URL }}"
+          if(!(Get-FileHash -Path jfxjmods.zip -Algorithm SHA256).Hash.equals("${{ env.JFX_JMODS_HASH }}")) {
+            throw "Wrong checksum of JMOD archive downloaded from ${{ env.JFX_JMODS_URL }}.";
           }
+          Expand-Archive -Path jfxjmods.zip -DestinationPath jfxjmods
+          Get-ChildItem -Path jfxjmods -Recurse -Filter "*.jmod" | ForEach-Object { Move-Item -Path $_ -Destination $_.Directory.Parent}
+        shell: pwsh
+      - name: Ensure major jfx version in pom and in jmods is the same
+        run: |
+          JMOD_VERSION_AMD64=$(jmod describe jfxjmods/javafx.base.jmod | head -1)
+          JMOD_VERSION_AMD64=${JMOD_VERSION_AMD64#*@}
+          JMOD_VERSION_AMD64=${JMOD_VERSION_AMD64%%.*}
+          POM_JFX_VERSION=$(mvn help:evaluate "-Dexpression=javafx.version" -q -DforceStdout)
+          POM_JFX_VERSION=${POM_JFX_VERSION#*@}
+          POM_JFX_VERSION=${POM_JFX_VERSION%%.*}
+
+          if [ $POM_JFX_VERSION -ne $JMOD_VERSION_AMD64 ]; then
+            >&2 echo "Major JavaFX version in pom.xml (${POM_JFX_VERSION}) != amd64 jmod version (${JMOD_VERSION_AMD64})"
+            exit 1
+          fi
       - name: Set version
         run : mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }}
       - name: Run maven
@@ -61,13 +82,16 @@ jobs:
           ${JAVA_HOME}/bin/jlink
           --verbose
           --output runtime
-          --module-path "${JAVA_HOME}/jmods"
+          --module-path "jfxjmods;${JAVA_HOME}/jmods"
           --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.crypto.ec,jdk.accessibility,jdk.management.jfr
           --strip-native-commands
           --no-header-files
           --no-man-pages
           --strip-debug
           --compress=1
+      - name: Change win-console flag if debug is active
+        if: ${{ inputs.isDebug }}
+        run: echo "WIN_CONSOLE_FLAG=--win-console" >> $GITHUB_ENV
       - name: Run jpackage
         run: >
           ${JAVA_HOME}/bin/jpackage
@@ -99,8 +123,10 @@ jobs:
           --java-options "-Dcryptomator.buildNumber=\"msi-${{ needs.get-version.outputs.revNum }}\""
           --java-options "-Dcryptomator.integrationsWin.autoStartShellLinkName=\"Cryptomator\""
           --java-options "-Dcryptomator.integrationsWin.keychainPaths=\"~/AppData/Roaming/Cryptomator/keychain.json\""
+          --java-options "-Djavafx.verbose=${{ inputs.isDebug }}"
           --resource-dir dist/win/resources
           --icon dist/win/resources/Cryptomator.ico
+          ${WIN_CONSOLE_FLAG}
       - name: Patch Application Directory
         run: |
           cp dist/win/contrib/* appdir/Cryptomator
@@ -203,15 +229,6 @@ jobs:
             *.msi
             *.asc
 
-  call-winget-flow:
-    needs: [get-version, build-msi]
-    if: github.event.action == 'published' && needs.get-version.outputs.versionType == 'stable'
-    uses: ./.github/workflows/winget.yml
-    with:
-      releaseTag: ${{ github.event.release.tag_name }}
-    secrets: inherit
-
-
   build-exe:
     name: Build .exe installer
     runs-on: windows-latest

.github/workflows/winget.yml

@@ -1,49 +0,0 @@
-name: Release to Winget
-
-on:
-  workflow_call:
-    inputs:
-      releaseTag:
-        required: true
-        type: string
-  workflow_dispatch:
-    inputs:
-      releaseTag:
-        description: 'Release tag name'
-        required: true
-        type: string
-
-jobs:
-  publish-winget:
-    name: Publish on winget repo
-    runs-on: windows-latest
-    steps:
-      - name: Get download url for release assets
-        id: get-release-assets
-        uses: actions/github-script@v6
-        with:
-          script: |
-            const query =`query($tag:String!) {
-              repository(owner:"cryptomator", name:"cryptomator"){
-                release(tagName: $tag) {
-                    releaseAssets(first:20) {
-                      nodes {
-                        name
-                        downloadUrl
-                      }
-                  }
-                }
-              }
-            }`;
-            const variables = {
-              tag: "${{ inputs.releaseTag }}"
-            }
-            return await github.graphql(query, variables)
-      - name: Submit package to Windows Package Manager Community Repository
-        id: submit-winget
-        run: |
-          iwr https://aka.ms/wingetcreate/latest -OutFile wingetcreate.exe
-          $releaseAssets = (ConvertFrom-Json '${{ steps.get-release-assets.outputs.result }}').repository.release.releaseAssets.nodes
-          $installerUrl = $releaseAssets | Where-Object -Property name -match '^Cryptomator-.*\.msi$' | Select -ExpandProperty downloadUrl -First 1
-          .\wingetcreate.exe update Cryptomator.Cryptomator -s -v "${{ inputs.releaseTag }}" -u "$installerUrl" -t ${{ secrets.CRYPTOBOT_WINGET_TOKEN }}
-        shell: pwsh

.idea/misc.xml

@@ -8,7 +8,7 @@
       </list>
     </option>
   </component>
-  <component name="ProjectRootManager" version="2" languageLevel="JDK_19" default="true" project-jdk-name="19" project-jdk-type="JavaSDK">
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_20_PREVIEW" project-jdk-name="20" project-jdk-type="JavaSDK">
     <output url="file://$PROJECT_DIR$/out" />
   </component>
 </project>

README.md

@@ -21,7 +21,6 @@ Cryptomator is provided free of charge as an open-source project despite the hig
   <tbody>
     <tr>
       <td><a href="https://www.gee-whiz.de/"><img src="https://cryptomator.org/img/sponsors/geewhiz.svg" alt="gee-whiz" height="80"></a></td>
-      <td><a href="https://proxy-hub.com/"><img src="https://cryptomator.org/img/sponsors/proxyhub.svg" alt="Proxy-Hub" height="80"></a></td>
     </tr>
   </tbody>
 </table>

dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml

@@ -66,6 +66,14 @@
 	</content_rating>
 
 	<releases>
+		<release date="2023-07-24" version="1.9.2"/>
+		<release date="2023-06-07" version="1.9.1"/>
+		<release date="2023-05-30" version="1.9.0"/>
+		<release date="2023-04-25" version="1.8.0"/>
+		<release date="2023-04-07" version="1.7.5"/>
+		<release date="2023-04-05" version="1.7.4"/>
+		<release date="2023-03-15" version="1.7.3"/>
+		<release date="2023-03-07" version="1.7.2"/>
 		<release date="2023-03-03" version="1.7.1"/>
 		<release date="2023-03-01" version="1.7.0"/>
 		<release date="2022-12-14" version="1.6.17"/>

dist/linux/debian/control

@@ -2,7 +2,7 @@ Source: cryptomator
 Maintainer: Cryptobot <releases@cryptomator.org>
 Section: utils
 Priority: optional
-Build-Depends: debhelper (>=10), coffeelibs-jdk-19, libgtk2.0-0, libgtk-3-0,  libxxf86vm1, libgl1
+Build-Depends: debhelper (>=10), coffeelibs-jdk-20, libgtk2.0-0, libgtk-3-0,  libxxf86vm1, libgl1
 Standards-Version: 4.5.0
 Homepage: https://cryptomator.org
 Vcs-Git: https://github.com/cryptomator/cryptomator.git

dist/linux/debian/rules

@@ -4,7 +4,7 @@
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
-JAVA_HOME = /usr/lib/jvm/java-19-coffeelibs
+JAVA_HOME = /usr/lib/jvm/java-20-coffeelibs
 DEB_BUILD_ARCH ?= $(shell dpkg-architecture -qDEB_BUILD_ARCH)
 ifeq ($(DEB_BUILD_ARCH),amd64)
 JMODS_PATH = jmods/amd64:${JAVA_HOME}/jmods

dist/win/bundle/resources/winFspMetaData.wxi

@@ -2,6 +2,6 @@
 
 <Include xmlns="http://schemas.microsoft.com/wix/2006/wi">
   <!-- A version number MUST be prefixed with letter "v", otherwise it is considered a normal string -->
-  <?define BundledWinFspVersion="v1.12.22309" ?>
+  <?define BundledWinFspVersion="v1.12.22339" ?>
   <?define BundledWinFspDownloadLink="https://github.com/winfsp/winfsp/releases/download/v1.12.22339/winfsp-1.12.22339.msi" ?> <!-- Only used by external build scripts -->
 </Include>

dist/win/resources/main.wxs

@@ -70,6 +70,9 @@
     <CustomAction Id="JpDisallowDowngrade" Error="!(loc.DowngradeErrorMessage)" />
     <?endif?>
 
+    <Binary Id="JpCaDll" SourceFile="wixhelper.dll"/>
+    <CustomAction Id="JpFindRelatedProducts" BinaryKey="JpCaDll" DllEntry="FindRelatedProductsEx" />
+
     <?ifndef SkipCryptomatorLegacyCheck ?>
       <!-- Block installation if innosetup entry of Cryptomator is found -->
       <Property Id="OLDEXEINSTALLER">
@@ -129,11 +132,17 @@
       <CustomAction Id="JpSetARPURLUPDATEINFO" Property="ARPURLUPDATEINFO" Value="$(var.JpUpdateURL)" />
     <?endif?>
 
+    <Property Id="WixQuietExec64CmdTimeout" Value="20" />
+    <!-- Note for custom actions: Immediate CAs run BEFORE the files are installed, hence if you depend on installed files, the CAs must be deferred.-->
     <!-- WebDAV patches -->
-    <CustomAction Id="PatchWebDAV" Impersonate="no" ExeCommand="[INSTALLDIR]patchWebDAV.bat" Directory="INSTALLDIR" Execute="deferred" Return="asyncWait" />
+    <SetProperty Id="PatchWebDAV" Value="&quot;[INSTALLDIR]patchWebDAV.bat&quot;"
+            Sequence="execute" Before="PatchWebDAV" />
+    <CustomAction Id="PatchWebDAV" BinaryKey="WixCA" DllEntry="WixQuietExec64" Execute="deferred" Return="ignore" Impersonate="no"/>
 
     <!-- Special Settings migration for 1.7.0,. Should be removed eventually, for more info, see ../contrib/version170-migrate-settings.ps1-->
-    <CustomAction Id="V170MigrateSettings" Impersonate="no" ExeCommand="[INSTALLDIR]version170-migrate-settings.bat" Directory="INSTALLDIR" Execute="deferred" Return="asyncWait" />
+    <SetProperty Id="V170MigrateSettings" Value="&quot;[INSTALLDIR]version170-migrate-settings.bat&quot;"
+            Sequence="execute" Before="V170MigrateSettings" />
+    <CustomAction Id="V170MigrateSettings" BinaryKey="WixCA" DllEntry="WixQuietExec64" Execute="deferred" Return="ignore" Impersonate="no"/>
 
     <!-- Running App detection and exit -->
     <Property Id="FOUNDRUNNINGAPP" Admin="yes"/>
@@ -172,11 +181,12 @@
       <?endif?>
 
       <?ifndef JpAllowUpgrades ?>
-      <Custom Action="JpDisallowUpgrade" After="FindRelatedProducts">JP_UPGRADABLE_FOUND</Custom>
+      <Custom Action="JpDisallowUpgrade" After="JpFindRelatedProducts">JP_UPGRADABLE_FOUND</Custom>
       <?endif?>
       <?ifndef JpAllowDowngrades ?>
-      <Custom Action="JpDisallowDowngrade" After="FindRelatedProducts">JP_DOWNGRADABLE_FOUND</Custom>
+      <Custom Action="JpDisallowDowngrade" After="JpFindRelatedProducts">JP_DOWNGRADABLE_FOUND</Custom>
       <?endif?>
+      <Custom Action="JpFindRelatedProducts" After="FindRelatedProducts"/>
 
       <!-- Check and fail if Cryptomator is running -->
       <Custom Action="WixCloseApplications" Before="InstallValidate"></Custom>
@@ -188,6 +198,10 @@
       <Custom Action="V170MigrateSettings" After="InstallFiles">NOT Installed OR REINSTALL</Custom>
     </InstallExecuteSequence>
 
+    <InstallUISequence>
+      <Custom Action="JpFindRelatedProducts" After="FindRelatedProducts"/>
+    </InstallUISequence>
+
     <WixVariable Id="WixUIBannerBmp" Value="$(env.JP_WIXWIZARD_RESOURCES)\banner.bmp" />
     <WixVariable Id="WixUIDialogBmp" Value="$(env.JP_WIXWIZARD_RESOURCES)\background.bmp" />
   </Product>

pom.xml

@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>cryptomator</artifactId>
-	<version>1.7.1</version>
+	<version>1.9.2</version>
 	<name>Cryptomator Desktop App</name>
 
 	<organization>
@@ -17,60 +17,58 @@
 			<email>sebastian.stenzel@gmail.com</email>
 			<timezone>+1</timezone>
 		</developer>
+		<developer>
+			<name>Armin Schrenk</name>
+			<email>armin.schrenk+dev@mailbox.org</email>
+			<timezone>+1</timezone>
+		</developer>
 	</developers>
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<project.jdk.version>19</project.jdk.version>
+		<project.jdk.version>20</project.jdk.version>
 
 		<!-- Group IDs of jars that need to stay on the class path for now -->
 		<!-- Once hypfvieh, swiesend, purejava and integrations-linux have module-info, remove them-->
 		<nonModularGroupIds>org.ow2.asm,org.apache.jackrabbit,org.apache.httpcomponents,de.swiesend,org.purejava,com.github.hypfvieh</nonModularGroupIds>
 
 		<!-- cryptomator dependencies -->
-		<cryptomator.cryptolib.version>2.1.1</cryptomator.cryptolib.version>
-		<cryptomator.cryptofs.version>2.6.1</cryptomator.cryptofs.version>
+		<cryptomator.cryptofs.version>2.6.5</cryptomator.cryptofs.version>
 		<cryptomator.integrations.version>1.2.0</cryptomator.integrations.version>
 		<cryptomator.integrations.win.version>1.2.0</cryptomator.integrations.win.version>
 		<cryptomator.integrations.mac.version>1.2.0</cryptomator.integrations.mac.version>
-		<cryptomator.integrations.linux.version>1.2.0</cryptomator.integrations.linux.version>
-		<cryptomator.fuse.version>2.0.2</cryptomator.fuse.version>
+		<cryptomator.integrations.linux.version>1.2.1</cryptomator.integrations.linux.version>
+		<cryptomator.fuse.version>3.0.0</cryptomator.fuse.version>
 		<cryptomator.dokany.version>2.0.0</cryptomator.dokany.version>
-		<cryptomator.webdav.version>2.0.1</cryptomator.webdav.version>
+		<cryptomator.webdav.version>2.0.3</cryptomator.webdav.version>
 
 		<!-- 3rd party dependencies -->
 		<commons-lang3.version>3.12.0</commons-lang3.version>
 		<dagger.version>2.45</dagger.version>
 		<easybind.version>2.2</easybind.version>
-		<guava.version>31.1-jre</guava.version>
+		<guava.version>32.0.0-jre</guava.version>
 		<gson.version>2.10.1</gson.version>
-		<javafx.version>19.0.2.1</javafx.version>
-		<jwt.version>4.3.0</jwt.version>
+		<javafx.version>20.0.1</javafx.version>
+		<jwt.version>4.4.0</jwt.version>
 		<nimbus-jose.version>9.31</nimbus-jose.version>
-		<logback.version>1.4.5</logback.version>
-		<slf4j.version>2.0.6</slf4j.version>
+		<logback.version>1.4.7</logback.version>
+		<slf4j.version>2.0.7</slf4j.version>
 		<tinyoauth2.version>0.5.1</tinyoauth2.version>
 		<zxcvbn.version>1.7.0</zxcvbn.version>
 
 		<!-- test dependencies -->
-		<junit.jupiter.version>5.9.2</junit.jupiter.version>
-		<mockito.version>5.1.1</mockito.version>
+		<junit.jupiter.version>5.9.3</junit.jupiter.version>
+		<mockito.version>5.3.1</mockito.version>
 		<hamcrest.version>2.2</hamcrest.version>
 
 		<!-- build-time dependencies -->
 		<jetbrains.annotations.version>23.0.0</jetbrains.annotations.version>
-		<dependency-check.version>8.1.0</dependency-check.version>
-		<jacoco.version>0.8.8</jacoco.version>
+		<dependency-check.version>8.1.2</dependency-check.version>
+		<jacoco.version>0.8.9</jacoco.version>
 	</properties>
 
