Support vault format 8

.github/workflows/build.yml

@@ -17,7 +17,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: actions/setup-java@v1
         with:
-          java-version: 14
+          java-version: 17
       - uses: actions/cache@v1
         with:
           path: ~/.m2/repository

README.md

@@ -3,9 +3,9 @@
 
 # Cryptomator CLI
 
-This is a minimal command-line program that unlocks vaults of vault format 7.
+This is a minimal command-line program that unlocks vaults of vault format 8.
 After the unlock the vault content  can then be accessed via an embedded WebDAV server.
-The minium required Java version is JDK 11.
+The minium required Java version is JDK 17.
 
 ## Disclaimer
 
@@ -15,7 +15,7 @@ This project is in an early stage and not ready for production use. We recommend
 
 Download the jar file via [GitHub Releases](https://github.com/cryptomator/cli/releases).
 
-Cryptomator CLI requires that at least JDK 11 is present on your system.
+Cryptomator CLI requires that at least JDK 17 is present on your system.
 
 ```sh
 java -jar cryptomator-cli-x.y.z.jar \

pom.xml

@@ -8,13 +8,13 @@
 	<url>https://github.com/cryptomator/cli</url>
 
 	<properties>
-		<cryptofs.version>1.9.10</cryptofs.version>
+		<cryptofs.version>2.3.0</cryptofs.version>
 		<webdav-nio.version>1.0.11</webdav-nio.version>
 		<commons.cli.version>1.4</commons.cli.version>
 		<logback.version>1.2.3</logback.version>
 		<fuse-nio.version>1.2.4</fuse-nio.version>
 
-		<java.version>11</java.version>
+		<java.version>17</java.version>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 	</properties>
 

src/main/java/org/cryptomator/cli/CryptomatorCli.java

@@ -15,20 +15,27 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Optional;
 import java.util.Set;
 
+import com.google.common.base.Preconditions;
 import org.apache.commons.cli.ParseException;
 import org.cryptomator.cryptofs.CryptoFileSystemProperties;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 public class CryptomatorCli {
 
 	private static final Logger LOG = LoggerFactory.getLogger(CryptomatorCli.class);
 
+	private static final byte[] PEPPER = new byte[0];
+	private static final String SCHEME = "masterkeyfile";
+
 	public static void main(String[] rawArgs) throws IOException {
 		try {
 			Args args = Args.parse(rawArgs);
@@ -71,12 +78,26 @@ private static void startup(Args args) throws IOException {
 		Optional<WebDav> server = initWebDavServer(args);
 		ArrayList<FuseMount> mounts = new ArrayList<>();
 
+		SecureRandom secureRandom;
+		try {
+			secureRandom = SecureRandom.getInstanceStrong();
+		} catch (NoSuchAlgorithmException e) {
+			throw new IllegalStateException("A strong algorithm must exist in every Java platform.", e);
+		}
+		MasterkeyFileAccess masterkeyFileAccess = new MasterkeyFileAccess(PEPPER, secureRandom);
+
 		for (String vaultName : args.getVaultNames()) {
 			Path vaultPath = Paths.get(args.getVaultPath(vaultName));
 			LOG.info("Unlocking vault \"{}\" located at {}", vaultName, vaultPath);
 			String vaultPassword = args.getPasswordStrategy(vaultName).password();
 			CryptoFileSystemProperties properties = CryptoFileSystemProperties.cryptoFileSystemProperties()
-					.withPassphrase(vaultPassword).build();
+					.withKeyLoader(keyId -> {
+						Preconditions.checkArgument(SCHEME.equalsIgnoreCase(keyId.getScheme()), "Only supports keys with scheme " + SCHEME);
+						Path keyFilePath = vaultPath.resolve(keyId.getSchemeSpecificPart());
+						return masterkeyFileAccess.load(keyFilePath, vaultPassword);
+					})
+					.build();
+
 			Path vaultRoot = CryptoFileSystemProvider.newFileSystem(vaultPath, properties).getPath("/");
 
 			Path fuseMountPoint = args.getFuseMountPoint(vaultName);