From ba3667ab51be47a6aa77dbc3b875933121fa4bb4 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 11 Dec 2024 16:30:56 +0100
Subject: [PATCH 001/117] restore config by recoverykey auto restore when bkup
 exists added new VaultStates

---
 .../org/cryptomator/common/vaults/Vault.java  | 20 +++++
 .../common/vaults/VaultListManager.java       | 58 ++++++++++++-
 .../cryptomator/common/vaults/VaultState.java |  4 +
 .../ui/mainwindow/MainWindowModule.java       |  3 +-
 .../ui/mainwindow/VaultDetailController.java  |  2 +
 .../VaultDetailMissingVaultController.java    | 15 +++-
 .../mainwindow/VaultListCellController.java   |  2 +
 .../ui/recoverykey/RecoveryKeyComponent.java  |  7 ++
 .../RecoveryKeyResetPasswordController.java   | 87 ++++++++++++++++---
 src/main/resources/fxml/vault_detail.fxml     |  2 +
 .../fxml/vault_detail_missing_masterkey.fxml  | 44 ++++++++++
 .../vault_detail_missing_vault_config.fxml    | 44 ++++++++++
 src/main/resources/i18n/strings.properties    |  7 ++
 13 files changed, 277 insertions(+), 18 deletions(-)
 create mode 100644 src/main/resources/fxml/vault_detail_missing_masterkey.fxml
 create mode 100644 src/main/resources/fxml/vault_detail_missing_vault_config.fxml

diff --git a/src/main/java/org/cryptomator/common/vaults/Vault.java b/src/main/java/org/cryptomator/common/vaults/Vault.java
index e65734e68..ca4e86090 100644
--- a/src/main/java/org/cryptomator/common/vaults/Vault.java
+++ b/src/main/java/org/cryptomator/common/vaults/Vault.java
@@ -70,6 +70,8 @@ public class Vault {
 	private final BooleanBinding missing;
 	private final BooleanBinding needsMigration;
 	private final BooleanBinding unknownError;
+	private final BooleanBinding missingMasterkey;
+	private final BooleanBinding missingVaultConfig;
 	private final ObjectBinding<Mountpoint> mountPoint;
 	private final Mounter mounter;
 	private final Settings settings;
@@ -96,6 +98,8 @@ public class Vault {
 		this.processing = Bindings.createBooleanBinding(this::isProcessing, state);
 		this.unlocked = Bindings.createBooleanBinding(this::isUnlocked, state);
 		this.missing = Bindings.createBooleanBinding(this::isMissing, state);
+		this.missingMasterkey = Bindings.createBooleanBinding(this::isMissingMasterkey, state);
+		this.missingVaultConfig = Bindings.createBooleanBinding(this::isMissingVaultConfig, state);
 		this.needsMigration = Bindings.createBooleanBinding(this::isNeedsMigration, state);
 		this.unknownError = Bindings.createBooleanBinding(this::isUnknownError, state);
 		this.mountPoint = Bindings.createObjectBinding(this::getMountPoint, state);
@@ -315,6 +319,22 @@ public class Vault {
 		return state.get() == VaultState.Value.ERROR;
 	}
 
+	public BooleanBinding missingMasterkeyProperty() {
+		return missingMasterkey;
+	}
+
+	public boolean isMissingMasterkey() {
+		return state.get() == VaultState.Value.MASTERKEY_MISSING;
+	}
+
+	public BooleanBinding missingVaultConfigProperty() {
+		return missingVaultConfig;
+	}
+
+	public boolean isMissingVaultConfig() {
+		return state.get() == VaultState.Value.VAULT_CONFIG_MISSING;
+	}
+
 	public ReadOnlyStringProperty displayNameProperty() {
 		return vaultSettings.displayName;
 	}
diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index 87faff77a..c3b54a836 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -25,15 +25,20 @@ import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
+import java.nio.file.StandardCopyOption;
 import java.util.Collection;
 import java.util.List;
 import java.util.Optional;
 import java.util.ResourceBundle;
+import java.util.stream.Stream;
 
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
 import static org.cryptomator.common.vaults.VaultState.Value.ERROR;
 import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
+import static org.cryptomator.common.vaults.VaultState.Value.MASTERKEY_MISSING;
+import static org.cryptomator.common.vaults.VaultState.Value.MISSING;
+import static org.cryptomator.common.vaults.VaultState.Value.VAULT_CONFIG_MISSING;
 
 @Singleton
 public class VaultListManager {
@@ -129,7 +134,7 @@ public class VaultListManager {
 		VaultState state = vault.stateProperty();
 		VaultState.Value previousState = state.getValue();
 		return switch (previousState) {
-			case LOCKED, NEEDS_MIGRATION, MISSING -> {
+			case LOCKED, NEEDS_MIGRATION, MISSING, VAULT_CONFIG_MISSING, MASTERKEY_MISSING -> {
 				try {
 					var determinedState = determineVaultState(vault.getPath());
 					if (determinedState == LOCKED) {
@@ -149,7 +154,56 @@ public class VaultListManager {
 	}
 
 	private static VaultState.Value determineVaultState(Path pathToVault) throws IOException {
-		if (!Files.exists(pathToVault)) {
+		Path pathToVaultConfig = Path.of(pathToVault.toString(),"vault.cryptomator");
+		Path pathToMasterkey = Path.of(pathToVault.toString(),"masterkey.cryptomator");
+		if (!Files.exists(pathToVaultConfig)) {
+			try (Stream<Path> files = Files.list(pathToVaultConfig.getParent())) {
+				Path backupFile = files.filter(file -> {
+					String fileName = file.getFileName().toString();
+					return fileName.startsWith("vault.cryptomator") && fileName.endsWith(".bkup");
+				}).findFirst().orElse(null);
+
+				if (backupFile != null) {
+					try {
+						Files.copy(backupFile, pathToVaultConfig, StandardCopyOption.REPLACE_EXISTING);
+					} catch (IOException e) {
+						LOG.error("error",e);
+						return VAULT_CONFIG_MISSING;
+					}
+				} else {
+					return VAULT_CONFIG_MISSING;
+				}
+			} catch (IOException e) {
+				LOG.error("error",e);
+				return VAULT_CONFIG_MISSING;
+			}
+
+		}
+		else if (!Files.exists(pathToMasterkey)) {
+			//return VaultState.Value.MASTERKEY_MISSING;
+			try (Stream<Path> files = Files.list(pathToMasterkey.getParent())) {
+				Path backupFile = files.filter(file -> {
+					String fileName = file.getFileName().toString();
+					return fileName.startsWith("masterkey.cryptomator") && fileName.endsWith(".bkup");
+				}).findFirst().orElse(null);
+
+				if (backupFile != null) {
+					try {
+						Files.copy(backupFile, pathToMasterkey, StandardCopyOption.REPLACE_EXISTING);
+						return MASTERKEY_MISSING;
+					} catch (IOException e) {
+						LOG.error("error",e);
+						return MASTERKEY_MISSING;
+					}
+				} else {
+					return MASTERKEY_MISSING;
+				}
+			} catch (IOException e) {
+				LOG.error("error",e);
+				return MASTERKEY_MISSING;
+			}
+		}
+		else if (!Files.exists(pathToVault)) {
 			return VaultState.Value.MISSING;
 		}
 		return switch (CryptoFileSystemProvider.checkDirStructureForVault(pathToVault, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME)) {
diff --git a/src/main/java/org/cryptomator/common/vaults/VaultState.java b/src/main/java/org/cryptomator/common/vaults/VaultState.java
index ff09c8b82..bfe5a3713 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultState.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultState.java
@@ -25,6 +25,10 @@ public class VaultState extends ObservableValueBase<VaultState.Value> implements
 		 */
 		MISSING,
 
+		VAULT_CONFIG_MISSING,
+
+		MASTERKEY_MISSING,
+
 		/**
 		 * Vault requires migration to a newer vault format
 		 */
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/MainWindowModule.java b/src/main/java/org/cryptomator/ui/mainwindow/MainWindowModule.java
index 5fdaa6a8a..b563cf69c 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/MainWindowModule.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/MainWindowModule.java
@@ -16,6 +16,7 @@ import org.cryptomator.ui.common.StageInitializer;
 import org.cryptomator.ui.error.ErrorComponent;
 import org.cryptomator.ui.fxapp.PrimaryStage;
 import org.cryptomator.ui.migration.MigrationComponent;
+import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 import org.cryptomator.ui.removevault.RemoveVaultComponent;
 import org.cryptomator.ui.stats.VaultStatisticsComponent;
 import org.cryptomator.ui.wrongfilealert.WrongFileAlertComponent;
@@ -30,7 +31,7 @@ import javafx.stage.Stage;
 import java.util.Map;
 import java.util.ResourceBundle;
 
-@Module(subcomponents = {AddVaultWizardComponent.class, MigrationComponent.class, RemoveVaultComponent.class, VaultStatisticsComponent.class, WrongFileAlertComponent.class, ErrorComponent.class})
+@Module(subcomponents = {AddVaultWizardComponent.class, MigrationComponent.class, RemoveVaultComponent.class, VaultStatisticsComponent.class, WrongFileAlertComponent.class, ErrorComponent.class, RecoveryKeyComponent.class})
 abstract class MainWindowModule {
 
 	@Provides
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java
index 7e309fdaf..4c889adfc 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java
@@ -53,6 +53,8 @@ public class VaultDetailController implements FxController {
 				case PROCESSING -> FontAwesome5Icon.SPINNER;
 				case UNLOCKED -> FontAwesome5Icon.LOCK_OPEN;
 				case NEEDS_MIGRATION, MISSING, ERROR -> FontAwesome5Icon.EXCLAMATION_TRIANGLE;
+				case VAULT_CONFIG_MISSING -> FontAwesome5Icon.COGS;
+				case MASTERKEY_MISSING -> FontAwesome5Icon.KEY;
 			};
 		} else {
 			return FontAwesome5Icon.EXCLAMATION_TRIANGLE;
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
index 372d29040..058d53e23 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
@@ -3,6 +3,7 @@ package org.cryptomator.ui.mainwindow;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 import org.cryptomator.ui.removevault.RemoveVaultComponent;
 
 import javax.inject.Inject;
@@ -22,14 +23,17 @@ public class VaultDetailMissingVaultController implements FxController {
 	private final RemoveVaultComponent.Builder removeVault;
 	private final ResourceBundle resourceBundle;
 	private final Stage window;
+	private final RecoveryKeyComponent.Factory recoveryKeyWindow;
+
 
 
 	@Inject
-	public VaultDetailMissingVaultController(ObjectProperty<Vault> vault, RemoveVaultComponent.Builder removeVault, ResourceBundle resourceBundle, @MainWindow Stage window) {
+	public VaultDetailMissingVaultController(ObjectProperty<Vault> vault, RemoveVaultComponent.Builder removeVault, ResourceBundle resourceBundle, @MainWindow Stage window, RecoveryKeyComponent.Factory recoveryKeyWindow) {
 		this.vault = vault;
 		this.removeVault = removeVault;
 		this.resourceBundle = resourceBundle;
 		this.window = window;
+		this.recoveryKeyWindow = recoveryKeyWindow;
 	}
 
 	@FXML
@@ -42,6 +46,15 @@ public class VaultDetailMissingVaultController implements FxController {
 		removeVault.vault(vault.get()).build().showRemoveVault();
 	}
 
+	@FXML
+	void restoreVaultConfig(){
+		recoveryKeyWindow.create(vault.get(), window).showRecoveryKeyRecoverWindow("Recover VaultConfig");
+	}
+	@FXML
+	void restoreMasterkey(){
+		recoveryKeyWindow.create(vault.get(), window).showRecoveryKeyRecoverWindow("Recover Masterkey");
+	}
+
 	@FXML
 	void changeLocation() {
 		// copied from ChooseExistingVaultController class
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java
index 38d7ed1c7..884171c8e 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java
@@ -47,6 +47,8 @@ public class VaultListCellController implements FxController {
 				case PROCESSING -> FontAwesome5Icon.SPINNER;
 				case UNLOCKED -> FontAwesome5Icon.LOCK_OPEN;
 				case NEEDS_MIGRATION, MISSING, ERROR -> FontAwesome5Icon.EXCLAMATION_TRIANGLE;
+				case VAULT_CONFIG_MISSING -> FontAwesome5Icon.COGS;
+				case MASTERKEY_MISSING -> FontAwesome5Icon.KEY;
 			};
 		} else {
 			return FontAwesome5Icon.EXCLAMATION_TRIANGLE;
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
index 3986fa01d..c546a8806 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
@@ -38,6 +38,13 @@ public interface RecoveryKeyComponent {
 		stage.show();
 	}
 
+	default void showRecoveryKeyRecoverWindow(String title) {
+		Stage stage = window();
+		stage.setScene(recoverScene().get());
+		stage.setTitle(title);
+		stage.sizeToScene();
+		stage.show();
+	}
 
 	@Subcomponent.Factory
 	interface Factory {
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index 18a952ea5..b3299ca66 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -2,6 +2,13 @@ package org.cryptomator.ui.recoverykey;
 
 import dagger.Lazy;
 import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.cryptofs.CryptoFileSystemProperties;
+import org.cryptomator.cryptofs.CryptoFileSystemProvider;
+import org.cryptomator.cryptolib.api.CryptoException;
+import org.cryptomator.cryptolib.api.CryptorProvider;
+import org.cryptomator.cryptolib.api.Masterkey;
+import org.cryptomator.cryptolib.api.MasterkeyLoader;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
@@ -18,8 +25,17 @@ import javafx.fxml.FXML;
 import javafx.scene.Scene;
 import javafx.stage.Stage;
 import java.io.IOException;
+import java.nio.file.CopyOption;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.StandardCopyOption;
+import java.util.Comparator;
 import java.util.concurrent.ExecutorService;
 
+import static org.cryptomator.common.Constants.DEFAULT_KEY_ID;
+import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
+import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
+
 @RecoveryKeyScoped
 public class RecoveryKeyResetPasswordController implements FxController {
 
@@ -32,11 +48,12 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	private final StringProperty recoveryKey;
 	private final Lazy<Scene> recoverResetPasswordSuccessScene;
 	private final FxApplicationWindows appWindows;
+	private final MasterkeyFileAccess masterkeyFileAccess;
 
 	public NewPasswordController newPasswordController;
 
 	@Inject
-	public RecoveryKeyResetPasswordController(@RecoveryKeyWindow Stage window, @RecoveryKeyWindow Vault vault, RecoveryKeyFactory recoveryKeyFactory, ExecutorService executor, @RecoveryKeyWindow StringProperty recoveryKey, @FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD_SUCCESS) Lazy<Scene> recoverResetPasswordSuccessScene, FxApplicationWindows appWindows) {
+	public RecoveryKeyResetPasswordController(@RecoveryKeyWindow Stage window, @RecoveryKeyWindow Vault vault, RecoveryKeyFactory recoveryKeyFactory, ExecutorService executor, @RecoveryKeyWindow StringProperty recoveryKey, @FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD_SUCCESS) Lazy<Scene> recoverResetPasswordSuccessScene, FxApplicationWindows appWindows, MasterkeyFileAccess masterkeyFileAccess) {
 		this.window = window;
 		this.vault = vault;
 		this.recoveryKeyFactory = recoveryKeyFactory;
@@ -44,6 +61,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 		this.recoveryKey = recoveryKey;
 		this.recoverResetPasswordSuccessScene = recoverResetPasswordSuccessScene;
 		this.appWindows = appWindows;
+		this.masterkeyFileAccess = masterkeyFileAccess;
 	}
 
 	@FXML
@@ -53,19 +71,60 @@ public class RecoveryKeyResetPasswordController implements FxController {
 
 	@FXML
 	public void resetPassword() {
-		Task<Void> task = new ResetPasswordTask();
-		task.setOnScheduled(event -> {
-			LOG.debug("Using recovery key to reset password for {}.", vault.getDisplayablePath());
-		});
-		task.setOnSucceeded(event -> {
-			LOG.info("Used recovery key to reset password for {}.", vault.getDisplayablePath());
-			window.setScene(recoverResetPasswordSuccessScene.get());
-		});
-		task.setOnFailed(event -> {
-			LOG.error("Resetting password failed.", task.getException());
-			appWindows.showErrorWindow(task.getException(), window, null);
-		});
-		executor.submit(task);
+		if(vault.isMissingVaultConfig()){
+			Path vaultPath = vault.getPath();
+			Path recoveryPath = vaultPath.resolve("r");
+			try {
+				Files.createDirectory(recoveryPath);
+				recoveryKeyFactory.newMasterkeyFileWithPassphrase(recoveryPath, recoveryKey.get(), newPasswordController.passwordField.getCharacters());
+			} catch (IOException e) {
+				LOG.error("Creating directory or recovering masterkey failed", e);
+			}
+
+			Path masterkeyFilePath = recoveryPath.resolve(MASTERKEY_FILENAME);
+			try (Masterkey masterkey = masterkeyFileAccess.load(masterkeyFilePath, newPasswordController.passwordField.getCharacters())) {
+				try {
+					MasterkeyLoader loader = ignored -> masterkey.copy();
+					CryptoFileSystemProperties fsProps = CryptoFileSystemProperties.cryptoFileSystemProperties() //
+							.withCipherCombo(CryptorProvider.Scheme.SIV_CTRMAC) //
+							.withKeyLoader(loader) //
+							.withShorteningThreshold(220) //
+							.build();
+					CryptoFileSystemProvider.initialize(recoveryPath, fsProps, DEFAULT_KEY_ID);
+				} catch (CryptoException | IOException e) {
+					LOG.error("Recovering vault failed", e);
+				}
+				Files.move(masterkeyFilePath, vaultPath.resolve(MASTERKEY_FILENAME), StandardCopyOption.REPLACE_EXISTING);
+				Files.move(recoveryPath.resolve(VAULTCONFIG_FILENAME), vaultPath.resolve(VAULTCONFIG_FILENAME));
+				try (var paths = Files.walk(recoveryPath)) {
+					paths.sorted(Comparator.reverseOrder()).forEach(p -> {
+						try {
+							Files.delete(p);
+						} catch (IOException e) {
+							LOG.info("Unable to delete {}. Please delete it manually.", p);
+						}
+					});
+				}
+				window.setScene(recoverResetPasswordSuccessScene.get());
+			} catch (IOException e) {
+				LOG.error("Moving recovered files failed", e);
+			}
+		}
+		else {
+			Task<Void> task = new ResetPasswordTask();
+			task.setOnScheduled(event -> {
+				LOG.debug("Using recovery key to reset password for {}.", vault.getDisplayablePath());
+			});
+			task.setOnSucceeded(event -> {
+				LOG.info("Used recovery key to reset password for {}.", vault.getDisplayablePath());
+				window.setScene(recoverResetPasswordSuccessScene.get());
+			});
+			task.setOnFailed(event -> {
+				LOG.error("Resetting password failed.", task.getException());
+				appWindows.showErrorWindow(task.getException(), window, null);
+			});
+			executor.submit(task);
+		}
 	}
 
 	private class ResetPasswordTask extends Task<Void> {
diff --git a/src/main/resources/fxml/vault_detail.fxml b/src/main/resources/fxml/vault_detail.fxml
index 8ca11a34f..b87df488a 100644
--- a/src/main/resources/fxml/vault_detail.fxml
+++ b/src/main/resources/fxml/vault_detail.fxml
@@ -53,5 +53,7 @@
 		<fx:include VBox.vgrow="ALWAYS" source="vault_detail_missing.fxml" visible="${controller.vault.missing}" managed="${controller.vault.missing}"/>
 		<fx:include VBox.vgrow="ALWAYS" source="vault_detail_needsmigration.fxml" visible="${controller.vault.needsMigration}" managed="${controller.vault.needsMigration}"/>
 		<fx:include VBox.vgrow="ALWAYS" source="vault_detail_unknownerror.fxml" visible="${controller.vault.unknownError}" managed="${controller.vault.unknownError}"/>
+		<fx:include VBox.vgrow="ALWAYS" source="vault_detail_missing_masterkey.fxml" visible="${controller.vault.missingMasterkey}" managed="${controller.vault.missingMasterkey}"/>
+		<fx:include VBox.vgrow="ALWAYS" source="vault_detail_missing_vault_config.fxml" visible="${controller.vault.missingVaultConfig}" managed="${controller.vault.missingVaultConfig}"/>
 	</children>
 </VBox>
diff --git a/src/main/resources/fxml/vault_detail_missing_masterkey.fxml b/src/main/resources/fxml/vault_detail_missing_masterkey.fxml
new file mode 100644
index 000000000..87d1d9b9e
--- /dev/null
+++ b/src/main/resources/fxml/vault_detail_missing_masterkey.fxml
@@ -0,0 +1,44 @@
+<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
+<?import javafx.geometry.Insets?>
+<?import javafx.scene.control.Button?>
+<?import javafx.scene.control.Label?>
+<?import javafx.scene.layout.StackPane?>
+<?import javafx.scene.layout.VBox?>
+<?import javafx.scene.shape.Circle?>
+<VBox xmlns:fx="http://javafx.com/fxml"
+	  xmlns="http://javafx.com/javafx"
+	  fx:controller="org.cryptomator.ui.mainwindow.VaultDetailMissingVaultController"
+	  alignment="TOP_CENTER"
+	  spacing="9">
+	<children>
+		<VBox spacing="9" alignment="CENTER">
+			<StackPane alignment="CENTER">
+				<Circle styleClass="glyph-icon-primary" radius="48"/>
+				<FontAwesome5IconView styleClass="glyph-icon-white" glyph="FILE" glyphSize="48"/>
+				<FontAwesome5IconView styleClass="glyph-icon-primary" glyph="SEARCH" glyphSize="24">
+					<StackPane.margin>
+						<Insets top="12"/>
+					</StackPane.margin>
+				</FontAwesome5IconView>
+			</StackPane>
+			<Label text="%main.vaultDetail.missingMasterkey.info" wrapText="true"/>
+		</VBox>
+		<VBox spacing="6" alignment="CENTER">
+			<Button text="%main.vaultDetail.missing.recheck" minWidth="120" onAction="#recheck">
+				<graphic>
+					<FontAwesome5IconView glyph="REDO"/>
+				</graphic>
+			</Button>
+			<Button text="%main.vaultDetail.missingMasterkey.restore" minWidth="120" onAction="#restoreMasterkey">
+				<graphic>
+					<FontAwesome5IconView glyph="MAGIC"/>
+				</graphic>
+			</Button>
+			<Button text="%main.vaultDetail.missing.remove" minWidth="120" onAction="#didClickRemoveVault">
+				<graphic>
+					<FontAwesome5IconView glyph="TRASH"/>
+				</graphic>
+			</Button>
+		</VBox>
+	</children>
+</VBox>
\ No newline at end of file
diff --git a/src/main/resources/fxml/vault_detail_missing_vault_config.fxml b/src/main/resources/fxml/vault_detail_missing_vault_config.fxml
new file mode 100644
index 000000000..8291b5de6
--- /dev/null
+++ b/src/main/resources/fxml/vault_detail_missing_vault_config.fxml
@@ -0,0 +1,44 @@
+<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
+<?import javafx.geometry.Insets?>
+<?import javafx.scene.control.Button?>
+<?import javafx.scene.control.Label?>
+<?import javafx.scene.layout.StackPane?>
+<?import javafx.scene.layout.VBox?>
+<?import javafx.scene.shape.Circle?>
+<VBox xmlns:fx="http://javafx.com/fxml"
+	  xmlns="http://javafx.com/javafx"
+	  fx:controller="org.cryptomator.ui.mainwindow.VaultDetailMissingVaultController"
+	  alignment="TOP_CENTER"
+	  spacing="9">
+	<children>
+		<VBox spacing="9" alignment="CENTER">
+			<StackPane alignment="CENTER">
+				<Circle styleClass="glyph-icon-primary" radius="48"/>
+				<FontAwesome5IconView styleClass="glyph-icon-white" glyph="FILE" glyphSize="48"/>
+				<FontAwesome5IconView styleClass="glyph-icon-primary" glyph="SEARCH" glyphSize="24">
+					<StackPane.margin>
+						<Insets top="12"/>
+					</StackPane.margin>
+				</FontAwesome5IconView>
+			</StackPane>
+			<Label text="%main.vaultDetail.missingVaultConfig.info" wrapText="true"/>
+		</VBox>
+		<VBox spacing="6" alignment="CENTER">
+			<Button text="%main.vaultDetail.missing.recheck" minWidth="120" onAction="#recheck">
+				<graphic>
+					<FontAwesome5IconView glyph="REDO"/>
+				</graphic>
+			</Button>
+			<Button text="%main.vaultDetail.missingVaultConfig.restore" minWidth="120" onAction="#restoreVaultConfig">
+				<graphic>
+					<FontAwesome5IconView glyph="MAGIC"/>
+				</graphic>
+			</Button>
+			<Button text="%main.vaultDetail.missing.remove" minWidth="120" onAction="#didClickRemoveVault">
+				<graphic>
+					<FontAwesome5IconView glyph="TRASH"/>
+				</graphic>
+			</Button>
+		</VBox>
+	</children>
+</VBox>
\ No newline at end of file
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index 1df6bc244..faa7eef41 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -429,6 +429,13 @@ main.vaultDetail.missing.info=Cryptomator could not find a vault at this path.
 main.vaultDetail.missing.recheck=Recheck
 main.vaultDetail.missing.remove=Remove from Vault List…
 main.vaultDetail.missing.changeLocation=Change Vault Location…
+### Missing Vault Config
+main.vaultDetail.missingVaultConfig.info=VaultConfig is missing.
+main.vaultDetail.missingVaultConfig.restore=Restore VaultConfig
+### Missing Masterkey
+main.vaultDetail.missingMasterkey.info=Masterkey is missing.
+main.vaultDetail.missingMasterkey.restore=Restore Masterkey
+
 ### Needs Migration
 main.vaultDetail.migrateButton=Upgrade Vault
 main.vaultDetail.migratePrompt=Your vault needs to be upgraded to a new format, before you can access it

From aa95ad40c06955fd5a529dfd2dd931905c58dff3 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 13 Jan 2025 15:31:55 +0100
Subject: [PATCH 002/117] added vault config success scene

---
 .../org/cryptomator/ui/common/FxmlFile.java   |  1 +
 .../ui/recoverykey/RecoveryKeyModule.java     |  7 +++
 .../RecoveryKeyResetPasswordController.java   | 14 ++++-
 ...ecoverykey_reset_vault_config_success.fxml | 53 +++++++++++++++++++
 src/main/resources/i18n/strings.properties    |  2 +
 5 files changed, 75 insertions(+), 2 deletions(-)
 create mode 100644 src/main/resources/fxml/recoverykey_reset_vault_config_success.fxml

diff --git a/src/main/java/org/cryptomator/ui/common/FxmlFile.java b/src/main/java/org/cryptomator/ui/common/FxmlFile.java
index 6c5068684..13c0d4609 100644
--- a/src/main/java/org/cryptomator/ui/common/FxmlFile.java
+++ b/src/main/java/org/cryptomator/ui/common/FxmlFile.java
@@ -44,6 +44,7 @@ public enum FxmlFile {
 	RECOVERYKEY_RECOVER("/fxml/recoverykey_recover.fxml"), //
 	RECOVERYKEY_RESET_PASSWORD("/fxml/recoverykey_reset_password.fxml"), //
 	RECOVERYKEY_RESET_PASSWORD_SUCCESS("/fxml/recoverykey_reset_password_success.fxml"), //
+	RECOVERYKEY_RESET_VAULT_CONFIG_SUCCESS("/fxml/recoverykey_reset_vault_config_success.fxml"), //
 	RECOVERYKEY_SUCCESS("/fxml/recoverykey_success.fxml"), //
 	REMOVE_CERT("/fxml/remove_cert.fxml"), //
 	REMOVE_VAULT("/fxml/remove_vault.fxml"), //
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
index 06095eebc..03b1bc029 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
@@ -105,6 +105,13 @@ abstract class RecoveryKeyModule {
 		return fxmlLoaders.createScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD_SUCCESS);
 	}
 
+	@Provides
+	@FxmlScene(FxmlFile.RECOVERYKEY_RESET_VAULT_CONFIG_SUCCESS)
+	@RecoveryKeyScoped
+	static Scene provideRecoveryKeyResetVaultConfigSuccessScene(@RecoveryKeyWindow FxmlLoaderFactory fxmlLoaders) {
+		return fxmlLoaders.createScene(FxmlFile.RECOVERYKEY_RESET_VAULT_CONFIG_SUCCESS);
+	}
+
 
 	// ------------------
 
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index b3299ca66..c5b466430 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -47,19 +47,29 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	private final ExecutorService executor;
 	private final StringProperty recoveryKey;
 	private final Lazy<Scene> recoverResetPasswordSuccessScene;
+	private final Lazy<Scene> recoverResetVaultConfigSuccessScene;
 	private final FxApplicationWindows appWindows;
 	private final MasterkeyFileAccess masterkeyFileAccess;
 
 	public NewPasswordController newPasswordController;
 
 	@Inject
-	public RecoveryKeyResetPasswordController(@RecoveryKeyWindow Stage window, @RecoveryKeyWindow Vault vault, RecoveryKeyFactory recoveryKeyFactory, ExecutorService executor, @RecoveryKeyWindow StringProperty recoveryKey, @FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD_SUCCESS) Lazy<Scene> recoverResetPasswordSuccessScene, FxApplicationWindows appWindows, MasterkeyFileAccess masterkeyFileAccess) {
+	public RecoveryKeyResetPasswordController(@RecoveryKeyWindow Stage window, //
+											  @RecoveryKeyWindow Vault vault, //
+											  RecoveryKeyFactory recoveryKeyFactory, //
+											  ExecutorService executor, //
+											  @RecoveryKeyWindow StringProperty recoveryKey, //
+											  @FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD_SUCCESS) Lazy<Scene> recoverResetPasswordSuccessScene, //
+											  @FxmlScene(FxmlFile.RECOVERYKEY_RESET_VAULT_CONFIG_SUCCESS) Lazy<Scene> recoverResetVaultConfigSuccessScene, //
+											  FxApplicationWindows appWindows, //
+											  MasterkeyFileAccess masterkeyFileAccess) {
 		this.window = window;
 		this.vault = vault;
 		this.recoveryKeyFactory = recoveryKeyFactory;
 		this.executor = executor;
 		this.recoveryKey = recoveryKey;
 		this.recoverResetPasswordSuccessScene = recoverResetPasswordSuccessScene;
+		this.recoverResetVaultConfigSuccessScene = recoverResetVaultConfigSuccessScene;
 		this.appWindows = appWindows;
 		this.masterkeyFileAccess = masterkeyFileAccess;
 	}
@@ -105,7 +115,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 						}
 					});
 				}
-				window.setScene(recoverResetPasswordSuccessScene.get());
+				window.setScene(recoverResetVaultConfigSuccessScene.get());
 			} catch (IOException e) {
 				LOG.error("Moving recovered files failed", e);
 			}
diff --git a/src/main/resources/fxml/recoverykey_reset_vault_config_success.fxml b/src/main/resources/fxml/recoverykey_reset_vault_config_success.fxml
new file mode 100644
index 000000000..196617483
--- /dev/null
+++ b/src/main/resources/fxml/recoverykey_reset_vault_config_success.fxml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
+<?import javafx.geometry.Insets?>
+<?import javafx.scene.control.Button?>
+<?import javafx.scene.control.ButtonBar?>
+<?import javafx.scene.control.Label?>
+<?import javafx.scene.layout.HBox?>
+<?import javafx.scene.layout.StackPane?>
+<?import javafx.scene.layout.VBox?>
+<?import javafx.scene.shape.Circle?>
+<?import javafx.scene.Group?>
+<?import javafx.scene.layout.Region?>
+<HBox xmlns:fx="http://javafx.com/fxml"
+	  xmlns="http://javafx.com/javafx"
+	  fx:controller="org.cryptomator.ui.recoverykey.RecoveryKeyResetPasswordSuccessController"
+	  minWidth="400"
+	  maxWidth="400"
+	  minHeight="145"
+	  spacing="12"
+	  alignment="TOP_LEFT">
+<padding>
+	<Insets topRightBottomLeft="12"/>
+</padding>
+<children>
+	<Group>
+		<StackPane>
+			<padding>
+				<Insets topRightBottomLeft="6"/>
+			</padding>
+			<Circle styleClass="glyph-icon-primary" radius="24"/>
+			<FontAwesome5IconView styleClass="glyph-icon-white" glyph="CHECK" glyphSize="24"/>
+		</StackPane>
+	</Group>
+
+	<VBox HBox.hgrow="ALWAYS">
+		<Label styleClass="label-large" text="%recoveryKey.recover.resetVaultConfigSuccess.message" wrapText="true" textAlignment="LEFT">
+			<padding>
+				<Insets bottom="6" top="6"/>
+			</padding>
+		</Label>
+
+		<Label text="%recoveryKey.recover.resetSuccess.description" wrapText="true" textAlignment="LEFT"/>
+
+		<Region VBox.vgrow="ALWAYS" minHeight="18"/>
+		<ButtonBar buttonMinWidth="120" buttonOrder="+C">
+			<buttons>
+				<Button text="%generic.button.close" ButtonBar.buttonData="CANCEL_CLOSE" defaultButton="true" cancelButton="true" onAction="#close"/>
+			</buttons>
+		</ButtonBar>
+	</VBox>
+</children>
+</HBox>
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index faa7eef41..818f429b8 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -515,6 +515,8 @@ recoveryKey.recover.resetBtn=Reset
 ### Recovery Key Password Reset Success
 recoveryKey.recover.resetSuccess.message=Password reset successful
 recoveryKey.recover.resetSuccess.description=You can unlock your vault with the new password.
+### Recovery Key Vault Config Reset Success
+recoveryKey.recover.resetVaultConfigSuccess.message=Vault config reset successful
 