 	<dependencies>
 		<!-- Cryptomator Libs -->
-		<dependency>
-			<!-- needed due to https://github.com/cryptomator/cryptolib/issues/34 -->
-			<groupId>org.cryptomator</groupId>
-			<artifactId>cryptolib</artifactId>
-			<version>${cryptomator.cryptolib.version}</version>
-		</dependency>
 		<dependency>
 			<groupId>org.cryptomator</groupId>
 			<artifactId>cryptofs</artifactId>
@@ -319,41 +317,6 @@
 					</compilerArgs>
 				</configuration>
 			</plugin>
-			<plugin>
-				<groupId>org.codehaus.mojo</groupId>
-				<artifactId>exec-maven-plugin</artifactId>
-				<version>3.1.0</version>
-				<executions>
-					<execution>
-						<id>compile-light-theme</id>
-						<phase>compile</phase>
-						<goals>
-							<goal>java</goal>
-						</goals>
-						<configuration>
-							<mainClass>javafx.graphics/com.sun.javafx.css.parser.Css2Bin</mainClass>
-							<arguments>
-								<arg>${project.basedir}/src/main/resources/css/light_theme.css</arg>
-								<arg>${project.build.outputDirectory}/css/light_theme.bss</arg>
-							</arguments>
-						</configuration>
-					</execution>
-					<execution>
-						<id>compile-dark-theme</id>
-						<phase>compile</phase>
-						<goals>
-							<goal>java</goal>
-						</goals>
-						<configuration>
-							<mainClass>javafx.graphics/com.sun.javafx.css.parser.Css2Bin</mainClass>
-							<arguments>
-								<arg>${project.basedir}/src/main/resources/css/dark_theme.css</arg>
-								<arg>${project.build.outputDirectory}/css/dark_theme.bss</arg>
-							</arguments>
-						</configuration>
-					</execution>
-				</executions>
-			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-jar-plugin</artifactId>
@@ -369,6 +332,9 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-surefire-plugin</artifactId>
+				<configuration>
+					<argLine>--enable-preview</argLine>
+				</configuration>
 			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>

src/main/java/module-info.java

@@ -1,4 +1,16 @@
 import ch.qos.logback.classic.spi.Configurator;
+import org.cryptomator.common.locationpresets.DropboxLinuxLocationPresetsProvider;
+import org.cryptomator.common.locationpresets.DropboxMacLocationPresetsProvider;
+import org.cryptomator.common.locationpresets.DropboxWindowsLocationPresetsProvider;
+import org.cryptomator.common.locationpresets.GoogleDriveLocationPresetsProvider;
+import org.cryptomator.common.locationpresets.ICloudMacLocationPresetsProvider;
+import org.cryptomator.common.locationpresets.ICloudWindowsLocationPresetsProvider;
+import org.cryptomator.common.locationpresets.LocationPresetsProvider;
+import org.cryptomator.common.locationpresets.MegaLocationPresetsProvider;
+import org.cryptomator.common.locationpresets.OneDriveLinuxLocationPresetsProvider;
+import org.cryptomator.common.locationpresets.OneDriveMacLocationPresetsProvider;
+import org.cryptomator.common.locationpresets.OneDriveWindowsLocationPresetsProvider;
+import org.cryptomator.common.locationpresets.PCloudLocationPresetsProvider;
 import org.cryptomator.integrations.tray.TrayMenuController;
 import org.cryptomator.logging.LogbackConfiguratorFactory;
 import org.cryptomator.ui.traymenu.AwtTrayMenuController;
@@ -37,6 +49,15 @@ open module org.cryptomator.desktop {
 	/* TODO: filename-based modules: */
 	requires static javax.inject; /* ugly dagger/guava crap */
 
+	uses org.cryptomator.common.locationpresets.LocationPresetsProvider;
+
 	provides TrayMenuController with AwtTrayMenuController;
 	provides Configurator with LogbackConfiguratorFactory;
+	provides LocationPresetsProvider with DropboxMacLocationPresetsProvider, //
+			DropboxWindowsLocationPresetsProvider, DropboxLinuxLocationPresetsProvider, //
+			ICloudMacLocationPresetsProvider, ICloudWindowsLocationPresetsProvider, //
+			GoogleDriveLocationPresetsProvider, //
+			PCloudLocationPresetsProvider, MegaLocationPresetsProvider, //
+			OneDriveLinuxLocationPresetsProvider, OneDriveWindowsLocationPresetsProvider, //
+			OneDriveMacLocationPresetsProvider;
 }

src/main/java/org/cryptomator/common/Constants.java

@@ -1,5 +1,9 @@
 package org.cryptomator.common;
 
+import org.cryptomator.ui.keyloading.masterkeyfile.MasterkeyFileLoadingStrategy;
+
+import java.net.URI;
+
 public interface Constants {
 
 	String MASTERKEY_FILENAME = "masterkey.cryptomator";
@@ -7,6 +11,7 @@ public interface Constants {
 	String VAULTCONFIG_FILENAME = "vault.cryptomator";
 	String CRYPTOMATOR_FILENAME_EXT = ".cryptomator";
 	String CRYPTOMATOR_FILENAME_GLOB = "*.cryptomator";
+	URI DEFAULT_KEY_ID = URI.create(MasterkeyFileLoadingStrategy.SCHEME + ":" + MASTERKEY_FILENAME);
 	byte[] PEPPER = new byte[0];
 
 }

src/main/java/org/cryptomator/common/LocationPreset.java

@@ -1,64 +0,0 @@
-package org.cryptomator.common;
-
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.util.Arrays;
-import java.util.List;
-
-/**
- * Enum of common cloud providers and their default local storage location path.
- */
-public enum LocationPreset {
-
-	DROPBOX("Dropbox", "~/Dropbox"),
-	ICLOUDDRIVE("iCloud Drive", "~/Library/Mobile Documents/com~apple~CloudDocs", "~/iCloudDrive"),
-	GDRIVE("Google Drive", "~/Google Drive/My Drive", "~/Google Drive"),
-	MEGA("MEGA", "~/MEGA"),
-	ONEDRIVE("OneDrive", "~/OneDrive"),
-	PCLOUD("pCloud", "~/pCloudDrive"),
-
-	LOCAL("local");
-
-	private final String name;
-	private final List<Path> candidates;
-
-	LocationPreset(String name, String... candidates) {
-		this.name = name;
-		this.candidates = Arrays.stream(candidates).map(UserHome::resolve).map(Path::of).toList();
-	}
-
-	/**
-	 * Checks for this LocationPreset if any of the associated paths exist.
-	 *
-	 * @return the first existing path or null, if none exists.
-	 */
-	public Path existingPath() {
-		return candidates.stream().filter(Files::isDirectory).findFirst().orElse(null);
-	}
-
-	public String getDisplayName() {
-		return name;
-	}
-
-	@Override
-	public String toString() {
-		return getDisplayName();
-	}
-
-	//this contruct is needed, since static members are initialized after every enum member is initialized
-	//TODO: refactor this to normal class and use this also in different parts of the project
-	private static class UserHome {
-
-		private static final String USER_HOME = System.getProperty("user.home");
-
-		private static String resolve(String path) {
-			if (path.startsWith("~/")) {
-				return UserHome.USER_HOME + path.substring(1);
-			} else {
-				return path;
-			}
-		}
-	}
-
-}
-

src/main/java/org/cryptomator/common/ObservableUtil.java

@@ -2,7 +2,9 @@ package org.cryptomator.common;
 
 import javafx.beans.binding.Bindings;
 import javafx.beans.value.ObservableValue;
+import java.util.Objects;
 import java.util.function.Function;
+import java.util.function.Supplier;
 
 public class ObservableUtil {
 
@@ -15,4 +17,14 @@ public class ObservableUtil {
 			}
 		}, observable);
 	}
+
+	public static <T, U> ObservableValue<U> mapWithDefault(ObservableValue<T> observable, Function<? super T, ? extends U> mapper, Supplier<U> defaultValue) {
+		return Bindings.createObjectBinding(() -> {
+			if (observable.getValue() == null) {
+				return defaultValue.get();
+			} else {
+				return mapper.apply(observable.getValue());
+			}
+		}, observable);
+	}
 }

src/main/java/org/cryptomator/common/locationpresets/DropboxLinuxLocationPresetsProvider.java

@@ -0,0 +1,32 @@
+package org.cryptomator.common.locationpresets;
+
+import org.cryptomator.integrations.common.OperatingSystem;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.function.Predicate;
+import java.util.regex.Pattern;
+import java.util.stream.Stream;
+
+import static org.cryptomator.integrations.common.OperatingSystem.Value.LINUX;
+
+@OperatingSystem(LINUX)
+public final class DropboxLinuxLocationPresetsProvider implements LocationPresetsProvider {
+
+	private static final Path USER_HOME = LocationPresetsProvider.resolveLocation("~/.").toAbsolutePath();
+	private static final Predicate<String> PATTERN = Pattern.compile("Dropbox \\(.+\\)").asMatchPredicate();
+
+	@Override
+	public Stream<LocationPreset> getLocations() {
+		try (var dirStream = Files.list(USER_HOME)) {
+			var presets = dirStream.filter(p -> Files.isDirectory(p) && PATTERN.test(p.getFileName().toString())) //
+					.map(p -> new LocationPreset(p.getFileName().toString(), p)) //
+					.toList();
+			return presets.stream(); //workaround to ensure that the directory stream is always closed
+		} catch (IOException | UncheckedIOException e) { //UncheckedIOException thrown by the stream of Files.list()
+			return Stream.of();
+		}
+	}
+}

src/main/java/org/cryptomator/common/locationpresets/DropboxMacLocationPresetsProvider.java

@@ -0,0 +1,35 @@
+package org.cryptomator.common.locationpresets;
+
+import org.cryptomator.integrations.common.CheckAvailability;
+import org.cryptomator.integrations.common.OperatingSystem;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.stream.Stream;
+
+import static org.cryptomator.integrations.common.OperatingSystem.Value.MAC;
+
+@OperatingSystem(MAC)
+@CheckAvailability
+public final class DropboxMacLocationPresetsProvider implements LocationPresetsProvider {
+
+	private static final Path LOCATION = LocationPresetsProvider.resolveLocation("~/Library/CloudStorage/Dropbox");
+	private static final Path FALLBACK_LOCATION = LocationPresetsProvider.resolveLocation("~/Dropbox");
+
+
+	@CheckAvailability
+	public static boolean isPresent() {
+		return Files.isDirectory(LOCATION) || Files.isDirectory(FALLBACK_LOCATION);
+	}
+
+	@Override
+	public Stream<LocationPreset> getLocations() {
+		if(Files.isDirectory(LOCATION)) {
+			return Stream.of(new LocationPreset("Dropbox", LOCATION));
+		} else if(Files.isDirectory(FALLBACK_LOCATION)) {
+			return Stream.of(new LocationPreset("Dropbox", FALLBACK_LOCATION));
+		} else {
+			return Stream.of();
+		}
+	}
+}

src/main/java/org/cryptomator/common/locationpresets/DropboxWindowsLocationPresetsProvider.java

@@ -0,0 +1,28 @@
+package org.cryptomator.common.locationpresets;
+
+import org.cryptomator.integrations.common.CheckAvailability;
+import org.cryptomator.integrations.common.OperatingSystem;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.stream.Stream;
+
+import static org.cryptomator.integrations.common.OperatingSystem.Value.WINDOWS;
+
+@OperatingSystem(WINDOWS)
+@CheckAvailability
+public final class DropboxWindowsLocationPresetsProvider implements LocationPresetsProvider {
+
+	private static final Path LOCATION = LocationPresetsProvider.resolveLocation("~/Dropbox");
+
+
+	@CheckAvailability
+	public static boolean isPresent() {
+		return Files.isDirectory(LOCATION);
+	}
+
+	@Override
+	public Stream<LocationPreset> getLocations() {
+		return Stream.of(new LocationPreset("Dropbox", LOCATION));
+	}
+}

src/main/java/org/cryptomator/common/locationpresets/GoogleDriveLocationPresetsProvider.java

@@ -0,0 +1,37 @@
+package org.cryptomator.common.locationpresets;
+
+import org.cryptomator.integrations.common.CheckAvailability;
+import org.cryptomator.integrations.common.OperatingSystem;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.stream.Stream;
+
+import static org.cryptomator.integrations.common.OperatingSystem.Value.MAC;
+import static org.cryptomator.integrations.common.OperatingSystem.Value.WINDOWS;
+
+@OperatingSystem(WINDOWS)
+@OperatingSystem(MAC)
+@CheckAvailability
+public final class GoogleDriveLocationPresetsProvider implements LocationPresetsProvider {
+
+	private static final Path LOCATION1 = LocationPresetsProvider.resolveLocation("~/GoogleDrive");
+	private static final Path LOCATION2 = LocationPresetsProvider.resolveLocation("~/GoogleDrive/My Drive");
+
+
+	@CheckAvailability
+	public static boolean isPresent() {
+		return Files.isDirectory(LOCATION1) || Files.isDirectory(LOCATION2);
+	}
+
+	@Override
+	public Stream<LocationPreset> getLocations() {
+		if(Files.isDirectory(LOCATION1)) {
+			return Stream.of(new LocationPreset("Google Drive", LOCATION1));
+		} else if(Files.isDirectory(LOCATION2)) {
+			return Stream.of(new LocationPreset("Google Drive", LOCATION2));
+		} else {
+			return Stream.of();
+		}
+	}
+}

src/main/java/org/cryptomator/common/locationpresets/ICloudMacLocationPresetsProvider.java

@@ -0,0 +1,27 @@
+package org.cryptomator.common.locationpresets;
+
+import org.cryptomator.integrations.common.CheckAvailability;
+import org.cryptomator.integrations.common.OperatingSystem;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.stream.Stream;
+
+import static org.cryptomator.integrations.common.OperatingSystem.Value.MAC;
+
+@OperatingSystem(MAC)
+@CheckAvailability
+public final class ICloudMacLocationPresetsProvider implements LocationPresetsProvider {
+
+	private static final Path LOCATION = LocationPresetsProvider.resolveLocation("~/Library/Mobile Documents/com~apple~CloudDocs");
+
+	@CheckAvailability
+	public static boolean isPresent() {
+		return Files.isDirectory(LOCATION);
+	}
+
+	@Override
+	public Stream<LocationPreset> getLocations() {
+		return Stream.of(new LocationPreset("iCloud Drive", LOCATION));
+	}
+}

src/main/java/org/cryptomator/common/locationpresets/ICloudWindowsLocationPresetsProvider.java

@@ -0,0 +1,27 @@
+package org.cryptomator.common.locationpresets;
+
+import org.cryptomator.integrations.common.CheckAvailability;
+import org.cryptomator.integrations.common.OperatingSystem;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.stream.Stream;
+
+import static org.cryptomator.integrations.common.OperatingSystem.Value.WINDOWS;
+
+@OperatingSystem(WINDOWS)
+@CheckAvailability
+public final class ICloudWindowsLocationPresetsProvider implements LocationPresetsProvider {
+
+	private static final Path LOCATION = LocationPresetsProvider.resolveLocation("~/iCloudDrive");
+
+	@CheckAvailability
+	public static boolean isPresent() {
+		return Files.isDirectory(LOCATION);
+	}
+
+	@Override
+	public Stream<LocationPreset> getLocations() {
+		return Stream.of(new LocationPreset("iCloud Drive", LOCATION));
+	}
+}

src/main/java/org/cryptomator/common/locationpresets/LocationPreset.java

@@ -0,0 +1,9 @@
+package org.cryptomator.common.locationpresets;
+
+import java.nio.file.Path;
+
+public record LocationPreset(String name, Path path) {
+
+
+
+}

src/main/java/org/cryptomator/common/locationpresets/LocationPresetsProvider.java

@@ -0,0 +1,97 @@
+package org.cryptomator.common.locationpresets;
+
+import org.cryptomator.integrations.common.CheckAvailability;
+import org.cryptomator.integrations.common.IntegrationsLoader;
+import org.cryptomator.integrations.common.OperatingSystem;
+import org.jetbrains.annotations.Nullable;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.lang.reflect.Method;
+import java.lang.reflect.Modifier;
+import java.nio.file.Path;
+import java.util.Arrays;
+import java.util.ServiceLoader;
+import java.util.stream.Stream;
+
+public interface LocationPresetsProvider {
+
+	Logger LOG = LoggerFactory.getLogger(LocationPresetsProvider.class);
+	String USER_HOME = System.getProperty("user.home");
+
+	/**
+	 * Streams account-separated location presets found by this provider
+	 * @return Stream of LocationPresets
+	 */
+	Stream<LocationPreset> getLocations();
+
+	static Path resolveLocation(String p) {
+		if (p.startsWith("~/")) {
+			return Path.of(USER_HOME, p.substring(2));
+		} else {
+			return Path.of(p);
+		}
+	}
+
+	//copied from org.cryptomator.integrations.common.IntegrationsLoader
+	//TODO: delete, once migrated to integrations-api
+	static <T> Stream<T> loadAll(Class<T> clazz) {
+		return ServiceLoader.load(clazz)
+				.stream()
+				.filter(LocationPresetsProvider::isSupportedOperatingSystem)
+				.filter(LocationPresetsProvider::passesStaticAvailabilityCheck)
+				.map(ServiceLoader.Provider::get)
+				.peek(impl -> logServiceIsAvailable(clazz, impl.getClass()));
+	}
+
+
+	private static boolean isSupportedOperatingSystem(ServiceLoader.Provider<?> provider) {
+		var annotations = provider.type().getAnnotationsByType(OperatingSystem.class);
+		return annotations.length == 0 || Arrays.stream(annotations).anyMatch(OperatingSystem.Value::isCurrent);
+	}
+
+	private static boolean passesStaticAvailabilityCheck(ServiceLoader.Provider<?> provider) {
+		return passesStaticAvailabilityCheck(provider.type());
+	}
+
+	static boolean passesStaticAvailabilityCheck(Class<?> type) {
+		return passesAvailabilityCheck(type, null);
+	}
+
+	private static void logServiceIsAvailable(Class<?> apiType, Class<?> implType) {
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("{}: Implementation is available: {}", apiType.getSimpleName(), implType.getName());
+		}
+	}
+
+	private static <T> boolean passesAvailabilityCheck(Class<? extends T> type, @Nullable T instance) {
+		if (!type.isAnnotationPresent(CheckAvailability.class)) {
+			return true; // if type is not annotated, skip tests
+		}
+		if (!type.getModule().isExported(type.getPackageName(), IntegrationsLoader.class.getModule())) {
+			LOG.error("Can't run @CheckAvailability tests for class {}. Make sure to export {} to {}!", type.getName(), type.getPackageName(), IntegrationsLoader.class.getPackageName());
+			return false;
+		}
+		return Arrays.stream(type.getMethods())
+				.filter(m -> isAvailabilityCheck(m, instance == null))
+				.allMatch(m -> passesAvailabilityCheck(m, instance));
+	}
+
+	private static boolean passesAvailabilityCheck(Method m, @Nullable Object instance) {
+		assert Boolean.TYPE.equals(m.getReturnType());
+		try {
+			return (boolean) m.invoke(instance);
+		} catch (ReflectiveOperationException e) {
+			LOG.warn("Failed to invoke @CheckAvailability test {}#{}", m.getDeclaringClass(), m.getName(), e);
+			return false;
+		}
+	}
+
+	private static boolean isAvailabilityCheck(Method m, boolean isStatic) {
+		return m.isAnnotationPresent(CheckAvailability.class)
+				&& Boolean.TYPE.equals(m.getReturnType())
+				&& m.getParameterCount() == 0
+				&& Modifier.isStatic(m.getModifiers()) == isStatic;
+	}
+
+}

src/main/java/org/cryptomator/common/locationpresets/MegaLocationPresetsProvider.java

@@ -0,0 +1,29 @@
+package org.cryptomator.common.locationpresets;
+
+import org.cryptomator.integrations.common.CheckAvailability;
+import org.cryptomator.integrations.common.OperatingSystem;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.stream.Stream;
+
+import static org.cryptomator.integrations.common.OperatingSystem.Value.MAC;
+import static org.cryptomator.integrations.common.OperatingSystem.Value.WINDOWS;
+
+@OperatingSystem(WINDOWS)
+@OperatingSystem(MAC)
+@CheckAvailability
+public final class MegaLocationPresetsProvider implements LocationPresetsProvider {
+
+	private static final Path LOCATION = LocationPresetsProvider.resolveLocation("~/MEGA");
+
+	@CheckAvailability
+	public static boolean isPresent() {
+		return Files.isDirectory(LOCATION);
+	}
+
+	@Override
+	public Stream<LocationPreset> getLocations() {
+		return Stream.of(new LocationPreset("MEGA", LOCATION));
+	}
+}

src/main/java/org/cryptomator/common/locationpresets/OneDriveLinuxLocationPresetsProvider.java

@@ -0,0 +1,28 @@
+package org.cryptomator.common.locationpresets;
+
+import org.cryptomator.integrations.common.CheckAvailability;
+import org.cryptomator.integrations.common.OperatingSystem;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.stream.Stream;
+
+import static org.cryptomator.integrations.common.OperatingSystem.Value.LINUX;
+
+@OperatingSystem(LINUX)
+@CheckAvailability
+public final class OneDriveLinuxLocationPresetsProvider implements LocationPresetsProvider {
+
+
+	private static final Path LOCATION = LocationPresetsProvider.resolveLocation("~/OneDrive");
+
+	@CheckAvailability
+	public static boolean isPresent() {
+		return Files.isDirectory(LOCATION);
+	}
+
+	@Override
+	public Stream<LocationPreset> getLocations() {
+		return Stream.of(new LocationPreset("OneDrive", LOCATION));
+	}
+}

src/main/java/org/cryptomator/common/locationpresets/OneDriveMacLocationPresetsProvider.java

@@ -0,0 +1,44 @@
+package org.cryptomator.common.locationpresets;
+
+import org.cryptomator.integrations.common.OperatingSystem;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.stream.Stream;
+import java.util.stream.StreamSupport;
+
+import static org.cryptomator.integrations.common.OperatingSystem.Value.MAC;
+
+@OperatingSystem(MAC)
+public final class OneDriveMacLocationPresetsProvider implements LocationPresetsProvider {
+
+	private static final Path FALLBACK_LOCATION = LocationPresetsProvider.resolveLocation("~/OneDrive");
+	private static final Path PARENT_LOCATION = LocationPresetsProvider.resolveLocation("~/Library/CloudStorage");
+
+	@Override
+	public Stream<LocationPreset> getLocations() {
+		var newLocations = getNewLocations().toList();
+		if (newLocations.size() >= 1) {
+			return newLocations.stream();
+		} else {
+			return getOldLocation();
+		}
+	}
+
+	private Stream<LocationPreset> getNewLocations() {
+		try (var dirStream = Files.newDirectoryStream(PARENT_LOCATION, "OneDrive*")) {
+			return StreamSupport.stream(dirStream.spliterator(), false) //
+					.filter(Files::isDirectory) //
+					.map(p -> new LocationPreset(String.join(" - ", p.getFileName().toString().split("-")), p));
+		} catch (IOException e) {
+			return Stream.of();
+		}
+	}
+
+	private Stream<LocationPreset> getOldLocation() {
+		return Stream.of(new LocationPreset("OneDrive", FALLBACK_LOCATION)).filter(preset -> Files.isDirectory(preset.path()));
+	}
+
+
+}

src/main/java/org/cryptomator/common/locationpresets/OneDriveWindowsLocationPresetsProvider.java

@@ -0,0 +1,108 @@
+package org.cryptomator.common.locationpresets;
+
+import org.cryptomator.integrations.common.OperatingSystem;
+import org.jetbrains.annotations.Blocking;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+import java.util.function.Predicate;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+import static org.cryptomator.integrations.common.OperatingSystem.Value.WINDOWS;
+
+@OperatingSystem(WINDOWS)
+public final class OneDriveWindowsLocationPresetsProvider implements LocationPresetsProvider {
+
+	private static final Logger LOG = LoggerFactory.getLogger(OneDriveWindowsLocationPresetsProvider.class);
+	private static final String REGSTR_TOKEN = "REG_SZ";
+	private static final String REG_ONEDRIVE_ACCOUNTS = "HKEY_CURRENT_USER\\Software\\Microsoft\\OneDrive\\Accounts\\";
+
+	@Override
+	public Stream<LocationPreset> getLocations() {
+		try {
+			var accountRegKeys = queryRegistry(REG_ONEDRIVE_ACCOUNTS, List.of(), l -> l.startsWith(REG_ONEDRIVE_ACCOUNTS)).toList();
+			var cloudLocations = new ArrayList<LocationPreset>();
+			for (var accountRegKey : accountRegKeys) {
+				var path = queryRegistry(accountRegKey, List.of("/v", "UserFolder"), l -> l.contains("UserFolder")).map(result -> result.substring(result.indexOf(REGSTR_TOKEN) + REGSTR_TOKEN.length()).trim()) //
+						.map(Path::of) //
+						.findFirst().orElseThrow();
+				var name = "OneDrive"; //we assume personal oneDrive account by default
+				if (!accountRegKey.endsWith("Personal")) {
+					name = queryRegistry(accountRegKey, List.of("/v", "DisplayName"), l -> l.contains("DisplayName")).map(result -> result.substring(result.indexOf(REGSTR_TOKEN) + REGSTR_TOKEN.length()).trim()) //
+							.map("OneDrive - "::concat) //
+							.findFirst().orElseThrow();
+				}
+				cloudLocations.add(new LocationPreset(name, path));
+			}
+			return cloudLocations.stream();
+		} catch (IOException | CommandFailedException | TimeoutException e) {
+			LOG.error("Unable to determine OneDrive location", e);
+			return Stream.of();
+		} catch (InterruptedException e) {
+			Thread.currentThread().interrupt();
+			LOG.error("Determination of OneDrive location interrupted", e);
+			return Stream.of();
+		}
+	}
+
+	private Stream<String> queryRegistry(String keyname, List<String> moreArgs, Predicate<String> outputFilter) throws InterruptedException, CommandFailedException, TimeoutException, IOException {
+		var args = new ArrayList<String>();
+		args.add("reg");
+		args.add("query");
+		args.add(keyname);
+		args.addAll(moreArgs);
+		ProcessBuilder command = new ProcessBuilder(args);
+		Process p = command.start();
+		waitForSuccess(p, 3, "`reg query`");
+		return p.inputReader(StandardCharsets.UTF_8).lines().filter(outputFilter);
+	}
+
+
+	/**
+	 * Waits {@code timeoutSeconds} seconds for {@code process} to finish with exit code {@code 0}.
+	 *
+	 * @param process The process to wait for
+	 * @param timeoutSeconds How long to wait (in seconds)
+	 * @param cmdDescription A short description of the process used to generate log and exception messages
+	 * @throws TimeoutException Thrown when the process doesn't finish in time
+	 * @throws InterruptedException Thrown when the thread is interrupted while waiting for the process to finish
+	 * @throws CommandFailedException Thrown when the process exit code is non-zero
+	 */
+	@Blocking
+	private static void waitForSuccess(Process process, int timeoutSeconds, String cmdDescription) throws TimeoutException, InterruptedException, CommandFailedException {
+		boolean exited = process.waitFor(timeoutSeconds, TimeUnit.SECONDS);
+		if (!exited) {
+			throw new TimeoutException(cmdDescription + " timed out after " + timeoutSeconds + "s");
+		}
+		if (process.exitValue() != 0) {
+			@SuppressWarnings("resource") var stdout = process.inputReader(StandardCharsets.UTF_8).lines().collect(Collectors.joining("\n"));
+			@SuppressWarnings("resource") var stderr = process.errorReader(StandardCharsets.UTF_8).lines().collect(Collectors.joining("\n"));
+			throw new CommandFailedException(cmdDescription, process.exitValue(), stdout, stderr);
+		}
+	}
+
+	private static class CommandFailedException extends Exception {
+
+		int exitCode;
+		String stdout;
+		String stderr;
+
+		private CommandFailedException(String cmdDescription, int exitCode, String stdout, String stderr) {
+			super(cmdDescription + " returned with non-zero exit code " + exitCode);
+			this.exitCode = exitCode;
+			this.stdout = stdout;
+			this.stderr = stderr;
+		}
+
+	}
+
+
+}

src/main/java/org/cryptomator/common/locationpresets/PCloudLocationPresetsProvider.java

@@ -0,0 +1,30 @@
+package org.cryptomator.common.locationpresets;
+
+import org.cryptomator.integrations.common.CheckAvailability;
+import org.cryptomator.integrations.common.OperatingSystem;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.stream.Stream;
+
+import static org.cryptomator.integrations.common.OperatingSystem.Value.MAC;
+import static org.cryptomator.integrations.common.OperatingSystem.Value.WINDOWS;
+
+@OperatingSystem(WINDOWS)
+@OperatingSystem(MAC)
+@CheckAvailability
+public final class PCloudLocationPresetsProvider implements LocationPresetsProvider {
+
+
+	private static final Path LOCATION = LocationPresetsProvider.resolveLocation("~/pCloudDrive");
+
+	@CheckAvailability
+	public static boolean isPresent() {
+		return Files.isDirectory(LOCATION);
+	}
+
+	@Override
+	public Stream<LocationPreset> getLocations() {
+		return Stream.of(new LocationPreset("pCloud", LOCATION));
+	}
+}

src/main/java/org/cryptomator/common/mount/MountModule.java

@@ -2,50 +2,71 @@ package org.cryptomator.common.mount;
 
 import dagger.Module;
 import dagger.Provides;
+import org.cryptomator.common.ObservableUtil;
 import org.cryptomator.common.settings.Settings;
+import org.cryptomator.integrations.mount.Mount;
 import org.cryptomator.integrations.mount.MountService;
 
+import javax.inject.Named;
 import javax.inject.Singleton;
-import javafx.beans.property.SimpleObjectProperty;
 import javafx.beans.value.ObservableValue;
 import java.util.List;
+import java.util.concurrent.atomic.AtomicReference;
 
 @Module
 public class MountModule {
 
+	private static final AtomicReference<MountService> formerSelectedMountService = new AtomicReference<>(null);
+	private static final List<String> problematicFuseMountServices = List.of("org.cryptomator.frontend.fuse.mount.MacFuseMountProvider", "org.cryptomator.frontend.fuse.mount.FuseTMountProvider");
+
 	@Provides
 	@Singleton
 	static List<MountService> provideSupportedMountServices() {
 		return MountService.get().toList();
 	}
 
-	//currently not used, because macFUSE and FUSE-T cannot be used in the same JVM
-	/*
 	@Provides
 	@Singleton
-	static ObservableValue<ActualMountService> provideMountService(Settings settings, List<MountService> serviceImpls) {
+	@Named("FUPFMS")
+	static AtomicReference<MountService> provideFirstUsedProblematicFuseMountService() {
+		return new AtomicReference<>(null);
+	}
+
+	@Provides
+	@Singleton
+	static ObservableValue<ActualMountService> provideMountService(Settings settings, List<MountService> serviceImpls, @Named("FUPFMS") AtomicReference<MountService> fupfms) {
 		var fallbackProvider = serviceImpls.stream().findFirst().orElse(null);
-		return ObservableUtil.mapWithDefault(settings.mountService(), //
+
+		var observableMountService = ObservableUtil.mapWithDefault(settings.mountService(), //
 				desiredServiceImpl -> { //
-					var desiredService = serviceImpls.stream().filter(serviceImpl -> serviceImpl.getClass().getName().equals(desiredServiceImpl)).findAny(); //
-					return new ActualMountService(desiredService.orElse(fallbackProvider), desiredService.isPresent()); //
+					var serviceFromSettings = serviceImpls.stream().filter(serviceImpl -> serviceImpl.getClass().getName().equals(desiredServiceImpl)).findAny(); //
+					var targetedService = serviceFromSettings.orElse(fallbackProvider);
+					return applyWorkaroundForProblematicFuse(targetedService, serviceFromSettings.isPresent(), fupfms);
 				}, //
-				new ActualMountService(fallbackProvider, true));
-	}
-	 */
-
-	@Provides
-	@Singleton
-	static ActualMountService provideActualMountService(Settings settings, List<MountService> serviceImpls) {
-		var fallbackProvider = serviceImpls.stream().findFirst().orElse(null);
-		var desiredService = serviceImpls.stream().filter(serviceImpl -> serviceImpl.getClass().getName().equals(settings.mountService().getValue())).findFirst(); //
-		return new ActualMountService(desiredService.orElse(fallbackProvider), desiredService.isPresent()); //
+				() -> { //
+					return applyWorkaroundForProblematicFuse(fallbackProvider, true, fupfms);
+				});
+		return observableMountService;
 	}
 
-	@Provides
-	@Singleton
-	static ObservableValue<ActualMountService> provideMountService(ActualMountService service) {
-		return new SimpleObjectProperty<>(service);
+	//see https://github.com/cryptomator/cryptomator/issues/2786
+	private synchronized static ActualMountService applyWorkaroundForProblematicFuse(MountService targetedService, boolean isDesired, AtomicReference<MountService> firstUsedProblematicFuseMountService) {
+		//set the first used problematic fuse service if applicable
+		var targetIsProblematicFuse = isProblematicFuseService(targetedService);
+		if (targetIsProblematicFuse && firstUsedProblematicFuseMountService.get() == null) {
+			firstUsedProblematicFuseMountService.set(targetedService);
+		}
+
+		//do not use the targeted mount service and fallback to former one, if the service is problematic _and_ not the first problematic one used.
+		if (targetIsProblematicFuse && !firstUsedProblematicFuseMountService.get().equals(targetedService)) {
+			return new ActualMountService(formerSelectedMountService.get(), false);
+		} else {
+			formerSelectedMountService.set(targetedService);
+			return new ActualMountService(targetedService, isDesired);
+		}
 	}
 
+	public static boolean isProblematicFuseService(MountService service) {
+		return problematicFuseMountServices.contains(service.getClass().getName());
+	}
 }

src/main/java/org/cryptomator/common/mount/MountPointPreparationException.java

@@ -2,6 +2,10 @@ package org.cryptomator.common.mount;
 
 public class MountPointPreparationException extends RuntimeException {
 
+	public MountPointPreparationException(String msg) {
+		super(msg);
+	}
+
 	public MountPointPreparationException(Throwable cause) {
 		super(cause);
 	}

src/main/java/org/cryptomator/common/mount/MountWithinParentUtil.java

@@ -51,8 +51,19 @@ public final class MountWithinParentUtil {
 				if (SystemUtils.IS_OS_WINDOWS) {
 					Files.setAttribute(hideaway, WIN_HIDDEN_ATTR, true, LinkOption.NOFOLLOW_LINKS);
 				}
+				int attempts = 0;
+				while (!Files.notExists(mountPoint)) {
+					if (attempts >= 10) {
+						throw new MountPointPreparationException("Path " + mountPoint + " could not be cleared");
+					}
+					Thread.sleep(1000);
+					attempts++;
+				}
 			} catch (IOException e) {
 				throw new MountPointPreparationException(e);
+			} catch (InterruptedException e) {
+				Thread.currentThread().interrupt();
+				throw new MountPointPreparationException(e);
 			}
 		}
 	}

src/main/java/org/cryptomator/common/vaults/AutoLocker.java

@@ -6,6 +6,7 @@ import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
+import javafx.application.Platform;
 import javafx.collections.ObservableList;
 import java.io.IOException;
 import java.time.Instant;
@@ -40,6 +41,7 @@ public class AutoLocker {
 	private void autolock(Vault vault) {
 		try {
 			vault.lock(false);
+			Platform.runLater(() -> vault.stateProperty().set(VaultState.Value.LOCKED));
 			LOG.info("Autolocked {} after idle timeout", vault.getDisplayName());
 		} catch (UnmountFailedException | IOException e) {
 			LOG.error("Autolocking failed.", e);

src/main/java/org/cryptomator/ipc/IpcMessage.java

@@ -9,8 +9,8 @@ import java.nio.channels.ReadableByteChannel;
 import java.nio.channels.WritableByteChannel;
 import java.util.function.Function;
 
-// TODO make sealed, remove enum
-interface IpcMessage {
+//TODO can the enum be removed?
+sealed interface IpcMessage permits HandleLaunchArgsMessage, RevealRunningAppMessage {
 
 	enum MessageType {
 		REVEAL_RUNNING_APP(RevealRunningAppMessage::decode),

src/main/java/org/cryptomator/ipc/IpcMessageListener.java

@@ -5,10 +5,9 @@ import java.util.List;
 public interface IpcMessageListener {
 
 	default void handleMessage(IpcMessage message) {
-		if (message instanceof RevealRunningAppMessage) {
-			revealRunningApp();
-		} else if (message instanceof HandleLaunchArgsMessage m) {
-			handleLaunchArgs(m.args());
+		switch (message) {
+			case RevealRunningAppMessage m -> revealRunningApp(); // TODO: rename to _ with JEP 443
+			case HandleLaunchArgsMessage m -> handleLaunchArgs(m.args());
 		}
 	}
 

src/main/java/org/cryptomator/launcher/SupportedLanguages.java

@@ -1,12 +1,14 @@
 package org.cryptomator.launcher;
 
 import org.cryptomator.common.settings.Settings;
-import org.jetbrains.annotations.Nullable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
+import java.text.Collator;
+import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 import java.util.Locale;
 
@@ -14,26 +16,39 @@ import java.util.Locale;
 public class SupportedLanguages {
 
 	private static final Logger LOG = LoggerFactory.getLogger(SupportedLanguages.class);
-	// these are BCP 47 language codes, not ISO. Note the "-" instead of the "_":
-	public static final List<String> LANGUAGAE_TAGS = List.of("en", "ar", "be", "bn", "bs", "ca", "cs", "da", "de", "el", "es", "fil", "fa", "fr", "gl", "he", //
-			"hi", "hr", "hu", "id", "it", "ja", "ko", "lv", "mk", "nb", "nl", "nn", "no", "pa", "pl", "pt", "pt-BR", "ro", "ru", "si", "sk", "sr", "sr-Latn", "sv", "sw", //
-			"ta", "te", "th", "tr", "uk", "vi", "zh", "zh-HK", "zh-TW");
+	// these are BCP 47 language codes, not ISO. Note the "-" instead of the "_".
+	// "en" is not part of this list - it is always inserted at the top.
+	public static final List<String> LANGUAGE_TAGS = List.of("ar", "be", "bn", "bs", "ca", "cs", "da", "de", "el", "es", "fr", "gl", "he", //
+			"hi", "hr", "hu", "id", "it", "ja", "ko", "lv", "nb", "nl", "nn", "pa", "pl", "pt", "pt-BR", "ro", "ru", "sk", "sr", "sr-Latn", "sv", "sw", //
+			"ta", "th", "tr", "uk", "vi", "zh", "zh-HK", "zh-TW");
+	public static final String ENGLISH = "en";
 
