(registered 2021-04-12, last updated 2021-04-12)

Media type name: application

Media subtype name: vnd.cryptomator.vault

Required parameters: N/A

Optional parameters: N/A

Encoding considerations: 8bit

Security considerations: Cryptomator vault files are either JSON or 
   JWT files with a fixed set of fields. Therefore, all security 
   considerations for application/json and application/jwt also apply
   to this media type.

   The media type does not contain executable content.

   The media type may contain encryption and authentication keys. 
   Since those are highly confidential, the keys are wrapped with AES
   key wrapping as defined in RFC 3394 
   (https://tools.ietf.org/html/rfc3394) with a KEK derived with 
   scrypt from a given passsphrase. The protection against key 
   leakage is therefore mainly based on the complexity and length of 
   the chosen passphrase.

   The media type may contain URIs. Hence, the security 
   considerations of URIs also apply to this media type. (see 
   https://tools.ietf.org/html/rfc3986#section-7)

Interoperability considerations: There are no known interoperability 
   issues.

Published specification: See 
   https://docs.cryptomator.org/en/latest/security/architecture/#masterkey-derivation 
   and 
   https://github.com/cryptomator/cryptofs/issues/95#issue-747361116.

Applications which use this media: Data and privacy protection, 
   file-based encryption and integrity protection.

Fragment identifier considerations: N/A

Restrictions on usage: If a Cryptomator vault file contains keys, 
   those are encrypted with a user defined passphrase. If the 
   passphrase is not present, those cannot be decrypted and used.

Additional information:

   1. Deprecated alias names for this type: N/A
   2. Magic number(s): N/A
   3. File extension(s): cryptomator
   4. Macintosh file type code: N/A
   5. Object Identifiers: N/A

General Comments: This media type belongs to the Cryptomator vault 
   specification. The specification is publicly available and can be 
   implemented by everyone. For more information, see section 
   "Published Specification".

Person to contact for further information:

   1. Name: Sebastian Stenzel
   2. Email: info&skymatic.de

Intended usage: Common

   A Cryptomator vault file normally is found only within a specific 
   directory structure ("vault"), to which it contains the used 
   encryption and authentication keys or configuration parameters and 
   values. Common names are "masterkey.cryptomator" and 
   "vault.cryptomator".

Author/Change controller: Sebastian Stenzel, on behalf of Skymatic 
   GmbH