 # Convert Vault
 convertVault.title=Convert Vault

From fb6f7072d4d1017a38d774ab5ad35682886e75b6 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Tue, 14 Jan 2025 15:12:21 +0100
Subject: [PATCH 003/117] new vault states implemented in selectVaultRemovable

---
 .../ui/mainwindow/VaultListContextMenuController.java         | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java
index a6baa0baf..65838b96f 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java
@@ -21,9 +21,11 @@ import java.util.Objects;
 
 import static org.cryptomator.common.vaults.VaultState.Value.ERROR;
 import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
+import static org.cryptomator.common.vaults.VaultState.Value.MASTERKEY_MISSING;
 import static org.cryptomator.common.vaults.VaultState.Value.MISSING;
 import static org.cryptomator.common.vaults.VaultState.Value.NEEDS_MIGRATION;
 import static org.cryptomator.common.vaults.VaultState.Value.UNLOCKED;
+import static org.cryptomator.common.vaults.VaultState.Value.VAULT_CONFIG_MISSING;
 
 @MainWindowScoped
 public class VaultListContextMenuController implements FxController {
@@ -53,7 +55,7 @@ public class VaultListContextMenuController implements FxController {
 
 		this.selectedVaultState = selectedVault.flatMap(Vault::stateProperty).orElse(null);
 		this.selectedVaultPassphraseStored = selectedVault.map(this::isPasswordStored).orElse(false);
-		this.selectedVaultRemovable = selectedVaultState.map(EnumSet.of(LOCKED, MISSING, ERROR, NEEDS_MIGRATION)::contains).orElse(false);
+		this.selectedVaultRemovable = selectedVaultState.map(EnumSet.of(LOCKED, MISSING, ERROR, NEEDS_MIGRATION, MASTERKEY_MISSING, VAULT_CONFIG_MISSING)::contains).orElse(false);
 		this.selectedVaultUnlockable = selectedVaultState.map(LOCKED::equals).orElse(false);
 		this.selectedVaultLockable = selectedVaultState.map(UNLOCKED::equals).orElse(false);
 	}

From 756672258d86ca77fc7b7d4aa83a3714e3e6cb28 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Tue, 14 Jan 2025 15:29:49 +0100
Subject: [PATCH 004/117] add Hub Vault check for MASTERKEY_MISSING state

---
 .../cryptomator/common/vaults/VaultListManager.java  | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index c3b54a836..7a588f1a8 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -15,6 +15,7 @@ import org.cryptomator.cryptofs.CryptoFileSystemProvider;
 import org.cryptomator.cryptofs.DirStructure;
 import org.cryptomator.cryptofs.migration.Migrators;
 import org.cryptomator.integrations.mount.MountService;
+import org.cryptomator.ui.keyloading.hub.HubKeyLoadingStrategy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -105,6 +106,10 @@ public class VaultListManager {
 
 	private void addAll(Collection<VaultSettings> vaultSettings) {
 		Collection<Vault> vaults = vaultSettings.stream().map(this::create).toList();
+		vaults.forEach(vault -> {
+			VaultState.Value newState = redetermineVaultState(vault);
+			LOG.info("New state for vault at {}: {}", vault.getPath(), newState);
+		});
 		vaultList.addAll(vaults);
 	}
 
@@ -137,6 +142,12 @@ public class VaultListManager {
 			case LOCKED, NEEDS_MIGRATION, MISSING, VAULT_CONFIG_MISSING, MASTERKEY_MISSING -> {
 				try {
 					var determinedState = determineVaultState(vault.getPath());
+					if(determinedState == MASTERKEY_MISSING){
+						var vaultScheme = vault.getVaultConfigCache().getUnchecked().getKeyId().getScheme();
+						if((vaultScheme.equals(HubKeyLoadingStrategy.SCHEME_HUB_HTTP) || vaultScheme.equals(HubKeyLoadingStrategy.SCHEME_HUB_HTTPS))){
+							determinedState = LOCKED;
+						}
+					}
 					if (determinedState == LOCKED) {
 						vault.getVaultConfigCache().reloadConfig();
 					}
@@ -180,7 +191,6 @@ public class VaultListManager {
 
 		}
 		else if (!Files.exists(pathToMasterkey)) {
-			//return VaultState.Value.MASTERKEY_MISSING;
 			try (Stream<Path> files = Files.list(pathToMasterkey.getParent())) {
 				Path backupFile = files.filter(file -> {
 					String fileName = file.getFileName().toString();

From 8191a7dae664658192b1373ae5bd4fc4684127d2 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 15 Jan 2025 21:05:27 +0100
Subject: [PATCH 005/117] add isHubVault dialog

---
 .../common/vaults/VaultListManager.java       |  9 ++--
 .../org/cryptomator/ui/common/FxmlFile.java   |  1 +
 .../VaultDetailMissingVaultController.java    |  3 +-
 .../ui/recoverykey/RecoveryKeyComponent.java  | 11 ++++
 .../RecoveryKeyIsHubVaultController.java      | 50 +++++++++++++++++
 .../ui/recoverykey/RecoveryKeyModule.java     | 11 ++++
 .../RecoveryKeyResetPasswordController.java   |  8 ++-
 .../fxml/recoverykey_is_hub_vault.fxml        | 54 +++++++++++++++++++
 8 files changed, 140 insertions(+), 7 deletions(-)
 create mode 100644 src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
 create mode 100644 src/main/resources/fxml/recoverykey_is_hub_vault.fxml

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index 7a588f1a8..d0f3bc53b 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -38,7 +38,6 @@ import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
 import static org.cryptomator.common.vaults.VaultState.Value.ERROR;
 import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
 import static org.cryptomator.common.vaults.VaultState.Value.MASTERKEY_MISSING;
-import static org.cryptomator.common.vaults.VaultState.Value.MISSING;
 import static org.cryptomator.common.vaults.VaultState.Value.VAULT_CONFIG_MISSING;
 
 @Singleton
@@ -167,7 +166,10 @@ public class VaultListManager {
 	private static VaultState.Value determineVaultState(Path pathToVault) throws IOException {
 		Path pathToVaultConfig = Path.of(pathToVault.toString(),"vault.cryptomator");
 		Path pathToMasterkey = Path.of(pathToVault.toString(),"masterkey.cryptomator");
-		if (!Files.exists(pathToVaultConfig)) {
+		if (!Files.exists(pathToVault)) {
+			return VaultState.Value.MISSING;
+		}
+		else if (!Files.exists(pathToVaultConfig)) {
 			try (Stream<Path> files = Files.list(pathToVaultConfig.getParent())) {
 				Path backupFile = files.filter(file -> {
 					String fileName = file.getFileName().toString();
@@ -213,9 +215,6 @@ public class VaultListManager {
 				return MASTERKEY_MISSING;
 			}
 		}
-		else if (!Files.exists(pathToVault)) {
-			return VaultState.Value.MISSING;
-		}
 		return switch (CryptoFileSystemProvider.checkDirStructureForVault(pathToVault, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME)) {
 			case VAULT -> VaultState.Value.LOCKED;
 			case UNRELATED -> VaultState.Value.MISSING;
diff --git a/src/main/java/org/cryptomator/ui/common/FxmlFile.java b/src/main/java/org/cryptomator/ui/common/FxmlFile.java
index 13c0d4609..ed58df863 100644
--- a/src/main/java/org/cryptomator/ui/common/FxmlFile.java
+++ b/src/main/java/org/cryptomator/ui/common/FxmlFile.java
@@ -41,6 +41,7 @@ public enum FxmlFile {
 	QUIT("/fxml/quit.fxml"), //
 	QUIT_FORCED("/fxml/quit_forced.fxml"), //
 	RECOVERYKEY_CREATE("/fxml/recoverykey_create.fxml"), //
+	RECOVERYKEY_IS_HUB_VAULT("/fxml/recoverykey_is_hub_vault.fxml"), //
 	RECOVERYKEY_RECOVER("/fxml/recoverykey_recover.fxml"), //
 	RECOVERYKEY_RESET_PASSWORD("/fxml/recoverykey_reset_password.fxml"), //
 	RECOVERYKEY_RESET_PASSWORD_SUCCESS("/fxml/recoverykey_reset_password_success.fxml"), //
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
index 058d53e23..8363c6036 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
@@ -48,8 +48,9 @@ public class VaultDetailMissingVaultController implements FxController {
 
 	@FXML
 	void restoreVaultConfig(){
-		recoveryKeyWindow.create(vault.get(), window).showRecoveryKeyRecoverWindow("Recover VaultConfig");
+		recoveryKeyWindow.create(vault.get(), window).showIsHubVaultDialogWindow();
 	}
+
 	@FXML
 	void restoreMasterkey(){
 		recoveryKeyWindow.create(vault.get(), window).showRecoveryKeyRecoverWindow("Recover Masterkey");
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
index c546a8806..6c6e836db 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
@@ -24,6 +24,9 @@ public interface RecoveryKeyComponent {
 	@FxmlScene(FxmlFile.RECOVERYKEY_RECOVER)
 	Lazy<Scene> recoverScene();
 
+	@FxmlScene(FxmlFile.RECOVERYKEY_IS_HUB_VAULT)
+	Lazy<Scene> recoverIsHubVaultScene();
+
 	default void showRecoveryKeyCreationWindow() {
 		Stage stage = window();
 		stage.setScene(creationScene().get());
@@ -46,6 +49,14 @@ public interface RecoveryKeyComponent {
 		stage.show();
 	}
 
+	default void showIsHubVaultDialogWindow(){
+		Stage stage = window();
+		stage.setScene(recoverIsHubVaultScene().get());
+		stage.setTitle("Recover Vault Config");
+		stage.sizeToScene();
+		stage.show();
+	}
+
 	@Subcomponent.Factory
 	interface Factory {
 
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
new file mode 100644
index 000000000..c0a8fdfd3
--- /dev/null
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
@@ -0,0 +1,50 @@
+package org.cryptomator.ui.recoverykey;
+
+import dagger.Lazy;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlScene;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Inject;
+import javafx.beans.property.StringProperty;
+import javafx.fxml.FXML;
+import javafx.scene.Scene;
+import javafx.stage.Stage;
+import java.util.ResourceBundle;
+
+@RecoveryKeyScoped
+public class RecoveryKeyIsHubVaultController implements FxController {
+
+	private static final Logger LOG = LoggerFactory.getLogger(RecoveryKeyIsHubVaultController.class);
+
+	private final Stage window;
+	private final Lazy<Scene> recoverykeyRecoverScene;
+
+	@Inject
+	public RecoveryKeyIsHubVaultController(@RecoveryKeyWindow Stage window,
+										   @RecoveryKeyWindow Vault vault,
+										   @RecoveryKeyWindow StringProperty recoveryKey,
+										   @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverykeyRecoverScene,
+										   ResourceBundle resourceBundle) {
+		this.window = window;
+		//window.setTitle("Is it a hub vault? Huh?");
+		this.recoverykeyRecoverScene = recoverykeyRecoverScene;
+	}
+
+	@FXML
+	public void initialize() {
+	}
+
+	@FXML
+	public void close() {
+		window.close();
+	}
+
+	@FXML
+	public void recover() {
+		window.setScene(recoverykeyRecoverScene.get());
+	}
+}
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
index 03b1bc029..165787497 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
@@ -112,6 +112,12 @@ abstract class RecoveryKeyModule {
 		return fxmlLoaders.createScene(FxmlFile.RECOVERYKEY_RESET_VAULT_CONFIG_SUCCESS);
 	}
 
+	@Provides
+	@FxmlScene(FxmlFile.RECOVERYKEY_IS_HUB_VAULT)
+	@RecoveryKeyScoped
+	static Scene provideRecoveryKeyIsHubVaultScene(@RecoveryKeyWindow FxmlLoaderFactory fxmlLoaders) {
+		return fxmlLoaders.createScene(FxmlFile.RECOVERYKEY_IS_HUB_VAULT);
+	}
 
 	// ------------------
 
@@ -127,6 +133,11 @@ abstract class RecoveryKeyModule {
 		return new RecoveryKeyDisplayController(window, vault.getDisplayName(), recoveryKey.get(), localization);
 	}
 
+	@Binds
+	@IntoMap
+	@FxControllerKey(RecoveryKeyIsHubVaultController.class)
+	abstract FxController provideRecoveryKeyIsHubVaultController(RecoveryKeyIsHubVaultController controller);
+
 	@Binds
 	@IntoMap
 	@FxControllerKey(RecoveryKeyRecoverController.class)
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index c5b466430..46867b356 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -2,6 +2,7 @@ package org.cryptomator.ui.recoverykey;
 
 import dagger.Lazy;
 import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.cryptofs.CryptoFileSystemProperties;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
 import org.cryptomator.cryptolib.api.CryptoException;
@@ -127,7 +128,12 @@ public class RecoveryKeyResetPasswordController implements FxController {
 			});
 			task.setOnSucceeded(event -> {
 				LOG.info("Used recovery key to reset password for {}.", vault.getDisplayablePath());
-				window.setScene(recoverResetPasswordSuccessScene.get());
+				if(vault.getState().equals(VaultState.Value.VAULT_CONFIG_MISSING)){
+					window.setScene(recoverResetVaultConfigSuccessScene.get());
+				}
+				else {
+					window.setScene(recoverResetPasswordSuccessScene.get());
+				}
 			});
 			task.setOnFailed(event -> {
 				LOG.error("Resetting password failed.", task.getException());
diff --git a/src/main/resources/fxml/recoverykey_is_hub_vault.fxml b/src/main/resources/fxml/recoverykey_is_hub_vault.fxml
new file mode 100644
index 000000000..920777303
--- /dev/null
+++ b/src/main/resources/fxml/recoverykey_is_hub_vault.fxml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<?import javafx.geometry.Insets?>
+<?import javafx.scene.control.Button?>
+<?import javafx.scene.control.ButtonBar?>
+<?import javafx.scene.layout.Region?>
+<?import javafx.scene.layout.HBox?>
+<?import javafx.scene.layout.VBox?>
+<?import javafx.scene.control.Label?>
+<?import javafx.scene.layout.StackPane?>
+<?import javafx.scene.Group?>
+<?import javafx.scene.shape.Circle?>
+<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
+<HBox xmlns:fx="http://javafx.com/fxml"
+	  xmlns="http://javafx.com/javafx"
+	  fx:controller="org.cryptomator.ui.recoverykey.RecoveryKeyIsHubVaultController"
+	  minWidth="400"
+	  maxWidth="400"
+	  minHeight="145"
+	  spacing="12"
+	  alignment="TOP_CENTER">
+	<padding>
+		<Insets topRightBottomLeft="12"/>
+	</padding>
+	<children>
+		<Group>
+			<StackPane>
+				<padding>
+					<Insets topRightBottomLeft="6"/>
+				</padding>
+				<Circle styleClass="glyph-icon-primary" radius="24"/>
+				<FontAwesome5IconView styleClass="glyph-icon-white" glyph="QUESTION" glyphSize="24"/>
+			</StackPane>
+		</Group>
+
+		<VBox HBox.hgrow="ALWAYS">
+			<Label styleClass="label-large" text="Hub Vault or not?" wrapText="true">
+				<padding>
+					<Insets bottom="6" top="6"/>
+				</padding>
+			</Label>
+
+			<Label text="If your Vault is an Hub Vault you can restore the vault config .... Otherwise you need the recovery key of the vault to restore the config files." wrapText="true"/>
+
+			<Region VBox.vgrow="ALWAYS" minHeight="18"/>
+			<ButtonBar buttonMinWidth="120" buttonOrder="+C">
+				<buttons>
+					<Button text="%generic.button.close" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
+					<Button text="Use RecoveryKey" ButtonBar.buttonData="CANCEL_CLOSE" defaultButton="true" onAction="#recover"/>
+				</buttons>
+			</ButtonBar>
+		</VBox>
+	</children>
+</HBox>

From 676c507a500069b786c143ab1832e4f8ec46eb6a Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Fri, 21 Feb 2025 19:43:09 +0100
Subject: [PATCH 006/117] add RecoverUtil and some ui changes

---
 .../org/cryptomator/common/RecoverUtil.java   | 86 +++++++++++++++++++
 .../common/vaults/VaultListManager.java       | 77 +++++------------
 .../ChooseExistingVaultController.java        |  5 ++
 .../org/cryptomator/ui/dialogs/Dialogs.java   | 10 +++
 .../VaultDetailMissingVaultController.java    |  8 +-
 .../RecoveryKeyRecoverController.java         | 10 +--
 .../RecoveryKeyResetPasswordController.java   |  4 +-
 .../resources/fxml/addvault_existing.fxml     |  9 +-
 src/main/resources/i18n/strings.properties    |  8 +-
 9 files changed, 149 insertions(+), 68 deletions(-)
 create mode 100644 src/main/java/org/cryptomator/common/RecoverUtil.java

diff --git a/src/main/java/org/cryptomator/common/RecoverUtil.java b/src/main/java/org/cryptomator/common/RecoverUtil.java
new file mode 100644
index 000000000..f014e0e0d
--- /dev/null
+++ b/src/main/java/org/cryptomator/common/RecoverUtil.java
@@ -0,0 +1,86 @@
+package org.cryptomator.common;
+
+import org.cryptomator.common.vaults.VaultState;
+import org.cryptomator.cryptolib.api.Cryptor;
+import org.cryptomator.cryptolib.api.CryptorProvider;
+import org.cryptomator.cryptolib.api.Masterkey;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.StandardCopyOption;
+import java.security.SecureRandom;
+import java.util.Optional;
+import java.util.stream.Stream;
+
+import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
+import static org.cryptomator.cryptofs.common.Constants.DATA_DIR_NAME;
+import static org.cryptomator.cryptolib.api.CryptorProvider.Scheme.SIV_CTRMAC;
+import static org.cryptomator.cryptolib.api.CryptorProvider.Scheme.SIV_GCM;
+
+public class RecoverUtil {
+
+	public static CryptorProvider.Scheme detectCipherCombo(byte[] masterkey, Path pathToVault) {
+		try {
+			Path dDirPath = pathToVault.resolve(DATA_DIR_NAME);
+
+			Optional<Path> firstC9rFile;
+			try (Stream<Path> paths = Files.walk(dDirPath)) {
+				firstC9rFile = paths.filter(path -> path.toString().endsWith(".c9r")).findFirst();
+			}
+			if (firstC9rFile.isEmpty()) {
+				throw new IllegalStateException("No .c9r file found.");
+			}
+
+			Path c9rFile = firstC9rFile.get();
+			if (canDecryptFileHeader(c9rFile, new Masterkey(masterkey), SIV_GCM)) {
+				return SIV_GCM;
+			}
+			if (canDecryptFileHeader(c9rFile, new Masterkey(masterkey), SIV_CTRMAC)) {
+				return SIV_CTRMAC;
+			}
+
+			return null;
+		} catch (IOException e) {
+			throw new IllegalStateException("Failed to detect cipher combo.", e);
+		}
+	}
+
+	private static boolean canDecryptFileHeader(Path c9rFile, Masterkey masterkey, CryptorProvider.Scheme scheme) {
+		try (Cryptor cryptor = CryptorProvider.forScheme(scheme).provide(masterkey, SecureRandom.getInstanceStrong())) {
+			ByteBuffer header = ByteBuffer.wrap(Files.readAllBytes(c9rFile));
+			cryptor.fileHeaderCryptor().decryptHeader(header);
+			return true;
+		} catch (Exception e) {
+			return false;
+		}
+	}
+
+	public static VaultState.Value tryBackUpConfig(Path pathToConfig, VaultState.Value vaultState) {
+		try (Stream<Path> files = Files.list(pathToConfig.getParent())) {
+			Path backupFile = files.filter(file -> {
+				String fileName = file.getFileName().toString();
+				return switch (vaultState) {
+					case VAULT_CONFIG_MISSING -> fileName.startsWith("vault.cryptomator") && fileName.endsWith(".bkup");
+					case MASTERKEY_MISSING -> fileName.startsWith("masterkey.cryptomator") && fileName.endsWith(".bkup");
+					default -> false;
+				};
+			}).findFirst().orElse(null);
+
+			if (backupFile != null) {
+				try {
+					Files.copy(backupFile, pathToConfig, StandardCopyOption.REPLACE_EXISTING);
+					return LOCKED;
+				} catch (IOException e) {
+					return vaultState;
+				}
+			} else {
+				return vaultState;
+			}
+		} catch (IOException e) {
+			return vaultState;
+		}
+	}
+
+}
diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index 32caa3205..420b60c79 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -9,13 +9,14 @@
 package org.cryptomator.common.vaults;
 
 import org.apache.commons.lang3.SystemUtils;
+import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.common.settings.Settings;
 import org.cryptomator.common.settings.VaultSettings;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
 import org.cryptomator.cryptofs.DirStructure;
 import org.cryptomator.cryptofs.migration.Migrators;
 import org.cryptomator.integrations.mount.MountService;
-import org.cryptomator.ui.keyloading.hub.HubKeyLoadingStrategy;
+import org.cryptomator.ui.keyloading.KeyLoadingStrategy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -26,13 +27,11 @@ import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
-import java.nio.file.StandardCopyOption;
 import java.util.Collection;
 import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.ResourceBundle;
-import java.util.stream.Stream;
 
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
@@ -124,11 +123,15 @@ public class VaultListManager {
 	private Vault create(VaultSettings vaultSettings) {
 		var wrapper = new VaultConfigCache(vaultSettings);
 		try {
-			if (Objects.isNull(vaultSettings.lastKnownKeyLoader.get())) {
-				var keyIdScheme = wrapper.get().getKeyId().getScheme();
-				vaultSettings.lastKnownKeyLoader.set(keyIdScheme);
+			try {
+				if (Objects.isNull(vaultSettings.lastKnownKeyLoader.get())) {
+					var keyIdScheme = wrapper.get().getKeyId().getScheme();
+					vaultSettings.lastKnownKeyLoader.set(keyIdScheme);
+				}
+			} catch (NoSuchFileException e) {
+				LOG.warn("Vault config file not found.");
 			}
-			var vaultState = determineVaultState(vaultSettings.path.get());
+			var vaultState = determineVaultState(vaultSettings.path.get(),vaultSettings);
 			if (vaultState == LOCKED) { //for legacy reasons: pre v8 vault do not have a config, but they are in the NEEDS_MIGRATION state
 				wrapper.reloadConfig();
 			}
@@ -145,10 +148,10 @@ public class VaultListManager {
 		return switch (previousState) {
 			case LOCKED, NEEDS_MIGRATION, MISSING, VAULT_CONFIG_MISSING, MASTERKEY_MISSING -> {
 				try {
-					var determinedState = determineVaultState(vault.getPath());
+					var determinedState = determineVaultState(vault.getPath(),vault.getVaultSettings());
 					if(determinedState == MASTERKEY_MISSING){
 						var vaultScheme = vault.getVaultConfigCache().getUnchecked().getKeyId().getScheme();
-						if((vaultScheme.equals(HubKeyLoadingStrategy.SCHEME_HUB_HTTP) || vaultScheme.equals(HubKeyLoadingStrategy.SCHEME_HUB_HTTPS))){
+						if(KeyLoadingStrategy.isHubVault(vaultScheme)){
 							determinedState = LOCKED;
 						}
 					}
@@ -168,58 +171,24 @@ public class VaultListManager {
 		};
 	}
 
-	private static VaultState.Value determineVaultState(Path pathToVault) throws IOException {
+	private static VaultState.Value determineVaultState(Path pathToVault, VaultSettings vaultSettings) throws IOException {
 		Path pathToVaultConfig = Path.of(pathToVault.toString(),"vault.cryptomator");
 		Path pathToMasterkey = Path.of(pathToVault.toString(),"masterkey.cryptomator");
+
 		if (!Files.exists(pathToVault)) {
 			return VaultState.Value.MISSING;
 		}
-		else if (!Files.exists(pathToVaultConfig)) {
-			try (Stream<Path> files = Files.list(pathToVaultConfig.getParent())) {
-				Path backupFile = files.filter(file -> {
-					String fileName = file.getFileName().toString();
-					return fileName.startsWith("vault.cryptomator") && fileName.endsWith(".bkup");
-				}).findFirst().orElse(null);
-
-				if (backupFile != null) {
-					try {
-						Files.copy(backupFile, pathToVaultConfig, StandardCopyOption.REPLACE_EXISTING);
-					} catch (IOException e) {
-						LOG.error("error",e);
-						return VAULT_CONFIG_MISSING;
-					}
-				} else {
-					return VAULT_CONFIG_MISSING;
-				}
-			} catch (IOException e) {
-				LOG.error("error",e);
-				return VAULT_CONFIG_MISSING;
-			}
-
+		else if (Files.notExists(pathToVaultConfig)) {
+			return RecoverUtil.tryBackUpConfig(pathToVaultConfig, VAULT_CONFIG_MISSING);
 		}
-		else if (!Files.exists(pathToMasterkey)) {
-			try (Stream<Path> files = Files.list(pathToMasterkey.getParent())) {
-				Path backupFile = files.filter(file -> {
-					String fileName = file.getFileName().toString();
-					return fileName.startsWith("masterkey.cryptomator") && fileName.endsWith(".bkup");
-				}).findFirst().orElse(null);
-
-				if (backupFile != null) {
-					try {
-						Files.copy(backupFile, pathToMasterkey, StandardCopyOption.REPLACE_EXISTING);
-						return MASTERKEY_MISSING;
-					} catch (IOException e) {
-						LOG.error("error",e);
-						return MASTERKEY_MISSING;
-					}
-				} else {
-					return MASTERKEY_MISSING;
-				}
-			} catch (IOException e) {
-				LOG.error("error",e);
-				return MASTERKEY_MISSING;
-			}
+		else if (Files.notExists(pathToMasterkey) &&
+				KeyLoadingStrategy.isMasterkeyFileVault(vaultSettings.lastKnownKeyLoader.get())) {
+			return RecoverUtil.tryBackUpConfig(pathToMasterkey, MASTERKEY_MISSING);
 		}
+		return checkDirStructure(pathToVault);
+	}
+
+	private static VaultState.Value checkDirStructure(Path pathToVault) throws IOException{
 		return switch (CryptoFileSystemProvider.checkDirStructureForVault(pathToVault, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME)) {
 			case VAULT -> VaultState.Value.LOCKED;
 			case UNRELATED -> VaultState.Value.MISSING;
diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
index be9ea15c7..71e525e42 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -94,6 +94,11 @@ public class ChooseExistingVaultController implements FxController {
 		}
 	}
 
+	@FXML
+	public void restoreVaultConfigWithRecoveryKey() {
+		//appWindows.showErrorWindow(e, window, window.getScene());
+	}
+
 	/* Getter */
 
 	public ObservableValue<Image> screenshotProperty() {
diff --git a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
index 5107fe740..5ac9914b6 100644
--- a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
+++ b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
@@ -47,6 +47,16 @@ public class Dialogs {
 				});
 	}
 
+	public SimpleDialog.Builder prepareContactHubAdmin(Stage window) {
+		return createDialogBuilder().setOwner(window) //
+				.setTitleKey("contactHubAdmin.title") //
+				.setMessageKey("contactHubAdmin.message") //
+				.setDescriptionKey("contactHubAdmin.description") //
+				.setIcon(FontAwesome5Icon.EXCLAMATION)//
+				.setOkButtonKey("removeVault.confirmBtn") //
+				.setCancelButtonKey("generic.button.cancel");
+	}
+
 	public SimpleDialog.Builder prepareRemoveCertDialog(Stage window, Settings settings) {
 		return createDialogBuilder() //
 				.setOwner(window) //
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
index 3815317a9..fc52aa775 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
@@ -4,6 +4,7 @@ import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.dialogs.Dialogs;
+import org.cryptomator.ui.keyloading.KeyLoadingStrategy;
 import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 
 import javax.inject.Inject;
@@ -54,7 +55,12 @@ public class VaultDetailMissingVaultController implements FxController {
 
 	@FXML
 	void restoreVaultConfig() {
-		recoveryKeyWindow.create(vault.get(), window).showIsHubVaultDialogWindow();
+		if(KeyLoadingStrategy.isHubVault(vault.get().getVaultSettings().lastKnownKeyLoader.get())){
+			dialogs.prepareContactHubAdmin(window).build().showAndWait();
+		}
+		else {
+			recoveryKeyWindow.create(vault.get(), window).showIsHubVaultDialogWindow();
+		}
 	}
 
 	@FXML
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
index 944c52043..b22054f56 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
@@ -1,9 +1,6 @@
 package org.cryptomator.ui.recoverykey;
 
 import dagger.Lazy;
-import org.cryptomator.common.Nullable;
-import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.cryptofs.VaultConfig;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
@@ -11,9 +8,6 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
-import javafx.beans.Observable;
-import javafx.beans.property.StringProperty;
-import javafx.beans.value.ObservableValue;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
 import javafx.stage.Stage;
@@ -31,7 +25,9 @@ public class RecoveryKeyRecoverController implements FxController {
 	RecoveryKeyValidateController recoveryKeyValidateController;
 
 	@Inject
-	public RecoveryKeyRecoverController(@RecoveryKeyWindow Stage window, @RecoveryKeyWindow Vault vault, @RecoveryKeyWindow StringProperty recoveryKey,  @FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD) Lazy<Scene> resetPasswordScene, ResourceBundle resourceBundle) {
+	public RecoveryKeyRecoverController(@RecoveryKeyWindow Stage window, //
+										@FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD) Lazy<Scene> resetPasswordScene, //
+										ResourceBundle resourceBundle) {
 		this.window = window;
 		window.setTitle(resourceBundle.getString("recoveryKey.recover.title"));
 		this.resetPasswordScene = resetPasswordScene;
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index 46867b356..04439c1eb 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -1,6 +1,7 @@
 package org.cryptomator.ui.recoverykey;
 
 import dagger.Lazy;
+import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.cryptofs.CryptoFileSystemProperties;
@@ -95,9 +96,10 @@ public class RecoveryKeyResetPasswordController implements FxController {
 			Path masterkeyFilePath = recoveryPath.resolve(MASTERKEY_FILENAME);
 			try (Masterkey masterkey = masterkeyFileAccess.load(masterkeyFilePath, newPasswordController.passwordField.getCharacters())) {
 				try {
+					var combo = RecoverUtil.detectCipherCombo(masterkey.getEncoded(),vaultPath);
 					MasterkeyLoader loader = ignored -> masterkey.copy();
 					CryptoFileSystemProperties fsProps = CryptoFileSystemProperties.cryptoFileSystemProperties() //
-							.withCipherCombo(CryptorProvider.Scheme.SIV_CTRMAC) //
+							.withCipherCombo(combo) //
 							.withKeyLoader(loader) //
 							.withShorteningThreshold(220) //
 							.build();
diff --git a/src/main/resources/fxml/addvault_existing.fxml b/src/main/resources/fxml/addvault_existing.fxml
index 200eae4f9..c4a015a6f 100644
--- a/src/main/resources/fxml/addvault_existing.fxml
+++ b/src/main/resources/fxml/addvault_existing.fxml
@@ -11,7 +11,7 @@
 	  xmlns="http://javafx.com/javafx"
 	  fx:controller="org.cryptomator.ui.addvaultwizard.ChooseExistingVaultController"
 	  prefWidth="450"
-	  prefHeight="450"
+	  prefHeight="480"
 	  spacing="24"
 	  alignment="CENTER">
 	<padding>
@@ -20,13 +20,14 @@
 	<children>
 		<ImageView VBox.vgrow="ALWAYS" fitWidth="400" preserveRatio="true" smooth="true" image="${controller.screenshot}"/>
 
-		<Label text="%addvaultwizard.existing.instruction" wrapText="true" labelFor="$finishButton"/>
+		<Label text="%addvaultwizard.existing.instruction" wrapText="true"/>
 
 		<Region VBox.vgrow="ALWAYS"/>
 
-		<ButtonBar buttonMinWidth="120" buttonOrder="+X">
+		<ButtonBar buttonMinWidth="120" buttonOrder="+CX">
 			<buttons>
-				<Button fx:id="finishButton" text="%addvaultwizard.existing.chooseBtn" ButtonBar.buttonData="NEXT_FORWARD" onAction="#chooseFileAndNext" defaultButton="true"/>
+				<Button text="%addvaultwizard.existing.restore" ButtonBar.buttonData="NEXT_FORWARD" onAction="#restoreVaultConfigWithRecoveryKey" />
+				<Button text="%addvaultwizard.existing.chooseBtn" ButtonBar.buttonData="NEXT_FORWARD" onAction="#chooseFileAndNext" defaultButton="true"/>
 			</buttons>
 		</ButtonBar>
 	</children>
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index 9f518862c..349141519 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -95,7 +95,8 @@ addvault.new.readme.accessLocation.3=Any files added to this volume will be encr
 addvault.new.readme.accessLocation.4=Feel free to remove this file.
 ## Existing
 addvaultwizard.existing.title=Add Existing Vault
-addvaultwizard.existing.instruction=Choose the "vault.cryptomator" file of your existing vault. If only a file named "masterkey.cryptomator" exists, select that instead.
+addvaultwizard.existing.instruction=Choose the "vault.cryptomator" file of your existing vault. If only a file named "masterkey.cryptomator" exists, select that instead. If your vault.cryptomator lost you can recover it with your RecoveryKey.
+addvaultwizard.existing.restore=Restore…
 addvaultwizard.existing.chooseBtn=Choose…
 addvaultwizard.existing.filePickerTitle=Select Vault File
 addvaultwizard.existing.filePickerMimeDesc=Cryptomator Vault
@@ -109,6 +110,11 @@ removeVault.message=Remove vault?
 removeVault.description=This will only make Cryptomator forget about this vault. You can add it again. No encrypted files will be deleted from your hard drive.
 removeVault.confirmBtn=Remove Vault
 
+# Contact Hub Admin
+contactHubAdmin.title=Contact Admin
+contactHubAdmin.message=Contact Admin
+contactHubAdmin.description=You should contact your vault admin.
+
 # Change Password
 changepassword.title=Change Password
 changepassword.enterOldPassword=Enter the current password for "%s"

From 895614353eeaad03ea55fdba2eab7eefa2eeaa26 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Fri, 21 Feb 2025 23:24:34 +0100
Subject: [PATCH 007/117] improve RecoverUtil and determineVaultState

---
 .../org/cryptomator/common/RecoverUtil.java   | 89 +++++++++----------
 .../common/vaults/VaultListManager.java       | 28 ++++--
 2 files changed, 63 insertions(+), 54 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/RecoverUtil.java b/src/main/java/org/cryptomator/common/RecoverUtil.java
index f014e0e0d..8cce5fe09 100644
--- a/src/main/java/org/cryptomator/common/RecoverUtil.java
+++ b/src/main/java/org/cryptomator/common/RecoverUtil.java
@@ -11,10 +11,8 @@ import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.StandardCopyOption;
 import java.security.SecureRandom;
-import java.util.Optional;
 import java.util.stream.Stream;
 
-import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
 import static org.cryptomator.cryptofs.common.Constants.DATA_DIR_NAME;
 import static org.cryptomator.cryptolib.api.CryptorProvider.Scheme.SIV_CTRMAC;
 import static org.cryptomator.cryptolib.api.CryptorProvider.Scheme.SIV_GCM;
@@ -22,64 +20,61 @@ import static org.cryptomator.cryptolib.api.CryptorProvider.Scheme.SIV_GCM;
 public class RecoverUtil {
 
 	public static CryptorProvider.Scheme detectCipherCombo(byte[] masterkey, Path pathToVault) {
-		try {
-			Path dDirPath = pathToVault.resolve(DATA_DIR_NAME);
-
-			Optional<Path> firstC9rFile;
-			try (Stream<Path> paths = Files.walk(dDirPath)) {
-				firstC9rFile = paths.filter(path -> path.toString().endsWith(".c9r")).findFirst();
-			}
-			if (firstC9rFile.isEmpty()) {
-				throw new IllegalStateException("No .c9r file found.");
-			}
-
-			Path c9rFile = firstC9rFile.get();
-			if (canDecryptFileHeader(c9rFile, new Masterkey(masterkey), SIV_GCM)) {
-				return SIV_GCM;
-			}
-			if (canDecryptFileHeader(c9rFile, new Masterkey(masterkey), SIV_CTRMAC)) {
-				return SIV_CTRMAC;
-			}
-
-			return null;
+		try (Stream<Path> paths = Files.walk(pathToVault.resolve(DATA_DIR_NAME))) {
+			return paths.filter(path -> path.toString().endsWith(".c9r"))
+					.findFirst()
+					.map(c9rFile -> determineScheme(c9rFile, masterkey))
+					.orElseThrow(() -> new IllegalStateException("No .c9r file found."));
 		} catch (IOException e) {
 			throw new IllegalStateException("Failed to detect cipher combo.", e);
 		}
 	}
 
-	private static boolean canDecryptFileHeader(Path c9rFile, Masterkey masterkey, CryptorProvider.Scheme scheme) {
-		try (Cryptor cryptor = CryptorProvider.forScheme(scheme).provide(masterkey, SecureRandom.getInstanceStrong())) {
+	private static CryptorProvider.Scheme determineScheme(Path c9rFile, byte[] masterkey) {
+		try {
 			ByteBuffer header = ByteBuffer.wrap(Files.readAllBytes(c9rFile));
-			cryptor.fileHeaderCryptor().decryptHeader(header);
+			return tryDecrypt(header, new Masterkey(masterkey), SIV_GCM) ? SIV_GCM :
+					tryDecrypt(header, new Masterkey(masterkey), SIV_CTRMAC) ? SIV_CTRMAC : null;
+		} catch (IOException e) {
+			return null;
+		}
+	}
+
+	private static boolean tryDecrypt(ByteBuffer header, Masterkey masterkey, CryptorProvider.Scheme scheme) {
+		try (Cryptor cryptor = CryptorProvider.forScheme(scheme).provide(masterkey, SecureRandom.getInstanceStrong())) {
+			cryptor.fileHeaderCryptor().decryptHeader(header.duplicate());
 			return true;
 		} catch (Exception e) {
 			return false;
 		}
 	}
 
-	public static VaultState.Value tryBackUpConfig(Path pathToConfig, VaultState.Value vaultState) {
-		try (Stream<Path> files = Files.list(pathToConfig.getParent())) {
-			Path backupFile = files.filter(file -> {
-				String fileName = file.getFileName().toString();
-				return switch (vaultState) {
-					case VAULT_CONFIG_MISSING -> fileName.startsWith("vault.cryptomator") && fileName.endsWith(".bkup");
-					case MASTERKEY_MISSING -> fileName.startsWith("masterkey.cryptomator") && fileName.endsWith(".bkup");
-					default -> false;
-				};
-			}).findFirst().orElse(null);
-
-			if (backupFile != null) {
-				try {
-					Files.copy(backupFile, pathToConfig, StandardCopyOption.REPLACE_EXISTING);
-					return LOCKED;
-				} catch (IOException e) {
-					return vaultState;
-				}
-			} else {
-				return vaultState;
-			}
+	public static boolean restoreBackupIfAvailable(Path configPath, VaultState.Value vaultState) {
+		try (Stream<Path> files = Files.list(configPath.getParent())) {
+			return files
+					.filter(file -> matchesBackupFile(file.getFileName().toString(), vaultState))
+					.findFirst()
+					.map(backupFile -> copyBackupFile(backupFile, configPath))
+					.orElse(false);
 		} catch (IOException e) {
-			return vaultState;
+			return false;
+		}
+	}
+
+	private static boolean matchesBackupFile(String fileName, VaultState.Value vaultState) {
+		return switch (vaultState) {
+			case VAULT_CONFIG_MISSING -> fileName.startsWith("vault.cryptomator") && fileName.endsWith(".bkup");
+			case MASTERKEY_MISSING -> fileName.startsWith("masterkey.cryptomator") && fileName.endsWith(".bkup");
+			default -> false;
+		};
+	}
+
+	private static boolean copyBackupFile(Path backupFile, Path configPath) {
+		try {
+			Files.copy(backupFile, configPath, StandardCopyOption.REPLACE_EXISTING);
+			return true;
+		} catch (IOException e) {
+			return false;
 		}
 	}
 
diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index 420b60c79..7f18e82c9 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -172,19 +172,33 @@ public class VaultListManager {
 	}
 
 	private static VaultState.Value determineVaultState(Path pathToVault, VaultSettings vaultSettings) throws IOException {
-		Path pathToVaultConfig = Path.of(pathToVault.toString(),"vault.cryptomator");
-		Path pathToMasterkey = Path.of(pathToVault.toString(),"masterkey.cryptomator");
+		Path pathToVaultConfig = pathToVault.resolve("vault.cryptomator");
+		Path pathToMasterkey = pathToVault.resolve("masterkey.cryptomator");
 
-		if (!Files.exists(pathToVault)) {
+		if (Files.notExists(pathToVault)) {
 			return VaultState.Value.MISSING;
 		}
-		else if (Files.notExists(pathToVaultConfig)) {
-			return RecoverUtil.tryBackUpConfig(pathToVaultConfig, VAULT_CONFIG_MISSING);
+
+		boolean vaultConfigRestored = Files.notExists(pathToVaultConfig) &&
+				RecoverUtil.restoreBackupIfAvailable(pathToVaultConfig, VaultState.Value.VAULT_CONFIG_MISSING);
+
+		boolean masterkeyRestored = Files.notExists(pathToMasterkey) &&
+				KeyLoadingStrategy.isMasterkeyFileVault(vaultSettings.lastKnownKeyLoader.get()) &&
+				RecoverUtil.restoreBackupIfAvailable(pathToMasterkey, VaultState.Value.MASTERKEY_MISSING);
+
+		if (vaultConfigRestored || masterkeyRestored) {
+			return LOCKED;
 		}
-		else if (Files.notExists(pathToMasterkey) &&
+
+		if (Files.notExists(pathToVaultConfig)) {
+			return VaultState.Value.VAULT_CONFIG_MISSING;
+		}
+
+		if (Files.notExists(pathToMasterkey) &&
 				KeyLoadingStrategy.isMasterkeyFileVault(vaultSettings.lastKnownKeyLoader.get())) {
-			return RecoverUtil.tryBackUpConfig(pathToMasterkey, MASTERKEY_MISSING);
+			return VaultState.Value.MASTERKEY_MISSING;
 		}
+
 		return checkDirStructure(pathToVault);
 	}
 

From 8c5325511c4f39054443df56b11a06819fc0a636 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Fri, 28 Feb 2025 13:06:35 +0100
Subject: [PATCH 008/117] created more static methods in RecoverUtil, added
 first flow for choose dir and restore

---
 .../org/cryptomator/common/RecoverUtil.java   | 181 ++++++++++++++++--
 .../common/vaults/VaultConfigCache.java       |   2 +-
 .../common/vaults/VaultListManager.java       |   6 +
 .../ChooseExistingVaultController.java        |  43 ++++-
 .../org/cryptomator/ui/common/FxmlFile.java   |   1 +
 .../org/cryptomator/ui/dialogs/Dialogs.java   |  14 ++
 .../ui/recoverykey/RecoveryKeyComponent.java  |   6 +-
 .../RecoveryKeyExpertSettingsController.java  |  97 ++++++++++
 .../RecoveryKeyIsHubVaultController.java      |  10 +-
 .../ui/recoverykey/RecoveryKeyModule.java     |  23 +++
 .../RecoveryKeyRecoverController.java         |  18 +-
 .../RecoveryKeyResetPasswordController.java   | 114 ++++-------
 ...veryKeyResetPasswordSuccessController.java |  12 +-
 .../MasterkeyOptionsController.java           |   8 +-
 .../fxml/recoverykey_expert_settings.fxml     |  85 ++++++++
 src/main/resources/i18n/strings.properties    |  10 +
 16 files changed, 512 insertions(+), 118 deletions(-)
 create mode 100644 src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
 create mode 100644 src/main/resources/fxml/recoverykey_expert_settings.fxml

diff --git a/src/main/java/org/cryptomator/common/RecoverUtil.java b/src/main/java/org/cryptomator/common/RecoverUtil.java
index 8cce5fe09..71a8bf4ed 100644
--- a/src/main/java/org/cryptomator/common/RecoverUtil.java
+++ b/src/main/java/org/cryptomator/common/RecoverUtil.java
@@ -1,30 +1,60 @@
 package org.cryptomator.common;
 
+import dagger.Lazy;
+import org.apache.commons.lang3.SystemUtils;
+import org.cryptomator.common.settings.VaultSettings;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.common.vaults.VaultComponent;
+import org.cryptomator.common.vaults.VaultConfigCache;
+import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.common.vaults.VaultState;
+import org.cryptomator.cryptofs.CryptoFileSystemProperties;
+import org.cryptomator.cryptofs.CryptoFileSystemProvider;
+import org.cryptomator.cryptolib.api.CryptoException;
 import org.cryptomator.cryptolib.api.Cryptor;
 import org.cryptomator.cryptolib.api.CryptorProvider;
 import org.cryptomator.cryptolib.api.Masterkey;
+import org.cryptomator.integrations.mount.MountService;
+import org.cryptomator.ui.changepassword.NewPasswordController;
+import org.cryptomator.ui.dialogs.Dialogs;
+import org.cryptomator.ui.fxapp.FxApplicationWindows;
+import org.cryptomator.ui.recoverykey.RecoveryKeyFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
+import javafx.beans.property.IntegerProperty;
+import javafx.beans.property.StringProperty;
+import javafx.concurrent.Task;
+import javafx.scene.Scene;
+import javafx.stage.DirectoryChooser;
+import javafx.stage.Stage;
+import java.io.File;
 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.StandardCopyOption;
 import java.security.SecureRandom;
+import java.util.Comparator;
+import java.util.List;
+import java.util.Optional;
 import java.util.stream.Stream;
 
+import static org.cryptomator.common.Constants.DEFAULT_KEY_ID;
+import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
+import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
+import static org.cryptomator.common.vaults.VaultState.Value.VAULT_CONFIG_MISSING;
 import static org.cryptomator.cryptofs.common.Constants.DATA_DIR_NAME;
 import static org.cryptomator.cryptolib.api.CryptorProvider.Scheme.SIV_CTRMAC;
 import static org.cryptomator.cryptolib.api.CryptorProvider.Scheme.SIV_GCM;
 
 public class RecoverUtil {
 
+	private static final Logger LOG = LoggerFactory.getLogger(RecoverUtil.class);
+
 	public static CryptorProvider.Scheme detectCipherCombo(byte[] masterkey, Path pathToVault) {
 		try (Stream<Path> paths = Files.walk(pathToVault.resolve(DATA_DIR_NAME))) {
-			return paths.filter(path -> path.toString().endsWith(".c9r"))
-					.findFirst()
-					.map(c9rFile -> determineScheme(c9rFile, masterkey))
-					.orElseThrow(() -> new IllegalStateException("No .c9r file found."));
+			return paths.filter(path -> path.toString().endsWith(".c9r")).findFirst().map(c9rFile -> determineScheme(c9rFile, masterkey)).orElseThrow(() -> new IllegalStateException("No .c9r file found."));
 		} catch (IOException e) {
 			throw new IllegalStateException("Failed to detect cipher combo.", e);
 		}
@@ -33,8 +63,7 @@ public class RecoverUtil {
 	private static CryptorProvider.Scheme determineScheme(Path c9rFile, byte[] masterkey) {
 		try {
 			ByteBuffer header = ByteBuffer.wrap(Files.readAllBytes(c9rFile));
-			return tryDecrypt(header, new Masterkey(masterkey), SIV_GCM) ? SIV_GCM :
-					tryDecrypt(header, new Masterkey(masterkey), SIV_CTRMAC) ? SIV_CTRMAC : null;
+			return tryDecrypt(header, new Masterkey(masterkey), SIV_GCM) ? SIV_GCM : tryDecrypt(header, new Masterkey(masterkey), SIV_CTRMAC) ? SIV_CTRMAC : null;
 		} catch (IOException e) {
 			return null;
 		}
@@ -51,11 +80,7 @@ public class RecoverUtil {
 
 	public static boolean restoreBackupIfAvailable(Path configPath, VaultState.Value vaultState) {
 		try (Stream<Path> files = Files.list(configPath.getParent())) {
-			return files
-					.filter(file -> matchesBackupFile(file.getFileName().toString(), vaultState))
-					.findFirst()
-					.map(backupFile -> copyBackupFile(backupFile, configPath))
-					.orElse(false);
+			return files.filter(file -> matchesBackupFile(file.getFileName().toString(), vaultState)).findFirst().map(backupFile -> copyBackupFile(backupFile, configPath)).orElse(false);
 		} catch (IOException e) {
 			return false;
 		}
@@ -78,4 +103,138 @@ public class RecoverUtil {
 		}
 	}
 
+	public static Path createRecoveryDirectory(Path vaultPath) throws IOException {
+		Path recoveryPath = vaultPath.resolve("r");
+		Files.createDirectory(recoveryPath);
+		return recoveryPath;
+	}
+
+	public static void createNewMasterkeyFile(RecoveryKeyFactory recoveryKeyFactory, Path recoveryPath, String recoveryKey, CharSequence newPassword) throws IOException {
+		recoveryKeyFactory.newMasterkeyFileWithPassphrase(recoveryPath, recoveryKey, newPassword);
+	}
+
+	public static Masterkey loadMasterkey(org.cryptomator.cryptolib.common.MasterkeyFileAccess masterkeyFileAccess, Path masterkeyFilePath, CharSequence password) throws IOException {
+		return masterkeyFileAccess.load(masterkeyFilePath, password);
+	}
+
+	public static void initializeCryptoFileSystem(Path recoveryPath, Path vaultPath, Masterkey masterkey, IntegerProperty shorteningThreshold) throws IOException, CryptoException {
+		var combo = RecoverUtil.detectCipherCombo(masterkey.getEncoded(), vaultPath);
+		org.cryptomator.cryptolib.api.MasterkeyLoader loader = ignored -> masterkey.copy();
+		CryptoFileSystemProperties fsProps = CryptoFileSystemProperties.cryptoFileSystemProperties().withCipherCombo(combo).withKeyLoader(loader).withShorteningThreshold(shorteningThreshold.get()).build();
+		CryptoFileSystemProvider.initialize(recoveryPath, fsProps, DEFAULT_KEY_ID);
+	}
+
+	public static void moveRecoveredFiles(Path recoveryPath, Path vaultPath) throws IOException {
+		Files.move(recoveryPath.resolve(MASTERKEY_FILENAME), vaultPath.resolve(MASTERKEY_FILENAME), StandardCopyOption.REPLACE_EXISTING);
+		Files.move(recoveryPath.resolve(VAULTCONFIG_FILENAME), vaultPath.resolve(VAULTCONFIG_FILENAME));
+	}
+
+	public static void deleteRecoveryDirectory(Path recoveryPath) {
+		try (var paths = Files.walk(recoveryPath)) {
+			paths.sorted(Comparator.reverseOrder()).forEach(p -> {
+				try {
+					Files.delete(p);
+				} catch (IOException e) {
+					LOG.info("Unable to delete {}. Please delete it manually.", p);
+				}
+			});
+		} catch (IOException e) {
+			LOG.error("Failed to clean up recovery directory", e);
+		}
+	}
+
+	public static void addVaultToList(VaultListManager vaultListManager, Path vaultPath) throws IOException {
+		if (!vaultListManager.containsVault(vaultPath)) {
+			vaultListManager.add(vaultPath);
+		}
+	}
+
+	public static Task<Void> createResetPasswordTask(RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, NewPasswordController newPasswordController, Stage window, Lazy<Scene> recoverResetPasswordSuccessScene, Lazy<Scene> recoverResetVaultConfigSuccessScene, FxApplicationWindows appWindows) {
+
+		Task<Void> task = new ResetPasswordTask(recoveryKeyFactory, vault, recoveryKey, newPasswordController);
+
+		task.setOnScheduled(_ -> {
+			LOG.debug("Using recovery key to reset password for {}.", vault.getDisplayablePath());
+		});
+
+		task.setOnSucceeded(_ -> {
+			LOG.info("Used recovery key to reset password for {}.", vault.getDisplayablePath());
+			if (vault.getState().equals(VAULT_CONFIG_MISSING)) {
+				window.setScene(recoverResetVaultConfigSuccessScene.get());
+			} else {
+				window.setScene(recoverResetPasswordSuccessScene.get());
+			}
+		});
+
+		task.setOnFailed(_ -> {
+			LOG.error("Resetting password failed.", task.getException());
+			appWindows.showErrorWindow(task.getException(), window, null);
+		});
+
+		return task;
+	}
+
+
+	public static class ResetPasswordTask extends Task<Void> {
+
+		private static final Logger LOG = LoggerFactory.getLogger(ResetPasswordTask.class);
+		private final RecoveryKeyFactory recoveryKeyFactory;
+		private final Vault vault;
+		private final StringProperty recoveryKey;
+		private final NewPasswordController newPasswordController;
+
+		public ResetPasswordTask(RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, NewPasswordController newPasswordController) {
+			this.recoveryKeyFactory = recoveryKeyFactory;
+			this.vault = vault;
+			this.recoveryKey = recoveryKey;
+			this.newPasswordController = newPasswordController;
+
+			setOnFailed(event -> LOG.error("Failed to reset password", getException()));
+		}
+
+		@Override
+		protected Void call() throws IOException, IllegalArgumentException {
+			recoveryKeyFactory.newMasterkeyFileWithPassphrase(vault.getPath(), recoveryKey.get(), newPasswordController.passwordField.getCharacters());
+			return null;
+		}
+	}
+
+	public static Optional<Vault> prepareVaultFromDirectory(DirectoryChooser directoryChooser, Stage window, Dialogs dialogs, VaultComponent.Factory vaultComponentFactory, List<MountService> mountServices) {
+
+		File selectedDirectory;
+		do {
+			selectedDirectory = directoryChooser.showDialog(window);
+			if (selectedDirectory == null) {
+				return Optional.empty();
+			}
+			boolean hasSubfolderD = new File(selectedDirectory, "d").isDirectory();
+
+			if (!hasSubfolderD) {
+				dialogs.prepareNoDDirectorySelectedDialog(window).build().showAndWait();
+				selectedDirectory = null;
+			}
+		} while (selectedDirectory == null);
+
+		Path selectedPath = selectedDirectory.toPath();
+		VaultSettings vaultSettings = VaultSettings.withRandomId();
+		vaultSettings.path.set(selectedPath);
+		if (selectedPath.getFileName() != null) {
+			vaultSettings.displayName.set(selectedPath.getFileName().toString());
+		} else {
+			vaultSettings.displayName.set("defaultVaultName");
+		}
+
+		var wrapper = new VaultConfigCache(vaultSettings);
+		Vault vault = vaultComponentFactory.create(vaultSettings, wrapper, VAULT_CONFIG_MISSING, null).vault();
+
+		// Spezialbehandlung für Windows + Dropbox + WinFsp
+		var nameOfWinfspLocalMounter = "org.cryptomator.frontend.fuse.mount.WinFspMountProvider";
+		if (SystemUtils.IS_OS_WINDOWS && vaultSettings.path.get().toString().contains("Dropbox") && mountServices.stream().anyMatch(s -> s.getClass().getName().equals(nameOfWinfspLocalMounter))) {
+			vaultSettings.mountService.setValue(nameOfWinfspLocalMounter);
+		}
+
+		return Optional.of(vault);
+	}
+
+
 }
diff --git a/src/main/java/org/cryptomator/common/vaults/VaultConfigCache.java b/src/main/java/org/cryptomator/common/vaults/VaultConfigCache.java
index b879b1f81..4a95fe50b 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultConfigCache.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultConfigCache.java
@@ -20,7 +20,7 @@ public class VaultConfigCache {
 	private final VaultSettings settings;
 	private final AtomicReference<VaultConfig.UnverifiedVaultConfig> config;
 
-	VaultConfigCache(VaultSettings settings) {
+	public VaultConfigCache(VaultSettings settings) {
 		this.settings = settings;
 		this.config = new AtomicReference<>(null);
 	}
diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index 7f18e82c9..63e32da7d 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -69,6 +69,12 @@ public class VaultListManager {
 		autoLocker.init();
 	}
 
+	public boolean containsVault(Path vaultPath) {
+		assert vaultPath.isAbsolute();
+		assert vaultPath.normalize().equals(vaultPath);
+		return vaultList.stream().anyMatch(v -> vaultPath.equals(v.getPath()));
+	}
+
 	public Vault add(Path pathToVault) throws IOException {
 		Path normalizedPathToVault = pathToVault.normalize().toAbsolutePath();
 		if (CryptoFileSystemProvider.checkDirStructureForVault(normalizedPathToVault, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME) == DirStructure.UNRELATED) {
diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
index 71e525e42..f42eb3ac6 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -2,14 +2,19 @@ package org.cryptomator.ui.addvaultwizard;
 
 import dagger.Lazy;
 import org.apache.commons.lang3.SystemUtils;
+import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.common.vaults.VaultComponent;
 import org.cryptomator.common.vaults.VaultListManager;
+import org.cryptomator.integrations.mount.MountService;
 import org.cryptomator.integrations.uiappearance.Theme;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.dialogs.Dialogs;
 import org.cryptomator.ui.fxapp.FxApplicationStyle;
 import org.cryptomator.ui.fxapp.FxApplicationWindows;
+import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -19,12 +24,15 @@ import javafx.beans.value.ObservableValue;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
 import javafx.scene.image.Image;
+import javafx.stage.DirectoryChooser;
 import javafx.stage.FileChooser;
 import javafx.stage.Stage;
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Path;
+import java.util.List;
 import java.util.Objects;
+import java.util.Optional;
 import java.util.ResourceBundle;
 
 import static org.cryptomator.common.Constants.CRYPTOMATOR_FILENAME_GLOB;
@@ -42,6 +50,11 @@ public class ChooseExistingVaultController implements FxController {
 	private final VaultListManager vaultListManager;
 	private final ResourceBundle resourceBundle;
 	private final ObservableValue<Image> screenshot;
+	private final Dialogs dialogs;
+	private final VaultComponent.Factory vaultComponentFactory;
+	private final RecoveryKeyComponent.Factory recoveryKeyWindow;
+	private final List<MountService> mountServices;
+
 
 	@Inject
 	ChooseExistingVaultController(@AddVaultWizardWindow Stage window, //
@@ -51,7 +64,11 @@ public class ChooseExistingVaultController implements FxController {
 								  @AddVaultWizardWindow ObjectProperty<Vault> vault, //
 								  VaultListManager vaultListManager, //
 								  ResourceBundle resourceBundle, //
-								  FxApplicationStyle applicationStyle) {
+								  FxApplicationStyle applicationStyle, //
+								  RecoveryKeyComponent.Factory recoveryKeyWindow, //
+								  VaultComponent.Factory vaultComponentFactory, //
+								  List<MountService> mountServices, //
+								  Dialogs dialogs) {
 		this.window = window;
 		this.successScene = successScene;
 		this.appWindows = appWindows;
@@ -60,6 +77,10 @@ public class ChooseExistingVaultController implements FxController {
 		this.vaultListManager = vaultListManager;
 		this.resourceBundle = resourceBundle;
 		this.screenshot = applicationStyle.appliedThemeProperty().map(this::selectScreenshot);
+		this.recoveryKeyWindow = recoveryKeyWindow;
+		this.vaultComponentFactory = vaultComponentFactory;
+		this.mountServices = mountServices;
+		this.dialogs = dialogs;
 	}
 
 	private Image selectScreenshot(Theme theme) {
@@ -96,7 +117,24 @@ public class ChooseExistingVaultController implements FxController {
 
 	@FXML
 	public void restoreVaultConfigWithRecoveryKey() {
-		//appWindows.showErrorWindow(e, window, window.getScene());
+		DirectoryChooser directoryChooser = new DirectoryChooser();
+		directoryChooser.setTitle(resourceBundle.getString("generic.button.cancel"));
+
+		Optional<Vault> optionalVault = RecoverUtil.prepareVaultFromDirectory(directoryChooser, window, dialogs, vaultComponentFactory, mountServices);
+
+		optionalVault.ifPresent(vault -> {
+			dialogs.prepareContactHubAdmin(window) //
+					.setTitleKey("a.title", vault.getVaultSettings().displayName.get() + " " + vault.getState()) //
+					.setDescriptionKey("a.description") //
+					.setMessageKey("a.message") //
+					.setCancelButtonKey("generic.button.cancel") //
+					.setOkButtonKey("generic.button.next") //
+					.setOkAction(stage -> {
+						recoveryKeyWindow.create(vault, window).showIsHubVaultDialogWindow();
+						stage.close();
+					}) //
+					.build().showAndWait();
+		});
 	}
 
 	/* Getter */
@@ -109,5 +147,4 @@ public class ChooseExistingVaultController implements FxController {
 		return screenshot.getValue();
 	}
 
-
 }
diff --git a/src/main/java/org/cryptomator/ui/common/FxmlFile.java b/src/main/java/org/cryptomator/ui/common/FxmlFile.java
index 2e3c2513f..9a2a68329 100644
--- a/src/main/java/org/cryptomator/ui/common/FxmlFile.java
+++ b/src/main/java/org/cryptomator/ui/common/FxmlFile.java
@@ -41,6 +41,7 @@ public enum FxmlFile {
 	QUIT_FORCED("/fxml/quit_forced.fxml"), //
 	RECOVERYKEY_CREATE("/fxml/recoverykey_create.fxml"), //
 	RECOVERYKEY_IS_HUB_VAULT("/fxml/recoverykey_is_hub_vault.fxml"), //
+	RECOVERYKEY_EXPERT_SETTINGS("/fxml/recoverykey_expert_settings.fxml"), //
 	RECOVERYKEY_RECOVER("/fxml/recoverykey_recover.fxml"), //
 	RECOVERYKEY_RESET_PASSWORD("/fxml/recoverykey_reset_password.fxml"), //
 	RECOVERYKEY_RESET_PASSWORD_SUCCESS("/fxml/recoverykey_reset_password_success.fxml"), //
diff --git a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
index 5ac9914b6..5e625deb2 100644
--- a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
+++ b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
@@ -97,4 +97,18 @@ public class Dialogs {
 				.setOkAction(okAction) //
 				.setCancelAction(Stage::close);
 	}
+
+	public SimpleDialog.Builder prepareNoDDirectorySelectedDialog(Stage window) {
+		return createDialogBuilder() //
+				.setOwner(window) //
+				.setTitleKey("recoveryKey.noDDirDetected.title") //
+				.setMessageKey("recoveryKey.noDDirDetected.message") //
+				.setDescriptionKey("recoveryKey.noDDirDetected.description") //
+				.setIcon(FontAwesome5Icon.EXCLAMATION) //
+				.setOkButtonKey("generic.button.change") //
+				.setCancelButtonKey("generic.button.close") //
+				.setOkAction(Stage::close) //
+				.setCancelAction(Stage::close);
+	}
+
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
index 6c6e836db..40a180f0a 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
@@ -43,16 +43,16 @@ public interface RecoveryKeyComponent {
 
 	default void showRecoveryKeyRecoverWindow(String title) {
 		Stage stage = window();
-		stage.setScene(recoverScene().get());
 		stage.setTitle(title);
+		stage.setScene(recoverScene().get());
 		stage.sizeToScene();
 		stage.show();
 	}
 
-	default void showIsHubVaultDialogWindow(){
+	default void showIsHubVaultDialogWindow() {
 		Stage stage = window();
 		stage.setScene(recoverIsHubVaultScene().get());
-		stage.setTitle("Recover Vault Config");
+		stage.setTitle("Recover Config");
 		stage.sizeToScene();
 		stage.show();
 	}
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
new file mode 100644
index 000000000..7f87c2bab
--- /dev/null
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
@@ -0,0 +1,97 @@
+package org.cryptomator.ui.recoverykey;
+
+import dagger.Lazy;
+import org.cryptomator.ui.addvaultwizard.CreateNewVaultExpertSettingsController;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.controls.NumericTextField;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javafx.application.Application;
+import javafx.beans.binding.Bindings;
+import javafx.beans.binding.BooleanBinding;
+import javafx.beans.property.IntegerProperty;
+import javafx.fxml.FXML;
+import javafx.scene.Scene;
+import javafx.scene.control.CheckBox;
+import javafx.stage.Stage;
+
+@RecoveryKeyScoped
+public class RecoveryKeyExpertSettingsController implements FxController {
+
+	public static final int MAX_SHORTENING_THRESHOLD = 220;
+	public static final int MIN_SHORTENING_THRESHOLD = 36;
+	private static final String DOCS_NAME_SHORTENING_URL = "https://docs.cryptomator.org/security/architecture/#name-shortening";
+
+	private final Stage window;
+	private final Lazy<Application> application;
+	private final Lazy<Scene> resetPasswordScene;
+	private final Lazy<Scene> recoverScene;
+
+	public CheckBox expertSettingsCheckBox;
+	public NumericTextField shorteningThresholdTextField;
+	private final IntegerProperty shorteningThreshold;
+	private final BooleanBinding validShorteningThreshold;
+
+
+	@Inject
+	public RecoveryKeyExpertSettingsController(@RecoveryKeyWindow Stage window, //
+											   Lazy<Application> application, //
+											   @Named("shorteningThreshold") IntegerProperty shorteningThreshold, //
+											   @FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD) Lazy<Scene> resetPasswordScene, //
+											   @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverScene) {
+		this.window = window;
+		this.application = application;
+		this.resetPasswordScene = resetPasswordScene;
+		this.recoverScene = recoverScene;
+		this.shorteningThreshold = shorteningThreshold;
+		this.validShorteningThreshold = Bindings.createBooleanBinding(this::isValidShorteningThreshold, shorteningThreshold);
+
+	}
+
+	@FXML
+	public void initialize() {
+		shorteningThresholdTextField.setPromptText(MIN_SHORTENING_THRESHOLD + "-" + MAX_SHORTENING_THRESHOLD);
+		shorteningThresholdTextField.setText(Integer.toString(MAX_SHORTENING_THRESHOLD));
+		shorteningThresholdTextField.textProperty().addListener((_, _, newValue) -> {
+			try {
+				int intValue = Integer.parseInt(newValue);
+				shorteningThreshold.set(intValue);
+			} catch (NumberFormatException e) {
+				shorteningThreshold.set(0); //the value is set to 0 to ensure that an invalid value assignment is detected during a NumberFormatException
+			}
+		});
+	}
+
+	@FXML
+	public void toggleUseExpertSettings() {
+		if (!expertSettingsCheckBox.isSelected()) {
+			shorteningThresholdTextField.setText(Integer.toString(CreateNewVaultExpertSettingsController.MAX_SHORTENING_THRESHOLD));
+		}
+	}
+
+	public void openDocs() {
+		application.get().getHostServices().showDocument(DOCS_NAME_SHORTENING_URL);
+	}
+
+	public BooleanBinding validShorteningThresholdProperty() {
+		return validShorteningThreshold;
+	}
+
+	public boolean isValidShorteningThreshold() {
+		var value = shorteningThreshold.get();
+		return value >= MIN_SHORTENING_THRESHOLD && value <= MAX_SHORTENING_THRESHOLD;
+	}
+
+	@FXML
+	public void back() {
+		window.setScene(recoverScene.get());
+	}
+
+	@FXML
+	public void next() {
+		window.setScene(resetPasswordScene.get());
+	}
+}
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
index c0a8fdfd3..5469c4af9 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
@@ -1,7 +1,6 @@
 package org.cryptomator.ui.recoverykey;
 
 import dagger.Lazy;
-import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
@@ -9,11 +8,9 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
-import javafx.beans.property.StringProperty;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
 import javafx.stage.Stage;
-import java.util.ResourceBundle;
 
 @RecoveryKeyScoped
 public class RecoveryKeyIsHubVaultController implements FxController {
@@ -25,12 +22,8 @@ public class RecoveryKeyIsHubVaultController implements FxController {
 
 	@Inject
 	public RecoveryKeyIsHubVaultController(@RecoveryKeyWindow Stage window,
-										   @RecoveryKeyWindow Vault vault,
-										   @RecoveryKeyWindow StringProperty recoveryKey,
-										   @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverykeyRecoverScene,
-										   ResourceBundle resourceBundle) {
+										   @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverykeyRecoverScene) {
 		this.window = window;
-		//window.setTitle("Is it a hub vault? Huh?");
 		this.recoverykeyRecoverScene = recoverykeyRecoverScene;
 	}
 
@@ -45,6 +38,7 @@ public class RecoveryKeyIsHubVaultController implements FxController {
 
 	@FXML
 	public void recover() {
+		window.setTitle("Recover Config");
 		window.setScene(recoverykeyRecoverScene.get());
 	}
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
index 165787497..1f5e6b35d 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
@@ -7,6 +7,7 @@ import dagger.multibindings.IntoMap;
 import org.cryptomator.common.Nullable;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.VaultConfig;
+import org.cryptomator.ui.addvaultwizard.CreateNewVaultExpertSettingsController;
 import org.cryptomator.ui.common.DefaultSceneFactory;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxControllerKey;
@@ -19,6 +20,8 @@ import org.cryptomator.ui.common.StageFactory;
 
 import javax.inject.Named;
 import javax.inject.Provider;
+import javafx.beans.property.IntegerProperty;
+import javafx.beans.property.SimpleIntegerProperty;
 import javafx.beans.property.SimpleStringProperty;
 import javafx.beans.property.StringProperty;
 import javafx.scene.Scene;
@@ -119,6 +122,13 @@ abstract class RecoveryKeyModule {
 		return fxmlLoaders.createScene(FxmlFile.RECOVERYKEY_IS_HUB_VAULT);
 	}
 
+	@Provides
+	@FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS)
+	@RecoveryKeyScoped
+	static Scene provideRecoveryKeyExpertSettingsScene(@RecoveryKeyWindow FxmlLoaderFactory fxmlLoaders) {
+		return fxmlLoaders.createScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS);
+	}
+
 	// ------------------
 
 	@Binds
@@ -133,6 +143,19 @@ abstract class RecoveryKeyModule {
 		return new RecoveryKeyDisplayController(window, vault.getDisplayName(), recoveryKey.get(), localization);
 	}
 
+	@Provides
+	@Named("shorteningThreshold")
+	@RecoveryKeyScoped
+	static IntegerProperty provideShorteningThreshold() {
+		return new SimpleIntegerProperty(CreateNewVaultExpertSettingsController.MAX_SHORTENING_THRESHOLD);
+	}
+
+
+	@Binds
+	@IntoMap
+	@FxControllerKey(RecoveryKeyExpertSettingsController.class)
+	abstract FxController provideRecoveryKeyExpertSettingsController(RecoveryKeyExpertSettingsController controller);
+
 	@Binds
 	@IntoMap
 	@FxControllerKey(RecoveryKeyIsHubVaultController.class)
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
index b22054f56..1890a2bd1 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
@@ -4,8 +4,6 @@ import dagger.Lazy;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
 import javafx.fxml.FXML;
@@ -16,10 +14,8 @@ import java.util.ResourceBundle;
 @RecoveryKeyScoped
 public class RecoveryKeyRecoverController implements FxController {
 
-	private static final Logger LOG = LoggerFactory.getLogger(RecoveryKeyCreationController.class);
-
 	private final Stage window;
-	private final Lazy<Scene> resetPasswordScene;
+	private final Lazy<Scene> nextScene;
 
 	@FXML
 	RecoveryKeyValidateController recoveryKeyValidateController;
@@ -27,10 +23,16 @@ public class RecoveryKeyRecoverController implements FxController {
 	@Inject
 	public RecoveryKeyRecoverController(@RecoveryKeyWindow Stage window, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD) Lazy<Scene> resetPasswordScene, //
+										@FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> expertSettingsScene, //
 										ResourceBundle resourceBundle) {
 		this.window = window;
-		window.setTitle(resourceBundle.getString("recoveryKey.recover.title"));
-		this.resetPasswordScene = resetPasswordScene;
+		if (window.getTitle().equals("Recover Config")) {
+			this.nextScene = expertSettingsScene;
+		} else if (window.getTitle().equals(resourceBundle.getString("recoveryKey.recover.title"))) {
+			this.nextScene = resetPasswordScene;
+		} else {
+			this.nextScene = resetPasswordScene;
+		}
 	}
 
 	@FXML
@@ -44,7 +46,7 @@ public class RecoveryKeyRecoverController implements FxController {
 
 	@FXML
 	public void recover() {
-		window.setScene(resetPasswordScene.get());
+		window.setScene(nextScene.get());
 	}
 
 	/* Getter/Setter */
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index 04439c1eb..b8b6fa259 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -3,23 +3,21 @@ package org.cryptomator.ui.recoverykey;
 import dagger.Lazy;
 import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.common.vaults.VaultState;
-import org.cryptomator.cryptofs.CryptoFileSystemProperties;
-import org.cryptomator.cryptofs.CryptoFileSystemProvider;
+import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.cryptolib.api.CryptoException;
-import org.cryptomator.cryptolib.api.CryptorProvider;
 import org.cryptomator.cryptolib.api.Masterkey;
-import org.cryptomator.cryptolib.api.MasterkeyLoader;
 import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
+import org.cryptomator.ui.changepassword.NewPasswordController;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
-import org.cryptomator.ui.changepassword.NewPasswordController;
 import org.cryptomator.ui.fxapp.FxApplicationWindows;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
+import javax.inject.Named;
+import javafx.beans.property.IntegerProperty;
 import javafx.beans.property.ReadOnlyBooleanProperty;
 import javafx.beans.property.StringProperty;
 import javafx.concurrent.Task;
@@ -27,16 +25,10 @@ import javafx.fxml.FXML;
 import javafx.scene.Scene;
 import javafx.stage.Stage;
 import java.io.IOException;
-import java.nio.file.CopyOption;
-import java.nio.file.Files;
 import java.nio.file.Path;
-import java.nio.file.StandardCopyOption;
-import java.util.Comparator;
 import java.util.concurrent.ExecutorService;
 
-import static org.cryptomator.common.Constants.DEFAULT_KEY_ID;
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
-import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
 
 @RecoveryKeyScoped
 public class RecoveryKeyResetPasswordController implements FxController {
@@ -52,6 +44,8 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	private final Lazy<Scene> recoverResetVaultConfigSuccessScene;
 	private final FxApplicationWindows appWindows;
 	private final MasterkeyFileAccess masterkeyFileAccess;
+	private final VaultListManager vaultListManager;
+	private final IntegerProperty shorteningThreshold;
 
 	public NewPasswordController newPasswordController;
 
@@ -64,7 +58,9 @@ public class RecoveryKeyResetPasswordController implements FxController {
 											  @FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD_SUCCESS) Lazy<Scene> recoverResetPasswordSuccessScene, //
 											  @FxmlScene(FxmlFile.RECOVERYKEY_RESET_VAULT_CONFIG_SUCCESS) Lazy<Scene> recoverResetVaultConfigSuccessScene, //
 											  FxApplicationWindows appWindows, //
-											  MasterkeyFileAccess masterkeyFileAccess) {
+											  MasterkeyFileAccess masterkeyFileAccess, //
+											  VaultListManager vaultListManager, //
+											  @Named("shorteningThreshold") IntegerProperty shorteningThreshold) {
 		this.window = window;
 		this.vault = vault;
 		this.recoveryKeyFactory = recoveryKeyFactory;
@@ -74,6 +70,8 @@ public class RecoveryKeyResetPasswordController implements FxController {
 		this.recoverResetVaultConfigSuccessScene = recoverResetVaultConfigSuccessScene;
 		this.appWindows = appWindows;
 		this.masterkeyFileAccess = masterkeyFileAccess;
+		this.vaultListManager = vaultListManager;
+		this.shorteningThreshold = shorteningThreshold;
 	}
 
 	@FXML
@@ -83,82 +81,38 @@ public class RecoveryKeyResetPasswordController implements FxController {
 
 	@FXML
 	public void resetPassword() {
-		if(vault.isMissingVaultConfig()){
-			Path vaultPath = vault.getPath();
-			Path recoveryPath = vaultPath.resolve("r");
+		if (vault.isMissingVaultConfig()) {
 			try {
-				Files.createDirectory(recoveryPath);
-				recoveryKeyFactory.newMasterkeyFileWithPassphrase(recoveryPath, recoveryKey.get(), newPasswordController.passwordField.getCharacters());
-			} catch (IOException e) {
-				LOG.error("Creating directory or recovering masterkey failed", e);
-			}
+				Path recoveryPath = RecoverUtil.createRecoveryDirectory(vault.getPath());
+				RecoverUtil.createNewMasterkeyFile(recoveryKeyFactory, recoveryPath, recoveryKey.get(), newPasswordController.passwordField.getCharacters());
+				Path masterkeyFilePath = recoveryPath.resolve(MASTERKEY_FILENAME);
 
-			Path masterkeyFilePath = recoveryPath.resolve(MASTERKEY_FILENAME);
-			try (Masterkey masterkey = masterkeyFileAccess.load(masterkeyFilePath, newPasswordController.passwordField.getCharacters())) {
-				try {
-					var combo = RecoverUtil.detectCipherCombo(masterkey.getEncoded(),vaultPath);
-					MasterkeyLoader loader = ignored -> masterkey.copy();
-					CryptoFileSystemProperties fsProps = CryptoFileSystemProperties.cryptoFileSystemProperties() //
-							.withCipherCombo(combo) //
-							.withKeyLoader(loader) //
-							.withShorteningThreshold(220) //
-							.build();
-					CryptoFileSystemProvider.initialize(recoveryPath, fsProps, DEFAULT_KEY_ID);
-				} catch (CryptoException | IOException e) {
-					LOG.error("Recovering vault failed", e);
-				}
-				Files.move(masterkeyFilePath, vaultPath.resolve(MASTERKEY_FILENAME), StandardCopyOption.REPLACE_EXISTING);
-				Files.move(recoveryPath.resolve(VAULTCONFIG_FILENAME), vaultPath.resolve(VAULTCONFIG_FILENAME));
-				try (var paths = Files.walk(recoveryPath)) {
-					paths.sorted(Comparator.reverseOrder()).forEach(p -> {
-						try {
-							Files.delete(p);
-						} catch (IOException e) {
-							LOG.info("Unable to delete {}. Please delete it manually.", p);
-						}
-					});
+				try (Masterkey masterkey = RecoverUtil.loadMasterkey(masterkeyFileAccess, masterkeyFilePath, newPasswordController.passwordField.getCharacters())) {
+					RecoverUtil.initializeCryptoFileSystem(recoveryPath, vault.getPath(), masterkey, shorteningThreshold);
 				}
+
+				RecoverUtil.moveRecoveredFiles(recoveryPath, vault.getPath());
+				RecoverUtil.deleteRecoveryDirectory(recoveryPath);
+				RecoverUtil.addVaultToList(vaultListManager, vault.getPath());
+
 				window.setScene(recoverResetVaultConfigSuccessScene.get());
-			} catch (IOException e) {
-				LOG.error("Moving recovered files failed", e);
+			} catch (IOException | CryptoException e) {
+				LOG.error("Recovery process failed", e);
 			}
-		}
-		else {
-			Task<Void> task = new ResetPasswordTask();
-			task.setOnScheduled(event -> {
-				LOG.debug("Using recovery key to reset password for {}.", vault.getDisplayablePath());
-			});
-			task.setOnSucceeded(event -> {
-				LOG.info("Used recovery key to reset password for {}.", vault.getDisplayablePath());
-				if(vault.getState().equals(VaultState.Value.VAULT_CONFIG_MISSING)){
-					window.setScene(recoverResetVaultConfigSuccessScene.get());
-				}
-				else {
-					window.setScene(recoverResetPasswordSuccessScene.get());
-				}
-			});
-			task.setOnFailed(event -> {
-				LOG.error("Resetting password failed.", task.getException());
-				appWindows.showErrorWindow(task.getException(), window, null);
-			});
+		} else {
+			Task<Void> task = RecoverUtil.createResetPasswordTask( //
+					recoveryKeyFactory, //
+					vault, //
+					recoveryKey, //
+					newPasswordController, //
+					window, //
+					recoverResetPasswordSuccessScene, //
+					recoverResetVaultConfigSuccessScene, //
+					appWindows);
 			executor.submit(task);
 		}
 	}
 
-	private class ResetPasswordTask extends Task<Void> {
-
-		private ResetPasswordTask() {
-			setOnFailed(event -> LOG.error("Failed to reset password", getException()));
-		}
-
-		@Override
-		protected Void call() throws IOException, IllegalArgumentException {
-			recoveryKeyFactory.newMasterkeyFileWithPassphrase(vault.getPath(), recoveryKey.get(), newPasswordController.passwordField.getCharacters());
-			return null;
-		}
-
-	}
-
 	/* Getter/Setter */
 
 	public ReadOnlyBooleanProperty passwordSufficientAndMatchingProperty() {
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordSuccessController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordSuccessController.java
index b8b106d8b..b646f0334 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordSuccessController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordSuccessController.java
@@ -3,21 +3,29 @@ package org.cryptomator.ui.recoverykey;
 import org.cryptomator.ui.common.FxController;
 
 import javax.inject.Inject;
+import javax.inject.Named;
 import javafx.fxml.FXML;
 import javafx.stage.Stage;
 
 @RecoveryKeyScoped
-public class RecoveryKeyResetPasswordSuccessController  implements FxController {
+public class RecoveryKeyResetPasswordSuccessController implements FxController {
 
 	private final Stage window;
+	private final Stage owner;
 
 	@Inject
-	public RecoveryKeyResetPasswordSuccessController(@RecoveryKeyWindow Stage window) {
+	public RecoveryKeyResetPasswordSuccessController(@RecoveryKeyWindow Stage window, //
+													 @Named("keyRecoveryOwner") Stage owner) {
+
 		this.window = window;
+		this.owner = owner;
 	}
 
 	@FXML
 	public void close() {
+		if (!owner.getTitle().equals("Cryptomator")) {
+			owner.close();
+		}
 		window.close();
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java b/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
index dd003d93d..fe6ef60f0 100644
--- a/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
+++ b/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
@@ -14,6 +14,7 @@ import javafx.beans.property.SimpleBooleanProperty;
 import javafx.beans.value.ObservableValue;
 import javafx.fxml.FXML;
 import javafx.stage.Stage;
+import java.util.ResourceBundle;
 
 @VaultOptionsScoped
 public class MasterkeyOptionsController implements FxController {
@@ -27,16 +28,19 @@ public class MasterkeyOptionsController implements FxController {
 	private final ForgetPasswordComponent.Builder forgetPasswordWindow;
 	private final KeychainManager keychain;
 	private final ObservableValue<Boolean> passwordSaved;
+	private final ResourceBundle resourceBundle;
 
 
 	@Inject
-	MasterkeyOptionsController(@VaultOptionsWindow Vault vault, @VaultOptionsWindow Stage window, ChangePasswordComponent.Builder changePasswordWindow, RecoveryKeyComponent.Factory recoveryKeyWindow, ForgetPasswordComponent.Builder forgetPasswordWindow, KeychainManager keychain) {
+	MasterkeyOptionsController(@VaultOptionsWindow Vault vault, @VaultOptionsWindow Stage window, ChangePasswordComponent.Builder changePasswordWindow, RecoveryKeyComponent.Factory recoveryKeyWindow, ForgetPasswordComponent.Builder forgetPasswordWindow, KeychainManager keychain, //
+							   ResourceBundle resourceBundle) {
 		this.vault = vault;
 		this.window = window;
 		this.changePasswordWindow = changePasswordWindow;
 		this.recoveryKeyWindow = recoveryKeyWindow;
 		this.forgetPasswordWindow = forgetPasswordWindow;
 		this.keychain = keychain;
+		this.resourceBundle = resourceBundle;
 		if (keychain.isSupported() && !keychain.isLocked()) {
 			this.passwordSaved = keychain.getPassphraseStoredProperty(vault.getId()).orElse(false);
 		} else {
@@ -56,7 +60,7 @@ public class MasterkeyOptionsController implements FxController {
 
 	@FXML
 	public void showRecoverVaultDialog() {
-		recoveryKeyWindow.create(vault, window).showRecoveryKeyRecoverWindow();
+		recoveryKeyWindow.create(vault, window).showRecoveryKeyRecoverWindow(resourceBundle.getString("recoveryKey.recover.title"));
 	}
 
 	@FXML
diff --git a/src/main/resources/fxml/recoverykey_expert_settings.fxml b/src/main/resources/fxml/recoverykey_expert_settings.fxml
new file mode 100644
index 000000000..c568a1cbc
--- /dev/null
+++ b/src/main/resources/fxml/recoverykey_expert_settings.fxml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
+<?import org.cryptomator.ui.controls.NumericTextField?>
+<?import javafx.geometry.Insets?>
+<?import javafx.scene.control.Button?>
+<?import javafx.scene.control.ButtonBar?>
+<?import javafx.scene.control.CheckBox?>
+<?import javafx.scene.control.Hyperlink?>
+<?import javafx.scene.control.Label?>
+<?import javafx.scene.control.Tooltip?>
+<?import javafx.scene.Group?>
+<?import javafx.scene.layout.HBox?>
+<?import javafx.scene.layout.Region?>
+<?import javafx.scene.layout.StackPane?>
+<?import javafx.scene.layout.VBox?>
+<?import javafx.scene.shape.Circle?>
+<HBox xmlns:fx="http://javafx.com/fxml"
+	  xmlns="http://javafx.com/javafx"
+	  fx:controller="org.cryptomator.ui.recoverykey.RecoveryKeyExpertSettingsController"
+	  minWidth="400"
+	  maxWidth="400"
+	  minHeight="145"
+	  spacing="12"
+	  alignment="TOP_CENTER">
+	<padding>
+		<Insets topRightBottomLeft="12"/>
+	</padding>
+	<Group>
+		<StackPane>
+			<padding>
+				<Insets topRightBottomLeft="6"/>
+			</padding>
+			<Circle styleClass="glyph-icon-primary" radius="24"/>
+			<FontAwesome5IconView styleClass="glyph-icon-white" glyph="QUESTION" glyphSize="24"/>
+		</StackPane>
+	</Group>
+
+	<VBox HBox.hgrow="ALWAYS">
+		<Label styleClass="label-large" text="Expert Settings" wrapText="true">
+			<padding>
+				<Insets bottom="6" top="6"/>
+			</padding>
+		</Label>
+
+		<CheckBox fx:id="expertSettingsCheckBox" text="%addvaultwizard.new.expertSettings.enableExpertSettingsCheckbox" onAction="#toggleUseExpertSettings"/>
+		<VBox spacing="6" visible="${expertSettingsCheckBox.selected}">
+			<HBox spacing="2" HBox.hgrow="NEVER">
+				<Label text="%addvaultwizard.new.expertSettings.shorteningThreshold.title"/>
+				<Region prefWidth="2"/>
+				<Hyperlink contentDisplay="GRAPHIC_ONLY" onAction="#openDocs">
+					<graphic>
+						<FontAwesome5IconView glyph="QUESTION_CIRCLE" styleClass="glyph-icon-muted"/>
+					</graphic>
+					<tooltip>
+						<Tooltip text="%addvaultwizard.new.expertSettings.shorteningThreshold.tooltip" showDelay="10ms"/>
+					</tooltip>
+				</Hyperlink>
+			</HBox>
+			<NumericTextField fx:id="shorteningThresholdTextField"/>
+			<HBox alignment="TOP_RIGHT">
+				<Region minWidth="4" prefWidth="4" HBox.hgrow="NEVER"/>
+				<StackPane>
+					<Label styleClass="label-muted" text="%addvaultwizard.new.expertSettings.shorteningThreshold.invalid" textAlignment="RIGHT" alignment="CENTER_RIGHT" visible="${!controller.validShorteningThreshold}" managed="${!controller.validShorteningThreshold}" graphicTextGap="6">
+						<graphic>
+							<FontAwesome5IconView styleClass="glyph-icon-red" glyph="TIMES"/>
+						</graphic>
+					</Label>
+					<Label styleClass="label-muted" text="%addvaultwizard.new.expertSettings.shorteningThreshold.valid" textAlignment="RIGHT" alignment="CENTER_RIGHT" visible="${controller.validShorteningThreshold}" managed="${controller.validShorteningThreshold}" graphicTextGap="6">
+						<graphic>
+							<FontAwesome5IconView styleClass="glyph-icon-primary" glyph="CHECK"/>
+						</graphic>
+					</Label>
+				</StackPane>
+			</HBox>
+		</VBox>
+		<Region VBox.vgrow="ALWAYS" minHeight="18"/>
+		<ButtonBar buttonMinWidth="120" buttonOrder="+C">
+			<buttons>
+				<Button text="%generic.button.back" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#back"/>
+				<Button text="%generic.button.next" ButtonBar.buttonData="CANCEL_CLOSE" defaultButton="true" onAction="#next"/>
+			</buttons>
+		</ButtonBar>
+	</VBox>
+</HBox>
\ No newline at end of file
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index 349141519..05a5eabc5 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -525,6 +525,16 @@ recoveryKey.recover.resetSuccess.description=You can unlock your vault with the
 ### Recovery Key Vault Config Reset Success
 recoveryKey.recover.resetVaultConfigSuccess.message=Vault config reset successful
 
+### Recover Kram
+
+recoveryKey.noDDirDetected.title=Invalid Selection
+recoveryKey.noDDirDetected.description=The selected folder must contain a subfolder named "d".
+recoveryKey.noDDirDetected.message=Please choose a different folder that includes a subfolder named "d".
+
+a.title=Title %s
+a.description=Description
+a.message=Message
+
 # Convert Vault
 convertVault.title=Convert Vault
 convertVault.convert.convertBtn.before=Convert

From 6715ff9f5fa2658c60bfa1e8a908de47976118b1 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 6 Mar 2025 09:17:16 +0100
Subject: [PATCH 009/117] introduce RecoverUtil.Types

---
 .../org/cryptomator/common/RecoverUtil.java   |  6 +++
 .../ChooseExistingVaultController.java        |  2 +-
 .../VaultDetailMissingVaultController.java    |  5 ++-
 .../ui/recoverykey/RecoveryKeyComponent.java  | 14 ++-----
 .../RecoveryKeyIsHubVaultController.java      | 21 +++++++---
 .../ui/recoverykey/RecoveryKeyModule.java     |  9 +++++
 .../RecoveryKeyRecoverController.java         | 32 +++++++++++----
 .../RecoveryKeyResetPasswordController.java   | 40 ++++++++++++++++++-
 .../MasterkeyOptionsController.java           |  5 ++-
 .../fxml/recoverykey_reset_password.fxml      |  2 +-
 src/main/resources/i18n/strings.properties    |  3 ++
 11 files changed, 107 insertions(+), 32 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/RecoverUtil.java b/src/main/java/org/cryptomator/common/RecoverUtil.java
index 71a8bf4ed..0e00ad346 100644
--- a/src/main/java/org/cryptomator/common/RecoverUtil.java
+++ b/src/main/java/org/cryptomator/common/RecoverUtil.java
@@ -236,5 +236,11 @@ public class RecoverUtil {
 		return Optional.of(vault);
 	}
 
+	public enum Type {
+		RESTORE_VAULT_CONFIG,
+		RESTORE_MASTERKEY,
+		RESET_PASSWORD,
+		SHOW_KEY;
+	}
 
 }
diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
index f42eb3ac6..46083690b 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -130,7 +130,7 @@ public class ChooseExistingVaultController implements FxController {
 					.setCancelButtonKey("generic.button.cancel") //
 					.setOkButtonKey("generic.button.next") //
 					.setOkAction(stage -> {
-						recoveryKeyWindow.create(vault, window).showIsHubVaultDialogWindow();
+						recoveryKeyWindow.create(vault, window,RecoverUtil.Type.RESTORE_VAULT_CONFIG).showIsHubVaultDialogWindow();
 						stage.close();
 					}) //
 					.build().showAndWait();
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
index fc52aa775..274f6bbf9 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
@@ -1,5 +1,6 @@
 package org.cryptomator.ui.mainwindow;
 
+import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.ui.common.FxController;
@@ -59,13 +60,13 @@ public class VaultDetailMissingVaultController implements FxController {
 			dialogs.prepareContactHubAdmin(window).build().showAndWait();
 		}
 		else {
-			recoveryKeyWindow.create(vault.get(), window).showIsHubVaultDialogWindow();
+			recoveryKeyWindow.create(vault.get(), window, RecoverUtil.Type.RESTORE_VAULT_CONFIG).showIsHubVaultDialogWindow();
 		}
 	}
 
 	@FXML
 	void restoreMasterkey() {
-		recoveryKeyWindow.create(vault.get(), window).showRecoveryKeyRecoverWindow("Recover Masterkey");
+		recoveryKeyWindow.create(vault.get(), window,RecoverUtil.Type.RESTORE_MASTERKEY).showRecoveryKeyRecoverWindow();
 	}
 
 	@FXML
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
index 40a180f0a..1af6113ca 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
@@ -3,6 +3,7 @@ package org.cryptomator.ui.recoverykey;
 import dagger.BindsInstance;
 import dagger.Lazy;
 import dagger.Subcomponent;
+import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
@@ -41,18 +42,9 @@ public interface RecoveryKeyComponent {
 		stage.show();
 	}
 
-	default void showRecoveryKeyRecoverWindow(String title) {
-		Stage stage = window();
-		stage.setTitle(title);
-		stage.setScene(recoverScene().get());
-		stage.sizeToScene();
-		stage.show();
-	}
-
 	default void showIsHubVaultDialogWindow() {
 		Stage stage = window();
 		stage.setScene(recoverIsHubVaultScene().get());
-		stage.setTitle("Recover Config");
 		stage.sizeToScene();
 		stage.show();
 	}
@@ -60,7 +52,9 @@ public interface RecoveryKeyComponent {
 	@Subcomponent.Factory
 	interface Factory {
 
-		RecoveryKeyComponent create(@BindsInstance @RecoveryKeyWindow Vault vault, @BindsInstance @Named("keyRecoveryOwner") Stage owner);
+		RecoveryKeyComponent create(@BindsInstance @RecoveryKeyWindow Vault vault,
+									@BindsInstance @Named("keyRecoveryOwner") Stage owner,
+									@BindsInstance @Named("recoverType") RecoverUtil.Type recoverType);
 	}
 
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
index 5469c4af9..84537cd37 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
@@ -1,6 +1,7 @@
 package org.cryptomator.ui.recoverykey;
 
 import dagger.Lazy;
+import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
@@ -8,9 +9,13 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
+import javax.inject.Named;
+import javafx.beans.property.IntegerProperty;
+import javafx.beans.property.ObjectProperty;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
 import javafx.stage.Stage;
+import java.util.ResourceBundle;
 
 @RecoveryKeyScoped
 public class RecoveryKeyIsHubVaultController implements FxController {
@@ -19,16 +24,20 @@ public class RecoveryKeyIsHubVaultController implements FxController {
 
 	private final Stage window;
 	private final Lazy<Scene> recoverykeyRecoverScene;
+	private final ObjectProperty<RecoverUtil.Type> recoverType;
+	private final ResourceBundle resourceBundle;
 
 	@Inject
 	public RecoveryKeyIsHubVaultController(@RecoveryKeyWindow Stage window,
-										   @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverykeyRecoverScene) {
+										   @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverykeyRecoverScene,
+										   @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType,
+										   ResourceBundle resourceBundle) {
 		this.window = window;
-		this.recoverykeyRecoverScene = recoverykeyRecoverScene;
-	}
+		window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
 
-	@FXML
-	public void initialize() {
+		this.recoverykeyRecoverScene = recoverykeyRecoverScene;
+		this.recoverType = recoverType;
+		this.resourceBundle = resourceBundle;
 	}
 
 	@FXML
@@ -38,7 +47,7 @@ public class RecoveryKeyIsHubVaultController implements FxController {
 
 	@FXML
 	public void recover() {
-		window.setTitle("Recover Config");
+		recoverType.set(RecoverUtil.Type.RESTORE_VAULT_CONFIG);
 		window.setScene(recoverykeyRecoverScene.get());
 	}
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
index 1f5e6b35d..ef925cbf4 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
@@ -5,6 +5,7 @@ import dagger.Module;
 import dagger.Provides;
 import dagger.multibindings.IntoMap;
 import org.cryptomator.common.Nullable;
+import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.VaultConfig;
 import org.cryptomator.ui.addvaultwizard.CreateNewVaultExpertSettingsController;
@@ -21,7 +22,9 @@ import org.cryptomator.ui.common.StageFactory;
 import javax.inject.Named;
 import javax.inject.Provider;
 import javafx.beans.property.IntegerProperty;
+import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.SimpleIntegerProperty;
+import javafx.beans.property.SimpleObjectProperty;
 import javafx.beans.property.SimpleStringProperty;
 import javafx.beans.property.StringProperty;
 import javafx.scene.Scene;
@@ -150,6 +153,12 @@ abstract class RecoveryKeyModule {
 		return new SimpleIntegerProperty(CreateNewVaultExpertSettingsController.MAX_SHORTENING_THRESHOLD);
 	}
 
+	@Provides
+	@Named("recoverType")
+	@RecoveryKeyScoped
+	static ObjectProperty<RecoverUtil.Type> provideRecoverType() {
+		return new SimpleObjectProperty<>(RecoverUtil.Type.RESTORE_MASTERKEY);
+	}
 
 	@Binds
 	@IntoMap
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
index 1890a2bd1..7392d5768 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
@@ -1,11 +1,14 @@
 package org.cryptomator.ui.recoverykey;
 
 import dagger.Lazy;
+import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
 
 import javax.inject.Inject;
+import javax.inject.Named;
+import javafx.beans.property.ObjectProperty;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
 import javafx.stage.Stage;
@@ -24,15 +27,28 @@ public class RecoveryKeyRecoverController implements FxController {
 	public RecoveryKeyRecoverController(@RecoveryKeyWindow Stage window, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD) Lazy<Scene> resetPasswordScene, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> expertSettingsScene, //
-										ResourceBundle resourceBundle) {
+										ResourceBundle resourceBundle,
+										@Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType) {
 		this.window = window;
-		if (window.getTitle().equals("Recover Config")) {
-			this.nextScene = expertSettingsScene;
-		} else if (window.getTitle().equals(resourceBundle.getString("recoveryKey.recover.title"))) {
-			this.nextScene = resetPasswordScene;
-		} else {
-			this.nextScene = resetPasswordScene;
-		}
+
+		this.nextScene = switch (recoverType.get()) {
+			case RESTORE_VAULT_CONFIG -> {
+				window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
+				yield expertSettingsScene;
+			}
+			case RESTORE_MASTERKEY -> {
+				window.setTitle(resourceBundle.getString("recoveryKey.recoverMasterkey.title"));
+				yield resetPasswordScene;
+			}
+			case RESET_PASSWORD -> {
+				window.setTitle(resourceBundle.getString("recoveryKey.recover.title"));
+				yield resetPasswordScene;
+			}
+			case SHOW_KEY-> {
+				window.setTitle(resourceBundle.getString("recoveryKey.display.title"));
+				yield resetPasswordScene;
+			}
+		};
 	}
 
 	@FXML
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index b8b6fa259..bf301c57b 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -18,7 +18,9 @@ import org.slf4j.LoggerFactory;
 import javax.inject.Inject;
 import javax.inject.Named;
 import javafx.beans.property.IntegerProperty;
+import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.ReadOnlyBooleanProperty;
+import javafx.beans.property.SimpleStringProperty;
 import javafx.beans.property.StringProperty;
 import javafx.concurrent.Task;
 import javafx.fxml.FXML;
@@ -26,6 +28,7 @@ import javafx.scene.Scene;
 import javafx.stage.Stage;
 import java.io.IOException;
 import java.nio.file.Path;
+import java.util.ResourceBundle;
 import java.util.concurrent.ExecutorService;
 
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
@@ -40,12 +43,16 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	private final RecoveryKeyFactory recoveryKeyFactory;
 	private final ExecutorService executor;
 	private final StringProperty recoveryKey;
+	private final Lazy<Scene> recoverExpertSettingsScene;
 	private final Lazy<Scene> recoverResetPasswordSuccessScene;
 	private final Lazy<Scene> recoverResetVaultConfigSuccessScene;
 	private final FxApplicationWindows appWindows;
 	private final MasterkeyFileAccess masterkeyFileAccess;
 	private final VaultListManager vaultListManager;
 	private final IntegerProperty shorteningThreshold;
+	private final ObjectProperty<RecoverUtil.Type> recoverType;
+	private final ResourceBundle resourceBundle;
+	private final StringProperty buttonText = new SimpleStringProperty();
 
 	public NewPasswordController newPasswordController;
 
@@ -55,28 +62,49 @@ public class RecoveryKeyResetPasswordController implements FxController {
 											  RecoveryKeyFactory recoveryKeyFactory, //
 											  ExecutorService executor, //
 											  @RecoveryKeyWindow StringProperty recoveryKey, //
+											  @FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> recoverExpertSettingsScene, //
 											  @FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD_SUCCESS) Lazy<Scene> recoverResetPasswordSuccessScene, //
 											  @FxmlScene(FxmlFile.RECOVERYKEY_RESET_VAULT_CONFIG_SUCCESS) Lazy<Scene> recoverResetVaultConfigSuccessScene, //
 											  FxApplicationWindows appWindows, //
 											  MasterkeyFileAccess masterkeyFileAccess, //
 											  VaultListManager vaultListManager, //
-											  @Named("shorteningThreshold") IntegerProperty shorteningThreshold) {
+											  @Named("shorteningThreshold") IntegerProperty shorteningThreshold, //
+											  @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType,
+											  ResourceBundle resourceBundle) {
 		this.window = window;
 		this.vault = vault;
 		this.recoveryKeyFactory = recoveryKeyFactory;
 		this.executor = executor;
 		this.recoveryKey = recoveryKey;
+		this.recoverExpertSettingsScene = recoverExpertSettingsScene;
 		this.recoverResetPasswordSuccessScene = recoverResetPasswordSuccessScene;
 		this.recoverResetVaultConfigSuccessScene = recoverResetVaultConfigSuccessScene;
 		this.appWindows = appWindows;
 		this.masterkeyFileAccess = masterkeyFileAccess;
 		this.vaultListManager = vaultListManager;
 		this.shorteningThreshold = shorteningThreshold;
+		this.recoverType = recoverType;
+		this.resourceBundle = resourceBundle;
+
+		initButtonText(recoverType.get());
+	}
+
+	private void initButtonText(RecoverUtil.Type type) {
+		if (type == RecoverUtil.Type.RESTORE_MASTERKEY) {
+			buttonText.set(resourceBundle.getString("generic.button.close"));
+		} else {
+			buttonText.set(resourceBundle.getString("generic.button.back"));
+		}
 	}
 
 	@FXML
 	public void close() {
-		window.close();
+		if(recoverType.getValue().equals(RecoverUtil.Type.RESTORE_MASTERKEY)){
+			window.close();
+		}
+		else {
+			window.setScene(recoverExpertSettingsScene.get());
+		}
 	}
 
 	@FXML
@@ -115,6 +143,14 @@ public class RecoveryKeyResetPasswordController implements FxController {
 
 	/* Getter/Setter */
 
+	public StringProperty buttonTextProperty() {
+		return buttonText;
+	}
+
+	public String getButtonText() {
+		return buttonText.get();
+	}
+
 	public ReadOnlyBooleanProperty passwordSufficientAndMatchingProperty() {
 		return newPasswordController.goodPasswordProperty();
 	}
diff --git a/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java b/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
index fe6ef60f0..723be3317 100644
--- a/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
+++ b/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
@@ -1,5 +1,6 @@
 package org.cryptomator.ui.vaultoptions;
 
+import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.common.keychain.KeychainManager;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.changepassword.ChangePasswordComponent;
@@ -55,12 +56,12 @@ public class MasterkeyOptionsController implements FxController {
 
 	@FXML
 	public void showRecoveryKey() {
-		recoveryKeyWindow.create(vault, window).showRecoveryKeyCreationWindow();
+		recoveryKeyWindow.create(vault, window, RecoverUtil.Type.SHOW_KEY).showRecoveryKeyCreationWindow();
 	}
 
 	@FXML
 	public void showRecoverVaultDialog() {
-		recoveryKeyWindow.create(vault, window).showRecoveryKeyRecoverWindow(resourceBundle.getString("recoveryKey.recover.title"));
+		recoveryKeyWindow.create(vault, window,RecoverUtil.Type.RESET_PASSWORD).showRecoveryKeyRecoverWindow();
 	}
 
 	@FXML
diff --git a/src/main/resources/fxml/recoverykey_reset_password.fxml b/src/main/resources/fxml/recoverykey_reset_password.fxml
index 79827af35..faf93cbf1 100644
--- a/src/main/resources/fxml/recoverykey_reset_password.fxml
+++ b/src/main/resources/fxml/recoverykey_reset_password.fxml
@@ -24,7 +24,7 @@
 		<VBox alignment="BOTTOM_CENTER" VBox.vgrow="ALWAYS">
 			<ButtonBar buttonMinWidth="120" buttonOrder="+CI">
 				<buttons>
-					<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
+					<Button text="${controller.buttonText}" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
 					<Button text="%recoveryKey.recover.resetBtn" ButtonBar.buttonData="FINISH" defaultButton="true" onAction="#resetPassword" disable="${!controller.passwordSufficientAndMatching}"/>
 				</buttons>
 			</ButtonBar>
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index 05a5eabc5..f5a24aeb8 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -535,6 +535,9 @@ a.title=Title %s
 a.description=Description
 a.message=Message
 
+recoveryKey.recoverVaultConfig.title=Recover Vault Config
+recoveryKey.recoverMasterkey.title=Recover Masterkey
+
 # Convert Vault
 convertVault.title=Convert Vault
 convertVault.convert.convertBtn.before=Convert

From a3b8297e23b599a91069eba59f075bd9118a51b2 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Fri, 14 Mar 2025 13:51:25 +0100
Subject: [PATCH 010/117] recoverykey validate

---
 .../org/cryptomator/common/RecoverUtil.java   | 36 +++++++++++++++++--
 .../ui/convertvault/ConvertVaultModule.java   |  5 ++-
 .../ui/recoverykey/RecoveryKeyModule.java     |  5 +--
 .../RecoveryKeyRecoverController.java         |  3 ++
 .../RecoveryKeyValidateController.java        | 32 +++++++++++++++--
 5 files changed, 73 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/RecoverUtil.java b/src/main/java/org/cryptomator/common/RecoverUtil.java
index 0e00ad346..86d8aa4af 100644
--- a/src/main/java/org/cryptomator/common/RecoverUtil.java
+++ b/src/main/java/org/cryptomator/common/RecoverUtil.java
@@ -14,7 +14,9 @@ import org.cryptomator.cryptolib.api.CryptoException;
 import org.cryptomator.cryptolib.api.Cryptor;
 import org.cryptomator.cryptolib.api.CryptorProvider;
 import org.cryptomator.cryptolib.api.Masterkey;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.integrations.mount.MountService;
+import org.cryptomator.ui.addvaultwizard.CreateNewVaultExpertSettingsController;
 import org.cryptomator.ui.changepassword.NewPasswordController;
 import org.cryptomator.ui.dialogs.Dialogs;
 import org.cryptomator.ui.fxapp.FxApplicationWindows;
@@ -23,6 +25,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javafx.beans.property.IntegerProperty;
+import javafx.beans.property.SimpleIntegerProperty;
 import javafx.beans.property.StringProperty;
 import javafx.concurrent.Task;
 import javafx.scene.Scene;
@@ -39,6 +42,7 @@ import java.util.Comparator;
 import java.util.List;
 import java.util.Optional;
 import java.util.stream.Stream;
+import org.cryptomator.cryptolib.api.MasterkeyLoader;
 
 import static org.cryptomator.common.Constants.DEFAULT_KEY_ID;
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
@@ -54,7 +58,11 @@ public class RecoverUtil {
 
 	public static CryptorProvider.Scheme detectCipherCombo(byte[] masterkey, Path pathToVault) {
 		try (Stream<Path> paths = Files.walk(pathToVault.resolve(DATA_DIR_NAME))) {
-			return paths.filter(path -> path.toString().endsWith(".c9r")).findFirst().map(c9rFile -> determineScheme(c9rFile, masterkey)).orElseThrow(() -> new IllegalStateException("No .c9r file found."));
+			return paths.filter(path -> path.toString()
+							.endsWith(".c9r"))
+							.findFirst()
+							.map(c9rFile -> determineScheme(c9rFile, masterkey))
+							.orElseThrow(() -> new IllegalStateException("No .c9r file found."));
 		} catch (IOException e) {
 			throw new IllegalStateException("Failed to detect cipher combo.", e);
 		}
@@ -117,9 +125,30 @@ public class RecoverUtil {
 		return masterkeyFileAccess.load(masterkeyFilePath, password);
 	}
 
+	public static boolean validateRecoveryKey(RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, MasterkeyFileAccess masterkeyFileAccess) {
+		Path tempRecoveryPath = null;
+		CharSequence tmpPass = "asdasdasd";
+		try {
+			tempRecoveryPath = createRecoveryDirectory(vault.getPath());
+			createNewMasterkeyFile(recoveryKeyFactory, tempRecoveryPath, recoveryKey.get(), tmpPass);
+			Path masterkeyFilePath = tempRecoveryPath.resolve(MASTERKEY_FILENAME);
+			try (Masterkey masterkey = loadMasterkey(masterkeyFileAccess, masterkeyFilePath, tmpPass)) {
+				initializeCryptoFileSystem(tempRecoveryPath, vault.getPath(), masterkey, new SimpleIntegerProperty(CreateNewVaultExpertSettingsController.MAX_SHORTENING_THRESHOLD));
+				return true;
+			}
+		} catch (IOException | CryptoException e) {
+			LOG.warn("Recovery key validation failed", e);
+			return false;
+		} finally {
+			if (tempRecoveryPath != null) {
+				deleteRecoveryDirectory(tempRecoveryPath);
+			}
+		}
+	}
+
 	public static void initializeCryptoFileSystem(Path recoveryPath, Path vaultPath, Masterkey masterkey, IntegerProperty shorteningThreshold) throws IOException, CryptoException {
 		var combo = RecoverUtil.detectCipherCombo(masterkey.getEncoded(), vaultPath);
-		org.cryptomator.cryptolib.api.MasterkeyLoader loader = ignored -> masterkey.copy();
+		MasterkeyLoader loader = ignored -> masterkey.copy();
 		CryptoFileSystemProperties fsProps = CryptoFileSystemProperties.cryptoFileSystemProperties().withCipherCombo(combo).withKeyLoader(loader).withShorteningThreshold(shorteningThreshold.get()).build();
 		CryptoFileSystemProvider.initialize(recoveryPath, fsProps, DEFAULT_KEY_ID);
 	}
@@ -240,7 +269,8 @@ public class RecoverUtil {
 		RESTORE_VAULT_CONFIG,
 		RESTORE_MASTERKEY,
 		RESET_PASSWORD,
-		SHOW_KEY;
+		SHOW_KEY,
+		CONVERT_VAULT;
 	}
 
 }
diff --git a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
index f70242d2b..aa290b621 100644
--- a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
+++ b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
@@ -4,6 +4,7 @@ import dagger.Binds;
 import dagger.Module;
 import dagger.Provides;
 import dagger.multibindings.IntoMap;
+import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.VaultConfig;
 import org.cryptomator.ui.changepassword.NewPasswordController;
@@ -20,6 +21,8 @@ import org.cryptomator.ui.recoverykey.RecoveryKeyValidateController;
 
 import javax.inject.Named;
 import javax.inject.Provider;
+import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.SimpleObjectProperty;
 import javafx.beans.property.SimpleStringProperty;
 import javafx.beans.property.StringProperty;
 import javafx.scene.Scene;
@@ -120,7 +123,7 @@ abstract class ConvertVaultModule {
 	@IntoMap
 	@FxControllerKey(RecoveryKeyValidateController.class)
 	static FxController bindRecoveryKeyValidateController(@ConvertVaultWindow Vault vault, @ConvertVaultWindow VaultConfig.UnverifiedVaultConfig vaultConfig, @ConvertVaultWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory) {
-		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory);
+		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, new SimpleObjectProperty<>(RecoverUtil.Type.CONVERT_VAULT),null);
 	}
 
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
index ef925cbf4..08c23a0db 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
@@ -8,6 +8,7 @@ import org.cryptomator.common.Nullable;
 import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.VaultConfig;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.ui.addvaultwizard.CreateNewVaultExpertSettingsController;
 import org.cryptomator.ui.common.DefaultSceneFactory;
 import org.cryptomator.ui.common.FxController;
@@ -193,8 +194,8 @@ abstract class RecoveryKeyModule {
 	@Provides
 	@IntoMap
 	@FxControllerKey(RecoveryKeyValidateController.class)
-	static FxController bindRecoveryKeyValidateController(@RecoveryKeyWindow Vault vault, @RecoveryKeyWindow @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, @RecoveryKeyWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory) {
-		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory);
+	static FxController bindRecoveryKeyValidateController(@RecoveryKeyWindow Vault vault, @RecoveryKeyWindow @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, @RecoveryKeyWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory, @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType, @Nullable MasterkeyFileAccess masterkeyFileAccess) {
+		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, recoverType, masterkeyFileAccess);
 	}
 
 	@Provides
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
index 7392d5768..9f2842f34 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
@@ -48,6 +48,9 @@ public class RecoveryKeyRecoverController implements FxController {
 				window.setTitle(resourceBundle.getString("recoveryKey.display.title"));
 				yield resetPasswordScene;
 			}
+			default -> {
+				yield null;
+			}
 		};
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
index 4a8224ffe..6472d3849 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
@@ -5,14 +5,17 @@ import com.google.common.base.CharMatcher;
 import com.google.common.base.Strings;
 import org.cryptomator.common.Nullable;
 import org.cryptomator.common.ObservableUtil;
+import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.VaultConfig;
 import org.cryptomator.cryptofs.VaultConfigLoadException;
 import org.cryptomator.cryptofs.VaultKeyInvalidException;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.ui.common.FxController;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.inject.Named;
 import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.SimpleObjectProperty;
 import javafx.beans.property.StringProperty;
@@ -37,12 +40,19 @@ public class RecoveryKeyValidateController implements FxController {
 	private final RecoveryKeyFactory recoveryKeyFactory;
 	private final ObjectProperty<RecoveryKeyState> recoveryKeyState;
 	private final AutoCompleter autoCompleter;
+	private final ObjectProperty<RecoverUtil.Type> recoverType;
+	private final MasterkeyFileAccess masterkeyFileAccess;
 
 	private volatile boolean isWrongKey;
 
 	public TextArea textarea;
 
-	public RecoveryKeyValidateController(Vault vault, @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory) {
+	public RecoveryKeyValidateController(Vault vault, //
+										 @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, //
+										 StringProperty recoveryKey, //
+										 RecoveryKeyFactory recoveryKeyFactory, //
+										 @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType, //
+										 MasterkeyFileAccess masterkeyFileAccess) {
 		this.vault = vault;
 		this.unverifiedVaultConfig = vaultConfig;
 		this.recoveryKey = recoveryKey;
@@ -52,6 +62,8 @@ public class RecoveryKeyValidateController implements FxController {
 		this.recoveryKeyCorrect = ObservableUtil.mapWithDefault(recoveryKeyState, RecoveryKeyState.CORRECT::equals, false);
 		this.recoveryKeyWrong = ObservableUtil.mapWithDefault(recoveryKeyState, RecoveryKeyState.WRONG::equals, false);
 		this.recoveryKeyInvalid = ObservableUtil.mapWithDefault(recoveryKeyState, RecoveryKeyState.INVALID::equals, false);
+		this.recoverType = recoverType;
+		this.masterkeyFileAccess = masterkeyFileAccess;
 	}
 
 	@FXML
@@ -118,7 +130,23 @@ public class RecoveryKeyValidateController implements FxController {
 
 	private void validateRecoveryKey() {
 		isWrongKey = false;
-		var valid = recoveryKeyFactory.validateRecoveryKey(recoveryKey.get(), unverifiedVaultConfig != null ? this::checkKeyAgainstVaultConfig : null);
+		var valid = false;
+		switch (recoverType.get()) {
+			case RESTORE_VAULT_CONFIG -> {
+				try{
+					valid = RecoverUtil.validateRecoveryKey(recoveryKeyFactory, vault, recoveryKey, masterkeyFileAccess);
+				}
+				catch (IllegalStateException e){
+					isWrongKey = true;
+				}
+				catch (IllegalArgumentException e){
+					isWrongKey = false;
+				}
+			}
+			case RESTORE_MASTERKEY, RESET_PASSWORD, SHOW_KEY, CONVERT_VAULT -> {
+				valid = recoveryKeyFactory.validateRecoveryKey(recoveryKey.get(), unverifiedVaultConfig != null ? this::checkKeyAgainstVaultConfig : null);
+			}
+		};
 		if (valid) {
 			recoveryKeyState.set(RecoveryKeyState.CORRECT);
 		} else if (isWrongKey) { //set via side effect in checkKeyAgainstVaultConfig()

From 6231c5b8b3758a6cb4859113ce4d1a960a7180f7 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 17 Mar 2025 16:10:16 +0100
Subject: [PATCH 011/117] restore checkbox and other small ui rearrangements

---
 .../ChooseExistingVaultController.java        | 31 ++++++++++++-------
 .../resources/fxml/addvault_existing.fxml     | 15 +++++----
 .../fxml/recoverykey_is_hub_vault.fxml        | 15 +++++----
 src/main/resources/i18n/strings.properties    | 10 +++---
 4 files changed, 44 insertions(+), 27 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
index 46083690b..4743cc52b 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -19,10 +19,13 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
+import javafx.beans.property.BooleanProperty;
 import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.SimpleBooleanProperty;
 import javafx.beans.value.ObservableValue;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
+import javafx.scene.control.CheckBox;
 import javafx.scene.image.Image;
 import javafx.stage.DirectoryChooser;
 import javafx.stage.FileChooser;
@@ -55,6 +58,11 @@ public class ChooseExistingVaultController implements FxController {
 	private final RecoveryKeyComponent.Factory recoveryKeyWindow;
 	private final List<MountService> mountServices;
 
+	@FXML
+	private CheckBox restoreCheckBox;
+
+	private final BooleanProperty restoreButtonVisible = new SimpleBooleanProperty(false);
+
 
 	@Inject
 	ChooseExistingVaultController(@AddVaultWizardWindow Stage window, //
@@ -83,6 +91,9 @@ public class ChooseExistingVaultController implements FxController {
 		this.dialogs = dialogs;
 	}
 
+	public void initialize(){
+		restoreButtonVisible.bind(restoreCheckBox.selectedProperty());
+	}
 	private Image selectScreenshot(Theme theme) {
 		String imageResourcePath;
 		if (SystemUtils.IS_OS_MAC) {
@@ -122,18 +133,9 @@ public class ChooseExistingVaultController implements FxController {
 
 		Optional<Vault> optionalVault = RecoverUtil.prepareVaultFromDirectory(directoryChooser, window, dialogs, vaultComponentFactory, mountServices);
 
+
 		optionalVault.ifPresent(vault -> {
-			dialogs.prepareContactHubAdmin(window) //
-					.setTitleKey("a.title", vault.getVaultSettings().displayName.get() + " " + vault.getState()) //
-					.setDescriptionKey("a.description") //
-					.setMessageKey("a.message") //
-					.setCancelButtonKey("generic.button.cancel") //
-					.setOkButtonKey("generic.button.next") //
-					.setOkAction(stage -> {
-						recoveryKeyWindow.create(vault, window,RecoverUtil.Type.RESTORE_VAULT_CONFIG).showIsHubVaultDialogWindow();
-						stage.close();
-					}) //
-					.build().showAndWait();
+			recoveryKeyWindow.create(vault, window,RecoverUtil.Type.RESTORE_VAULT_CONFIG).showIsHubVaultDialogWindow();
 		});
 	}
 
@@ -147,4 +149,11 @@ public class ChooseExistingVaultController implements FxController {
 		return screenshot.getValue();
 	}
 
+	public boolean isRestoreButtonVisible() {
+		return restoreButtonVisible.get();
+	}
+
+	public BooleanProperty restoreButtonVisibleProperty() {
+		return restoreButtonVisible;
+	}
 }
diff --git a/src/main/resources/fxml/addvault_existing.fxml b/src/main/resources/fxml/addvault_existing.fxml
index c4a015a6f..1850630e0 100644
--- a/src/main/resources/fxml/addvault_existing.fxml
+++ b/src/main/resources/fxml/addvault_existing.fxml
@@ -7,26 +7,29 @@
 <?import javafx.scene.image.ImageView?>
 <?import javafx.scene.layout.Region?>
 <?import javafx.scene.layout.VBox?>
+<?import javafx.scene.control.CheckBox?>
 <VBox xmlns:fx="http://javafx.com/fxml"
 	  xmlns="http://javafx.com/javafx"
 	  fx:controller="org.cryptomator.ui.addvaultwizard.ChooseExistingVaultController"
 	  prefWidth="450"
-	  prefHeight="480"
-	  spacing="24"
-	  alignment="CENTER">
+	  prefHeight="480">
 	<padding>
 		<Insets topRightBottomLeft="24"/>
 	</padding>
 	<children>
 		<ImageView VBox.vgrow="ALWAYS" fitWidth="400" preserveRatio="true" smooth="true" image="${controller.screenshot}"/>
 
-		<Label text="%addvaultwizard.existing.instruction" wrapText="true"/>
+		<Label text="%addvaultwizard.existing.instruction" wrapText="true">
+			<padding>
+				<Insets bottom="6" top="6"/>
+			</padding>
+		</Label>
 
+		<CheckBox fx:id="restoreCheckBox" text="%addvaultwizard.existing.instruction.restore" wrapText="true"/>
 		<Region VBox.vgrow="ALWAYS"/>
-
 		<ButtonBar buttonMinWidth="120" buttonOrder="+CX">
 			<buttons>
-				<Button text="%addvaultwizard.existing.restore" ButtonBar.buttonData="NEXT_FORWARD" onAction="#restoreVaultConfigWithRecoveryKey" />
+				<Button text="%addvaultwizard.existing.restore" ButtonBar.buttonData="NEXT_FORWARD" onAction="#restoreVaultConfigWithRecoveryKey" visible="${controller.restoreButtonVisible}" />
 				<Button text="%addvaultwizard.existing.chooseBtn" ButtonBar.buttonData="NEXT_FORWARD" onAction="#chooseFileAndNext" defaultButton="true"/>
 			</buttons>
 		</ButtonBar>
diff --git a/src/main/resources/fxml/recoverykey_is_hub_vault.fxml b/src/main/resources/fxml/recoverykey_is_hub_vault.fxml
index 920777303..fbfefdbf6 100644
--- a/src/main/resources/fxml/recoverykey_is_hub_vault.fxml
+++ b/src/main/resources/fxml/recoverykey_is_hub_vault.fxml
@@ -16,7 +16,7 @@
 	  fx:controller="org.cryptomator.ui.recoverykey.RecoveryKeyIsHubVaultController"
 	  minWidth="400"
 	  maxWidth="400"
-	  minHeight="145"
+	  minHeight="204"
 	  spacing="12"
 	  alignment="TOP_CENTER">
 	<padding>
@@ -34,19 +34,22 @@
 		</Group>
 
 		<VBox HBox.hgrow="ALWAYS">
-			<Label styleClass="label-large" text="Hub Vault or not?" wrapText="true">
+			<Label styleClass="label-large" text="%recoveryKey.recover.onBoarding.title" wrapText="true">
+				<padding>
+					<Insets bottom="6" top="6"/>
+				</padding>
+			</Label>
+			<Label text="%recoveryKey.recover.onBoarding.message" wrapText="true"/>
+			<Label text="%recoveryKey.recover.onBoarding.description" wrapText="true">
 				<padding>
 					<Insets bottom="6" top="6"/>
 				</padding>
 			</Label>
-
-			<Label text="If your Vault is an Hub Vault you can restore the vault config .... Otherwise you need the recovery key of the vault to restore the config files." wrapText="true"/>
-
 			<Region VBox.vgrow="ALWAYS" minHeight="18"/>
 			<ButtonBar buttonMinWidth="120" buttonOrder="+C">
 				<buttons>
 					<Button text="%generic.button.close" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
-					<Button text="Use RecoveryKey" ButtonBar.buttonData="CANCEL_CLOSE" defaultButton="true" onAction="#recover"/>
+					<Button text="%recoveryKey.recover.onBoarding.confirm" ButtonBar.buttonData="CANCEL_CLOSE" defaultButton="true" onAction="#recover"/>
 				</buttons>
 			</ButtonBar>
 		</VBox>
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index f5a24aeb8..20c6c7fad 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -96,6 +96,7 @@ addvault.new.readme.accessLocation.4=Feel free to remove this file.
 ## Existing
 addvaultwizard.existing.title=Add Existing Vault
 addvaultwizard.existing.instruction=Choose the "vault.cryptomator" file of your existing vault. If only a file named "masterkey.cryptomator" exists, select that instead. If your vault.cryptomator lost you can recover it with your RecoveryKey.
+addvaultwizard.existing.instruction.restore=If your vault.cryptomator file went missing you can enable restore mode here.
 addvaultwizard.existing.restore=Restore…
 addvaultwizard.existing.chooseBtn=Choose…
 addvaultwizard.existing.filePickerTitle=Select Vault File
@@ -531,13 +532,14 @@ recoveryKey.noDDirDetected.title=Invalid Selection
 recoveryKey.noDDirDetected.description=The selected folder must contain a subfolder named "d".
 recoveryKey.noDDirDetected.message=Please choose a different folder that includes a subfolder named "d".
 