-	@Nullable
-	private final String preferredLanguage;
+	private final List<String> sortedLanguageTags;
+
+	private final Locale preferredLocale;
 
 	@Inject
 	public SupportedLanguages(Settings settings) {
-		this.preferredLanguage = settings.languageProperty().get();
+		var preferredLanguage = settings.languageProperty().get();
+		preferredLocale = preferredLanguage == null ? Locale.getDefault() : Locale.forLanguageTag(preferredLanguage);
+		var collator = Collator.getInstance(preferredLocale);
+		collator.setStrength(Collator.PRIMARY);
+		var sorted = new ArrayList<String>();
+		sorted.add(0, Settings.DEFAULT_LANGUAGE);
+		sorted.add(1, ENGLISH);
+		LANGUAGE_TAGS.stream() //
+				.sorted((a, b) -> collator.compare(Locale.forLanguageTag(a).getDisplayName(), Locale.forLanguageTag(b).getDisplayName())) //
+				.forEach(sorted::add);
+		sortedLanguageTags = Collections.unmodifiableList(sorted);
 	}
 
 	public void applyPreferred() {
-		if (preferredLanguage == null) {
-			LOG.debug("Using system locale");
-			return;
-		}
-		var preferredLocale = Locale.forLanguageTag(preferredLanguage);
-		LOG.debug("Applying preferred locale {}", preferredLocale.getDisplayName(Locale.ENGLISH));
+		LOG.debug("Using locale {}", preferredLocale);
 		Locale.setDefault(preferredLocale);
 	}
+
+	public List<String> getLanguageTags() {
+		return sortedLanguageTags;
+	}
+
 }

src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultModule.java

@@ -11,8 +11,8 @@ import org.cryptomator.ui.common.FxControllerKey;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlLoaderFactory;
 import org.cryptomator.ui.common.FxmlScene;
-import org.cryptomator.ui.common.NewPasswordController;
-import org.cryptomator.ui.common.PasswordStrengthUtil;
+import org.cryptomator.ui.changepassword.NewPasswordController;
+import org.cryptomator.ui.changepassword.PasswordStrengthUtil;
 import org.cryptomator.ui.common.StageFactory;
 import org.cryptomator.ui.fxapp.PrimaryStage;
 import org.cryptomator.ui.recoverykey.RecoveryKeyDisplayController;

src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultLocationController.java

@@ -1,6 +1,9 @@
 package org.cryptomator.ui.addvaultwizard;
 
 import dagger.Lazy;
+import org.cryptomator.common.ObservableUtil;
+import org.cryptomator.common.locationpresets.LocationPreset;
+import org.cryptomator.common.locationpresets.LocationPresetsProvider;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
@@ -10,22 +13,19 @@ import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
 import javax.inject.Named;
-import javafx.beans.binding.Bindings;
 import javafx.beans.binding.BooleanBinding;
 import javafx.beans.property.BooleanProperty;
 import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.SimpleBooleanProperty;
-import javafx.beans.property.SimpleObjectProperty;
-import javafx.beans.property.SimpleStringProperty;
 import javafx.beans.property.StringProperty;
 import javafx.beans.value.ObservableValue;
 import javafx.fxml.FXML;
-import javafx.scene.Node;
 import javafx.scene.Scene;
 import javafx.scene.control.Label;
 import javafx.scene.control.RadioButton;
 import javafx.scene.control.Toggle;
 import javafx.scene.control.ToggleGroup;
+import javafx.scene.layout.VBox;
 import javafx.stage.DirectoryChooser;
 import javafx.stage.Stage;
 import java.io.File;
@@ -34,6 +34,9 @@ import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.nio.file.StandardOpenOption;
+import java.util.Comparator;
+import java.util.List;
+import java.util.Optional;
 import java.util.ResourceBundle;
 
 @AddVaultWizardScoped
@@ -46,70 +49,72 @@ public class CreateNewVaultLocationController implements FxController {
 	private final Stage window;
 	private final Lazy<Scene> chooseNameScene;
 	private final Lazy<Scene> choosePasswordScene;
-	private final ObservedLocationPresets locationPresets;
+	private final List<RadioButton> locationPresetBtns;
 	private final ObjectProperty<Path> vaultPath;
 	private final StringProperty vaultName;
 	private final ResourceBundle resourceBundle;
-	private final BooleanBinding validVaultPath;
+	private final ObservableValue<VaultPathStatus> vaultPathStatus;
+	private final ObservableValue<Boolean> validVaultPath;
 	private final BooleanProperty usePresetPath;
-	private final StringProperty statusText;
-	private final ObjectProperty<Node> statusGraphic;
 
 	private Path customVaultPath = DEFAULT_CUSTOM_VAULT_PATH;
 
 	//FXML
-	public ToggleGroup predefinedLocationToggler;
-	public RadioButton iclouddriveRadioButton;
-	public RadioButton dropboxRadioButton;
-	public RadioButton gdriveRadioButton;
-	public RadioButton onedriveRadioButton;
-	public RadioButton megaRadioButton;
-	public RadioButton pcloudRadioButton;
+	public ToggleGroup locationPresetsToggler;
+	public VBox radioButtonVBox;
 	public RadioButton customRadioButton;
-	public Label vaultPathStatus;
+	public Label locationStatusLabel;
 	public FontAwesome5IconView goodLocation;
 	public FontAwesome5IconView badLocation;
 
 	@Inject
-	CreateNewVaultLocationController(@AddVaultWizardWindow Stage window, @FxmlScene(FxmlFile.ADDVAULT_NEW_NAME) Lazy<Scene> chooseNameScene, @FxmlScene(FxmlFile.ADDVAULT_NEW_PASSWORD) Lazy<Scene> choosePasswordScene, ObservedLocationPresets locationPresets, ObjectProperty<Path> vaultPath, @Named("vaultName") StringProperty vaultName, ResourceBundle resourceBundle) {
+	CreateNewVaultLocationController(@AddVaultWizardWindow Stage window, @FxmlScene(FxmlFile.ADDVAULT_NEW_NAME) Lazy<Scene> chooseNameScene, @FxmlScene(FxmlFile.ADDVAULT_NEW_PASSWORD) Lazy<Scene> choosePasswordScene, ObjectProperty<Path> vaultPath, @Named("vaultName") StringProperty vaultName, ResourceBundle resourceBundle) {
 		this.window = window;
 		this.chooseNameScene = chooseNameScene;
 		this.choosePasswordScene = choosePasswordScene;
-		this.locationPresets = locationPresets;
 		this.vaultPath = vaultPath;
 		this.vaultName = vaultName;
 		this.resourceBundle = resourceBundle;
-		this.validVaultPath = Bindings.createBooleanBinding(this::validateVaultPathAndSetStatus, this.vaultPath);
+		this.vaultPathStatus = ObservableUtil.mapWithDefault(vaultPath, this::validatePath, new VaultPathStatus(false, "error.message"));
+		this.validVaultPath = ObservableUtil.mapWithDefault(vaultPathStatus, VaultPathStatus::valid, false);
+		this.vaultPathStatus.addListener(this::updateStatusLabel);
 		this.usePresetPath = new SimpleBooleanProperty();
-		this.statusText = new SimpleStringProperty();
-		this.statusGraphic = new SimpleObjectProperty<>();
+		this.locationPresetBtns = LocationPresetsProvider.loadAll(LocationPresetsProvider.class) //
+				.flatMap(LocationPresetsProvider::getLocations) //
+				.sorted(Comparator.comparing(LocationPreset::name)) //
+				.map(preset -> { //
+					var btn = new RadioButton(preset.name());
+					btn.setUserData(preset.path());
+					return btn;
+				}).toList();
 	}
 
-	private boolean validateVaultPathAndSetStatus() {
-		final Path p = vaultPath.get();
-		if (p == null) {
-			statusText.set("Error: Path is NULL.");
-			statusGraphic.set(badLocation);
-			return false;
-		} else if (!Files.exists(p.getParent())) {
-			statusText.set(resourceBundle.getString("addvaultwizard.new.locationDoesNotExist"));
-			statusGraphic.set(badLocation);
-			return false;
+	private VaultPathStatus validatePath(Path p) throws NullPointerException {
+		if (!Files.exists(p.getParent())) {
+			return new VaultPathStatus(false, "addvaultwizard.new.locationDoesNotExist");
 		} else if (!isActuallyWritable(p.getParent())) {
-			statusText.set(resourceBundle.getString("addvaultwizard.new.locationIsNotWritable"));
-			statusGraphic.set(badLocation);
-			return false;
+			return new VaultPathStatus(false, "addvaultwizard.new.locationIsNotWritable");
 		} else if (!Files.notExists(p)) {
-			statusText.set(resourceBundle.getString("addvaultwizard.new.fileAlreadyExists"));
-			statusGraphic.set(badLocation);
-			return false;
+			return new VaultPathStatus(false, "addvaultwizard.new.fileAlreadyExists");
 		} else {
-			statusText.set(resourceBundle.getString("addvaultwizard.new.locationIsOk"));
-			statusGraphic.set(goodLocation);
-			return true;
+			return new VaultPathStatus(true, "addvaultwizard.new.locationIsOk");
 		}
 	}
 
+	private void updateStatusLabel(ObservableValue<? extends VaultPathStatus> observable, VaultPathStatus oldValue, VaultPathStatus newValue) {
+		if (newValue.valid()) {
+			locationStatusLabel.setGraphic(goodLocation);
+			locationStatusLabel.getStyleClass().remove("label-red");
+			locationStatusLabel.getStyleClass().add("label-muted");
+		} else {
+			locationStatusLabel.setGraphic(badLocation);
+			locationStatusLabel.getStyleClass().remove("label-muted");
+			locationStatusLabel.getStyleClass().add("label-red");
+		}
+		this.locationStatusLabel.setText(resourceBundle.getString(newValue.localizationKey()));
+	}
+
+
 	private boolean isActuallyWritable(Path p) {
 		Path tmpFile = p.resolve(TEMP_FILE_FORMAT);
 		try (var chan = Files.newByteChannel(tmpFile, StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE, StandardOpenOption.DELETE_ON_CLOSE)) {
@@ -127,26 +132,15 @@ public class CreateNewVaultLocationController implements FxController {
 
 	@FXML
 	public void initialize() {
-		predefinedLocationToggler.selectedToggleProperty().addListener(this::togglePredefinedLocation);
-		usePresetPath.bind(predefinedLocationToggler.selectedToggleProperty().isNotEqualTo(customRadioButton));
+		radioButtonVBox.getChildren().addAll(1, locationPresetBtns); //first item is the list header
+		locationPresetsToggler.getToggles().addAll(locationPresetBtns);
+		locationPresetsToggler.selectedToggleProperty().addListener(this::togglePredefinedLocation);
+		usePresetPath.bind(locationPresetsToggler.selectedToggleProperty().isNotEqualTo(customRadioButton));
 	}
 
 	private void togglePredefinedLocation(@SuppressWarnings("unused") ObservableValue<? extends Toggle> observable, @SuppressWarnings("unused") Toggle oldValue, Toggle newValue) {
-		if (iclouddriveRadioButton.equals(newValue)) {
-			vaultPath.set(locationPresets.getIclouddriveLocation().resolve(vaultName.get()));
-		} else if (dropboxRadioButton.equals(newValue)) {
-			vaultPath.set(locationPresets.getDropboxLocation().resolve(vaultName.get()));
-		} else if (gdriveRadioButton.equals(newValue)) {
-			vaultPath.set(locationPresets.getGdriveLocation().resolve(vaultName.get()));
-		} else if (onedriveRadioButton.equals(newValue)) {
-			vaultPath.set(locationPresets.getOnedriveLocation().resolve(vaultName.get()));
-		} else if (megaRadioButton.equals(newValue)) {
-			vaultPath.set(locationPresets.getMegaLocation().resolve(vaultName.get()));
-		} else if (pcloudRadioButton.equals(newValue)) {
-			vaultPath.set(locationPresets.getPcloudLocation().resolve(vaultName.get()));
-		} else if (customRadioButton.equals(newValue)) {
-			vaultPath.set(customVaultPath.resolve(vaultName.get()));
-		}
+		var storagePath = Optional.ofNullable((Path) newValue.getUserData()).orElse(customVaultPath);
+		vaultPath.set(storagePath.resolve(vaultName.get()));
 	}
 
 	@FXML
@@ -156,10 +150,8 @@ public class CreateNewVaultLocationController implements FxController {
 
 	@FXML
 	public void next() {
-		if (validateVaultPathAndSetStatus()) {
+		if (validVaultPath.getValue()) {
 			window.setScene(choosePasswordScene.get());
-		} else {
-			validVaultPath.invalidate();
 		}
 	}
 
@@ -179,6 +171,12 @@ public class CreateNewVaultLocationController implements FxController {
 		}
 	}
 
+	/* Internal classes */
+
+	private record VaultPathStatus(boolean valid, String localizationKey) {
+
+	}
+
 	/* Getter/Setter */
 
 	public Path getVaultPath() {
@@ -189,47 +187,28 @@ public class CreateNewVaultLocationController implements FxController {
 		return vaultPath;
 	}
 
-	public BooleanBinding validVaultPathProperty() {
+	public ObservableValue<Boolean> validVaultPathProperty() {
 		return validVaultPath;
 	}
 
-	public Boolean getValidVaultPath() {
-		return validVaultPath.get();
-	}
-
-	public ObservedLocationPresets getObservedLocationPresets() {
-		return locationPresets;
+	public boolean isValidVaultPath() {
+		return validVaultPath.getValue();
 	}
 
 	public BooleanProperty usePresetPathProperty() {
 		return usePresetPath;
 	}
 
-	public boolean getUsePresetPath() {
+	public boolean isUsePresetPath() {
 		return usePresetPath.get();
 	}
 
 	public BooleanBinding anyRadioButtonSelectedProperty() {
-		return predefinedLocationToggler.selectedToggleProperty().isNotNull();
+		return locationPresetsToggler.selectedToggleProperty().isNotNull();
 	}
 
 	public boolean isAnyRadioButtonSelected() {
 		return anyRadioButtonSelectedProperty().get();
 	}
 
-	public StringProperty statusTextProperty() {
-		return statusText;
-	}
-
-	public String getStatusText() {
-		return statusText.get();
-	}
-
-	public ObjectProperty<Node> statusGraphicProperty() {
-		return statusGraphic;
-	}
-
-	public Node getStatusGraphic() {
-		return statusGraphic.get();
-	}
 }

src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultPasswordController.java

@@ -13,7 +13,7 @@ import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
-import org.cryptomator.ui.common.NewPasswordController;
+import org.cryptomator.ui.changepassword.NewPasswordController;
 import org.cryptomator.ui.common.Tasks;
 import org.cryptomator.ui.fxapp.FxApplicationWindows;
 import org.cryptomator.ui.keyloading.masterkeyfile.MasterkeyFileLoadingStrategy;
@@ -48,13 +48,13 @@ import java.util.ResourceBundle;
 import java.util.concurrent.ExecutorService;
 
 import static java.nio.charset.StandardCharsets.US_ASCII;
+import static org.cryptomator.common.Constants.DEFAULT_KEY_ID;
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 
 @AddVaultWizardScoped
 public class CreateNewVaultPasswordController implements FxController {
 
 	private static final Logger LOG = LoggerFactory.getLogger(CreateNewVaultPasswordController.class);
-	private static final URI DEFAULT_KEY_ID = URI.create(MasterkeyFileLoadingStrategy.SCHEME + ":" + MASTERKEY_FILENAME); // TODO better place?
 
 	private final Stage window;
 	private final Lazy<Scene> chooseLocationScene;

src/main/java/org/cryptomator/ui/addvaultwizard/ObservedLocationPresets.java

@@ -1,141 +0,0 @@
-package org.cryptomator.ui.addvaultwizard;
-
-import org.cryptomator.common.LocationPreset;
-
-import javax.inject.Inject;
-import javafx.beans.binding.BooleanBinding;
-import javafx.beans.property.ReadOnlyObjectProperty;
-import javafx.beans.property.SimpleObjectProperty;
-import java.nio.file.Path;
-
-@AddVaultWizardScoped
-public class ObservedLocationPresets {
-
-	private final ReadOnlyObjectProperty<Path> iclouddriveLocation;
-	private final ReadOnlyObjectProperty<Path> dropboxLocation;
-	private final ReadOnlyObjectProperty<Path> gdriveLocation;
-	private final ReadOnlyObjectProperty<Path> onedriveLocation;
-	private final ReadOnlyObjectProperty<Path> megaLocation;
-	private final ReadOnlyObjectProperty<Path> pcloudLocation;
-	private final BooleanBinding foundIclouddrive;
-	private final BooleanBinding foundDropbox;
-	private final BooleanBinding foundGdrive;
-	private final BooleanBinding foundOnedrive;
-	private final BooleanBinding foundMega;
-	private final BooleanBinding foundPcloud;
-
-	@Inject
-	public ObservedLocationPresets() {
-		this.iclouddriveLocation = new SimpleObjectProperty<>(LocationPreset.ICLOUDDRIVE.existingPath());
-		this.dropboxLocation = new SimpleObjectProperty<>(LocationPreset.DROPBOX.existingPath());
-		this.gdriveLocation = new SimpleObjectProperty<>(LocationPreset.GDRIVE.existingPath());
-		this.onedriveLocation = new SimpleObjectProperty<>(LocationPreset.ONEDRIVE.existingPath());
-		this.megaLocation = new SimpleObjectProperty<>(LocationPreset.MEGA.existingPath());
-		this.pcloudLocation = new SimpleObjectProperty<>(LocationPreset.PCLOUD.existingPath());
-		this.foundIclouddrive = iclouddriveLocation.isNotNull();
-		this.foundDropbox = dropboxLocation.isNotNull();
-		this.foundGdrive = gdriveLocation.isNotNull();
-		this.foundOnedrive = onedriveLocation.isNotNull();
-		this.foundMega = megaLocation.isNotNull();
-		this.foundPcloud = pcloudLocation.isNotNull();
-	}
-
-	/* Observables */
-
-	public ReadOnlyObjectProperty<Path> iclouddriveLocationProperty() {
-		return iclouddriveLocation;
-	}
-
-	public Path getIclouddriveLocation() {
-		return iclouddriveLocation.get();
-	}
-
-	public BooleanBinding foundIclouddriveProperty() {
-		return foundIclouddrive;
-	}
-
-	public boolean isFoundIclouddrive() {
-		return foundIclouddrive.get();
-	}
-
-	public ReadOnlyObjectProperty<Path> dropboxLocationProperty() {
-		return dropboxLocation;
-	}
-
-	public Path getDropboxLocation() {
-		return dropboxLocation.get();
-	}
-
-	public BooleanBinding foundDropboxProperty() {
-		return foundDropbox;
-	}
-
-	public boolean isFoundDropbox() {
-		return foundDropbox.get();
-	}
-
-	public ReadOnlyObjectProperty<Path> gdriveLocationProperty() {
-		return gdriveLocation;
-	}
-
-	public Path getGdriveLocation() {
-		return gdriveLocation.get();
-	}
-
-	public BooleanBinding foundGdriveProperty() {
-		return foundGdrive;
-	}
-
-	public boolean isFoundGdrive() {
-		return foundGdrive.get();
-	}
-
-	public ReadOnlyObjectProperty<Path> onedriveLocationProperty() {
-		return onedriveLocation;
-	}
-
-	public Path getOnedriveLocation() {
-		return onedriveLocation.get();
-	}
-
-	public BooleanBinding foundOnedriveProperty() {
-		return foundOnedrive;
-	}
-
-	public boolean isFoundOnedrive() {
-		return foundOnedrive.get();
-	}
-
-	public ReadOnlyObjectProperty<Path> megaLocationProperty() {
-		return megaLocation;
-	}
-
-	public Path getMegaLocation() {
-		return megaLocation.get();
-	}
-
-	public BooleanBinding foundMegaProperty() {
-		return foundMega;
-	}
-
-	public boolean isFoundMega() {
-		return foundMega.get();
-	}
-
-	public ReadOnlyObjectProperty<Path> pcloudLocationProperty() {
-		return pcloudLocation;
-	}
-
-	public Path getPcloudLocation() {
-		return pcloudLocation.get();
-	}
-
-	public BooleanBinding foundPcloudProperty() {
-		return foundPcloud;
-	}
-
-	public boolean isFoundPcloud() {
-		return foundPcloud.get();
-	}
-
-}

