Restructure encrypted-file-names

infeo · infeo · commit 2a82c9c67aa7 · 2026-04-07T16:39:42.000+02:00
make it more accessible for non-techy users
diff --git a/docs/desktop/encrypted-file-names.md b/docs/desktop/encrypted-file-names.md
@@ -7,72 +7,41 @@ sidebar_position: 7
 # Encrypted File Names
 
 :::info
-Neither file name nor directory structure encryption can be disabled.
+File name and directory structure encryption **cannot** be disabled.
 :::
 
-Cryptomator protects your files by not only encrypting their content, but also their names and the overall directory structure of the vault.
-For example, if you have a directory structure inside your vault like this:
+Cryptomator protects your files by not only encrypting their content, but also their names and the overall directory structure of the vault. As a result, encrypted files and folders inside the vault storage location do not reveal the original names or layout (for an example see [below](#technical-example)).
 
-```
-.
-├─ myProject.pptx
-├─ Images for Project
-│  └─ ImageOfBees.jpg
-└─ ...
-```
-
-The actual directory structure of the vault on your hard drive/cloud will look like this:
+This matters whenever you need to match a cleartext file in your unlocked vault with its encrypted counterpart in the vault storage location, for example when restoring an older version from a cloud provider or backup tool.
 
-```
-.
-├─ d
-│  ├─ BZ
-│  │  └─ R4VZSS5PEF7TU3PMFIMON5GJRNBDWA
-│  │     ├─ dirId.c9r  # internal vault file
-│  │     ├─ 5TyvCyF255sRtfrIv**83ucADQ==.c9r  # myProject.pptx
-│  │     └─ FHTa55bH*sUfVDbEb0gTL9hZ8nho.c9r  # Linking entry for directory "Images for Project"
-│  │        └─ dir.c9r  # contains information for the link
-│  └─ FC
-│     └─ ZKZRLZUODUUYTYA4457CSBPZXB5A77  # content of the directory "Images for Project"
-│        └─ 4lmrQYfE_5ETusEkVJlTJrcFzjwxNBymig==.c9r # ImageOfBees.jpg
-├─ masterkey.cryptomator
-├─ masterkey.cryptomator.DFD9B248.bkup
-└─ vault.cryptomator
-```
+The app offers two features to reveal the mapping between the cleartext and the encrypted files:
+* `Locate Encrypted File`:  You have the cleartext file in the unlocked vault and want to find its encrypted counterpart in the vault storage location.
+* `Decrypt File Name`: You have an encrypted vault file and want to know its original cleartext name.
 
-While this increases security, it also makes it impossible to see the original file names and directory structure without decrypting them first.
-When you need to know the original name of a file (e.g. to restore an older version), you can use the `Decrypt File Name` feature to decrypt the file name.
-Conversely, if you need to find the encrypted counterpart of a file inside the vault, use the `Locate Encrypted File` feature.
+<Image src="/img/desktop/vault-detail-unlocked.png" alt="Vault detail view in the unlocked state" width="495" height="381" />
 
 ## Locate Encrypted File {#locate-encrypted-file}
 
-The Locate Encrypted File feature helps you find the encrypted version of a specific file from inside the vault. This comes in handy when vault files are versioned and you want to restore an older version of a file. As Cryptomator encrypts file names and obfuscates directory structures, first locate the encrypted file and then restore an older version of the encrypted file with a third-party app.
+The Locate Encrypted File feature helps you find the encrypted counterpart of a file from inside the vault. This comes in handy when you want to restore an older version of a file. As Cryptomator encrypts file names and obfuscates directory structures, first locate the encrypted file and then restore an older version of the encrypted file with your third-party app.
 
 1. Unlock the desired vault.
 2. Click on the `Locate Encrypted File` button.
 3. Select the file within the vault.
 
 As an alternative for clicking the button, you can directly drag & drop a file onto the button.
 
-A file manager window opens showing the encrypted folder and marking the encrypted file.
+A file manager window opens showing the encrypted folder and marking the encrypted file inside the vault storage location.
 
-## Decrypt File Names {#decrypting-file-names}
-
-:::note
-Due to technical reasons, Cryptomator can only decrypt the name of an encrypted file if that file is provided by itself.
-It cannot determine the file's cleartext path.
-:::
+## Decrypt File Name {#decrypt-file-name}
 
-The Decrypt File Name feature helps you resolve encrypted file names back to their original cleartext names. To map encrypted files back to their cleartext names, just drag and drop the files onto the button in the unlocked vault section of the main app.
+The Decrypt File Name feature helps you resolve encrypted file names back to their original cleartext names.
 
 1. Unlock the desired vault.
 2. Click on the `Decrypt File Name` zone at the bottom of the unlocked view.
 3. Select the encrypted file.
 
 As an alternative for clicking the zone, you can directly drag & drop files onto it.
 
-<Image src="/img/desktop/vault-detail-unlocked.png" alt="Vault detail view in the unlocked state" width="495" height="381" />
-
 A modal window opens showing a two-column table with the encrypted names on the left and their decrypted, cleartext names on the right.
 
 <Image src="/img/desktop/decrypt-file-names.png" alt="Decrypt file names window" width="311" height="385" />
@@ -81,7 +50,45 @@ The action bar at the top of the table provides two buttons:
 * Clipboard button to copy the whole table as CSV into the system clipboard
 * Trash button to clear the table
 
-Select single cells and copy their content with the OS-specific keyboard shortcut.
+You can select single cells and copy their content with the OS-specific keyboard shortcut.
+
+:::note
+For technical reasons, Cryptomator can only decrypt the *file name* of a given encrypted file.
+It cannot tell where that file is located in the unlocked vault.
+:::
+
+## Technical Example
+
+If you have a directory structure inside your vault like this:
+
+```
+.
+├─ myProject.pptx
+├─ Images for Project
+│  └─ ImageOfBees.jpg
+└─ ...
+```
+
+The actual directory structure of the vault on your hard drive/cloud will look like this:
+
+```
+.
+├─ d
+│  ├─ BZ
+│  │  └─ R4VZSS5PEF7TU3PMFIMON5GJRNBDWA
+│  │     ├─ dirId.c9r  # internal vault file
+│  │     ├─ 5TyvCyF255sRtfrIv**83ucADQ==.c9r  # myProject.pptx
+│  │     └─ FHTa55bH*sUfVDbEb0gTL9hZ8nho.c9r  # Linking entry for directory "Images for Project"
+│  │        └─ dir.c9r  # contains information for the link
+│  └─ FC
+│     └─ ZKZRLZUODUUYTYA4457CSBPZXB5A77  # content of the directory "Images for Project"
+│        └─ 4lmrQYfE_5ETusEkVJlTJrcFzjwxNBymig==.c9r # ImageOfBees.jpg
+├─ masterkey.cryptomator
+├─ masterkey.cryptomator.DFD9B248.bkup
+└─ vault.cryptomator
+```
+
+This is why you cannot identify files in the vault storage location by name alone without decrypting them first. For more information about the vault encryption scheme read [the specification](/docs/security/vault.md).
 
 ## Video Walkthrough
 