-a.title=Title %s
-a.description=Description
-a.message=Message
-
 recoveryKey.recoverVaultConfig.title=Recover Vault Config
 recoveryKey.recoverMasterkey.title=Recover Masterkey
 
+recoveryKey.recover.onBoarding.title=Restore your vault.cryptomator file
+recoveryKey.recover.onBoarding.message=If your vault is a hub managed vault, the Hub Admin can restore the file for you.
+recoveryKey.recover.onBoarding.description=Otherwise you will need the Recovery Key of the vault, possible some expert settings, and a new vault password.
+recoveryKey.recover.onBoarding.confirm=Use RecoveryKey
+
 # Convert Vault
 convertVault.title=Convert Vault
 convertVault.convert.convertBtn.before=Convert

From ebd767595bf6a264c908d04f33e7cbd7ac0c8c61 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 17 Mar 2025 18:39:17 +0100
Subject: [PATCH 012/117] get cipherCombo while key validation

---
 .../org/cryptomator/common/RecoverUtil.java   | 35 +++++++++++++------
 .../ui/convertvault/ConvertVaultModule.java   |  2 +-
 .../ui/recoverykey/RecoveryKeyModule.java     | 12 +++++--
 .../RecoveryKeyResetPasswordController.java   |  6 +++-
 .../RecoveryKeyValidateController.java        | 19 ++++++----
 5 files changed, 53 insertions(+), 21 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/RecoverUtil.java b/src/main/java/org/cryptomator/common/RecoverUtil.java
index 86d8aa4af..13244e071 100644
--- a/src/main/java/org/cryptomator/common/RecoverUtil.java
+++ b/src/main/java/org/cryptomator/common/RecoverUtil.java
@@ -125,20 +125,41 @@ public class RecoverUtil {
 		return masterkeyFileAccess.load(masterkeyFilePath, password);
 	}
 
-	public static boolean validateRecoveryKey(RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, MasterkeyFileAccess masterkeyFileAccess) {
+	public static void initializeCryptoFileSystem(Path recoveryPath, Masterkey masterkey, IntegerProperty shorteningThreshold, CryptorProvider.Scheme combo) throws IOException, CryptoException {
+		MasterkeyLoader loader = ignored -> masterkey.copy();
+		CryptoFileSystemProperties fsProps = CryptoFileSystemProperties.cryptoFileSystemProperties().withCipherCombo(combo).withKeyLoader(loader).withShorteningThreshold(shorteningThreshold.get()).build();
+		CryptoFileSystemProvider.initialize(recoveryPath, fsProps, DEFAULT_KEY_ID);
+	}
+
+	public static Optional<CryptorProvider.Scheme> getCipherCombo(Path vaultPath, Masterkey masterkey) {
+		try {
+			return Optional.of(RecoverUtil.detectCipherCombo(masterkey.getEncoded(), vaultPath));
+		} catch (Exception e) {
+			LOG.warn("Failed to detect cipher combo", e);
+			return Optional.empty();
+		}
+	}
+
+	public static Optional<CryptorProvider.Scheme> validateRecoveryKeyAndGetCombo(
+			RecoveryKeyFactory recoveryKeyFactory,
+			Vault vault,
+			StringProperty recoveryKey,
+			MasterkeyFileAccess masterkeyFileAccess) {
+
 		Path tempRecoveryPath = null;
 		CharSequence tmpPass = "asdasdasd";
+
 		try {
 			tempRecoveryPath = createRecoveryDirectory(vault.getPath());
 			createNewMasterkeyFile(recoveryKeyFactory, tempRecoveryPath, recoveryKey.get(), tmpPass);
 			Path masterkeyFilePath = tempRecoveryPath.resolve(MASTERKEY_FILENAME);
+
 			try (Masterkey masterkey = loadMasterkey(masterkeyFileAccess, masterkeyFilePath, tmpPass)) {
-				initializeCryptoFileSystem(tempRecoveryPath, vault.getPath(), masterkey, new SimpleIntegerProperty(CreateNewVaultExpertSettingsController.MAX_SHORTENING_THRESHOLD));
-				return true;
+				return getCipherCombo(vault.getPath(), masterkey);
 			}
 		} catch (IOException | CryptoException e) {
 			LOG.warn("Recovery key validation failed", e);
-			return false;
+			return Optional.empty();
 		} finally {
 			if (tempRecoveryPath != null) {
 				deleteRecoveryDirectory(tempRecoveryPath);
@@ -146,12 +167,6 @@ public class RecoverUtil {
 		}
 	}
 
-	public static void initializeCryptoFileSystem(Path recoveryPath, Path vaultPath, Masterkey masterkey, IntegerProperty shorteningThreshold) throws IOException, CryptoException {
-		var combo = RecoverUtil.detectCipherCombo(masterkey.getEncoded(), vaultPath);
-		MasterkeyLoader loader = ignored -> masterkey.copy();
-		CryptoFileSystemProperties fsProps = CryptoFileSystemProperties.cryptoFileSystemProperties().withCipherCombo(combo).withKeyLoader(loader).withShorteningThreshold(shorteningThreshold.get()).build();
-		CryptoFileSystemProvider.initialize(recoveryPath, fsProps, DEFAULT_KEY_ID);
-	}
 
 	public static void moveRecoveredFiles(Path recoveryPath, Path vaultPath) throws IOException {
 		Files.move(recoveryPath.resolve(MASTERKEY_FILENAME), vaultPath.resolve(MASTERKEY_FILENAME), StandardCopyOption.REPLACE_EXISTING);
diff --git a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
index aa290b621..36ba14cab 100644
--- a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
+++ b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
@@ -123,7 +123,7 @@ abstract class ConvertVaultModule {
 	@IntoMap
 	@FxControllerKey(RecoveryKeyValidateController.class)
 	static FxController bindRecoveryKeyValidateController(@ConvertVaultWindow Vault vault, @ConvertVaultWindow VaultConfig.UnverifiedVaultConfig vaultConfig, @ConvertVaultWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory) {
-		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, new SimpleObjectProperty<>(RecoverUtil.Type.CONVERT_VAULT),null);
+		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, new SimpleObjectProperty<>(RecoverUtil.Type.CONVERT_VAULT),null,null);
 	}
 
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
index 08c23a0db..3c2f6d132 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
@@ -8,6 +8,7 @@ import org.cryptomator.common.Nullable;
 import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.VaultConfig;
+import org.cryptomator.cryptolib.api.CryptorProvider;
 import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.ui.addvaultwizard.CreateNewVaultExpertSettingsController;
 import org.cryptomator.ui.common.DefaultSceneFactory;
@@ -161,6 +162,13 @@ abstract class RecoveryKeyModule {
 		return new SimpleObjectProperty<>(RecoverUtil.Type.RESTORE_MASTERKEY);
 	}
 
+	@Provides
+	@Named("cipherCombo")
+	@RecoveryKeyScoped
+	static ObjectProperty<CryptorProvider.Scheme> provideCipherCombo() {
+		return new SimpleObjectProperty<>();
+	}
+
 	@Binds
 	@IntoMap
 	@FxControllerKey(RecoveryKeyExpertSettingsController.class)
@@ -194,8 +202,8 @@ abstract class RecoveryKeyModule {
 	@Provides
 	@IntoMap
 	@FxControllerKey(RecoveryKeyValidateController.class)
-	static FxController bindRecoveryKeyValidateController(@RecoveryKeyWindow Vault vault, @RecoveryKeyWindow @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, @RecoveryKeyWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory, @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType, @Nullable MasterkeyFileAccess masterkeyFileAccess) {
-		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, recoverType, masterkeyFileAccess);
+	static FxController bindRecoveryKeyValidateController(@RecoveryKeyWindow Vault vault, @RecoveryKeyWindow @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, @RecoveryKeyWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory, @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType, @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo, @Nullable MasterkeyFileAccess masterkeyFileAccess) {
+		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, recoverType, cipherCombo, masterkeyFileAccess);
 	}
 
 	@Provides
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index bf301c57b..d2bc329c8 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -5,6 +5,7 @@ import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.cryptolib.api.CryptoException;
+import org.cryptomator.cryptolib.api.CryptorProvider;
 import org.cryptomator.cryptolib.api.Masterkey;
 import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.ui.changepassword.NewPasswordController;
@@ -51,6 +52,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	private final VaultListManager vaultListManager;
 	private final IntegerProperty shorteningThreshold;
 	private final ObjectProperty<RecoverUtil.Type> recoverType;
+	private final ObjectProperty<CryptorProvider.Scheme> cipherCombo;
 	private final ResourceBundle resourceBundle;
 	private final StringProperty buttonText = new SimpleStringProperty();
 
@@ -70,6 +72,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 											  VaultListManager vaultListManager, //
 											  @Named("shorteningThreshold") IntegerProperty shorteningThreshold, //
 											  @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType,
+											  @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo,//
 											  ResourceBundle resourceBundle) {
 		this.window = window;
 		this.vault = vault;
@@ -83,6 +86,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 		this.masterkeyFileAccess = masterkeyFileAccess;
 		this.vaultListManager = vaultListManager;
 		this.shorteningThreshold = shorteningThreshold;
+		this.cipherCombo = cipherCombo;
 		this.recoverType = recoverType;
 		this.resourceBundle = resourceBundle;
 
@@ -116,7 +120,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 				Path masterkeyFilePath = recoveryPath.resolve(MASTERKEY_FILENAME);
 
 				try (Masterkey masterkey = RecoverUtil.loadMasterkey(masterkeyFileAccess, masterkeyFilePath, newPasswordController.passwordField.getCharacters())) {
-					RecoverUtil.initializeCryptoFileSystem(recoveryPath, vault.getPath(), masterkey, shorteningThreshold);
+					RecoverUtil.initializeCryptoFileSystem(recoveryPath,masterkey,shorteningThreshold,cipherCombo.get());
 				}
 
 				RecoverUtil.moveRecoveredFiles(recoveryPath, vault.getPath());
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
index 6472d3849..c0a898c54 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
@@ -10,6 +10,7 @@ import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.VaultConfig;
 import org.cryptomator.cryptofs.VaultConfigLoadException;
 import org.cryptomator.cryptofs.VaultKeyInvalidException;
+import org.cryptomator.cryptolib.api.CryptorProvider;
 import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.ui.common.FxController;
 import org.slf4j.Logger;
@@ -39,6 +40,7 @@ public class RecoveryKeyValidateController implements FxController {
 	private final ObservableValue<Boolean> recoveryKeyInvalid;
 	private final RecoveryKeyFactory recoveryKeyFactory;
 	private final ObjectProperty<RecoveryKeyState> recoveryKeyState;
+	private final ObjectProperty<CryptorProvider.Scheme> cipherCombo;
 	private final AutoCompleter autoCompleter;
 	private final ObjectProperty<RecoverUtil.Type> recoverType;
 	private final MasterkeyFileAccess masterkeyFileAccess;
@@ -52,6 +54,7 @@ public class RecoveryKeyValidateController implements FxController {
 										 StringProperty recoveryKey, //
 										 RecoveryKeyFactory recoveryKeyFactory, //
 										 @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType, //
+										 @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo,//
 										 MasterkeyFileAccess masterkeyFileAccess) {
 		this.vault = vault;
 		this.unverifiedVaultConfig = vaultConfig;
@@ -63,6 +66,7 @@ public class RecoveryKeyValidateController implements FxController {
 		this.recoveryKeyWrong = ObservableUtil.mapWithDefault(recoveryKeyState, RecoveryKeyState.WRONG::equals, false);
 		this.recoveryKeyInvalid = ObservableUtil.mapWithDefault(recoveryKeyState, RecoveryKeyState.INVALID::equals, false);
 		this.recoverType = recoverType;
+		this.cipherCombo = cipherCombo;
 		this.masterkeyFileAccess = masterkeyFileAccess;
 	}
 
@@ -133,20 +137,20 @@ public class RecoveryKeyValidateController implements FxController {
 		var valid = false;
 		switch (recoverType.get()) {
 			case RESTORE_VAULT_CONFIG -> {
-				try{
-					valid = RecoverUtil.validateRecoveryKey(recoveryKeyFactory, vault, recoveryKey, masterkeyFileAccess);
-				}
-				catch (IllegalStateException e){
+				try {
+					var combo = RecoverUtil.validateRecoveryKeyAndGetCombo(recoveryKeyFactory, vault, recoveryKey, masterkeyFileAccess);
+					valid = combo.isPresent();
+					combo.ifPresent(cipherCombo::set);
+				} catch (IllegalStateException e) {
 					isWrongKey = true;
-				}
-				catch (IllegalArgumentException e){
+				} catch (IllegalArgumentException e) {
 					isWrongKey = false;
 				}
 			}
 			case RESTORE_MASTERKEY, RESET_PASSWORD, SHOW_KEY, CONVERT_VAULT -> {
 				valid = recoveryKeyFactory.validateRecoveryKey(recoveryKey.get(), unverifiedVaultConfig != null ? this::checkKeyAgainstVaultConfig : null);
 			}
-		};
+		}
 		if (valid) {
 			recoveryKeyState.set(RecoveryKeyState.CORRECT);
 		} else if (isWrongKey) { //set via side effect in checkKeyAgainstVaultConfig()
@@ -156,6 +160,7 @@ public class RecoveryKeyValidateController implements FxController {
 		}
 	}
 
+
 	/* Getter/Setter */
 
 	public Vault getVault() {

From 087b6162edbc51e1e7cec63c45f69f8c7ee4e211 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Tue, 18 Mar 2025 14:25:44 +0100
Subject: [PATCH 013/117] recoverType fix and more use of dialogs

---
 .../org/cryptomator/common/RecoverUtil.java   | 82 +++++++++----------
 .../common/vaults/VaultListManager.java       | 13 ++-
 .../ChooseExistingVaultController.java        | 56 ++++++-------
 .../org/cryptomator/ui/dialogs/Dialogs.java   | 20 ++++-
 .../VaultDetailMissingVaultController.java    |  7 +-
 .../ui/recoverykey/RecoveryKeyComponent.java  |  3 +-
 .../ui/recoverykey/RecoveryKeyModule.java     | 11 ---
 .../RecoveryKeyRecoverController.java         |  2 +
 .../RecoveryKeyResetPasswordController.java   | 25 ++++--
 ...veryKeyResetPasswordSuccessController.java | 32 --------
 .../MasterkeyOptionsController.java           |  8 +-
 src/main/resources/i18n/strings.properties    |  1 +
 12 files changed, 129 insertions(+), 131 deletions(-)
 delete mode 100644 src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordSuccessController.java

diff --git a/src/main/java/org/cryptomator/common/RecoverUtil.java b/src/main/java/org/cryptomator/common/RecoverUtil.java
index 13244e071..b686696c2 100644
--- a/src/main/java/org/cryptomator/common/RecoverUtil.java
+++ b/src/main/java/org/cryptomator/common/RecoverUtil.java
@@ -1,6 +1,32 @@
 package org.cryptomator.common;
 
-import dagger.Lazy;
+import javafx.beans.property.IntegerProperty;
+import javafx.beans.property.StringProperty;
+import javafx.concurrent.Task;
+import javafx.stage.DirectoryChooser;
+import javafx.stage.Stage;
+import java.io.File;
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.StandardCopyOption;
+import java.security.SecureRandom;
+import java.util.Comparator;
+import java.util.List;
+import java.util.Optional;
+import java.util.ResourceBundle;
+import java.util.stream.Stream;
+
+import static org.cryptomator.common.Constants.DEFAULT_KEY_ID;
+import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
+import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
+import static org.cryptomator.common.vaults.VaultState.Value.MASTERKEY_MISSING;
+import static org.cryptomator.common.vaults.VaultState.Value.VAULT_CONFIG_MISSING;
+import static org.cryptomator.cryptofs.common.Constants.DATA_DIR_NAME;
+import static org.cryptomator.cryptolib.api.CryptorProvider.Scheme.SIV_CTRMAC;
+import static org.cryptomator.cryptolib.api.CryptorProvider.Scheme.SIV_GCM;
+
 import org.apache.commons.lang3.SystemUtils;
 import org.cryptomator.common.settings.VaultSettings;
 import org.cryptomator.common.vaults.Vault;
@@ -14,9 +40,9 @@ import org.cryptomator.cryptolib.api.CryptoException;
 import org.cryptomator.cryptolib.api.Cryptor;
 import org.cryptomator.cryptolib.api.CryptorProvider;
 import org.cryptomator.cryptolib.api.Masterkey;
+import org.cryptomator.cryptolib.api.MasterkeyLoader;
 import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.integrations.mount.MountService;
-import org.cryptomator.ui.addvaultwizard.CreateNewVaultExpertSettingsController;
 import org.cryptomator.ui.changepassword.NewPasswordController;
 import org.cryptomator.ui.dialogs.Dialogs;
 import org.cryptomator.ui.fxapp.FxApplicationWindows;
@@ -24,45 +50,13 @@ import org.cryptomator.ui.recoverykey.RecoveryKeyFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javafx.beans.property.IntegerProperty;
-import javafx.beans.property.SimpleIntegerProperty;
-import javafx.beans.property.StringProperty;
-import javafx.concurrent.Task;
-import javafx.scene.Scene;
-import javafx.stage.DirectoryChooser;
-import javafx.stage.Stage;
-import java.io.File;
-import java.io.IOException;
-import java.nio.ByteBuffer;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.StandardCopyOption;
-import java.security.SecureRandom;
-import java.util.Comparator;
-import java.util.List;
-import java.util.Optional;
-import java.util.stream.Stream;
-import org.cryptomator.cryptolib.api.MasterkeyLoader;
-
-import static org.cryptomator.common.Constants.DEFAULT_KEY_ID;
-import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
-import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
-import static org.cryptomator.common.vaults.VaultState.Value.VAULT_CONFIG_MISSING;
-import static org.cryptomator.cryptofs.common.Constants.DATA_DIR_NAME;
-import static org.cryptomator.cryptolib.api.CryptorProvider.Scheme.SIV_CTRMAC;
-import static org.cryptomator.cryptolib.api.CryptorProvider.Scheme.SIV_GCM;
-
 public class RecoverUtil {
 
 	private static final Logger LOG = LoggerFactory.getLogger(RecoverUtil.class);
 
 	public static CryptorProvider.Scheme detectCipherCombo(byte[] masterkey, Path pathToVault) {
 		try (Stream<Path> paths = Files.walk(pathToVault.resolve(DATA_DIR_NAME))) {
-			return paths.filter(path -> path.toString()
-							.endsWith(".c9r"))
-							.findFirst()
-							.map(c9rFile -> determineScheme(c9rFile, masterkey))
-							.orElseThrow(() -> new IllegalStateException("No .c9r file found."));
+			return paths.filter(path -> path.toString().endsWith(".c9r")).findFirst().map(c9rFile -> determineScheme(c9rFile, masterkey)).orElseThrow(() -> new IllegalStateException("No .c9r file found."));
 		} catch (IOException e) {
 			throw new IllegalStateException("Failed to detect cipher combo.", e);
 		}
@@ -140,11 +134,7 @@ public class RecoverUtil {
 		}
 	}
 
-	public static Optional<CryptorProvider.Scheme> validateRecoveryKeyAndGetCombo(
-			RecoveryKeyFactory recoveryKeyFactory,
-			Vault vault,
-			StringProperty recoveryKey,
-			MasterkeyFileAccess masterkeyFileAccess) {
+	public static Optional<CryptorProvider.Scheme> validateRecoveryKeyAndGetCombo(RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, MasterkeyFileAccess masterkeyFileAccess) {
 
 		Path tempRecoveryPath = null;
 		CharSequence tmpPass = "asdasdasd";
@@ -193,7 +183,7 @@ public class RecoverUtil {
 		}
 	}
 
-	public static Task<Void> createResetPasswordTask(RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, NewPasswordController newPasswordController, Stage window, Lazy<Scene> recoverResetPasswordSuccessScene, Lazy<Scene> recoverResetVaultConfigSuccessScene, FxApplicationWindows appWindows) {
+	public static Task<Void> createResetPasswordTask(ResourceBundle resourceBundle,Stage owner, RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, NewPasswordController newPasswordController, Stage window, FxApplicationWindows appWindows, Dialogs dialogs) {
 
 		Task<Void> task = new ResetPasswordTask(recoveryKeyFactory, vault, recoveryKey, newPasswordController);
 
@@ -203,10 +193,12 @@ public class RecoverUtil {
 
 		task.setOnSucceeded(_ -> {
 			LOG.info("Used recovery key to reset password for {}.", vault.getDisplayablePath());
-			if (vault.getState().equals(VAULT_CONFIG_MISSING)) {
-				window.setScene(recoverResetVaultConfigSuccessScene.get());
+			if (vault.getState().equals(MASTERKEY_MISSING)) {
+				dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle).setTitleKey("recoveryKey.recoverMasterkey.title").setMessageKey("recoveryKey.recover.resetMasterkeyFileSuccess.message").build().showAndWait();
+				window.close();
 			} else {
-				window.setScene(recoverResetPasswordSuccessScene.get());
+				dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle).build().showAndWait();
+				window.close();
 			}
 		});
 
@@ -243,7 +235,7 @@ public class RecoverUtil {
 		}
 	}
 
-	public static Optional<Vault> prepareVaultFromDirectory(DirectoryChooser directoryChooser, Stage window, Dialogs dialogs, VaultComponent.Factory vaultComponentFactory, List<MountService> mountServices) {
+	public static Optional<Vault> checkAndPrepareVaultFromDirectory(DirectoryChooser directoryChooser, Stage window, Dialogs dialogs, VaultComponent.Factory vaultComponentFactory, List<MountService> mountServices) {
 
 		File selectedDirectory;
 		do {
diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index 63e32da7d..b60566e23 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -173,7 +173,18 @@ public class VaultListManager {
 					yield ERROR;
 				}
 			}
-			case ERROR, UNLOCKED, PROCESSING -> previousState;
+			case ERROR -> {
+				try {
+					var determinedState = determineVaultState(vault.getPath(), vault.getVaultSettings());
+					state.set(determinedState);
+					yield determinedState;
+				} catch (IOException e) {
+					LOG.warn("Failed to redetermine vault state for " + vault.getPath(), e);
+					vault.setLastKnownException(e);
+					yield ERROR;
+				}
+			}
+			case UNLOCKED, PROCESSING -> previousState;
 		};
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
index 4743cc52b..1b2f7e7e9 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -1,5 +1,28 @@
 package org.cryptomator.ui.addvaultwizard;
 
+import javax.inject.Inject;
+import javafx.beans.property.BooleanProperty;
+import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.SimpleBooleanProperty;
+import javafx.beans.property.SimpleObjectProperty;
+import javafx.beans.value.ObservableValue;
+import javafx.fxml.FXML;
+import javafx.scene.Scene;
+import javafx.scene.control.CheckBox;
+import javafx.scene.image.Image;
+import javafx.stage.DirectoryChooser;
+import javafx.stage.FileChooser;
+import javafx.stage.Stage;
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Path;
+import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.ResourceBundle;
+
+import static org.cryptomator.common.Constants.CRYPTOMATOR_FILENAME_GLOB;
+
 import dagger.Lazy;
 import org.apache.commons.lang3.SystemUtils;
 import org.cryptomator.common.RecoverUtil;
@@ -18,28 +41,6 @@ import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.inject.Inject;
-import javafx.beans.property.BooleanProperty;
-import javafx.beans.property.ObjectProperty;
-import javafx.beans.property.SimpleBooleanProperty;
-import javafx.beans.value.ObservableValue;
-import javafx.fxml.FXML;
-import javafx.scene.Scene;
-import javafx.scene.control.CheckBox;
-import javafx.scene.image.Image;
-import javafx.stage.DirectoryChooser;
-import javafx.stage.FileChooser;
-import javafx.stage.Stage;
-import java.io.File;
-import java.io.IOException;
-import java.nio.file.Path;
-import java.util.List;
-import java.util.Objects;
-import java.util.Optional;
-import java.util.ResourceBundle;
-
-import static org.cryptomator.common.Constants.CRYPTOMATOR_FILENAME_GLOB;
-
 @AddVaultWizardScoped
 public class ChooseExistingVaultController implements FxController {
 
@@ -91,9 +92,10 @@ public class ChooseExistingVaultController implements FxController {
 		this.dialogs = dialogs;
 	}
 
-	public void initialize(){
+	public void initialize() {
 		restoreButtonVisible.bind(restoreCheckBox.selectedProperty());
 	}
+
 	private Image selectScreenshot(Theme theme) {
 		String imageResourcePath;
 		if (SystemUtils.IS_OS_MAC) {
@@ -129,13 +131,11 @@ public class ChooseExistingVaultController implements FxController {
 	@FXML
 	public void restoreVaultConfigWithRecoveryKey() {
 		DirectoryChooser directoryChooser = new DirectoryChooser();
-		directoryChooser.setTitle(resourceBundle.getString("generic.button.cancel"));
-
-		Optional<Vault> optionalVault = RecoverUtil.prepareVaultFromDirectory(directoryChooser, window, dialogs, vaultComponentFactory, mountServices);
-
+		Optional<Vault> optionalVault = RecoverUtil.checkAndPrepareVaultFromDirectory(directoryChooser, window, dialogs, vaultComponentFactory, mountServices);
 
 		optionalVault.ifPresent(vault -> {
-			recoveryKeyWindow.create(vault, window,RecoverUtil.Type.RESTORE_VAULT_CONFIG).showIsHubVaultDialogWindow();
+			ObjectProperty<RecoverUtil.Type> recoverTypeProperty = new SimpleObjectProperty<>(RecoverUtil.Type.RESTORE_VAULT_CONFIG);
+			recoveryKeyWindow.create(vault, window, recoverTypeProperty).showIsHubVaultDialogWindow();
 		});
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
index 807c3a9f1..b072481c0 100644
--- a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
+++ b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
@@ -57,6 +57,22 @@ public class Dialogs {
 				.setCancelButtonKey("generic.button.cancel");
 	}
 
+	public SimpleDialog.Builder prepareRecoverPasswordSuccess(Stage window, Stage owner, ResourceBundle resourceBundle) {
+		return createDialogBuilder()
+				.setOwner(window) //
+				.setTitleKey("recoveryKey.recover.title") //
+				.setMessageKey("recoveryKey.recover.resetSuccess.message") //
+				.setDescriptionKey("recoveryKey.recover.resetSuccess.description") //
+				.setIcon(FontAwesome5Icon.CHECK)
+				.setOkAction(stage -> {
+					stage.close();
+					if (owner.getTitle().equals(resourceBundle.getString("addvaultwizard.existing.title"))) {
+						owner.close();
+					}
+				})
+				.setOkButtonKey("generic.button.close");
+	}
+
 	public SimpleDialog.Builder prepareRemoveCertDialog(Stage window, Settings settings) {
 		return createDialogBuilder() //
 				.setOwner(window) //
@@ -106,9 +122,7 @@ public class Dialogs {
 				.setDescriptionKey("recoveryKey.noDDirDetected.description") //
 				.setIcon(FontAwesome5Icon.EXCLAMATION) //
 				.setOkButtonKey("generic.button.change") //
-				.setCancelButtonKey("generic.button.close") //
-				.setOkAction(Stage::close) //
-				.setCancelAction(Stage::close);
+				.setOkAction(Stage::close);
 	}
 
 }
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
index 274f6bbf9..d7ac79f08 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
@@ -10,6 +10,7 @@ import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 
 import javax.inject.Inject;
 import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.SimpleObjectProperty;
 import javafx.collections.ObservableList;
 import javafx.fxml.FXML;
 import javafx.stage.FileChooser;
@@ -60,13 +61,15 @@ public class VaultDetailMissingVaultController implements FxController {
 			dialogs.prepareContactHubAdmin(window).build().showAndWait();
 		}
 		else {
-			recoveryKeyWindow.create(vault.get(), window, RecoverUtil.Type.RESTORE_VAULT_CONFIG).showIsHubVaultDialogWindow();
+			ObjectProperty<RecoverUtil.Type> recoverTypeProperty = new SimpleObjectProperty<>(RecoverUtil.Type.RESTORE_VAULT_CONFIG);
+			recoveryKeyWindow.create(vault.get(), window, recoverTypeProperty).showIsHubVaultDialogWindow();
 		}
 	}
 
 	@FXML
 	void restoreMasterkey() {
-		recoveryKeyWindow.create(vault.get(), window,RecoverUtil.Type.RESTORE_MASTERKEY).showRecoveryKeyRecoverWindow();
+		ObjectProperty<RecoverUtil.Type> recoverTypeProperty = new SimpleObjectProperty<>(RecoverUtil.Type.RESTORE_MASTERKEY);
+		recoveryKeyWindow.create(vault.get(), window, recoverTypeProperty).showRecoveryKeyRecoverWindow();
 	}
 
 	@FXML
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
index 1af6113ca..cbc00ad46 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
@@ -9,6 +9,7 @@ import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
 
 import javax.inject.Named;
+import javafx.beans.property.ObjectProperty;
 import javafx.scene.Scene;
 import javafx.stage.Stage;
 
@@ -54,7 +55,7 @@ public interface RecoveryKeyComponent {
 
 		RecoveryKeyComponent create(@BindsInstance @RecoveryKeyWindow Vault vault,
 									@BindsInstance @Named("keyRecoveryOwner") Stage owner,
-									@BindsInstance @Named("recoverType") RecoverUtil.Type recoverType);
+									@BindsInstance @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType);
 	}
 
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
index 3c2f6d132..1ccbcaed7 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
@@ -155,13 +155,6 @@ abstract class RecoveryKeyModule {
 		return new SimpleIntegerProperty(CreateNewVaultExpertSettingsController.MAX_SHORTENING_THRESHOLD);
 	}
 
-	@Provides
-	@Named("recoverType")
-	@RecoveryKeyScoped
-	static ObjectProperty<RecoverUtil.Type> provideRecoverType() {
-		return new SimpleObjectProperty<>(RecoverUtil.Type.RESTORE_MASTERKEY);
-	}
-
 	@Provides
 	@Named("cipherCombo")
 	@RecoveryKeyScoped
@@ -194,10 +187,6 @@ abstract class RecoveryKeyModule {
 	@FxControllerKey(RecoveryKeyResetPasswordController.class)
 	abstract FxController bindRecoveryKeyResetPasswordController(RecoveryKeyResetPasswordController controller);
 
-	@Binds
-	@IntoMap
-	@FxControllerKey(RecoveryKeyResetPasswordSuccessController.class)
-	abstract FxController bindRecoveryKeyResetPasswordSuccessController(RecoveryKeyResetPasswordSuccessController controller);
 
 	@Provides
 	@IntoMap
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
index 9f2842f34..1edbae6f4 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
@@ -12,6 +12,7 @@ import javafx.beans.property.ObjectProperty;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
 import javafx.stage.Stage;
+import java.util.Optional;
 import java.util.ResourceBundle;
 