src/main/java/org/cryptomator/ui/changepassword/ChangePasswordController.java

@@ -9,7 +9,6 @@ import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.integrations.keychain.KeychainAccessException;
 import org.cryptomator.ui.common.Animations;
 import org.cryptomator.ui.common.FxController;
-import org.cryptomator.ui.common.NewPasswordController;
 import org.cryptomator.ui.controls.NiceSecurePasswordField;
 import org.cryptomator.ui.fxapp.FxApplicationWindows;
 import org.slf4j.Logger;

src/main/java/org/cryptomator/ui/changepassword/ChangePasswordModule.java

@@ -10,8 +10,6 @@ import org.cryptomator.ui.common.FxControllerKey;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlLoaderFactory;
 import org.cryptomator.ui.common.FxmlScene;
-import org.cryptomator.ui.common.NewPasswordController;
-import org.cryptomator.ui.common.PasswordStrengthUtil;
 import org.cryptomator.ui.common.StageFactory;
 
 import javax.inject.Named;

src/main/java/org/cryptomator/ui/changepassword/NewPasswordController.java

@@ -1,5 +1,7 @@
-package org.cryptomator.ui.common;
+package org.cryptomator.ui.changepassword;
 
+import org.cryptomator.common.Passphrase;
+import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.controls.FontAwesome5IconView;
 import org.cryptomator.ui.controls.NiceSecurePasswordField;
 
@@ -91,4 +93,8 @@ public class NewPasswordController implements FxController {
 		return passwordStrength.get();
 	}
 
+	public Passphrase getNewPassword() {
+		return passwordField.getCharacters();
+	}
+
 }

src/main/java/org/cryptomator/ui/changepassword/PasswordStrengthUtil.java

@@ -6,7 +6,7 @@
  * Contributors:
  *     Jean-Noël Charon - initial API and implementation
  *******************************************************************************/
-package org.cryptomator.ui.common;
+package org.cryptomator.ui.changepassword;
 
 import com.nulabinc.zxcvbn.Zxcvbn;
 import org.cryptomator.common.Environment;

src/main/java/org/cryptomator/ui/common/FxmlFile.java

@@ -9,6 +9,9 @@ public enum FxmlFile {
 	ADDVAULT_SUCCESS("/fxml/addvault_success.fxml"), //
 	ADDVAULT_WELCOME("/fxml/addvault_welcome.fxml"), //
 	CHANGEPASSWORD("/fxml/changepassword.fxml"), //
+	CONVERTVAULT_HUBTOPASSWORD_START("/fxml/convertvault_hubtopassword_start.fxml"), //
+	CONVERTVAULT_HUBTOPASSWORD_CONVERT("/fxml/convertvault_hubtopassword_convert.fxml"), //
+	CONVERTVAULT_HUBTOPASSWORD_SUCCESS("/fxml/convertvault_hubtopassword_success.fxml"), //
 	ERROR("/fxml/error.fxml"), //
 	FORGET_PASSWORD("/fxml/forget_password.fxml"), //
 	HEALTH_START("/fxml/health_start.fxml"), //

src/main/java/org/cryptomator/ui/controls/FontAwesome5Icon.java

@@ -18,6 +18,7 @@ public enum FontAwesome5Icon {
 	COPY("\uF0C5"), //
 	CROWN("\uF521"), //
 	EDIT("\uF044"), //
+	EXCHANGE_ALT("\uF362"), //
 	EXCLAMATION("\uF12A"), //
 	EXCLAMATION_CIRCLE("\uF06A"), //
 	EXCLAMATION_TRIANGLE("\uF071"), //

src/main/java/org/cryptomator/ui/controls/SecurePasswordField.java

@@ -43,7 +43,7 @@ public class SecurePasswordField extends TextField {
 	private static final char WIPE_CHAR = ' ';
 	private static final int INITIAL_BUFFER_SIZE = 50;
 	private static final int GROW_BUFFER_SIZE = 50;
-	private static final String DEFAULT_PLACEHOLDER = "●";
+	private static final String DEFAULT_PLACEHOLDER = "•";
 	private static final String STYLE_CLASS = "secure-password-field";
 	private static final KeyCodeCombination SHORTCUT_BACKSPACE = new KeyCodeCombination(KeyCode.BACK_SPACE, KeyCombination.SHORTCUT_DOWN);
 

src/main/java/org/cryptomator/ui/convertvault/ConvertVaultComponent.java

@@ -0,0 +1,41 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Skymatic UG (haftungsbeschränkt).
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the accompanying LICENSE file.
+ *******************************************************************************/
+package org.cryptomator.ui.convertvault;
+
+import dagger.BindsInstance;
+import dagger.Lazy;
+import dagger.Subcomponent;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlScene;
+
+import javax.inject.Named;
+import javafx.scene.Scene;
+import javafx.stage.Stage;
+
+@ConvertVaultScoped
+@Subcomponent(modules = {ConvertVaultModule.class})
+public interface ConvertVaultComponent {
+
+	@ConvertVaultWindow
+	Stage window();
+
+	@FxmlScene(FxmlFile.CONVERTVAULT_HUBTOPASSWORD_START)
+	Lazy<Scene> hubToPasswordScene();
+
+	default void showHubToPasswordWindow() {
+		Stage stage = window();
+		stage.setScene(hubToPasswordScene().get());
+		stage.sizeToScene();
+		stage.show();
+	}
+
+	@Subcomponent.Factory
+	interface Factory {
+
+		ConvertVaultComponent create(@BindsInstance @ConvertVaultWindow Vault vault, @BindsInstance @Named("convertVaultOwner") Stage owner);
+	}
+}

src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java

@@ -0,0 +1,126 @@
+package org.cryptomator.ui.convertvault;
+
+import dagger.Binds;
+import dagger.Module;
+import dagger.Provides;
+import dagger.multibindings.IntoMap;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.cryptofs.VaultConfig;
+import org.cryptomator.ui.changepassword.NewPasswordController;
+import org.cryptomator.ui.changepassword.PasswordStrengthUtil;
+import org.cryptomator.ui.common.DefaultSceneFactory;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.common.FxControllerKey;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlLoaderFactory;
+import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.common.StageFactory;
+import org.cryptomator.ui.recoverykey.RecoveryKeyFactory;
+import org.cryptomator.ui.recoverykey.RecoveryKeyValidateController;
+
+import javax.inject.Named;
+import javax.inject.Provider;
+import javafx.beans.property.SimpleStringProperty;
+import javafx.beans.property.StringProperty;
+import javafx.scene.Scene;
+import javafx.stage.Modality;
+import javafx.stage.Stage;
+import java.io.IOException;
+import java.util.Map;
+import java.util.ResourceBundle;
+
+@Module
+abstract class ConvertVaultModule {
+
+	//TODO: if this fails, we cannot display an error
+	@Provides
+	@ConvertVaultWindow
+	@ConvertVaultScoped
+	static VaultConfig.UnverifiedVaultConfig vaultConfig(@ConvertVaultWindow Vault vault) {
+		try {
+			return vault.getVaultConfigCache().get();
+		} catch (IOException e) {
+			return null;
+		}
+	}
+
+	@Provides
+	@ConvertVaultWindow
+	@ConvertVaultScoped
+	static StringProperty provideRecoveryKeyProperty() {
+		return new SimpleStringProperty();
+	}
+
+	@Provides
+	@ConvertVaultWindow
+	@ConvertVaultScoped
+	static FxmlLoaderFactory provideFxmlLoaderFactory(Map<Class<? extends FxController>, Provider<FxController>> factories, DefaultSceneFactory sceneFactory, ResourceBundle resourceBundle) {
+		return new FxmlLoaderFactory(factories, sceneFactory, resourceBundle);
+	}
+
+	@Provides
+	@ConvertVaultWindow
+	@ConvertVaultScoped
+	static Stage provideStage(StageFactory factory, @Named("convertVaultOwner") Stage owner, ResourceBundle resourceBundle) {
+		Stage stage = factory.create();
+		stage.setResizable(false);
+		stage.initModality(Modality.WINDOW_MODAL);
+		stage.initOwner(owner);
+		stage.setTitle(resourceBundle.getString("convertVault.title"));
+		return stage;
+	}
+
+	@Provides
+	@FxmlScene(FxmlFile.CONVERTVAULT_HUBTOPASSWORD_START)
+	@ConvertVaultScoped
+	static Scene provideHubToPasswordStartScene(@ConvertVaultWindow FxmlLoaderFactory fxmlLoaders) {
+		return fxmlLoaders.createScene(FxmlFile.CONVERTVAULT_HUBTOPASSWORD_START);
+	}
+
+	@Provides
+	@FxmlScene(FxmlFile.CONVERTVAULT_HUBTOPASSWORD_CONVERT)
+	@ConvertVaultScoped
+	static Scene provideHubToPasswordConvertScene(@ConvertVaultWindow FxmlLoaderFactory fxmlLoaders) {
+		return fxmlLoaders.createScene(FxmlFile.CONVERTVAULT_HUBTOPASSWORD_CONVERT);
+	}
+
+	@Provides
+	@FxmlScene(FxmlFile.CONVERTVAULT_HUBTOPASSWORD_SUCCESS)
+	@ConvertVaultScoped
+	static Scene provideHubToPasswordSuccessScene(@ConvertVaultWindow FxmlLoaderFactory fxmlLoaders) {
+		return fxmlLoaders.createScene(FxmlFile.CONVERTVAULT_HUBTOPASSWORD_SUCCESS);
+	}
+
+	// ------------------
+
+	@Binds
+	@IntoMap
+	@FxControllerKey(HubToPasswordStartController.class)
+	abstract FxController bindHubToPasswordStartController(HubToPasswordStartController controller);
+
+	@Binds
+	@IntoMap
+	@FxControllerKey(HubToPasswordConvertController.class)
+	abstract FxController bindHubToPasswordConvertController(HubToPasswordConvertController controller);
+
+	@Binds
+	@IntoMap
+	@FxControllerKey(HubToPasswordSuccessController.class)
+	abstract FxController bindHubToPasswordSuccessController(HubToPasswordSuccessController controller);
+
+
+	@Provides
+	@IntoMap
+	@FxControllerKey(NewPasswordController.class)
+	static FxController provideNewPasswordController(ResourceBundle resourceBundle, PasswordStrengthUtil strengthRater) {
+		return new NewPasswordController(resourceBundle, strengthRater);
+	}
+
+	@Provides
+	@IntoMap
+	@FxControllerKey(RecoveryKeyValidateController.class)
+	static FxController bindRecoveryKeyValidateController(@ConvertVaultWindow Vault vault, @ConvertVaultWindow VaultConfig.UnverifiedVaultConfig vaultConfig, @ConvertVaultWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory) {
+		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory);
+	}
+
+}

src/main/java/org/cryptomator/ui/convertvault/ConvertVaultScoped.java

@@ -0,0 +1,13 @@
+package org.cryptomator.ui.convertvault;
+
+import javax.inject.Scope;
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+
+@Scope
+@Documented
+@Retention(RetentionPolicy.RUNTIME)
+@interface ConvertVaultScoped {
+
+}

src/main/java/org/cryptomator/ui/convertvault/ConvertVaultWindow.java

@@ -0,0 +1,14 @@
+package org.cryptomator.ui.convertvault;
+
+import javax.inject.Qualifier;
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+@Qualifier
+@Documented
+@Retention(RUNTIME)
+@interface ConvertVaultWindow {
+
+}

src/main/java/org/cryptomator/ui/convertvault/HubToPasswordConvertController.java

@@ -0,0 +1,171 @@
+package org.cryptomator.ui.convertvault;
+
+import com.google.common.base.Preconditions;
+import dagger.Lazy;
+import org.cryptomator.common.Constants;
+import org.cryptomator.common.Passphrase;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.cryptofs.VaultConfig;
+import org.cryptomator.cryptofs.VaultVersionMismatchException;
+import org.cryptomator.cryptofs.common.BackupHelper;
+import org.cryptomator.cryptolib.api.MasterkeyLoadingFailedException;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
+import org.cryptomator.ui.changepassword.NewPasswordController;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.fxapp.FxApplicationWindows;
+import org.cryptomator.ui.recoverykey.RecoveryKeyFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Inject;
+import javafx.application.Platform;
+import javafx.beans.binding.Bindings;
+import javafx.beans.property.BooleanProperty;
+import javafx.beans.property.SimpleBooleanProperty;
+import javafx.beans.property.StringProperty;
+import javafx.fxml.FXML;
+import javafx.scene.Scene;
+import javafx.scene.control.Button;
+import javafx.scene.control.ContentDisplay;
+import javafx.stage.Stage;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.StandardCopyOption;
+import java.util.ResourceBundle;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionException;
+import java.util.concurrent.ExecutorService;
+
+import static java.nio.file.StandardOpenOption.CREATE_NEW;
+import static java.nio.file.StandardOpenOption.WRITE;
+import static org.cryptomator.common.Constants.MASTERKEY_BACKUP_SUFFIX;
+import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
+import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
+
+public class HubToPasswordConvertController implements FxController {
+
+	private static final Logger LOG = LoggerFactory.getLogger(HubToPasswordConvertController.class);
+
+	private final Stage window;
+	private final Lazy<Scene> successScene;
+	private final FxApplicationWindows applicationWindows;
+	private final Vault vault;
+	private final StringProperty recoveryKey;
+	private final RecoveryKeyFactory recoveryKeyFactory;
+	private final MasterkeyFileAccess masterkeyFileAccess;
+	private final ExecutorService backgroundExecutorService;
+	private final ResourceBundle resourceBundle;
+	private final BooleanProperty conversionStarted;
+
+	@FXML
+	NewPasswordController newPasswordController;
+	public Button convertBtn;
+
+	@Inject
+	public HubToPasswordConvertController(@ConvertVaultWindow Stage window, @FxmlScene(FxmlFile.CONVERTVAULT_HUBTOPASSWORD_SUCCESS) Lazy<Scene> successScene, FxApplicationWindows applicationWindows, @ConvertVaultWindow Vault vault, @ConvertVaultWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory, MasterkeyFileAccess masterkeyFileAccess, ExecutorService backgroundExecutorService, ResourceBundle resourceBundle) {
+		this.window = window;
+		this.successScene = successScene;
+		this.applicationWindows = applicationWindows;
+		this.vault = vault;
+		this.recoveryKey = recoveryKey;
+		this.recoveryKeyFactory = recoveryKeyFactory;
+		this.masterkeyFileAccess = masterkeyFileAccess;
+		this.backgroundExecutorService = backgroundExecutorService;
+		this.resourceBundle = resourceBundle;
+		this.conversionStarted = new SimpleBooleanProperty(false);
+
+	}
+
+	@FXML
+	public void initialize() {
+		convertBtn.disableProperty().bind(Bindings.createBooleanBinding( //
+				() -> !newPasswordController.isGoodPassword() || conversionStarted.get(), //
+				newPasswordController.goodPasswordProperty(), //
+				conversionStarted));
+		convertBtn.contentDisplayProperty().bind(Bindings.createObjectBinding( //
+				() -> conversionStarted.getValue() ? ContentDisplay.LEFT : ContentDisplay.TEXT_ONLY, //
+				conversionStarted));
+		convertBtn.textProperty().bind(Bindings.createStringBinding( //
+				() -> resourceBundle.getString("convertVault.convert.convertBtn." + (conversionStarted.get() ? "processing" : "before")), //
+				conversionStarted));
+	}
+
+	@FXML
+	public void close() {
+		window.close();
+	}
+
+	@FXML
+	public void convert() {
+		Preconditions.checkState(newPasswordController.isGoodPassword());
+		LOG.info("Converting access method of vault {} from hub to password", vault.getPath());
+		CompletableFuture.runAsync(() -> conversionStarted.setValue(true), Platform::runLater) //
+				.thenRunAsync(this::convertInternal, backgroundExecutorService) //
+				.whenCompleteAsync((result, exception) -> {
+					if (exception == null) {
+						LOG.info("Conversion of vault {} succeeded.", vault.getPath());
+						window.setScene(successScene.get());
+					} else {
+						LOG.error("Conversion of vault {} failed.", vault.getPath(), exception);
+						applicationWindows.showErrorWindow(exception, window, null);
+					}
+				}, Platform::runLater); //
+	}
+
+	//visible for testing
+	void convertInternal() throws CompletionException, IllegalArgumentException {
+		var passphrase = newPasswordController.getNewPassword();
+		var vaultPath = vault.getPath();
+		try {
+			//create masterkey
+			recoveryKeyFactory.newMasterkeyFileWithPassphrase(vaultPath, recoveryKey.get(), passphrase);
+			LOG.debug("Successfully created masterkey file for vault {}", vaultPath);
+			//create password config
+			Path passwordConfigPath = vaultPath.resolve("passwordBased." + VAULTCONFIG_FILENAME + ".tmp");
+			passwordConfigPath = createPasswordConfig(passwordConfigPath, vaultPath.resolve(MASTERKEY_FILENAME), passphrase);
+			//backup hub config
+			var hubConfigPath = vaultPath.resolve(VAULTCONFIG_FILENAME);
+			backupHubConfig(hubConfigPath);
+			//replace hub by password
+			Files.move(passwordConfigPath, hubConfigPath, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE);
+		} catch (MasterkeyLoadingFailedException e) {
+			throw new CompletionException(new IOException("Vault conversion failed", e));
+		} catch (IOException e) {
+			throw new CompletionException("Vault conversion failed", e);
+		} finally {
+			passphrase.destroy();
+		}
+	}
+
+	//visible for testing
+	void backupHubConfig(Path hubConfigPath) throws IOException {
+		byte[] hubConfigBytes = Files.readAllBytes(hubConfigPath);
+		Path backupPath = hubConfigPath.resolveSibling(VAULTCONFIG_FILENAME + BackupHelper.generateFileIdSuffix(hubConfigBytes) + MASTERKEY_BACKUP_SUFFIX);
+		Files.copy(hubConfigPath, backupPath, StandardCopyOption.REPLACE_EXISTING);
+		LOG.debug("Successfully created hub config backup {}", backupPath.getFileName());
+	}
+
+	//visible for testing
+	Path createPasswordConfig(Path passwordConfigPath, Path masterkeyFile, Passphrase passphrase) throws IOException, MasterkeyLoadingFailedException {
+		var unverifiedVaultConfig = vault.getVaultConfigCache().get();
+		try (var masterkey = masterkeyFileAccess.load(masterkeyFile, passphrase)) {
+			var hubConfig = unverifiedVaultConfig.verify(masterkey.getEncoded(), unverifiedVaultConfig.allegedVaultVersion());
+			var passwordConfig = VaultConfig.createNew() //
+					.cipherCombo(hubConfig.getCipherCombo()) //
+					.shorteningThreshold(hubConfig.getShorteningThreshold()) //
+					.build();
+			if (passwordConfig.getVaultVersion() != hubConfig.getVaultVersion()) {
+				throw new VaultVersionMismatchException("Only vaults of version " + passwordConfig.getVaultVersion() + " can be converted.");
+			}
+			var token = passwordConfig.toToken(Constants.DEFAULT_KEY_ID.toString(), masterkey.getEncoded());
+			Files.writeString(passwordConfigPath, token, StandardCharsets.US_ASCII, WRITE, CREATE_NEW);
+			LOG.debug("Successfully created password config {}", passwordConfigPath);
+			return passwordConfigPath;
+		}
+	}
+
+}

