(registered 2021-04-12, last updated 2021-04-12) Media type name: application Media subtype name: vnd.cryptomator.vault Required parameters: N/A Optional parameters: N/A Encoding considerations: 8bit Security considerations: Cryptomator vault files are either JSON or JWT files with a fixed set of fields. Therefore, all security considerations for application/json and application/jwt also apply to this media type. The media type does not contain executable content. The media type may contain encryption and authentication keys. Since those are highly confidential, the keys are wrapped with AES key wrapping as defined in RFC 3394 (https://tools.ietf.org/html/rfc3394) with a KEK derived with scrypt from a given passsphrase. The protection against key leakage is therefore mainly based on the complexity and length of the chosen passphrase. The media type may contain URIs. Hence, the security considerations of URIs also apply to this media type. (see https://tools.ietf.org/html/rfc3986#section-7) Interoperability considerations: There are no known interoperability issues. Published specification: See https://docs.cryptomator.org/en/latest/security/architecture/#masterkey-derivation and https://github.com/cryptomator/cryptofs/issues/95#issue-747361116. Applications which use this media: Data and privacy protection, file-based encryption and integrity protection. Fragment identifier considerations: N/A Restrictions on usage: If a Cryptomator vault file contains keys, those are encrypted with a user defined passphrase. If the passphrase is not present, those cannot be decrypted and used. Additional information: 1. Deprecated alias names for this type: N/A 2. Magic number(s): N/A 3. File extension(s): cryptomator 4. Macintosh file type code: N/A 5. Object Identifiers: N/A General Comments: This media type belongs to the Cryptomator vault specification. The specification is publicly available and can be implemented by everyone. For more information, see section "Published Specification". Person to contact for further information: 1. Name: Sebastian Stenzel 2. Email: info&skymatic.de Intended usage: Common A Cryptomator vault file normally is found only within a specific directory structure ("vault"), to which it contains the used encryption and authentication keys or configuration parameters and values. Common names are "masterkey.cryptomator" and "vault.cryptomator". Author/Change controller: Sebastian Stenzel, on behalf of Skymatic GmbH