 @RecoveryKeyScoped
@@ -52,6 +53,7 @@ public class RecoveryKeyRecoverController implements FxController {
 				yield null;
 			}
 		};
+
 	}
 
 	@FXML
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index d2bc329c8..3c481bbd0 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -12,6 +12,8 @@ import org.cryptomator.ui.changepassword.NewPasswordController;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.dialogs.Dialogs;
+import org.cryptomator.ui.dialogs.SimpleDialog;
 import org.cryptomator.ui.fxapp.FxApplicationWindows;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -55,6 +57,8 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	private final ObjectProperty<CryptorProvider.Scheme> cipherCombo;
 	private final ResourceBundle resourceBundle;
 	private final StringProperty buttonText = new SimpleStringProperty();
+	private final Dialogs dialogs;
+	private final Stage owner;
 
 	public NewPasswordController newPasswordController;
 
@@ -63,6 +67,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 											  @RecoveryKeyWindow Vault vault, //
 											  RecoveryKeyFactory recoveryKeyFactory, //
 											  ExecutorService executor, //
+											  @Named("keyRecoveryOwner") Stage owner,
 											  @RecoveryKeyWindow StringProperty recoveryKey, //
 											  @FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> recoverExpertSettingsScene, //
 											  @FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD_SUCCESS) Lazy<Scene> recoverResetPasswordSuccessScene, //
@@ -73,7 +78,8 @@ public class RecoveryKeyResetPasswordController implements FxController {
 											  @Named("shorteningThreshold") IntegerProperty shorteningThreshold, //
 											  @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType,
 											  @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo,//
-											  ResourceBundle resourceBundle) {
+											  ResourceBundle resourceBundle,
+											  Dialogs dialogs) {
 		this.window = window;
 		this.vault = vault;
 		this.recoveryKeyFactory = recoveryKeyFactory;
@@ -89,7 +95,8 @@ public class RecoveryKeyResetPasswordController implements FxController {
 		this.cipherCombo = cipherCombo;
 		this.recoverType = recoverType;
 		this.resourceBundle = resourceBundle;
-
+		this.dialogs = dialogs;
+		this.owner = owner;
 		initButtonText(recoverType.get());
 	}
 
@@ -127,20 +134,26 @@ public class RecoveryKeyResetPasswordController implements FxController {
 				RecoverUtil.deleteRecoveryDirectory(recoveryPath);
 				RecoverUtil.addVaultToList(vaultListManager, vault.getPath());
 
-				window.setScene(recoverResetVaultConfigSuccessScene.get());
+				dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle)
+						.setTitleKey("recoveryKey.recoverVaultConfig.title")
+						.setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message")
+						.build().showAndWait();
+				window.close(); // Erst jetzt das Fenster schließen
+
 			} catch (IOException | CryptoException e) {
 				LOG.error("Recovery process failed", e);
 			}
 		} else {
 			Task<Void> task = RecoverUtil.createResetPasswordTask( //
+					resourceBundle,
+					owner,
 					recoveryKeyFactory, //
 					vault, //
 					recoveryKey, //
 					newPasswordController, //
 					window, //
-					recoverResetPasswordSuccessScene, //
-					recoverResetVaultConfigSuccessScene, //
-					appWindows);
+					appWindows,
+					dialogs);
 			executor.submit(task);
 		}
 	}
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordSuccessController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordSuccessController.java
deleted file mode 100644
index b646f0334..000000000
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordSuccessController.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package org.cryptomator.ui.recoverykey;
-
-import org.cryptomator.ui.common.FxController;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import javafx.fxml.FXML;
-import javafx.stage.Stage;
-
-@RecoveryKeyScoped
-public class RecoveryKeyResetPasswordSuccessController implements FxController {
-
-	private final Stage window;
-	private final Stage owner;
-
-	@Inject
-	public RecoveryKeyResetPasswordSuccessController(@RecoveryKeyWindow Stage window, //
-													 @Named("keyRecoveryOwner") Stage owner) {
-
-		this.window = window;
-		this.owner = owner;
-	}
-
-	@FXML
-	public void close() {
-		if (!owner.getTitle().equals("Cryptomator")) {
-			owner.close();
-		}
-		window.close();
-	}
-
-}
diff --git a/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java b/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
index 723be3317..f0acea858 100644
--- a/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
+++ b/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
@@ -11,7 +11,9 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
+import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.SimpleBooleanProperty;
+import javafx.beans.property.SimpleObjectProperty;
 import javafx.beans.value.ObservableValue;
 import javafx.fxml.FXML;
 import javafx.stage.Stage;
@@ -56,12 +58,14 @@ public class MasterkeyOptionsController implements FxController {
 
 	@FXML
 	public void showRecoveryKey() {
-		recoveryKeyWindow.create(vault, window, RecoverUtil.Type.SHOW_KEY).showRecoveryKeyCreationWindow();
+		ObjectProperty<RecoverUtil.Type> recoverTypeProperty = new SimpleObjectProperty<>(RecoverUtil.Type.SHOW_KEY);
+		recoveryKeyWindow.create(vault, window, recoverTypeProperty).showRecoveryKeyCreationWindow();
 	}
 
 	@FXML
 	public void showRecoverVaultDialog() {
-		recoveryKeyWindow.create(vault, window,RecoverUtil.Type.RESET_PASSWORD).showRecoveryKeyRecoverWindow();
+		ObjectProperty<RecoverUtil.Type> recoverTypeProperty = new SimpleObjectProperty<>(RecoverUtil.Type.RESET_PASSWORD);
+		recoveryKeyWindow.create(vault, window, recoverTypeProperty).showRecoveryKeyRecoverWindow();
 	}
 
 	@FXML
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index b3ecfba79..7ea99bc00 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -524,6 +524,7 @@ recoveryKey.recover.resetSuccess.message=Password reset successful
 recoveryKey.recover.resetSuccess.description=You can unlock your vault with the new password.
 ### Recovery Key Vault Config Reset Success
 recoveryKey.recover.resetVaultConfigSuccess.message=Vault config reset successful
+recoveryKey.recover.resetMasterkeyFileSuccess.message=Masterkey file reset successful
 
 ### Recover Kram
 

From 6bb8c0d4e792e4389af7fc5f3b0bb407a4cc9869 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 19 Mar 2025 10:09:55 +0100
Subject: [PATCH 014/117] removed unused fxml and controller dialog fix

---
 .../org/cryptomator/ui/common/FxmlFile.java   |  2 -
 .../org/cryptomator/ui/dialogs/Dialogs.java   |  3 +-
 .../ui/recoverykey/RecoveryKeyModule.java     | 14 -----
 .../RecoveryKeyResetPasswordController.java   |  6 ---
 .../recoverykey_reset_password_success.fxml   | 53 -------------------
 ...ecoverykey_reset_vault_config_success.fxml | 53 -------------------
 6 files changed, 1 insertion(+), 130 deletions(-)
 delete mode 100644 src/main/resources/fxml/recoverykey_reset_password_success.fxml
 delete mode 100644 src/main/resources/fxml/recoverykey_reset_vault_config_success.fxml

diff --git a/src/main/java/org/cryptomator/ui/common/FxmlFile.java b/src/main/java/org/cryptomator/ui/common/FxmlFile.java
index 9a2a68329..272a7817f 100644
--- a/src/main/java/org/cryptomator/ui/common/FxmlFile.java
+++ b/src/main/java/org/cryptomator/ui/common/FxmlFile.java
@@ -44,8 +44,6 @@ public enum FxmlFile {
 	RECOVERYKEY_EXPERT_SETTINGS("/fxml/recoverykey_expert_settings.fxml"), //
 	RECOVERYKEY_RECOVER("/fxml/recoverykey_recover.fxml"), //
 	RECOVERYKEY_RESET_PASSWORD("/fxml/recoverykey_reset_password.fxml"), //
-	RECOVERYKEY_RESET_PASSWORD_SUCCESS("/fxml/recoverykey_reset_password_success.fxml"), //
-	RECOVERYKEY_RESET_VAULT_CONFIG_SUCCESS("/fxml/recoverykey_reset_vault_config_success.fxml"), //
 	RECOVERYKEY_SUCCESS("/fxml/recoverykey_success.fxml"), //
 	SHARE_VAULT("/fxml/share_vault.fxml"), //
 	SIMPLE_DIALOG("/fxml/simple_dialog.fxml"), //
diff --git a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
index b072481c0..a71852050 100644
--- a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
+++ b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
@@ -53,8 +53,7 @@ public class Dialogs {
 				.setMessageKey("contactHubAdmin.message") //
 				.setDescriptionKey("contactHubAdmin.description") //
 				.setIcon(FontAwesome5Icon.EXCLAMATION)//
-				.setOkButtonKey("removeVault.confirmBtn") //
-				.setCancelButtonKey("generic.button.cancel");
+				.setOkButtonKey("generic.button.close");
 	}
 
 	public SimpleDialog.Builder prepareRecoverPasswordSuccess(Stage window, Stage owner, ResourceBundle resourceBundle) {
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
index 1ccbcaed7..e48bc7825 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
@@ -106,20 +106,6 @@ abstract class RecoveryKeyModule {
 		return fxmlLoaders.createScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD);
 	}
 
-	@Provides
-	@FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD_SUCCESS)
-	@RecoveryKeyScoped
-	static Scene provideRecoveryKeyResetPasswordSuccessScene(@RecoveryKeyWindow FxmlLoaderFactory fxmlLoaders) {
-		return fxmlLoaders.createScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD_SUCCESS);
-	}
-
-	@Provides
-	@FxmlScene(FxmlFile.RECOVERYKEY_RESET_VAULT_CONFIG_SUCCESS)
-	@RecoveryKeyScoped
-	static Scene provideRecoveryKeyResetVaultConfigSuccessScene(@RecoveryKeyWindow FxmlLoaderFactory fxmlLoaders) {
-		return fxmlLoaders.createScene(FxmlFile.RECOVERYKEY_RESET_VAULT_CONFIG_SUCCESS);
-	}
-
 	@Provides
 	@FxmlScene(FxmlFile.RECOVERYKEY_IS_HUB_VAULT)
 	@RecoveryKeyScoped
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index 3c481bbd0..607eee63a 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -47,8 +47,6 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	private final ExecutorService executor;
 	private final StringProperty recoveryKey;
 	private final Lazy<Scene> recoverExpertSettingsScene;
-	private final Lazy<Scene> recoverResetPasswordSuccessScene;
-	private final Lazy<Scene> recoverResetVaultConfigSuccessScene;
 	private final FxApplicationWindows appWindows;
 	private final MasterkeyFileAccess masterkeyFileAccess;
 	private final VaultListManager vaultListManager;
@@ -70,8 +68,6 @@ public class RecoveryKeyResetPasswordController implements FxController {
 											  @Named("keyRecoveryOwner") Stage owner,
 											  @RecoveryKeyWindow StringProperty recoveryKey, //
 											  @FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> recoverExpertSettingsScene, //
-											  @FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD_SUCCESS) Lazy<Scene> recoverResetPasswordSuccessScene, //
-											  @FxmlScene(FxmlFile.RECOVERYKEY_RESET_VAULT_CONFIG_SUCCESS) Lazy<Scene> recoverResetVaultConfigSuccessScene, //
 											  FxApplicationWindows appWindows, //
 											  MasterkeyFileAccess masterkeyFileAccess, //
 											  VaultListManager vaultListManager, //
@@ -86,8 +82,6 @@ public class RecoveryKeyResetPasswordController implements FxController {
 		this.executor = executor;
 		this.recoveryKey = recoveryKey;
 		this.recoverExpertSettingsScene = recoverExpertSettingsScene;
-		this.recoverResetPasswordSuccessScene = recoverResetPasswordSuccessScene;
-		this.recoverResetVaultConfigSuccessScene = recoverResetVaultConfigSuccessScene;
 		this.appWindows = appWindows;
 		this.masterkeyFileAccess = masterkeyFileAccess;
 		this.vaultListManager = vaultListManager;
diff --git a/src/main/resources/fxml/recoverykey_reset_password_success.fxml b/src/main/resources/fxml/recoverykey_reset_password_success.fxml
deleted file mode 100644
index 16d96d21d..000000000
--- a/src/main/resources/fxml/recoverykey_reset_password_success.fxml
+++ /dev/null
@@ -1,53 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
-<?import javafx.geometry.Insets?>
-<?import javafx.scene.control.Button?>
-<?import javafx.scene.control.ButtonBar?>
-<?import javafx.scene.control.Label?>
-<?import javafx.scene.layout.HBox?>
-<?import javafx.scene.layout.StackPane?>
-<?import javafx.scene.layout.VBox?>
-<?import javafx.scene.shape.Circle?>
-<?import javafx.scene.Group?>
-<?import javafx.scene.layout.Region?>
-<HBox xmlns:fx="http://javafx.com/fxml"
-	  xmlns="http://javafx.com/javafx"
-	  fx:controller="org.cryptomator.ui.recoverykey.RecoveryKeyResetPasswordSuccessController"
-	  minWidth="400"
-	  maxWidth="400"
-	  minHeight="145"
-	  spacing="12"
-	  alignment="TOP_LEFT">
-<padding>
-	<Insets topRightBottomLeft="12"/>
-</padding>
-<children>
-	<Group>
-		<StackPane>
-			<padding>
-				<Insets topRightBottomLeft="6"/>
-			</padding>
-			<Circle styleClass="glyph-icon-primary" radius="24"/>
-			<FontAwesome5IconView styleClass="glyph-icon-white" glyph="CHECK" glyphSize="24"/>
-		</StackPane>
-	</Group>
-
-	<VBox HBox.hgrow="ALWAYS">
-		<Label styleClass="label-large" text="%recoveryKey.recover.resetSuccess.message" wrapText="true" textAlignment="LEFT">
-			<padding>
-				<Insets bottom="6" top="6"/>
-			</padding>
-		</Label>
-
-		<Label text="%recoveryKey.recover.resetSuccess.description" wrapText="true" textAlignment="LEFT"/>
-
-		<Region VBox.vgrow="ALWAYS" minHeight="18"/>
-		<ButtonBar buttonMinWidth="120" buttonOrder="+C">
-			<buttons>
-				<Button text="%generic.button.close" ButtonBar.buttonData="CANCEL_CLOSE" defaultButton="true" cancelButton="true" onAction="#close"/>
-			</buttons>
-		</ButtonBar>
-	</VBox>
-</children>
-</HBox>
diff --git a/src/main/resources/fxml/recoverykey_reset_vault_config_success.fxml b/src/main/resources/fxml/recoverykey_reset_vault_config_success.fxml
deleted file mode 100644
index 196617483..000000000
--- a/src/main/resources/fxml/recoverykey_reset_vault_config_success.fxml
+++ /dev/null
@@ -1,53 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
-<?import javafx.geometry.Insets?>
-<?import javafx.scene.control.Button?>
-<?import javafx.scene.control.ButtonBar?>
-<?import javafx.scene.control.Label?>
-<?import javafx.scene.layout.HBox?>
-<?import javafx.scene.layout.StackPane?>
-<?import javafx.scene.layout.VBox?>
-<?import javafx.scene.shape.Circle?>
-<?import javafx.scene.Group?>
-<?import javafx.scene.layout.Region?>
-<HBox xmlns:fx="http://javafx.com/fxml"
-	  xmlns="http://javafx.com/javafx"
-	  fx:controller="org.cryptomator.ui.recoverykey.RecoveryKeyResetPasswordSuccessController"
-	  minWidth="400"
-	  maxWidth="400"
-	  minHeight="145"
-	  spacing="12"
-	  alignment="TOP_LEFT">
-<padding>
-	<Insets topRightBottomLeft="12"/>
-</padding>
-<children>
-	<Group>
-		<StackPane>
-			<padding>
-				<Insets topRightBottomLeft="6"/>
-			</padding>
-			<Circle styleClass="glyph-icon-primary" radius="24"/>
-			<FontAwesome5IconView styleClass="glyph-icon-white" glyph="CHECK" glyphSize="24"/>
-		</StackPane>
-	</Group>
-
-	<VBox HBox.hgrow="ALWAYS">
-		<Label styleClass="label-large" text="%recoveryKey.recover.resetVaultConfigSuccess.message" wrapText="true" textAlignment="LEFT">
-			<padding>
-				<Insets bottom="6" top="6"/>
-			</padding>
-		</Label>
-
-		<Label text="%recoveryKey.recover.resetSuccess.description" wrapText="true" textAlignment="LEFT"/>
-
-		<Region VBox.vgrow="ALWAYS" minHeight="18"/>
-		<ButtonBar buttonMinWidth="120" buttonOrder="+C">
-			<buttons>
-				<Button text="%generic.button.close" ButtonBar.buttonData="CANCEL_CLOSE" defaultButton="true" cancelButton="true" onAction="#close"/>
-			</buttons>
-		</ButtonBar>
-	</VBox>
-</children>
-</HBox>

From 1ae951126a69aa629fd9f581487b0d5e4d703d8f Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Fri, 21 Mar 2025 11:03:24 +0100
Subject: [PATCH 015/117] refactored key validation

---
 .../org/cryptomator/common/RecoverUtil.java   | 56 ++++++++++++-------
 .../RecoveryKeyValidateController.java        | 35 +++++-------
 2 files changed, 49 insertions(+), 42 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/RecoverUtil.java b/src/main/java/org/cryptomator/common/RecoverUtil.java
index b686696c2..01a5bab9d 100644
--- a/src/main/java/org/cryptomator/common/RecoverUtil.java
+++ b/src/main/java/org/cryptomator/common/RecoverUtil.java
@@ -16,6 +16,7 @@ import java.util.Comparator;
 import java.util.List;
 import java.util.Optional;
 import java.util.ResourceBundle;
+import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.stream.Stream;
 
 import static org.cryptomator.common.Constants.DEFAULT_KEY_ID;
@@ -56,19 +57,32 @@ public class RecoverUtil {
 
 	public static CryptorProvider.Scheme detectCipherCombo(byte[] masterkey, Path pathToVault) {
 		try (Stream<Path> paths = Files.walk(pathToVault.resolve(DATA_DIR_NAME))) {
-			return paths.filter(path -> path.toString().endsWith(".c9r")).findFirst().map(c9rFile -> determineScheme(c9rFile, masterkey)).orElseThrow(() -> new IllegalStateException("No .c9r file found."));
+			Path c9rFile = paths.filter(path -> path.toString().endsWith(".c9r"))
+					.findFirst()
+					.orElseThrow(() -> new IllegalStateException("No .c9r file found. The vault might not exist or the provided masterkey does not match."));
+			CryptorProvider.Scheme scheme = determineScheme(c9rFile, masterkey);
+			if (scheme == null) {
+				throw new IllegalArgumentException("Invalid masterkey: Decryption failed.");
+			}
+			return scheme;
 		} catch (IOException e) {
-			throw new IllegalStateException("Failed to detect cipher combo.", e);
+			throw new IllegalStateException("Failed to detect cipher combo.");
 		}
 	}
 
 	private static CryptorProvider.Scheme determineScheme(Path c9rFile, byte[] masterkey) {
 		try {
 			ByteBuffer header = ByteBuffer.wrap(Files.readAllBytes(c9rFile));
-			return tryDecrypt(header, new Masterkey(masterkey), SIV_GCM) ? SIV_GCM : tryDecrypt(header, new Masterkey(masterkey), SIV_CTRMAC) ? SIV_CTRMAC : null;
+			if (tryDecrypt(header, new Masterkey(masterkey), SIV_GCM)) {
+				return SIV_GCM;
+			}
+			if (tryDecrypt(header, new Masterkey(masterkey), SIV_CTRMAC)) {
+				return SIV_CTRMAC;
+			}
 		} catch (IOException e) {
-			return null;
+			throw new IllegalStateException("Failed to read .c9r file.", e);
 		}
+		return null;
 	}
 
 	private static boolean tryDecrypt(ByteBuffer header, Masterkey masterkey, CryptorProvider.Scheme scheme) {
@@ -129,35 +143,35 @@ public class RecoverUtil {
 		try {
 			return Optional.of(RecoverUtil.detectCipherCombo(masterkey.getEncoded(), vaultPath));
 		} catch (Exception e) {
-			LOG.warn("Failed to detect cipher combo", e);
+			LOG.info("Failed to detect cipher combo.");
 			return Optional.empty();
 		}
 	}
 
-	public static Optional<CryptorProvider.Scheme> validateRecoveryKeyAndGetCombo(RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, MasterkeyFileAccess masterkeyFileAccess) {
-
-		Path tempRecoveryPath = null;
-		CharSequence tmpPass = "asdasdasd";
+	public static Optional<CryptorProvider.Scheme> validateRecoveryKeyAndGetCombo(RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, MasterkeyFileAccess masterkeyFileAccess, AtomicBoolean illegalArgumentExceptionOccurred) {
+		var tmpPass = "asdasdasd";
 
 		try {
-			tempRecoveryPath = createRecoveryDirectory(vault.getPath());
-			createNewMasterkeyFile(recoveryKeyFactory, tempRecoveryPath, recoveryKey.get(), tmpPass);
-			Path masterkeyFilePath = tempRecoveryPath.resolve(MASTERKEY_FILENAME);
+			var tempRecoveryPath = createRecoveryDirectory(vault.getPath());
+			try {
+				createNewMasterkeyFile(recoveryKeyFactory, tempRecoveryPath, recoveryKey.get(), tmpPass);
+				var masterkeyFilePath = tempRecoveryPath.resolve(MASTERKEY_FILENAME);
 
-			try (Masterkey masterkey = loadMasterkey(masterkeyFileAccess, masterkeyFilePath, tmpPass)) {
-				return getCipherCombo(vault.getPath(), masterkey);
-			}
-		} catch (IOException | CryptoException e) {
-			LOG.warn("Recovery key validation failed", e);
-			return Optional.empty();
-		} finally {
-			if (tempRecoveryPath != null) {
+				try (var masterkey = loadMasterkey(masterkeyFileAccess, masterkeyFilePath, tmpPass)) {
+					return getCipherCombo(vault.getPath(), masterkey);
+				}
+			} finally {
 				deleteRecoveryDirectory(tempRecoveryPath);
 			}
+		} catch (IOException | CryptoException e) {
+			LOG.info("Recovery key validation failed");
+		} catch (IllegalArgumentException e) {
+			LOG.info("Recovery key has an illegal argument");
+			illegalArgumentExceptionOccurred.set(true);
 		}
+		return Optional.empty();
 	}
 
-
 	public static void moveRecoveredFiles(Path recoveryPath, Path vaultPath) throws IOException {
 		Files.move(recoveryPath.resolve(MASTERKEY_FILENAME), vaultPath.resolve(MASTERKEY_FILENAME), StandardCopyOption.REPLACE_EXISTING);
 		Files.move(recoveryPath.resolve(VAULTCONFIG_FILENAME), vaultPath.resolve(VAULTCONFIG_FILENAME));
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
index c0a898c54..5b6d58d1c 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
@@ -26,6 +26,7 @@ import javafx.scene.control.TextArea;
 import javafx.scene.control.TextFormatter;
 import javafx.scene.input.KeyCode;
 import javafx.scene.input.KeyEvent;
+import java.util.concurrent.atomic.AtomicBoolean;
 
 public class RecoveryKeyValidateController implements FxController {
 
@@ -133,34 +134,26 @@ public class RecoveryKeyValidateController implements FxController {
 	}
 
 	private void validateRecoveryKey() {
-		isWrongKey = false;
-		var valid = false;
-		switch (recoverType.get()) {
+		AtomicBoolean illegalArgumentExceptionOccurred = new AtomicBoolean(false);
+		boolean valid = switch (recoverType.get()) {
 			case RESTORE_VAULT_CONFIG -> {
-				try {
-					var combo = RecoverUtil.validateRecoveryKeyAndGetCombo(recoveryKeyFactory, vault, recoveryKey, masterkeyFileAccess);
-					valid = combo.isPresent();
-					combo.ifPresent(cipherCombo::set);
-				} catch (IllegalStateException e) {
-					isWrongKey = true;
-				} catch (IllegalArgumentException e) {
-					isWrongKey = false;
-				}
+				var combo = RecoverUtil.validateRecoveryKeyAndGetCombo(
+						recoveryKeyFactory, vault, recoveryKey, masterkeyFileAccess, illegalArgumentExceptionOccurred);
+				combo.ifPresent(cipherCombo::set);
+				yield combo.isPresent();
 			}
-			case RESTORE_MASTERKEY, RESET_PASSWORD, SHOW_KEY, CONVERT_VAULT -> {
-				valid = recoveryKeyFactory.validateRecoveryKey(recoveryKey.get(), unverifiedVaultConfig != null ? this::checkKeyAgainstVaultConfig : null);
-			}
-		}
+			case RESTORE_MASTERKEY, RESET_PASSWORD, SHOW_KEY, CONVERT_VAULT ->
+					recoveryKeyFactory.validateRecoveryKey(recoveryKey.get(),
+							unverifiedVaultConfig != null ? this::checkKeyAgainstVaultConfig : null);
+		};
+
 		if (valid) {
 			recoveryKeyState.set(RecoveryKeyState.CORRECT);
-		} else if (isWrongKey) { //set via side effect in checkKeyAgainstVaultConfig()
-			recoveryKeyState.set(RecoveryKeyState.WRONG);
-		} else {
-			recoveryKeyState.set(RecoveryKeyState.INVALID);
+			return;
 		}
+		recoveryKeyState.set(illegalArgumentExceptionOccurred.get() ? RecoveryKeyState.INVALID : RecoveryKeyState.WRONG);
 	}
 
-
 	/* Getter/Setter */
 
 	public Vault getVault() {

From e1cc61037e6d4ed02dc8e830017a28b1bfcaca4c Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Sun, 23 Mar 2025 11:15:36 +0100
Subject: [PATCH 016/117] cleanup

---
 .../org/cryptomator/common/RecoverUtil.java   |  8 +--
 .../common/vaults/VaultListManager.java       | 51 ++++++--------
 .../cryptomator/common/vaults/VaultState.java |  6 ++
 .../ui/convertvault/ConvertVaultModule.java   |  3 +-
 .../ui/mainwindow/VaultDetailController.java  |  4 +-
 .../mainwindow/VaultListCellController.java   |  4 +-
 .../ui/recoverykey/RecoveryKeyComponent.java  |  4 +-
 .../RecoveryKeyExpertSettingsController.java  | 14 ++--
 .../RecoveryKeyIsHubVaultController.java      | 25 +++----
 .../RecoveryKeyRecoverController.java         |  6 +-
 .../RecoveryKeyResetPasswordController.java   | 70 ++++++++-----------
 .../RecoveryKeyValidateController.java        | 33 +++++----
 .../MasterkeyOptionsController.java           | 10 +--
 .../resources/fxml/addvault_existing.fxml     |  4 +-
 .../fxml/recoverykey_expert_settings.fxml     |  4 +-
 .../fxml/recoverykey_is_hub_vault.fxml        |  8 +--
 16 files changed, 113 insertions(+), 141 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/RecoverUtil.java b/src/main/java/org/cryptomator/common/RecoverUtil.java
index 01a5bab9d..73b7952f5 100644
--- a/src/main/java/org/cryptomator/common/RecoverUtil.java
+++ b/src/main/java/org/cryptomator/common/RecoverUtil.java
@@ -57,9 +57,7 @@ public class RecoverUtil {
 
 	public static CryptorProvider.Scheme detectCipherCombo(byte[] masterkey, Path pathToVault) {
 		try (Stream<Path> paths = Files.walk(pathToVault.resolve(DATA_DIR_NAME))) {
-			Path c9rFile = paths.filter(path -> path.toString().endsWith(".c9r"))
-					.findFirst()
-					.orElseThrow(() -> new IllegalStateException("No .c9r file found. The vault might not exist or the provided masterkey does not match."));
+			Path c9rFile = paths.filter(path -> path.toString().endsWith(".c9r")).findFirst().orElseThrow(() -> new IllegalStateException("No .c9r file found. The vault might not exist or the provided masterkey does not match."));
 			CryptorProvider.Scheme scheme = determineScheme(c9rFile, masterkey);
 			if (scheme == null) {
 				throw new IllegalArgumentException("Invalid masterkey: Decryption failed.");
@@ -197,7 +195,7 @@ public class RecoverUtil {
 		}
 	}
 
-	public static Task<Void> createResetPasswordTask(ResourceBundle resourceBundle,Stage owner, RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, NewPasswordController newPasswordController, Stage window, FxApplicationWindows appWindows, Dialogs dialogs) {
+	public static Task<Void> createResetPasswordTask(ResourceBundle resourceBundle, Stage owner, RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, NewPasswordController newPasswordController, Stage window, FxApplicationWindows appWindows, Dialogs dialogs) {
 
 		Task<Void> task = new ResetPasswordTask(recoveryKeyFactory, vault, recoveryKey, newPasswordController);
 
@@ -277,7 +275,7 @@ public class RecoverUtil {
 		var wrapper = new VaultConfigCache(vaultSettings);
 		Vault vault = vaultComponentFactory.create(vaultSettings, wrapper, VAULT_CONFIG_MISSING, null).vault();
 
-		// Spezialbehandlung für Windows + Dropbox + WinFsp
+		//due to https://github.com/cryptomator/cryptomator/issues/2880#issuecomment-1680313498
 		var nameOfWinfspLocalMounter = "org.cryptomator.frontend.fuse.mount.WinFspMountProvider";
 		if (SystemUtils.IS_OS_WINDOWS && vaultSettings.path.get().toString().contains("Dropbox") && mountServices.stream().anyMatch(s -> s.getClass().getName().equals(nameOfWinfspLocalMounter))) {
 			vaultSettings.mountService.setValue(nameOfWinfspLocalMounter);
diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index b60566e23..e9b9d9e37 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -8,18 +8,6 @@
  *******************************************************************************/
 package org.cryptomator.common.vaults;
 