src/main/java/org/cryptomator/ui/convertvault/HubToPasswordStartController.java

@@ -0,0 +1,47 @@
+package org.cryptomator.ui.convertvault;
+
+import dagger.Lazy;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.recoverykey.RecoveryKeyValidateController;
+
+import javax.inject.Inject;
+import javafx.fxml.FXML;
+import javafx.scene.Scene;
+import javafx.stage.Stage;
+
+public class HubToPasswordStartController implements FxController {
+
+	private final Stage window;
+	private final Lazy<Scene> convertScene;
+
+	@FXML
+	RecoveryKeyValidateController recoveryKeyValidateController;
+
+	@Inject
+	public HubToPasswordStartController(@ConvertVaultWindow Stage window, @FxmlScene(FxmlFile.CONVERTVAULT_HUBTOPASSWORD_CONVERT) Lazy<Scene> convertScene) {
+		this.window = window;
+		this.convertScene = convertScene;
+	}
+
+	@FXML
+	public void initialize() {
+	}
+
+	@FXML
+	public void close() {
+		window.close();
+	}
+
+	@FXML
+	public void next() {
+		window.setScene(convertScene.get());
+	}
+
+	/* Getter/Setter */
+
+	public RecoveryKeyValidateController getValidateController() {
+		return recoveryKeyValidateController;
+	}
+}

src/main/java/org/cryptomator/ui/convertvault/HubToPasswordSuccessController.java

@@ -0,0 +1,32 @@
+package org.cryptomator.ui.convertvault;
+
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.ui.common.FxController;
+
+import javax.inject.Inject;
+import javafx.fxml.FXML;
+import javafx.stage.Stage;
+
+public class HubToPasswordSuccessController implements FxController {
+
+	private final Stage window;
+	private final Vault vault;
+
+	@Inject
+	HubToPasswordSuccessController(@ConvertVaultWindow Stage window, @ConvertVaultWindow Vault vault) {
+		this.window = window;
+		this.vault = vault;
+	}
+
+	@FXML
+	public void close() {
+		window.close();
+		window.getOwner().hide();
+	}
+
+	/* Observables */
+
+	public Vault getVault() {
+		return vault;
+	}
+}

src/main/java/org/cryptomator/ui/error/ErrorComponent.java

@@ -1,8 +1,10 @@
-package org.cryptomator.ui.common;
+package org.cryptomator.ui.error;
 
 import dagger.BindsInstance;
 import dagger.Subcomponent;
 import org.cryptomator.common.Nullable;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlScene;
 
 import javafx.scene.Scene;
 import javafx.stage.Stage;

src/main/java/org/cryptomator/ui/error/ErrorController.java

@@ -1,8 +1,9 @@
-package org.cryptomator.ui.common;
+package org.cryptomator.ui.error;
 
 import org.cryptomator.common.Environment;
 import org.cryptomator.common.ErrorCode;
 import org.cryptomator.common.Nullable;
+import org.cryptomator.ui.common.FxController;
 
 import javax.inject.Inject;
 import javax.inject.Named;

src/main/java/org/cryptomator/ui/error/ErrorModule.java

@@ -1,10 +1,16 @@
-package org.cryptomator.ui.common;
+package org.cryptomator.ui.error;
 
 import dagger.Binds;
 import dagger.Module;
 import dagger.Provides;
 import dagger.multibindings.IntoMap;
 import org.cryptomator.common.ErrorCode;
+import org.cryptomator.ui.common.DefaultSceneFactory;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.common.FxControllerKey;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlLoaderFactory;
+import org.cryptomator.ui.common.FxmlScene;
 
 import javax.inject.Named;
 import javax.inject.Provider;

src/main/java/org/cryptomator/ui/forgetpassword/ForgetPasswordComponent.java

@@ -1,4 +1,4 @@
-package org.cryptomator.ui.forgetPassword;
+package org.cryptomator.ui.forgetpassword;
 
 import dagger.BindsInstance;
 import dagger.Lazy;

src/main/java/org/cryptomator/ui/forgetpassword/ForgetPasswordController.java

@@ -1,4 +1,4 @@
-package org.cryptomator.ui.forgetPassword;
+package org.cryptomator.ui.forgetpassword;
 
 import org.cryptomator.common.keychain.KeychainManager;
 import org.cryptomator.common.vaults.Vault;

src/main/java/org/cryptomator/ui/forgetpassword/ForgetPasswordModule.java

@@ -1,4 +1,4 @@
-package org.cryptomator.ui.forgetPassword;
+package org.cryptomator.ui.forgetpassword;
 
 import dagger.Binds;
 import dagger.Module;

src/main/java/org/cryptomator/ui/forgetpassword/ForgetPasswordScoped.java

@@ -1,4 +1,4 @@
-package org.cryptomator.ui.forgetPassword;
+package org.cryptomator.ui.forgetpassword;
 
 import javax.inject.Scope;
 import java.lang.annotation.Documented;

src/main/java/org/cryptomator/ui/forgetpassword/ForgetPasswordWindow.java

@@ -1,4 +1,4 @@
-package org.cryptomator.ui.forgetPassword;
+package org.cryptomator.ui.forgetpassword;
 
 import javax.inject.Qualifier;
 import java.lang.annotation.Documented;

src/main/java/org/cryptomator/ui/fxapp/AutoUnlocker.java

@@ -1,30 +1,85 @@
 package org.cryptomator.ui.fxapp;
 
 import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.common.vaults.VaultListManager;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
 import javafx.collections.ObservableList;
+import java.util.List;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CompletionStage;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.ScheduledFuture;
+import java.util.concurrent.TimeUnit;
+import java.util.function.Predicate;
+import java.util.stream.Stream;
 
 @FxApplicationScoped
 public class AutoUnlocker {
 
+	private static final Logger LOG = LoggerFactory.getLogger(AutoUnlocker.class);
+
 	private final ObservableList<Vault> vaults;
 	private final FxApplicationWindows appWindows;
+	private final ScheduledExecutorService scheduler;
+	private ScheduledFuture<?> unlockMissingFuture;
+	private ScheduledFuture<?> timeoutFuture;
 
 	@Inject
-	public AutoUnlocker(ObservableList<Vault> vaults, FxApplicationWindows appWindows) {
+	public AutoUnlocker(ObservableList<Vault> vaults, FxApplicationWindows appWindows, ScheduledExecutorService scheduler) {
 		this.vaults = vaults;
 		this.appWindows = appWindows;
+		this.scheduler = scheduler;
 	}
 
-	public void unlock() {
-		vaults.stream().filter(Vault::isLocked) //
-				.filter(v -> v.getVaultSettings().unlockAfterStartup().get()) //
-				.<CompletionStage<Void>>reduce(CompletableFuture.completedFuture(null), //
-						(unlockFlow, v) -> unlockFlow.handle((voit, ex) -> appWindows.startUnlockWorkflow(v, null)).thenCompose(stage -> stage), //we don't care here about the exception, logged elsewhere
-						(unlockChain1, unlockChain2) -> unlockChain1.handle((voit, ex) -> unlockChain2).thenCompose(stage -> stage));
+	public void tryUnlockForTimespan(int timespan, TimeUnit timeUnit) {
+		// Unlock all available auto unlock vaults
+		Predicate<Vault> shouldAutoUnlock = v -> v.getVaultSettings().unlockAfterStartup().get();
+		unlockSequentially(vaults.stream().filter(shouldAutoUnlock)).thenRun(() -> startUnlockMissing(timespan, timeUnit));
 	}
 
+	private CompletionStage<Void> unlockSequentially(Stream<Vault> vaultStream) {
+		// this is an attempt to run all the unlock workflows sequentially, i.e. start the next workflow only after completing/failing the previous workflow.
+		return vaultStream.filter(Vault::isLocked).reduce(CompletableFuture.completedFuture(null),
+				(prevUnlock, nextVault) -> prevUnlock.thenCompose(unused -> appWindows.startUnlockWorkflow(nextVault, null)),
+				(prevUnlock, nextUnlock) -> nextUnlock.exceptionally(e -> null) // we don't care here about the exception, logged elsewhere
+				);
+	}
+
+	private void startUnlockMissing(int timespan, TimeUnit timeUnit) {
+		// Start a temporary service if there are missing auto unlock vaults
+		if (getMissingAutoUnlockVaults().findAny().isPresent()) {
+			LOG.info("Found MISSING vaults, starting periodic check");
+			unlockMissingFuture = scheduler.scheduleWithFixedDelay(this::unlockMissing, 0, 1, TimeUnit.SECONDS);
+			timeoutFuture = scheduler.schedule(this::timeout, timespan, timeUnit);
+		}
+	}
+
+	private void unlockMissing() {
+		List<Vault> missingAutoUnlockVaults = getMissingAutoUnlockVaults().toList();
+		missingAutoUnlockVaults.forEach(VaultListManager::redetermineVaultState);
+		unlockSequentially(missingAutoUnlockVaults.stream()).thenRun(this::stopUnlockMissing);
+	}
+
+	private void stopUnlockMissing() {
+		// Stop checking if there are no more missing vaults
+		if (getMissingAutoUnlockVaults().findAny().isEmpty()) {
+			LOG.info("No more MISSING vaults, stopping periodic check");
+			unlockMissingFuture.cancel(false);
+			timeoutFuture.cancel(false);
+		}
+	}
+
+	private void timeout() {
+		LOG.info("MISSING vaults periodic check timed out");
+		unlockMissingFuture.cancel(false);
+	}
+
+	private Stream<Vault> getMissingAutoUnlockVaults() {
+		return vaults.stream()
+				.filter(Vault::isMissing)
+				.filter(v -> v.getVaultSettings().unlockAfterStartup().get());
+	}
 }

src/main/java/org/cryptomator/ui/fxapp/FxApplication.java

@@ -9,6 +9,7 @@ import org.slf4j.LoggerFactory;
 import javax.inject.Inject;
 import javax.inject.Named;
 import javafx.application.Platform;
+import java.util.concurrent.TimeUnit;
 
 @FxApplicationScoped
 public class FxApplication {
@@ -68,7 +69,6 @@ public class FxApplication {
 		});
 
 		launchEventHandler.startHandlingLaunchEvents();
-		autoUnlocker.unlock();
+		autoUnlocker.tryUnlockForTimespan(2, TimeUnit.MINUTES);
 	}
-
 }

src/main/java/org/cryptomator/ui/fxapp/FxApplicationModule.java

@@ -7,9 +7,7 @@ package org.cryptomator.ui.fxapp;
 
 import dagger.Module;
 import dagger.Provides;
-import org.apache.commons.lang3.SystemUtils;
-import org.cryptomator.ui.common.ErrorComponent;
-import org.cryptomator.ui.common.StageFactory;
+import org.cryptomator.ui.error.ErrorComponent;
 import org.cryptomator.ui.lock.LockComponent;
 import org.cryptomator.ui.mainwindow.MainWindowComponent;
 import org.cryptomator.ui.preferences.PreferencesComponent;
@@ -18,13 +16,9 @@ import org.cryptomator.ui.quit.QuitComponent;
 import org.cryptomator.ui.traymenu.TrayMenuComponent;
 import org.cryptomator.ui.unlock.UnlockComponent;
 
-import javax.inject.Named;
 import javafx.scene.image.Image;
 import java.io.IOException;
 import java.io.InputStream;
-import java.io.UncheckedIOException;
-import java.util.Collections;
-import java.util.List;
 
 @Module(includes = {UpdateCheckerModule.class}, subcomponents = {TrayMenuComponent.class, MainWindowComponent.class, PreferencesComponent.class, UnlockComponent.class, LockComponent.class, QuitComponent.class, ErrorComponent.class})
 abstract class FxApplicationModule {

src/main/java/org/cryptomator/ui/fxapp/FxApplicationWindows.java

@@ -5,13 +5,14 @@ import dagger.Lazy;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.integrations.tray.TrayIntegrationProvider;
-import org.cryptomator.ui.common.ErrorComponent;
+import org.cryptomator.ui.error.ErrorComponent;
 import org.cryptomator.ui.lock.LockComponent;
 import org.cryptomator.ui.mainwindow.MainWindowComponent;
 import org.cryptomator.ui.preferences.PreferencesComponent;
 import org.cryptomator.ui.preferences.SelectedPreferencesTab;
 import org.cryptomator.ui.quit.QuitComponent;
 import org.cryptomator.ui.unlock.UnlockComponent;
+import org.cryptomator.ui.unlock.UnlockWorkflow;
 import org.jetbrains.annotations.Nullable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -114,7 +115,7 @@ public class FxApplicationWindows {
 					LOG.debug("Start unlock workflow for {}", vault.getDisplayName());
 					return unlockWorkflowFactory.create(vault, owner).unlockWorkflow();
 				}, Platform::runLater) //
-				.thenCompose(unlockWorkflow -> CompletableFuture.runAsync(unlockWorkflow, executor)) //
+				.thenAcceptAsync(UnlockWorkflow::run, executor)
 				.exceptionally(e -> {
 					showErrorWindow(e, owner == null ? primaryStage : owner, null);
 					return null;

src/main/java/org/cryptomator/ui/health/StartController.java

@@ -102,14 +102,16 @@ public class StartController implements FxController {
 	}
 
 	private void loadingKeyFailed(Throwable e) {
-		if (e instanceof UnlockCancelledException) {
-			// ok
-		} else if (e instanceof VaultKeyInvalidException) {
-			LOG.error("Invalid key"); //TODO: specific error screen
-			appWindows.showErrorWindow(e, window, null);
-		} else {
-			LOG.error("Failed to load key.", e);
-			appWindows.showErrorWindow(e, window, null);
+		switch (e) {
+			case UnlockCancelledException uce -> {} //ok
+			case VaultKeyInvalidException vkie -> {
+				LOG.error("Invalid key"); //TODO: specific error screen
+				appWindows.showErrorWindow(e, window, null);
+			}
+			default -> {
+				LOG.error("Failed to load key.", e);
+				appWindows.showErrorWindow(e, window, null);
+			}
 		}
 	}
 

src/main/java/org/cryptomator/ui/keyloading/hub/HubKeyLoadingModule.java

@@ -15,8 +15,6 @@ import org.cryptomator.ui.common.FxControllerKey;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlLoaderFactory;
 import org.cryptomator.ui.common.FxmlScene;
-import org.cryptomator.ui.common.NewPasswordController;
-import org.cryptomator.ui.common.PasswordStrengthUtil;
 import org.cryptomator.ui.keyloading.KeyLoading;
 import org.cryptomator.ui.keyloading.KeyLoadingScoped;
 import org.cryptomator.ui.keyloading.KeyLoadingStrategy;
@@ -153,13 +151,6 @@ public abstract class HubKeyLoadingModule {
 	@FxControllerKey(AuthFlowController.class)
 	abstract FxController bindAuthFlowController(AuthFlowController controller);
 
-	@Provides
-	@IntoMap
-	@FxControllerKey(NewPasswordController.class)
-	static FxController provideNewPasswordController(ResourceBundle resourceBundle, PasswordStrengthUtil strengthRater) {
-		return new NewPasswordController(resourceBundle, strengthRater);
-	}
-
 	@Binds
 	@IntoMap
 	@FxControllerKey(InvalidLicenseController.class)

src/main/java/org/cryptomator/ui/keyloading/hub/HubKeyLoadingStrategy.java

@@ -29,8 +29,8 @@ import java.util.concurrent.ExecutionException;
 public class HubKeyLoadingStrategy implements KeyLoadingStrategy {
 
 	private static final String SCHEME_PREFIX = "hub+";
-	static final String SCHEME_HUB_HTTP = SCHEME_PREFIX + "http";
-	static final String SCHEME_HUB_HTTPS = SCHEME_PREFIX + "https";
+	public static final String SCHEME_HUB_HTTP = SCHEME_PREFIX + "http";
+	public static final String SCHEME_HUB_HTTPS = SCHEME_PREFIX + "https";
 
 	private final Stage window;
 	private final KeychainManager keychainManager;

src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingModule.java

@@ -8,7 +8,7 @@ import dagger.multibindings.StringKey;
 import org.cryptomator.common.keychain.KeychainManager;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.integrations.keychain.KeychainAccessException;
-import org.cryptomator.ui.forgetPassword.ForgetPasswordComponent;
+import org.cryptomator.ui.forgetpassword.ForgetPasswordComponent;
 import org.cryptomator.ui.keyloading.KeyLoading;
 import org.cryptomator.ui.keyloading.KeyLoadingScoped;
 import org.cryptomator.ui.keyloading.KeyLoadingStrategy;

src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/PassphraseEntryController.java

