diff --git a/source/desktop/network.rst b/source/desktop/network.rst new file mode 100644 index 0000000..76b216d --- /dev/null +++ b/source/desktop/network.rst @@ -0,0 +1,68 @@ +.. _desktop/network: + +Network Settings +================ + +In general, Cryptomator does not require a network connection to function. + +If the network connection is present, it is used for optional features, i.e. update checks and searching the error database for solutions. +The only exception is when unlocking :ref:`Cryptomator Hub ` vaults, then a network connection to the hub server is required. +All network connections to the internet are using HTTPS with at least TLS 1.2. + + +.. _desktop/network/trust-certificate-management: + +Trust Certificate Management +----------------------------- +Depending on the OS, the required trusted root certificates are loaded from different locations. + ++---------+--------------------------------------------------------------------------------------------------------------------------------+ +| OS | Trust store | ++=========+================================================================================================================================+ +| Linux | | PKCS#12 file ``/etc/cryptomator/certs.p12``; If the file does not exist, the JDK default | +| | | trust store is used. [1]_ | ++---------+--------------------------------------------------------------------------------------------------------------------------------+ +| macOS | System keychain | ++---------+--------------------------------------------------------------------------------------------------------------------------------+ +| Windows | | Certificate store "Trusted Root Certification Authorities", with registry path | +| | | ``HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\`` | ++---------+--------------------------------------------------------------------------------------------------------------------------------+ + +Remarks: + +.. [1] For more information about the location and contained certificates, see `JEP 319 `_. + + +.. _desktop/network/proxy-server: + +Proxy Server +------------ +The default proxy server differs depending on the operating system: + ++---------+-----------------------+ +| OS | Default proxy setting | ++=========+=======================+ +| Linux | No proxy | ++---------+-----------------------+ +| macOS | Use system proxy | ++---------+-----------------------+ +| Windows | Use system proxy | ++---------+-----------------------+ + + +To change the proxy server, you need to edit :ref:`Cryptomator.cfg `. +Open the file in a text editor, search for the line:: + + java-options=-Djava.net.useSystemProxies=true + +and *if it exists*, only replace the word ``true`` with ``false``. + +In the second step, add the following lines to the end of the file:: + + java-options=-Dhttp.proxyHost=[1] + java-options=-Dhttp.proxyPort=[2] + java-options=-Dhttps.proxyHost=[1] + java-options=-Dhttps.proxyPort=[2] + java-options=-Dhttp.nonProxyHosts=localhost|127.0.0.1|cryptomator-vault|[3] + +and replace ``[1]`` with the host address of the proxy server, ``[2]`` with the port used on the proxy server and ``[3]`` with the list of host addresses, which should not use the proxy server, separated by '|'. \ No newline at end of file diff --git a/source/hub/introduction.rst b/source/hub/introduction.rst index 88d7b72..799e54d 100644 --- a/source/hub/introduction.rst +++ b/source/hub/introduction.rst @@ -5,6 +5,8 @@ | +.. _hub/introduction: + *************** Cryptomator Hub *************** diff --git a/source/index.rst b/source/index.rst index bb0f895..2624411 100644 --- a/source/index.rst +++ b/source/index.rst @@ -29,6 +29,7 @@ If you are interested in the security of Cryptomator, have a look at our :ref:`s desktop/error-handling.rst desktop/sync-conflicts.rst desktop/advanced-settings.rst + desktop/network.rst .. toctree:: :hidden: