diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a02ac62..9cceacd 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -17,7 +17,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-java@v1
with:
- java-version: 14
+ java-version: 17
- uses: actions/cache@v1
with:
path: ~/.m2/repository
diff --git a/README.md b/README.md
index ef526a4..06c235a 100644
--- a/README.md
+++ b/README.md
@@ -3,9 +3,9 @@
# Cryptomator CLI
-This is a minimal command-line program that unlocks vaults of vault format 7.
+This is a minimal command-line program that unlocks vaults of vault format 8.
After the unlock the vault content can then be accessed via an embedded WebDAV server.
-The minium required Java version is JDK 11.
+The minium required Java version is JDK 17.
## Disclaimer
@@ -15,7 +15,7 @@ This project is in an early stage and not ready for production use. We recommend
Download the jar file via [GitHub Releases](https://github.com/cryptomator/cli/releases).
-Cryptomator CLI requires that at least JDK 11 is present on your system.
+Cryptomator CLI requires that at least JDK 17 is present on your system.
```sh
java -jar cryptomator-cli-x.y.z.jar \
diff --git a/pom.xml b/pom.xml
index 6b4d59e..85c7c65 100644
--- a/pom.xml
+++ b/pom.xml
@@ -8,13 +8,13 @@
https://github.com/cryptomator/cli
- 1.9.10
+ 2.3.0
1.0.11
1.4
1.2.3
1.2.4
- 11
+ 17
UTF-8
diff --git a/src/main/java/org/cryptomator/cli/CryptomatorCli.java b/src/main/java/org/cryptomator/cli/CryptomatorCli.java
index 62f9c8c..ed2fc48 100644
--- a/src/main/java/org/cryptomator/cli/CryptomatorCli.java
+++ b/src/main/java/org/cryptomator/cli/CryptomatorCli.java
@@ -15,13 +15,17 @@
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Optional;
import java.util.Set;
+import com.google.common.base.Preconditions;
import org.apache.commons.cli.ParseException;
import org.cryptomator.cryptofs.CryptoFileSystemProperties;
import org.cryptomator.cryptofs.CryptoFileSystemProvider;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -29,6 +33,9 @@ public class CryptomatorCli {
private static final Logger LOG = LoggerFactory.getLogger(CryptomatorCli.class);
+ private static final byte[] PEPPER = new byte[0];
+ private static final String SCHEME = "masterkeyfile";
+
public static void main(String[] rawArgs) throws IOException {
try {
Args args = Args.parse(rawArgs);
@@ -71,12 +78,26 @@ private static void startup(Args args) throws IOException {
Optional server = initWebDavServer(args);
ArrayList mounts = new ArrayList<>();
+ SecureRandom secureRandom;
+ try {
+ secureRandom = SecureRandom.getInstanceStrong();
+ } catch (NoSuchAlgorithmException e) {
+ throw new IllegalStateException("A strong algorithm must exist in every Java platform.", e);
+ }
+ MasterkeyFileAccess masterkeyFileAccess = new MasterkeyFileAccess(PEPPER, secureRandom);
+
for (String vaultName : args.getVaultNames()) {
Path vaultPath = Paths.get(args.getVaultPath(vaultName));
LOG.info("Unlocking vault \"{}\" located at {}", vaultName, vaultPath);
String vaultPassword = args.getPasswordStrategy(vaultName).password();
CryptoFileSystemProperties properties = CryptoFileSystemProperties.cryptoFileSystemProperties()
- .withPassphrase(vaultPassword).build();
+ .withKeyLoader(keyId -> {
+ Preconditions.checkArgument(SCHEME.equalsIgnoreCase(keyId.getScheme()), "Only supports keys with scheme " + SCHEME);
+ Path keyFilePath = vaultPath.resolve(keyId.getSchemeSpecificPart());
+ return masterkeyFileAccess.load(keyFilePath, vaultPassword);
+ })
+ .build();
+
Path vaultRoot = CryptoFileSystemProvider.newFileSystem(vaultPath, properties).getPath("/");
Path fuseMountPoint = args.getFuseMountPoint(vaultName);