@@ -7,7 +7,7 @@ import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.WeakBindings;
 import org.cryptomator.ui.controls.NiceSecurePasswordField;
-import org.cryptomator.ui.forgetPassword.ForgetPasswordComponent;
+import org.cryptomator.ui.forgetpassword.ForgetPasswordComponent;
 import org.cryptomator.ui.keyloading.KeyLoading;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

src/main/java/org/cryptomator/ui/mainwindow/MainWindowModule.java

@@ -6,7 +6,7 @@ import dagger.Provides;
 import dagger.multibindings.IntoMap;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.addvaultwizard.AddVaultWizardComponent;
-import org.cryptomator.ui.common.ErrorComponent;
+import org.cryptomator.ui.error.ErrorComponent;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxControllerKey;
 import org.cryptomator.ui.common.FxmlFile;

src/main/java/org/cryptomator/ui/preferences/InterfacePreferencesController.java

@@ -1,6 +1,5 @@
 package org.cryptomator.ui.preferences;
 
-import com.google.common.base.Strings;
 import org.cryptomator.common.LicenseHolder;
 import org.cryptomator.common.settings.Settings;
 import org.cryptomator.common.settings.UiTheme;
@@ -35,6 +34,7 @@ public class InterfacePreferencesController implements FxController {
 	private final ObjectProperty<SelectedPreferencesTab> selectedTabProperty;
 	private final LicenseHolder licenseHolder;
 	private final ResourceBundle resourceBundle;
+	private final SupportedLanguages supportedLanguages;
 	public ChoiceBox<UiTheme> themeChoiceBox;
 	public CheckBox showMinimizeButtonCheckbox;
 	public CheckBox showTrayIconCheckbox;
@@ -44,13 +44,14 @@ public class InterfacePreferencesController implements FxController {
 	public RadioButton nodeOrientationRtl;
 
 	@Inject
-	InterfacePreferencesController(Settings settings, TrayMenuComponent trayMenu, ObjectProperty<SelectedPreferencesTab> selectedTabProperty, LicenseHolder licenseHolder, ResourceBundle resourceBundle) {
+	InterfacePreferencesController(Settings settings, SupportedLanguages supportedLanguages, TrayMenuComponent trayMenu, ObjectProperty<SelectedPreferencesTab> selectedTabProperty, LicenseHolder licenseHolder, ResourceBundle resourceBundle) {
 		this.settings = settings;
 		this.trayMenuInitialized = trayMenu.isInitialized();
 		this.trayMenuSupported = trayMenu.isSupported();
 		this.selectedTabProperty = selectedTabProperty;
 		this.licenseHolder = licenseHolder;
 		this.resourceBundle = resourceBundle;
+		this.supportedLanguages = supportedLanguages;
 	}
 
 	@FXML
@@ -66,8 +67,7 @@ public class InterfacePreferencesController implements FxController {
 
 		showTrayIconCheckbox.selectedProperty().bindBidirectional(settings.showTrayIcon());
 
-		preferredLanguageChoiceBox.getItems().add(null);
-		preferredLanguageChoiceBox.getItems().addAll(SupportedLanguages.LANGUAGAE_TAGS);
+		preferredLanguageChoiceBox.getItems().addAll(supportedLanguages.getLanguageTags());
 		preferredLanguageChoiceBox.valueProperty().bindBidirectional(settings.languageProperty());
 		preferredLanguageChoiceBox.setConverter(new LanguageTagConverter(resourceBundle));
 
@@ -141,9 +141,7 @@ public class InterfacePreferencesController implements FxController {
 				return resourceBundle.getString("preferences.interface.language.auto");
 			} else {
 				var locale = Locale.forLanguageTag(tag);
-				var lang = locale.getDisplayLanguage(locale);
-				var region = locale.getDisplayCountry(locale);
-				return lang + (Strings.isNullOrEmpty(region) ? "" : " (" + region + ")");
+				return locale.getDisplayName();
 			}
 		}
 

src/main/java/org/cryptomator/ui/preferences/VolumePreferencesController.java

@@ -2,12 +2,14 @@ package org.cryptomator.ui.preferences;
 
 import dagger.Lazy;
 import org.cryptomator.common.ObservableUtil;
+import org.cryptomator.common.mount.MountModule;
 import org.cryptomator.common.settings.Settings;
 import org.cryptomator.integrations.mount.MountCapability;
 import org.cryptomator.integrations.mount.MountService;
 import org.cryptomator.ui.common.FxController;
 
 import javax.inject.Inject;
+import javax.inject.Named;
 import javafx.application.Application;
 import javafx.beans.binding.Bindings;
 import javafx.beans.binding.BooleanExpression;
@@ -19,11 +21,12 @@ import javafx.util.StringConverter;
 import java.util.List;
 import java.util.Optional;
 import java.util.ResourceBundle;
+import java.util.concurrent.atomic.AtomicReference;
 
 @PreferencesScoped
 public class VolumePreferencesController implements FxController {
 
-	private static final String DOCS_MOUNTING_URL = "https://docs.cryptomator.org/en/1.7/desktop/vault-mounting/";
+	private static final String DOCS_MOUNTING_URL = "https://docs.cryptomator.org/en/1.7/desktop/volume-type/";
 
 	private final Settings settings;
 	private final ObservableValue<MountService> selectedMountService;
@@ -33,6 +36,7 @@ public class VolumePreferencesController implements FxController {
 	private final ObservableValue<Boolean> mountToDriveLetterSupported;
 	private final ObservableValue<Boolean> mountFlagsSupported;
 	private final ObservableValue<Boolean> readonlySupported;
+	private final ObservableValue<Boolean> fuseRestartRequired;
 	private final Lazy<Application> application;
 	private final List<MountService> mountProviders;
 	public ChoiceBox<MountService> volumeTypeChoiceBox;
@@ -40,7 +44,7 @@ public class VolumePreferencesController implements FxController {
 	public Button loopbackPortApplyButton;
 
 	@Inject
-	VolumePreferencesController(Settings settings, Lazy<Application> application, List<MountService> mountProviders, ResourceBundle resourceBundle) {
+	VolumePreferencesController(Settings settings, Lazy<Application> application, List<MountService> mountProviders, @Named("FUPFMS") AtomicReference<MountService> firstUsedProblematicFuseMountService, ResourceBundle resourceBundle) {
 		this.settings = settings;
 		this.application = application;
 		this.mountProviders = mountProviders;
@@ -53,6 +57,12 @@ public class VolumePreferencesController implements FxController {
 		this.mountToDriveLetterSupported = selectedMountService.map(s -> s.hasCapability(MountCapability.MOUNT_AS_DRIVE_LETTER));
 		this.mountFlagsSupported = selectedMountService.map(s -> s.hasCapability(MountCapability.MOUNT_FLAGS));
 		this.readonlySupported = selectedMountService.map(s -> s.hasCapability(MountCapability.READ_ONLY));
+		this.fuseRestartRequired = selectedMountService.map(s -> {//
+			return firstUsedProblematicFuseMountService.get() != null //
+					&& MountModule.isProblematicFuseService(s) //
+					&& !firstUsedProblematicFuseMountService.get().equals(s);
+		});
+
 	}
 
 	public void initialize() {
@@ -129,6 +139,14 @@ public class VolumePreferencesController implements FxController {
 		return mountFlagsSupported.getValue();
 	}
 
+	public ObservableValue<Boolean> fuseRestartRequiredProperty() {
+		return fuseRestartRequired;
+	}
+
+	public boolean getFuseRestartRequired() {
+		return fuseRestartRequired.getValue();
+	}
+
 	/* Helpers */
 
 	private class MountServiceConverter extends StringConverter<MountService> {

src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java

@@ -38,16 +38,11 @@ public interface RecoveryKeyComponent {
 		stage.show();
 	}
 
-	@Subcomponent.Builder
-	interface Builder {
 
-		@BindsInstance
-		Builder vault(@RecoveryKeyWindow Vault vault);
+	@Subcomponent.Factory
+	interface Factory {
 
-		@BindsInstance
-		Builder owner(@Named("keyRecoveryOwner") Stage owner);
-
-		RecoveryKeyComponent build();
+		RecoveryKeyComponent create(@BindsInstance @RecoveryKeyWindow Vault vault, @BindsInstance @Named("keyRecoveryOwner") Stage owner);
 	}
 
 }

src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyFactory.java

@@ -81,7 +81,7 @@ public class RecoveryKeyFactory {
 	 * @throws IllegalArgumentException If the recoveryKey is invalid
 	 * @apiNote This is a long-running operation and should be invoked in a background thread
 	 */
-	public void resetPasswordWithRecoveryKey(Path vaultPath, String recoveryKey, CharSequence newPassword) throws IOException, IllegalArgumentException {
+	public void newMasterkeyFileWithPassphrase(Path vaultPath, String recoveryKey, CharSequence newPassword) throws IOException, IllegalArgumentException {
 		final byte[] rawKey = decodeRecoveryKey(recoveryKey);
 		try (var masterkey = new Masterkey(rawKey)) {
 			Path masterkeyPath = vaultPath.resolve(MASTERKEY_FILENAME);

src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java

@@ -13,8 +13,8 @@ import org.cryptomator.ui.common.FxControllerKey;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlLoaderFactory;
 import org.cryptomator.ui.common.FxmlScene;
-import org.cryptomator.ui.common.NewPasswordController;
-import org.cryptomator.ui.common.PasswordStrengthUtil;
+import org.cryptomator.ui.changepassword.NewPasswordController;
+import org.cryptomator.ui.changepassword.PasswordStrengthUtil;
 import org.cryptomator.ui.common.StageFactory;
 
 import javax.inject.Named;
@@ -140,6 +140,13 @@ abstract class RecoveryKeyModule {
 	@FxControllerKey(RecoveryKeyResetPasswordSuccessController.class)
 	abstract FxController bindRecoveryKeyResetPasswordSuccessController(RecoveryKeyResetPasswordSuccessController controller);
 
+	@Provides
+	@IntoMap
+	@FxControllerKey(RecoveryKeyValidateController.class)
+	static FxController bindRecoveryKeyValidateController(@RecoveryKeyWindow Vault vault, @RecoveryKeyWindow @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, @RecoveryKeyWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory) {
+		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory);
+	}
+
 	@Provides
 	@IntoMap
 	@FxControllerKey(NewPasswordController.class)

src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java

@@ -1,14 +1,9 @@
 package org.cryptomator.ui.recoverykey;
 
-import com.google.common.base.CharMatcher;
-import com.google.common.base.Strings;
 import dagger.Lazy;
 import org.cryptomator.common.Nullable;
-import org.cryptomator.common.ObservableUtil;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.VaultConfig;
-import org.cryptomator.cryptofs.VaultConfigLoadException;
-import org.cryptomator.cryptofs.VaultKeyInvalidException;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
@@ -16,96 +11,34 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
-import javafx.beans.property.ObjectProperty;
-import javafx.beans.property.SimpleObjectProperty;
+import javafx.beans.Observable;
 import javafx.beans.property.StringProperty;
 import javafx.beans.value.ObservableValue;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
-import javafx.scene.control.TextArea;
-import javafx.scene.control.TextFormatter;
-import javafx.scene.input.KeyCode;
-import javafx.scene.input.KeyEvent;
 import javafx.stage.Stage;
-import java.util.Optional;
 import java.util.ResourceBundle;
 
 @RecoveryKeyScoped
 public class RecoveryKeyRecoverController implements FxController {
 
 	private static final Logger LOG = LoggerFactory.getLogger(RecoveryKeyCreationController.class);
-	private static final CharMatcher ALLOWED_CHARS = CharMatcher.inRange('a', 'z').or(CharMatcher.is(' '));
 
 	private final Stage window;
-	private final Vault vault;
-	private final VaultConfig.UnverifiedVaultConfig unverifiedVaultConfig;
-	private final StringProperty recoveryKey;
-	private final ObservableValue<Boolean> recoveryKeyCorrect;
-	private final ObservableValue<Boolean> recoveryKeyWrong;
-	private final ObservableValue<Boolean> recoveryKeyInvalid;
-	private final RecoveryKeyFactory recoveryKeyFactory;
-	private final ObjectProperty<RecoveryKeyState> recoveryKeyState;
 	private final Lazy<Scene> resetPasswordScene;
-	private final AutoCompleter autoCompleter;
 
-	private volatile boolean isWrongKey;
-
-	public TextArea textarea;
+	@FXML
+	RecoveryKeyValidateController recoveryKeyValidateController;
 
 	@Inject
-	public RecoveryKeyRecoverController(@RecoveryKeyWindow Stage window, @RecoveryKeyWindow Vault vault, @RecoveryKeyWindow @Nullable VaultConfig.UnverifiedVaultConfig unverifiedVaultConfig, @RecoveryKeyWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory, @FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD) Lazy<Scene> resetPasswordScene, ResourceBundle resourceBundle) {
+	public RecoveryKeyRecoverController(@RecoveryKeyWindow Stage window, @RecoveryKeyWindow Vault vault, @RecoveryKeyWindow StringProperty recoveryKey,  @FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD) Lazy<Scene> resetPasswordScene, ResourceBundle resourceBundle) {
 		this.window = window;
 		window.setTitle(resourceBundle.getString("recoveryKey.recover.title"));
-		this.vault = vault;
-		this.unverifiedVaultConfig = unverifiedVaultConfig;
-		this.recoveryKey = recoveryKey;
-		this.recoveryKeyFactory = recoveryKeyFactory;
 		this.resetPasswordScene = resetPasswordScene;
-		this.autoCompleter = new AutoCompleter(recoveryKeyFactory.getDictionary());
-		this.recoveryKeyState = new SimpleObjectProperty<>();
-		this.recoveryKeyCorrect = ObservableUtil.mapWithDefault(recoveryKeyState, RecoveryKeyState.CORRECT::equals, false);
-		this.recoveryKeyWrong = ObservableUtil.mapWithDefault(recoveryKeyState, RecoveryKeyState.WRONG::equals, false);
-		this.recoveryKeyInvalid = ObservableUtil.mapWithDefault(recoveryKeyState, RecoveryKeyState.INVALID::equals, false);
 	}
 
 	@FXML
 	public void initialize() {
-		recoveryKey.bind(textarea.textProperty());
-		textarea.textProperty().addListener(((observable, oldValue, newValue) -> validateRecoveryKey()));
-	}
-
-	private TextFormatter.Change filterTextChange(TextFormatter.Change change) {
-		if (Strings.isNullOrEmpty(change.getText())) {
-			// pass-through caret/selection changes that don't affect the text
-			return change;
-		}
-		if (!ALLOWED_CHARS.matchesAllOf(change.getText())) {
-			return null; // reject change
-		}
-
-		String text = change.getControlNewText();
-		int caretPos = change.getCaretPosition();
-		if (caretPos == text.length() || text.charAt(caretPos) == ' ') { // are we at the end of a word?
-			int beginOfWord = Math.max(text.substring(0, caretPos).lastIndexOf(' ') + 1, 0);
-			String currentWord = text.substring(beginOfWord, caretPos);
-			Optional<String> suggestion = autoCompleter.autocomplete(currentWord);
-			if (suggestion.isPresent()) {
-				String completion = suggestion.get().substring(currentWord.length());
-				change.setText(change.getText() + completion);
-				change.setAnchor(caretPos + completion.length());
-			}
-		}
-		return change;
-	}
-
-	@FXML
-	public void onKeyPressed(KeyEvent keyEvent) {
-		if (keyEvent.getCode() == KeyCode.TAB && textarea.getAnchor() > textarea.getCaretPosition()) {
-			// apply autocompletion:
-			int pos = textarea.getAnchor();
-			textarea.insertText(pos, " ");
-			textarea.positionCaret(pos + 1);
-		}
 	}
 
 	@FXML
@@ -118,85 +51,10 @@ public class RecoveryKeyRecoverController implements FxController {
 		window.setScene(resetPasswordScene.get());
 	}
 
-	/**
-	 * Checks, if vault config is signed with the given key.
-	 *
-	 * @param key byte array of possible signing key
-	 * @return true, if vault config is signed with this key
-	 */
-	private boolean checkKeyAgainstVaultConfig(byte[] key) {
-		try {
-			var config = unverifiedVaultConfig.verify(key, unverifiedVaultConfig.allegedVaultVersion());
-			LOG.info("Provided recovery key matches vault config signature for vault {}", config.getId());
-			return true;
-		} catch (VaultKeyInvalidException e) {
-			LOG.debug("Provided recovery key does not match vault config signature.");
-			isWrongKey = true;
-			return false;
-		} catch (VaultConfigLoadException e) {
-			LOG.error("Failed to parse vault config", e);
-			return false;
-		}
-	}
-
-	private void validateRecoveryKey() {
-		isWrongKey = false;
-		var valid = recoveryKeyFactory.validateRecoveryKey(recoveryKey.get(), unverifiedVaultConfig != null ? this::checkKeyAgainstVaultConfig : null);
-		if (valid) {
-			recoveryKeyState.set(RecoveryKeyState.CORRECT);
-		} else if (isWrongKey) { //set via side effect in checkKeyAgainstVaultConfig()
-			recoveryKeyState.set(RecoveryKeyState.WRONG);
-		} else {
-			recoveryKeyState.set(RecoveryKeyState.INVALID);
-		}
-	}
-
 	/* Getter/Setter */
 
-	public Vault getVault() {
-		return vault;
+	public RecoveryKeyValidateController getValidateController() {
+		return recoveryKeyValidateController;
 	}
 
