Kerveros vs. Cryptomator
Cryptomator is the obvious comparison — it’s the most popular open-source client-side encryption tool for cloud drives. We’re fans. Here’s when each is the right pick.
Use Cryptomator if…
- You’re solo or two people sharing a Dropbox folder, and conflicts are rare.
- You want a free, audited tool with a long open-source track record.
- You need iOS / Android clients today (Cryptomator has them; Kerveros is desktop-only).
Use Kerveros if…
- Multiple people edit the same files. Kerveros has atomic locks. Two people opening the same file see “Alice has it checked out for 30 minutes” instead of silently producing two divergent vault states.
- You need an audit trail. Every check-in / check-out is recorded as an append-only history file in the bucket. Cryptomator stores no operation history.
- You don’t want a Dropbox-style sync client running. Kerveros talks directly to S3-compatible storage; no third-party sync daemon involved.
- Your storage isn’t Dropbox. Kerveros works with Tigris, Backblaze B2, AWS S3, MinIO, anything S3-compatible. Cryptomator’s desktop client is built for Dropbox / OneDrive / iCloud and doesn’t natively speak S3.
Side-by-side
| Capability | Cryptomator | Kerveros |
|---|---|---|
| Client-side encryption | Yes (AES-256-GCM) | Yes (XChaCha20-Poly1305) |
| File-name encryption | Yes (vault structure) | Yes (encrypted manifest) |
| Multi-user lock coordination | No | Yes — atomic S3 locks |
| Audit trail per file | No | Yes — append-only history |
| Native S3-compatible storage | Indirect (via mounted drives) | Yes — native |
| Mobile clients | Yes (iOS, Android) | Not yet |
| Open source code review | Yes — AGPL | Yes — source published, proprietary binary |
| Cost | Free desktop, paid mobile | €79 one-time |
Bottom line
Cryptomator is excellent for the “I need to encrypt my Dropbox” use case. Kerveros is for the “our team needs to coordinate edits to encrypted files without trusting the cloud” use case. Different problems; both tools are good at the one they target.