-	public TextFormatter getRecoveryKeyTextFormatter() {
-		return new TextFormatter<>(this::filterTextChange);
-	}
-
-	public ObservableValue<Boolean> recoveryKeyInvalidProperty() {
-		return recoveryKeyInvalid;
-	}
-
-	public boolean isRecoveryKeyInvalid() {
-		return recoveryKeyInvalid.getValue();
-	}
-
-	public ObservableValue<Boolean> recoveryKeyCorrectProperty() {
-		return recoveryKeyCorrect;
-	}
-
-	public boolean isRecoveryKeyCorrect() {
-		return recoveryKeyCorrect.getValue();
-	}
-
-	public ObservableValue<Boolean> recoveryKeyWrongProperty() {
-		return recoveryKeyWrong;
-	}
-
-	public boolean isRecoveryKeyWrong() {
-		return recoveryKeyWrong.getValue();
-	}
-
-	private enum RecoveryKeyState {
-		/**
-		 * Recovery key is a valid key and belongs to this vault
-		 */
-		CORRECT,
-		/**
-		 * Recovery key is a valid key, but does not belong to this vault
-		 */
-		WRONG,
-		/**
-		 * Recovery key is not a valid key.
-		 */
-		INVALID;
-	}
 }

src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java

@@ -5,7 +5,7 @@ import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
-import org.cryptomator.ui.common.NewPasswordController;
+import org.cryptomator.ui.changepassword.NewPasswordController;
 import org.cryptomator.ui.fxapp.FxApplicationWindows;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -76,7 +76,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 
 		@Override
 		protected Void call() throws IOException, IllegalArgumentException {
-			recoveryKeyFactory.resetPasswordWithRecoveryKey(vault.getPath(), recoveryKey.get(), newPasswordController.passwordField.getCharacters());
+			recoveryKeyFactory.newMasterkeyFileWithPassphrase(vault.getPath(), recoveryKey.get(), newPasswordController.passwordField.getCharacters());
 			return null;
 		}
 

src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java

@@ -0,0 +1,180 @@
+package org.cryptomator.ui.recoverykey;
+
+
+import com.google.common.base.CharMatcher;
+import com.google.common.base.Strings;
+import org.cryptomator.common.Nullable;
+import org.cryptomator.common.ObservableUtil;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.cryptofs.VaultConfig;
+import org.cryptomator.cryptofs.VaultConfigLoadException;
+import org.cryptomator.cryptofs.VaultKeyInvalidException;
+import org.cryptomator.ui.common.FxController;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.SimpleObjectProperty;
+import javafx.beans.property.StringProperty;
+import javafx.beans.value.ObservableValue;
+import javafx.fxml.FXML;
+import javafx.scene.control.TextArea;
+import javafx.scene.control.TextFormatter;
+import javafx.scene.input.KeyCode;
+import javafx.scene.input.KeyEvent;
+
+public class RecoveryKeyValidateController implements FxController {
+
+	private static final Logger LOG = LoggerFactory.getLogger(RecoveryKeyCreationController.class);
+	private static final CharMatcher ALLOWED_CHARS = CharMatcher.inRange('a', 'z').or(CharMatcher.is(' '));
+
+	private final Vault vault;
+	private final VaultConfig.UnverifiedVaultConfig unverifiedVaultConfig;
+	private final StringProperty recoveryKey;
+	private final ObservableValue<Boolean> recoveryKeyCorrect;
+	private final ObservableValue<Boolean> recoveryKeyWrong;
+	private final ObservableValue<Boolean> recoveryKeyInvalid;
+	private final RecoveryKeyFactory recoveryKeyFactory;
+	private final ObjectProperty<RecoveryKeyState> recoveryKeyState;
+	private final AutoCompleter autoCompleter;
+
+	private volatile boolean isWrongKey;
+
+	public TextArea textarea;
+
+	public RecoveryKeyValidateController(Vault vault, @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory) {
+		this.vault = vault;
+		this.unverifiedVaultConfig = vaultConfig;
+		this.recoveryKey = recoveryKey;
+		this.recoveryKeyFactory = recoveryKeyFactory;
+		this.autoCompleter = new AutoCompleter(recoveryKeyFactory.getDictionary());
+		this.recoveryKeyState = new SimpleObjectProperty<>();
+		this.recoveryKeyCorrect = ObservableUtil.mapWithDefault(recoveryKeyState, RecoveryKeyState.CORRECT::equals, false);
+		this.recoveryKeyWrong = ObservableUtil.mapWithDefault(recoveryKeyState, RecoveryKeyState.WRONG::equals, false);
+		this.recoveryKeyInvalid = ObservableUtil.mapWithDefault(recoveryKeyState, RecoveryKeyState.INVALID::equals, false);
+	}
+
+	@FXML
+	public void initialize() {
+		recoveryKey.bind(textarea.textProperty());
+		textarea.textProperty().addListener(((observable, oldValue, newValue) -> validateRecoveryKey()));
+	}
+
+	private TextFormatter.Change filterTextChange(TextFormatter.Change change) {
+		if (Strings.isNullOrEmpty(change.getText())) {
+			// pass-through caret/selection changes that don't affect the text
+			return change;
+		}
+		if (!ALLOWED_CHARS.matchesAllOf(change.getText())) {
+			return null; // reject change
+		}
+
+		String text = change.getControlNewText();
+		int caretPos = change.getCaretPosition();
+		if (caretPos == text.length() || text.charAt(caretPos) == ' ') { // are we at the end of a word?
+			int beginOfWord = Math.max(text.substring(0, caretPos).lastIndexOf(' ') + 1, 0);
+			String currentWord = text.substring(beginOfWord, caretPos);
+			var suggestion = autoCompleter.autocomplete(currentWord);
+			if (suggestion.isPresent()) {
+				String completion = suggestion.get().substring(currentWord.length());
+				change.setText(change.getText() + completion);
+				change.setAnchor(caretPos + completion.length());
+			}
+		}
+		return change;
+	}
+
+	@FXML
+	public void onKeyPressed(KeyEvent keyEvent) {
+		if (keyEvent.getCode() == KeyCode.TAB && textarea.getAnchor() > textarea.getCaretPosition()) {
+			// apply autocompletion:
+			int pos = textarea.getAnchor();
+			textarea.insertText(pos, " ");
+			textarea.positionCaret(pos + 1);
+		}
+	}
+
+	/**
+	 * Checks, if vault config is signed with the given key.
+	 *
+	 * @param key byte array of possible signing key
+	 * @return true, if vault config is signed with this key
+	 */
+	private boolean checkKeyAgainstVaultConfig(byte[] key) {
+		assert unverifiedVaultConfig != null;
+		try {
+			var config = unverifiedVaultConfig.verify(key, unverifiedVaultConfig.allegedVaultVersion());
+			LOG.info("Provided recovery key matches vault config signature for vault {}", config.getId());
+			return true;
+		} catch (VaultKeyInvalidException e) {
+			LOG.debug("Provided recovery key does not match vault config signature.");
+			isWrongKey = true;
+			return false;
+		} catch (VaultConfigLoadException e) {
+			LOG.error("Failed to parse vault config", e);
+			return false;
+		}
+	}
+
+	private void validateRecoveryKey() {
+		isWrongKey = false;
+		var valid = recoveryKeyFactory.validateRecoveryKey(recoveryKey.get(), unverifiedVaultConfig != null ? this::checkKeyAgainstVaultConfig : null);
+		if (valid) {
+			recoveryKeyState.set(RecoveryKeyState.CORRECT);
+		} else if (isWrongKey) { //set via side effect in checkKeyAgainstVaultConfig()
+			recoveryKeyState.set(RecoveryKeyState.WRONG);
+		} else {
+			recoveryKeyState.set(RecoveryKeyState.INVALID);
+		}
+	}
+
+	/* Getter/Setter */
+
+	public Vault getVault() {
+		return vault;
+	}
+
+	public TextFormatter getRecoveryKeyTextFormatter() {
+		return new TextFormatter<>(this::filterTextChange);
+	}
+
+	public ObservableValue<Boolean> recoveryKeyInvalidProperty() {
+		return recoveryKeyInvalid;
+	}
+
+	public boolean isRecoveryKeyInvalid() {
+		return recoveryKeyInvalid.getValue();
+	}
+
+	public ObservableValue<Boolean> recoveryKeyCorrectProperty() {
+		return recoveryKeyCorrect;
+	}
+
+	public boolean isRecoveryKeyCorrect() {
+		return recoveryKeyCorrect.getValue();
+	}
+
+	public ObservableValue<Boolean> recoveryKeyWrongProperty() {
+		return recoveryKeyWrong;
+	}
+
+	public boolean isRecoveryKeyWrong() {
+		return recoveryKeyWrong.getValue();
+	}
+
+	private enum RecoveryKeyState {
+		/**
+		 * Recovery key is a valid key and belongs to this vault
+		 */
+		CORRECT,
+		/**
+		 * Recovery key is a valid key, but does not belong to this vault
+		 */
+		WRONG,
+		/**
+		 * Recovery key is not a valid key.
+		 */
+		INVALID;
+	}
+
+}

src/main/java/org/cryptomator/ui/traymenu/AwtTrayMenuController.java

@@ -84,18 +84,19 @@ public class AwtTrayMenuController implements TrayMenuController {
 
 	private void addChildren(Menu menu, List<TrayMenuItem> items) {
 		for (var item : items) {
-			// TODO: use Pattern Matching for switch, once available
-			if (item instanceof ActionItem a) {
-				var menuItem = new MenuItem(a.title());
-				menuItem.addActionListener(evt -> a.action().run());
-				menuItem.setEnabled(a.enabled());
-				menu.add(menuItem);
-			} else if (item instanceof SeparatorItem) {
-				menu.addSeparator();
-			} else if (item instanceof SubMenuItem s) {
-				var submenu = new Menu(s.title());
-				addChildren(submenu, s.items());
-				menu.add(submenu);
+			switch (item) {
+				case ActionItem a -> {
+					var menuItem = new MenuItem(a.title());
+					menuItem.addActionListener(evt -> a.action().run());
+					menuItem.setEnabled(a.enabled());
+					menu.add(menuItem);
+				}
+				case SeparatorItem s -> menu.addSeparator(); // TODO: rename to _ with JEP 443
+				case SubMenuItem s -> {
+					var submenu = new Menu(s.title());
+					addChildren(submenu, s.items());
+					menu.add(submenu);
+				}
 			}
 		}
 	}

src/main/java/org/cryptomator/ui/unlock/UnlockInvalidMountPointController.java

@@ -38,12 +38,11 @@ public class UnlockInvalidMountPointController implements FxController {
 	@FXML
 	public void initialize() {
 		var e = unlockException.get();
-		String translationKey = "unlock.error.customPath.description.generic";
-		if (e instanceof MountPointNotSupportedException) {
-			translationKey = "unlock.error.customPath.description.notSupported";
-		} else if (e instanceof MountPointNotExistsException) {
-			translationKey = "unlock.error.customPath.description.notExists";
-		}
+		var translationKey = switch (e) {
+			case MountPointNotSupportedException x -> "unlock.error.customPath.description.notSupported";
+			case MountPointNotExistsException x -> "unlock.error.customPath.description.notExists";
+			default -> "unlock.error.customPath.description.generic";
+		};
 		dialogDescription.setFormat(resourceBundle.getString(translationKey));
 		dialogDescription.setArg1(e.getMessage());
 	}

src/main/java/org/cryptomator/ui/vaultoptions/HubOptionsController.java

@@ -0,0 +1,27 @@
+package org.cryptomator.ui.vaultoptions;
+
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.convertvault.ConvertVaultComponent;
+
+import javax.inject.Inject;
+import javafx.stage.Stage;
+
+public class HubOptionsController implements FxController {
+
+	private final Vault vault;
+	private final Stage window;
+	private final ConvertVaultComponent.Factory convertVaultFactory;
+
+
+	@Inject
+	public HubOptionsController(@VaultOptionsWindow Vault vault, @VaultOptionsWindow Stage window, ConvertVaultComponent.Factory convertVaultFactory) {
+		this.vault = vault;
+		this.window = window;
+		this.convertVaultFactory = convertVaultFactory;
+	}
+
+	public void startConversion() {
+		convertVaultFactory.create(vault,window).showHubToPasswordWindow();
+	}
+}

src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java

@@ -4,7 +4,7 @@ import org.cryptomator.common.keychain.KeychainManager;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.changepassword.ChangePasswordComponent;
 import org.cryptomator.ui.common.FxController;
-import org.cryptomator.ui.forgetPassword.ForgetPasswordComponent;
+import org.cryptomator.ui.forgetpassword.ForgetPasswordComponent;
 import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -23,14 +23,14 @@ public class MasterkeyOptionsController implements FxController {
 	private final Vault vault;
 	private final Stage window;
 	private final ChangePasswordComponent.Builder changePasswordWindow;
-	private final RecoveryKeyComponent.Builder recoveryKeyWindow;
+	private final RecoveryKeyComponent.Factory recoveryKeyWindow;
 	private final ForgetPasswordComponent.Builder forgetPasswordWindow;
 	private final KeychainManager keychain;
 	private final ObservableValue<Boolean> passwordSaved;
 
 
 	@Inject
-	MasterkeyOptionsController(@VaultOptionsWindow Vault vault, @VaultOptionsWindow Stage window, ChangePasswordComponent.Builder changePasswordWindow, RecoveryKeyComponent.Builder recoveryKeyWindow, ForgetPasswordComponent.Builder forgetPasswordWindow, KeychainManager keychain) {
+	MasterkeyOptionsController(@VaultOptionsWindow Vault vault, @VaultOptionsWindow Stage window, ChangePasswordComponent.Builder changePasswordWindow, RecoveryKeyComponent.Factory recoveryKeyWindow, ForgetPasswordComponent.Builder forgetPasswordWindow, KeychainManager keychain) {
 		this.vault = vault;
 		this.window = window;
 		this.changePasswordWindow = changePasswordWindow;
@@ -51,12 +51,12 @@ public class MasterkeyOptionsController implements FxController {
 
 	@FXML
 	public void showRecoveryKey() {
-		recoveryKeyWindow.vault(vault).owner(window).build().showRecoveryKeyCreationWindow();
+		recoveryKeyWindow.create(vault, window).showRecoveryKeyCreationWindow();
 	}
 
 	@FXML
 	public void showRecoverVaultDialog() {
-		recoveryKeyWindow.vault(vault).owner(window).build().showRecoveryKeyRecoverWindow();
+		recoveryKeyWindow.create(vault, window).showRecoveryKeyRecoverWindow();
 	}
 
 	@FXML

src/main/java/org/cryptomator/ui/vaultoptions/SelectedVaultOptionsTab.java

@@ -21,4 +21,9 @@ public enum SelectedVaultOptionsTab {
 	 */
 	KEY,
 
+	/**
+	 * Show hub tab
+	 */
+	HUB
+
 }

src/main/java/org/cryptomator/ui/vaultoptions/VaultOptionsController.java

@@ -2,6 +2,8 @@ package org.cryptomator.ui.vaultoptions;
 
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.keyloading.hub.HubKeyLoadingStrategy;
+import org.cryptomator.ui.keyloading.masterkeyfile.MasterkeyFileLoadingStrategy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -25,6 +27,7 @@ public class VaultOptionsController implements FxController {
 	public Tab generalTab;
 	public Tab mountTab;
 	public Tab keyTab;
+	public Tab hubTab;
 
 	@Inject
 	VaultOptionsController(@VaultOptionsWindow Stage window, @VaultOptionsWindow Vault vault, ObjectProperty<SelectedVaultOptionsTab> selectedTabProperty) {
@@ -38,9 +41,13 @@ public class VaultOptionsController implements FxController {
 		window.setOnShowing(this::windowWillAppear);
 		selectedTabProperty.addListener(observable -> this.selectChosenTab());
 		tabPane.getSelectionModel().selectedItemProperty().addListener(observable -> this.selectedTabChanged());
-		if(!vault.getVaultConfigCache().getUnchecked().getKeyId().getScheme().equals("masterkeyfile")){
+		var vaultScheme = vault.getVaultConfigCache().getUnchecked().getKeyId().getScheme();
+		if(!vaultScheme.equals(MasterkeyFileLoadingStrategy.SCHEME)){
 			tabPane.getTabs().remove(keyTab);
 		}
+		if(!(vaultScheme.equals(HubKeyLoadingStrategy.SCHEME_HUB_HTTP) || vaultScheme.equals(HubKeyLoadingStrategy.SCHEME_HUB_HTTPS))){
+			tabPane.getTabs().remove(hubTab);
+		}
 	}
 
 	private void selectChosenTab() {
@@ -53,6 +60,7 @@ public class VaultOptionsController implements FxController {
 			case ANY, GENERAL -> generalTab;
 			case MOUNT -> mountTab;
 			case KEY -> keyTab;
+			case HUB -> hubTab;
 		};
 	}
 

src/main/java/org/cryptomator/ui/vaultoptions/VaultOptionsModule.java

@@ -13,7 +13,8 @@ import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlLoaderFactory;
 import org.cryptomator.ui.common.FxmlScene;
 import org.cryptomator.ui.common.StageFactory;
-import org.cryptomator.ui.forgetPassword.ForgetPasswordComponent;
+import org.cryptomator.ui.convertvault.ConvertVaultComponent;
+import org.cryptomator.ui.forgetpassword.ForgetPasswordComponent;
 import org.cryptomator.ui.fxapp.PrimaryStage;
 import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 
@@ -26,7 +27,7 @@ import javafx.stage.Stage;
 import java.util.Map;
 import java.util.ResourceBundle;
 
-@Module(subcomponents = {ChangePasswordComponent.class, RecoveryKeyComponent.class, ForgetPasswordComponent.class})
+@Module(subcomponents = {ChangePasswordComponent.class, RecoveryKeyComponent.class, ForgetPasswordComponent.class, ConvertVaultComponent.class})
 abstract class VaultOptionsModule {
 
 	@Provides
@@ -84,4 +85,9 @@ abstract class VaultOptionsModule {
 	@IntoMap
 	@FxControllerKey(MasterkeyOptionsController.class)
 	abstract FxController bindMasterkeyOptionsController(MasterkeyOptionsController controller);
+
+	@Binds
+	@IntoMap
+	@FxControllerKey(HubOptionsController.class)
+	abstract FxController bindHubOptionsController(HubOptionsController controller);
 }

src/main/resources/css/dark_theme.css

@@ -116,6 +116,10 @@
 	-fx-font-size: 0.64em;
 }
 
+.label-red {
+	-fx-text-fill: RED_5;
+}
+
 .text-flow > * {
 	-fx-fill: TEXT_FILL;
 }

src/main/resources/css/light_theme.css

@@ -116,6 +116,10 @@
 	-fx-font-size: 0.64em;
 }
 
+.label-red {
+	-fx-text-fill: RED_5;
+}
+
 .text-flow > * {
 	-fx-fill: TEXT_FILL;
 }