-import org.apache.commons.lang3.SystemUtils;
-import org.cryptomator.common.RecoverUtil;
-import org.cryptomator.common.settings.Settings;
-import org.cryptomator.common.settings.VaultSettings;
-import org.cryptomator.cryptofs.CryptoFileSystemProvider;
-import org.cryptomator.cryptofs.DirStructure;
-import org.cryptomator.cryptofs.migration.Migrators;
-import org.cryptomator.integrations.mount.MountService;
-import org.cryptomator.ui.keyloading.KeyLoadingStrategy;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import javax.inject.Inject;
 import javax.inject.Singleton;
 import javafx.collections.ObservableList;
@@ -38,7 +26,18 @@ import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
 import static org.cryptomator.common.vaults.VaultState.Value.ERROR;
 import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
 import static org.cryptomator.common.vaults.VaultState.Value.MASTERKEY_MISSING;
-import static org.cryptomator.common.vaults.VaultState.Value.VAULT_CONFIG_MISSING;
+
+import org.apache.commons.lang3.SystemUtils;
+import org.cryptomator.common.RecoverUtil;
+import org.cryptomator.common.settings.Settings;
+import org.cryptomator.common.settings.VaultSettings;
+import org.cryptomator.cryptofs.CryptoFileSystemProvider;
+import org.cryptomator.cryptofs.DirStructure;
+import org.cryptomator.cryptofs.migration.Migrators;
+import org.cryptomator.integrations.mount.MountService;
+import org.cryptomator.ui.keyloading.KeyLoadingStrategy;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 @Singleton
 public class VaultListManager {
@@ -137,13 +136,13 @@ public class VaultListManager {
 			} catch (NoSuchFileException e) {
 				LOG.warn("Vault config file not found.");
 			}
-			var vaultState = determineVaultState(vaultSettings.path.get(),vaultSettings);
+			var vaultState = determineVaultState(vaultSettings.path.get(), vaultSettings);
 			if (vaultState == LOCKED) { //for legacy reasons: pre v8 vault do not have a config, but they are in the NEEDS_MIGRATION state
 				wrapper.reloadConfig();
 			}
 			return vaultComponentFactory.create(vaultSettings, wrapper, vaultState, null).vault();
 		} catch (IOException e) {
-			LOG.warn("Failed to determine vault state for " + vaultSettings.path.get(), e);
+			LOG.warn("Failed to determine vault state for {}", vaultSettings.path.get(), e);
 			return vaultComponentFactory.create(vaultSettings, wrapper, ERROR, e).vault();
 		}
 	}
@@ -154,10 +153,10 @@ public class VaultListManager {
 		return switch (previousState) {
 			case LOCKED, NEEDS_MIGRATION, MISSING, VAULT_CONFIG_MISSING, MASTERKEY_MISSING -> {
 				try {
-					var determinedState = determineVaultState(vault.getPath(),vault.getVaultSettings());
-					if(determinedState == MASTERKEY_MISSING){
+					var determinedState = determineVaultState(vault.getPath(), vault.getVaultSettings());
+					if (determinedState == MASTERKEY_MISSING) {
 						var vaultScheme = vault.getVaultConfigCache().getUnchecked().getKeyId().getScheme();
-						if(KeyLoadingStrategy.isHubVault(vaultScheme)){
+						if (KeyLoadingStrategy.isHubVault(vaultScheme)) {
 							determinedState = LOCKED;
 						}
 					}
@@ -167,7 +166,7 @@ public class VaultListManager {
 					state.set(determinedState);
 					yield determinedState;
 				} catch (IOException e) {
-					LOG.warn("Failed to determine vault state for " + vault.getPath(), e);
+					LOG.warn("Failed to determine vault state for {}", vault.getPath(), e);
 					state.set(ERROR);
 					vault.setLastKnownException(e);
 					yield ERROR;
@@ -179,7 +178,7 @@ public class VaultListManager {
 					state.set(determinedState);
 					yield determinedState;
 				} catch (IOException e) {
-					LOG.warn("Failed to redetermine vault state for " + vault.getPath(), e);
+					LOG.warn("Failed to redetermine vault state for {}", vault.getPath(), e);
 					vault.setLastKnownException(e);
 					yield ERROR;
 				}
@@ -196,12 +195,9 @@ public class VaultListManager {
 			return VaultState.Value.MISSING;
 		}
 
-		boolean vaultConfigRestored = Files.notExists(pathToVaultConfig) &&
-				RecoverUtil.restoreBackupIfAvailable(pathToVaultConfig, VaultState.Value.VAULT_CONFIG_MISSING);
+		boolean vaultConfigRestored = Files.notExists(pathToVaultConfig) && RecoverUtil.restoreBackupIfAvailable(pathToVaultConfig, VaultState.Value.VAULT_CONFIG_MISSING);
 
-		boolean masterkeyRestored = Files.notExists(pathToMasterkey) &&
-				KeyLoadingStrategy.isMasterkeyFileVault(vaultSettings.lastKnownKeyLoader.get()) &&
-				RecoverUtil.restoreBackupIfAvailable(pathToMasterkey, VaultState.Value.MASTERKEY_MISSING);
+		boolean masterkeyRestored = Files.notExists(pathToMasterkey) && KeyLoadingStrategy.isMasterkeyFileVault(vaultSettings.lastKnownKeyLoader.get()) && RecoverUtil.restoreBackupIfAvailable(pathToMasterkey, VaultState.Value.MASTERKEY_MISSING);
 
 		if (vaultConfigRestored || masterkeyRestored) {
 			return LOCKED;
@@ -211,15 +207,14 @@ public class VaultListManager {
 			return VaultState.Value.VAULT_CONFIG_MISSING;
 		}
 
-		if (Files.notExists(pathToMasterkey) &&
-				KeyLoadingStrategy.isMasterkeyFileVault(vaultSettings.lastKnownKeyLoader.get())) {
+		if (Files.notExists(pathToMasterkey) && KeyLoadingStrategy.isMasterkeyFileVault(vaultSettings.lastKnownKeyLoader.get())) {
 			return VaultState.Value.MASTERKEY_MISSING;
 		}
 
 		return checkDirStructure(pathToVault);
 	}
 
-	private static VaultState.Value checkDirStructure(Path pathToVault) throws IOException{
+	private static VaultState.Value checkDirStructure(Path pathToVault) throws IOException {
 		return switch (CryptoFileSystemProvider.checkDirStructureForVault(pathToVault, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME)) {
 			case VAULT -> VaultState.Value.LOCKED;
 			case UNRELATED -> VaultState.Value.MISSING;
diff --git a/src/main/java/org/cryptomator/common/vaults/VaultState.java b/src/main/java/org/cryptomator/common/vaults/VaultState.java
index bfe5a3713..0d65d5c2e 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultState.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultState.java
@@ -25,8 +25,14 @@ public class VaultState extends ObservableValueBase<VaultState.Value> implements
 		 */
 		MISSING,
 
+		/**
+		 * No vault config found at the provided path
+		 */
 		VAULT_CONFIG_MISSING,
 
+		/**
+		 * No masterkey found at the provided path
+		 */
 		MASTERKEY_MISSING,
 
 		/**
diff --git a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
index 36ba14cab..d0b60d0ac 100644
--- a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
+++ b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
@@ -21,7 +21,6 @@ import org.cryptomator.ui.recoverykey.RecoveryKeyValidateController;
 
 import javax.inject.Named;
 import javax.inject.Provider;
-import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.SimpleObjectProperty;
 import javafx.beans.property.SimpleStringProperty;
 import javafx.beans.property.StringProperty;
@@ -123,7 +122,7 @@ abstract class ConvertVaultModule {
 	@IntoMap
 	@FxControllerKey(RecoveryKeyValidateController.class)
 	static FxController bindRecoveryKeyValidateController(@ConvertVaultWindow Vault vault, @ConvertVaultWindow VaultConfig.UnverifiedVaultConfig vaultConfig, @ConvertVaultWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory) {
-		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, new SimpleObjectProperty<>(RecoverUtil.Type.CONVERT_VAULT),null,null);
+		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, new SimpleObjectProperty<>(RecoverUtil.Type.CONVERT_VAULT), null, null);
 	}
 
 }
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java
index 4c889adfc..7838ba3cb 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java
@@ -52,9 +52,7 @@ public class VaultDetailController implements FxController {
 				case LOCKED -> FontAwesome5Icon.LOCK;
 				case PROCESSING -> FontAwesome5Icon.SPINNER;
 				case UNLOCKED -> FontAwesome5Icon.LOCK_OPEN;
-				case NEEDS_MIGRATION, MISSING, ERROR -> FontAwesome5Icon.EXCLAMATION_TRIANGLE;
-				case VAULT_CONFIG_MISSING -> FontAwesome5Icon.COGS;
-				case MASTERKEY_MISSING -> FontAwesome5Icon.KEY;
+				case NEEDS_MIGRATION, MISSING, VAULT_CONFIG_MISSING, MASTERKEY_MISSING, ERROR -> FontAwesome5Icon.EXCLAMATION_TRIANGLE;
 			};
 		} else {
 			return FontAwesome5Icon.EXCLAMATION_TRIANGLE;
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java
index 325b13d04..3697906c0 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java
@@ -55,9 +55,7 @@ public class VaultListCellController implements FxController {
 				case LOCKED -> FontAwesome5Icon.LOCK;
 				case PROCESSING -> FontAwesome5Icon.SPINNER;
 				case UNLOCKED -> FontAwesome5Icon.LOCK_OPEN;
-				case NEEDS_MIGRATION, MISSING, ERROR -> FontAwesome5Icon.EXCLAMATION_TRIANGLE;
-				case VAULT_CONFIG_MISSING -> FontAwesome5Icon.COGS;
-				case MASTERKEY_MISSING -> FontAwesome5Icon.KEY;
+				case NEEDS_MIGRATION, MISSING, VAULT_CONFIG_MISSING, MASTERKEY_MISSING, ERROR -> FontAwesome5Icon.EXCLAMATION_TRIANGLE;
 			};
 		} else {
 			return FontAwesome5Icon.EXCLAMATION_TRIANGLE;
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
index cbc00ad46..6b799cee2 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
@@ -53,8 +53,8 @@ public interface RecoveryKeyComponent {
 	@Subcomponent.Factory
 	interface Factory {
 
-		RecoveryKeyComponent create(@BindsInstance @RecoveryKeyWindow Vault vault,
-									@BindsInstance @Named("keyRecoveryOwner") Stage owner,
+		RecoveryKeyComponent create(@BindsInstance @RecoveryKeyWindow Vault vault, //
+									@BindsInstance @Named("keyRecoveryOwner") Stage owner, //
 									@BindsInstance @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType);
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
index 7f87c2bab..ce9ad4a26 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
@@ -1,12 +1,5 @@
 package org.cryptomator.ui.recoverykey;
 
-import dagger.Lazy;
-import org.cryptomator.ui.addvaultwizard.CreateNewVaultExpertSettingsController;
-import org.cryptomator.ui.common.FxController;
-import org.cryptomator.ui.common.FxmlFile;
-import org.cryptomator.ui.common.FxmlScene;
-import org.cryptomator.ui.controls.NumericTextField;
-
 import javax.inject.Inject;
 import javax.inject.Named;
 import javafx.application.Application;
@@ -18,6 +11,13 @@ import javafx.scene.Scene;
 import javafx.scene.control.CheckBox;
 import javafx.stage.Stage;
 
+import dagger.Lazy;
+import org.cryptomator.ui.addvaultwizard.CreateNewVaultExpertSettingsController;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.controls.NumericTextField;
+
 @RecoveryKeyScoped
 public class RecoveryKeyExpertSettingsController implements FxController {
 
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
index 84537cd37..6110db9b5 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
@@ -1,43 +1,36 @@
 package org.cryptomator.ui.recoverykey;
 
-import dagger.Lazy;
-import org.cryptomator.common.RecoverUtil;
-import org.cryptomator.ui.common.FxController;
-import org.cryptomator.ui.common.FxmlFile;
-import org.cryptomator.ui.common.FxmlScene;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import javax.inject.Inject;
 import javax.inject.Named;
-import javafx.beans.property.IntegerProperty;
 import javafx.beans.property.ObjectProperty;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
 import javafx.stage.Stage;
 import java.util.ResourceBundle;
 
+import dagger.Lazy;
+import org.cryptomator.common.RecoverUtil;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlScene;
+
 @RecoveryKeyScoped
 public class RecoveryKeyIsHubVaultController implements FxController {
 
-	private static final Logger LOG = LoggerFactory.getLogger(RecoveryKeyIsHubVaultController.class);
-
 	private final Stage window;
 	private final Lazy<Scene> recoverykeyRecoverScene;
 	private final ObjectProperty<RecoverUtil.Type> recoverType;
-	private final ResourceBundle resourceBundle;
 
 	@Inject
-	public RecoveryKeyIsHubVaultController(@RecoveryKeyWindow Stage window,
-										   @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverykeyRecoverScene,
-										   @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType,
+	public RecoveryKeyIsHubVaultController(@RecoveryKeyWindow Stage window, //
+										   @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverykeyRecoverScene, //
+										   @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType, //
 										   ResourceBundle resourceBundle) {
 		this.window = window;
 		window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
 
 		this.recoverykeyRecoverScene = recoverykeyRecoverScene;
 		this.recoverType = recoverType;
-		this.resourceBundle = resourceBundle;
 	}
 
 	@FXML
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
index 1edbae6f4..9264b4d22 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
@@ -12,7 +12,6 @@ import javafx.beans.property.ObjectProperty;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
 import javafx.stage.Stage;
-import java.util.Optional;
 import java.util.ResourceBundle;
 
 @RecoveryKeyScoped
@@ -28,8 +27,7 @@ public class RecoveryKeyRecoverController implements FxController {
 	public RecoveryKeyRecoverController(@RecoveryKeyWindow Stage window, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD) Lazy<Scene> resetPasswordScene, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> expertSettingsScene, //
-										ResourceBundle resourceBundle,
-										@Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType) {
+										ResourceBundle resourceBundle, @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType) {
 		this.window = window;
 
 		this.nextScene = switch (recoverType.get()) {
@@ -45,7 +43,7 @@ public class RecoveryKeyRecoverController implements FxController {
 				window.setTitle(resourceBundle.getString("recoveryKey.recover.title"));
 				yield resetPasswordScene;
 			}
-			case SHOW_KEY-> {
+			case SHOW_KEY -> {
 				window.setTitle(resourceBundle.getString("recoveryKey.display.title"));
 				yield resetPasswordScene;
 			}
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index 607eee63a..4403c6697 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -1,23 +1,5 @@
 package org.cryptomator.ui.recoverykey;
 
-import dagger.Lazy;
-import org.cryptomator.common.RecoverUtil;
-import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.common.vaults.VaultListManager;
-import org.cryptomator.cryptolib.api.CryptoException;
-import org.cryptomator.cryptolib.api.CryptorProvider;
-import org.cryptomator.cryptolib.api.Masterkey;
-import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
-import org.cryptomator.ui.changepassword.NewPasswordController;
-import org.cryptomator.ui.common.FxController;
-import org.cryptomator.ui.common.FxmlFile;
-import org.cryptomator.ui.common.FxmlScene;
-import org.cryptomator.ui.dialogs.Dialogs;
-import org.cryptomator.ui.dialogs.SimpleDialog;
-import org.cryptomator.ui.fxapp.FxApplicationWindows;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import javax.inject.Inject;
 import javax.inject.Named;
 import javafx.beans.property.IntegerProperty;
@@ -36,6 +18,23 @@ import java.util.concurrent.ExecutorService;
 
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 
+import dagger.Lazy;
+import org.cryptomator.common.RecoverUtil;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.common.vaults.VaultListManager;
+import org.cryptomator.cryptolib.api.CryptoException;
+import org.cryptomator.cryptolib.api.CryptorProvider;
+import org.cryptomator.cryptolib.api.Masterkey;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
+import org.cryptomator.ui.changepassword.NewPasswordController;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.dialogs.Dialogs;
+import org.cryptomator.ui.fxapp.FxApplicationWindows;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 @RecoveryKeyScoped
 public class RecoveryKeyResetPasswordController implements FxController {
 
@@ -65,17 +64,14 @@ public class RecoveryKeyResetPasswordController implements FxController {
 											  @RecoveryKeyWindow Vault vault, //
 											  RecoveryKeyFactory recoveryKeyFactory, //
 											  ExecutorService executor, //
-											  @Named("keyRecoveryOwner") Stage owner,
-											  @RecoveryKeyWindow StringProperty recoveryKey, //
+											  @Named("keyRecoveryOwner") Stage owner, @RecoveryKeyWindow StringProperty recoveryKey, //
 											  @FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> recoverExpertSettingsScene, //
 											  FxApplicationWindows appWindows, //
 											  MasterkeyFileAccess masterkeyFileAccess, //
 											  VaultListManager vaultListManager, //
 											  @Named("shorteningThreshold") IntegerProperty shorteningThreshold, //
-											  @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType,
-											  @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo,//
-											  ResourceBundle resourceBundle,
-											  Dialogs dialogs) {
+											  @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType, @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo,//
+											  ResourceBundle resourceBundle, Dialogs dialogs) {
 		this.window = window;
 		this.vault = vault;
 		this.recoveryKeyFactory = recoveryKeyFactory;
@@ -104,10 +100,9 @@ public class RecoveryKeyResetPasswordController implements FxController {
 
 	@FXML
 	public void close() {
-		if(recoverType.getValue().equals(RecoverUtil.Type.RESTORE_MASTERKEY)){
+		if (recoverType.getValue().equals(RecoverUtil.Type.RESTORE_MASTERKEY)) {
 			window.close();
-		}
-		else {
+		} else {
 			window.setScene(recoverExpertSettingsScene.get());
 		}
 	}
@@ -121,33 +116,24 @@ public class RecoveryKeyResetPasswordController implements FxController {
 				Path masterkeyFilePath = recoveryPath.resolve(MASTERKEY_FILENAME);
 
 				try (Masterkey masterkey = RecoverUtil.loadMasterkey(masterkeyFileAccess, masterkeyFilePath, newPasswordController.passwordField.getCharacters())) {
-					RecoverUtil.initializeCryptoFileSystem(recoveryPath,masterkey,shorteningThreshold,cipherCombo.get());
+					RecoverUtil.initializeCryptoFileSystem(recoveryPath, masterkey, shorteningThreshold, cipherCombo.get());
 				}
 
 				RecoverUtil.moveRecoveredFiles(recoveryPath, vault.getPath());
 				RecoverUtil.deleteRecoveryDirectory(recoveryPath);
 				RecoverUtil.addVaultToList(vaultListManager, vault.getPath());
 
-				dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle)
-						.setTitleKey("recoveryKey.recoverVaultConfig.title")
-						.setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message")
-						.build().showAndWait();
-				window.close(); // Erst jetzt das Fenster schließen
+				dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle).setTitleKey("recoveryKey.recoverVaultConfig.title").setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message").build().showAndWait();
+				window.close();
 
 			} catch (IOException | CryptoException e) {
 				LOG.error("Recovery process failed", e);
 			}
 		} else {
 			Task<Void> task = RecoverUtil.createResetPasswordTask( //
-					resourceBundle,
-					owner,
-					recoveryKeyFactory, //
-					vault, //
-					recoveryKey, //
-					newPasswordController, //
-					window, //
-					appWindows,
-					dialogs);
+					resourceBundle, owner, recoveryKeyFactory, //
+					vault, recoveryKey, newPasswordController, //
+					window, appWindows, dialogs);
 			executor.submit(task);
 		}
 	}
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
index 5b6d58d1c..a0e23db27 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
@@ -134,24 +134,33 @@ public class RecoveryKeyValidateController implements FxController {
 	}
 
 	private void validateRecoveryKey() {
-		AtomicBoolean illegalArgumentExceptionOccurred = new AtomicBoolean(false);
-		boolean valid = switch (recoverType.get()) {
+		switch (recoverType.get()) {
 			case RESTORE_VAULT_CONFIG -> {
+				AtomicBoolean illegalArgumentExceptionOccurred = new AtomicBoolean(false);
 				var combo = RecoverUtil.validateRecoveryKeyAndGetCombo(
 						recoveryKeyFactory, vault, recoveryKey, masterkeyFileAccess, illegalArgumentExceptionOccurred);
 				combo.ifPresent(cipherCombo::set);
-				yield combo.isPresent();
+				if (illegalArgumentExceptionOccurred.get()) {
+					recoveryKeyState.set(RecoveryKeyState.INVALID);
+				} else if (combo.isPresent()) {
+					recoveryKeyState.set(RecoveryKeyState.CORRECT);
+				} else {
+					recoveryKeyState.set(RecoveryKeyState.WRONG);
+				}
+			}
+			case RESTORE_MASTERKEY, RESET_PASSWORD, SHOW_KEY, CONVERT_VAULT -> {
+				isWrongKey = false;
+				boolean valid = recoveryKeyFactory.validateRecoveryKey(recoveryKey.get(),
+						unverifiedVaultConfig != null ? this::checkKeyAgainstVaultConfig : null);
+				if (valid) {
+					recoveryKeyState.set(RecoveryKeyState.CORRECT);
+				} else if (isWrongKey) { //set via side effect in checkKeyAgainstVaultConfig()
+					recoveryKeyState.set(RecoveryKeyState.WRONG);
+				} else {
+					recoveryKeyState.set(RecoveryKeyState.INVALID);
+				}
 			}
-			case RESTORE_MASTERKEY, RESET_PASSWORD, SHOW_KEY, CONVERT_VAULT ->
-					recoveryKeyFactory.validateRecoveryKey(recoveryKey.get(),
-							unverifiedVaultConfig != null ? this::checkKeyAgainstVaultConfig : null);
-		};
-
-		if (valid) {
-			recoveryKeyState.set(RecoveryKeyState.CORRECT);
-			return;
 		}
-		recoveryKeyState.set(illegalArgumentExceptionOccurred.get() ? RecoveryKeyState.INVALID : RecoveryKeyState.WRONG);
 	}
 
 	/* Getter/Setter */
diff --git a/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java b/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
index f0acea858..36b70eb1d 100644
--- a/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
+++ b/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
@@ -7,8 +7,6 @@ import org.cryptomator.ui.changepassword.ChangePasswordComponent;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.forgetpassword.ForgetPasswordComponent;
 import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
 import javafx.beans.property.ObjectProperty;
@@ -17,13 +15,10 @@ import javafx.beans.property.SimpleObjectProperty;
 import javafx.beans.value.ObservableValue;
 import javafx.fxml.FXML;
 import javafx.stage.Stage;
-import java.util.ResourceBundle;
 
 @VaultOptionsScoped
 public class MasterkeyOptionsController implements FxController {
 
-	private static final Logger LOG = LoggerFactory.getLogger(MasterkeyOptionsController.class);
-
 	private final Vault vault;
 	private final Stage window;
 	private final ChangePasswordComponent.Builder changePasswordWindow;
@@ -31,19 +26,16 @@ public class MasterkeyOptionsController implements FxController {
 	private final ForgetPasswordComponent.Builder forgetPasswordWindow;
 	private final KeychainManager keychain;
 	private final ObservableValue<Boolean> passwordSaved;
-	private final ResourceBundle resourceBundle;
 
 
 	@Inject
-	MasterkeyOptionsController(@VaultOptionsWindow Vault vault, @VaultOptionsWindow Stage window, ChangePasswordComponent.Builder changePasswordWindow, RecoveryKeyComponent.Factory recoveryKeyWindow, ForgetPasswordComponent.Builder forgetPasswordWindow, KeychainManager keychain, //
-							   ResourceBundle resourceBundle) {
+	MasterkeyOptionsController(@VaultOptionsWindow Vault vault, @VaultOptionsWindow Stage window, ChangePasswordComponent.Builder changePasswordWindow, RecoveryKeyComponent.Factory recoveryKeyWindow, ForgetPasswordComponent.Builder forgetPasswordWindow, KeychainManager keychain) {
 		this.vault = vault;
 		this.window = window;
 		this.changePasswordWindow = changePasswordWindow;
 		this.recoveryKeyWindow = recoveryKeyWindow;
 		this.forgetPasswordWindow = forgetPasswordWindow;
 		this.keychain = keychain;
-		this.resourceBundle = resourceBundle;
 		if (keychain.isSupported() && !keychain.isLocked()) {
 			this.passwordSaved = keychain.getPassphraseStoredProperty(vault.getId()).orElse(false);
 		} else {
diff --git a/src/main/resources/fxml/addvault_existing.fxml b/src/main/resources/fxml/addvault_existing.fxml
index 1850630e0..5cc7fc4b6 100644
--- a/src/main/resources/fxml/addvault_existing.fxml
+++ b/src/main/resources/fxml/addvault_existing.fxml
@@ -3,11 +3,11 @@
 <?import javafx.geometry.Insets?>
 <?import javafx.scene.control.Button?>
 <?import javafx.scene.control.ButtonBar?>
+<?import javafx.scene.control.CheckBox?>
 <?import javafx.scene.control.Label?>
 <?import javafx.scene.image.ImageView?>
 <?import javafx.scene.layout.Region?>
 <?import javafx.scene.layout.VBox?>
-<?import javafx.scene.control.CheckBox?>
 <VBox xmlns:fx="http://javafx.com/fxml"
 	  xmlns="http://javafx.com/javafx"
 	  fx:controller="org.cryptomator.ui.addvaultwizard.ChooseExistingVaultController"
@@ -29,7 +29,7 @@
 		<Region VBox.vgrow="ALWAYS"/>
 		<ButtonBar buttonMinWidth="120" buttonOrder="+CX">
 			<buttons>
-				<Button text="%addvaultwizard.existing.restore" ButtonBar.buttonData="NEXT_FORWARD" onAction="#restoreVaultConfigWithRecoveryKey" visible="${controller.restoreButtonVisible}" />
+				<Button text="%addvaultwizard.existing.restore" ButtonBar.buttonData="NEXT_FORWARD" onAction="#restoreVaultConfigWithRecoveryKey" visible="${controller.restoreButtonVisible}"/>
 				<Button text="%addvaultwizard.existing.chooseBtn" ButtonBar.buttonData="NEXT_FORWARD" onAction="#chooseFileAndNext" defaultButton="true"/>
 			</buttons>
 		</ButtonBar>
diff --git a/src/main/resources/fxml/recoverykey_expert_settings.fxml b/src/main/resources/fxml/recoverykey_expert_settings.fxml
index c568a1cbc..0f81e23c6 100644
--- a/src/main/resources/fxml/recoverykey_expert_settings.fxml
+++ b/src/main/resources/fxml/recoverykey_expert_settings.fxml
@@ -1,7 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
-<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
-<?import org.cryptomator.ui.controls.NumericTextField?>
 <?import javafx.geometry.Insets?>
 <?import javafx.scene.control.Button?>
 <?import javafx.scene.control.ButtonBar?>
@@ -15,6 +13,8 @@
 <?import javafx.scene.layout.StackPane?>
 <?import javafx.scene.layout.VBox?>
 <?import javafx.scene.shape.Circle?>
+<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
+<?import org.cryptomator.ui.controls.NumericTextField?>
 <HBox xmlns:fx="http://javafx.com/fxml"
 	  xmlns="http://javafx.com/javafx"
 	  fx:controller="org.cryptomator.ui.recoverykey.RecoveryKeyExpertSettingsController"
diff --git a/src/main/resources/fxml/recoverykey_is_hub_vault.fxml b/src/main/resources/fxml/recoverykey_is_hub_vault.fxml
index fbfefdbf6..953beab10 100644
--- a/src/main/resources/fxml/recoverykey_is_hub_vault.fxml
+++ b/src/main/resources/fxml/recoverykey_is_hub_vault.fxml
@@ -3,12 +3,12 @@
 <?import javafx.geometry.Insets?>
 <?import javafx.scene.control.Button?>
 <?import javafx.scene.control.ButtonBar?>
-<?import javafx.scene.layout.Region?>
-<?import javafx.scene.layout.HBox?>
-<?import javafx.scene.layout.VBox?>
 <?import javafx.scene.control.Label?>
-<?import javafx.scene.layout.StackPane?>
 <?import javafx.scene.Group?>
+<?import javafx.scene.layout.HBox?>
+<?import javafx.scene.layout.Region?>
+<?import javafx.scene.layout.StackPane?>
+<?import javafx.scene.layout.VBox?>
 <?import javafx.scene.shape.Circle?>
 <?import org.cryptomator.ui.controls.FontAwesome5IconView?>
 <HBox xmlns:fx="http://javafx.com/fxml"

From 90cbb0c5f6f159eeae1cccf8513383e55833425a Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 19 May 2025 14:27:05 +0200
Subject: [PATCH 017/117] new recovery package in common

---
 .../common/recovery/BackupRestorer.java       |  52 ++++++++
 .../common/recovery/CryptoFsInitializer.java  |  33 +++++
 .../common/recovery/MasterkeyService.java     | 102 +++++++++++++++
 .../common/recovery/RecoveryActionType.java   |   9 ++
 .../common/recovery/RecoveryDirectory.java    |  65 +++++++++
 .../common/vaults/VaultListManager.java       |  71 +++++-----
 .../ChooseExistingVaultController.java        |  45 ++++++-
 .../ui/convertvault/ConvertVaultModule.java   |   4 +-
 .../VaultDetailMissingVaultController.java    |   6 +-
 .../ui/recoverykey/RecoveryKeyComponent.java  |   4 +-
 .../RecoveryKeyIsHubVaultController.java      |   8 +-
 .../ui/recoverykey/RecoveryKeyModule.java     |   4 +-
 .../RecoveryKeyRecoverController.java         |   4 +-
 .../RecoveryKeyResetPasswordController.java   | 123 +++++++++++++-----
 .../RecoveryKeyValidateController.java        |  10 +-
 .../MasterkeyOptionsController.java           |   6 +-
 .../fxml/recoverykey_reset_password.fxml      |   3 +-
 src/main/resources/i18n/strings.properties    |   1 +
 18 files changed, 456 insertions(+), 94 deletions(-)
 create mode 100644 src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
 create mode 100644 src/main/java/org/cryptomator/common/recovery/CryptoFsInitializer.java
 create mode 100644 src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
 create mode 100644 src/main/java/org/cryptomator/common/recovery/RecoveryActionType.java
 create mode 100644 src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java

diff --git a/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java b/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
new file mode 100644
index 000000000..b61e29c10
--- /dev/null
+++ b/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
@@ -0,0 +1,52 @@
+package org.cryptomator.common.recovery;
+
+import static org.cryptomator.common.vaults.VaultState.Value.*;
+
+import java.io.IOException;
+import java.nio.file.*;
+import java.util.stream.Stream;
+
+import org.cryptomator.common.vaults.VaultState.Value;
+
+public final class BackupRestorer {
+
+	private BackupRestorer() {}
+
+	public static boolean restoreIfPresent(Path vaultPath, Value vaultState) {
+		Path targetFile;
+		switch (vaultState) {
+			case VAULT_CONFIG_MISSING -> targetFile = vaultPath.resolve("vault.cryptomator");
+			case MASTERKEY_MISSING -> targetFile = vaultPath.resolve("masterkey.cryptomator");
+			default -> {
+				return false;
+			}
+		}
+
+		try (Stream<Path> files = Files.list(vaultPath)) {
+			return files
+					.filter(file -> isValidBackupFileForState(file.getFileName().toString(), vaultState))
+					.findFirst()
+					.map(backupFile -> copyBackupFile(backupFile, targetFile))
+					.orElse(false);
+		} catch (IOException e) {
+			return false;
+		}
+	}
+
+	private static boolean isValidBackupFileForState(String fileName, Value vaultState) {
+		return switch (vaultState) {
+			case VAULT_CONFIG_MISSING -> fileName.startsWith("vault.cryptomator") && fileName.endsWith(".bkup");
+			case MASTERKEY_MISSING -> fileName.startsWith("masterkey.cryptomator") && fileName.endsWith(".bkup");
+			default -> false;
+		};
+	}
+
+	private static boolean copyBackupFile(Path backupFile, Path configPath) {
+		try {
+			Files.copy(backupFile, configPath, StandardCopyOption.REPLACE_EXISTING);
+			return true;
+		} catch (IOException e) {
+			return false;
+		}
+	}
+}
diff --git a/src/main/java/org/cryptomator/common/recovery/CryptoFsInitializer.java b/src/main/java/org/cryptomator/common/recovery/CryptoFsInitializer.java
new file mode 100644
index 000000000..c69e8dad8
--- /dev/null
+++ b/src/main/java/org/cryptomator/common/recovery/CryptoFsInitializer.java
@@ -0,0 +1,33 @@
+package org.cryptomator.common.recovery;
+
+import java.io.IOException;
+import java.nio.file.Path;
+
+import javafx.beans.property.IntegerProperty;
+
+import org.cryptomator.common.Constants;
+import org.cryptomator.cryptofs.CryptoFileSystemProperties;
+import org.cryptomator.cryptofs.CryptoFileSystemProvider;
+import org.cryptomator.cryptolib.api.*;
+
+import static org.cryptomator.common.Constants.DEFAULT_KEY_ID;
+
+public final class CryptoFsInitializer {
+
+	private CryptoFsInitializer() {}
+
+	public static void init(Path recoveryPath,
+							Masterkey masterkey,
+							IntegerProperty shorteningThreshold,
+							CryptorProvider.Scheme scheme) throws IOException, CryptoException {
+
+		MasterkeyLoader loader = ignored -> masterkey.copy();
+		CryptoFileSystemProperties fsProps = CryptoFileSystemProperties //
+				.cryptoFileSystemProperties() //
+				.withCipherCombo(scheme) //
+				.withKeyLoader(loader) //
+				.withShorteningThreshold(shorteningThreshold.get()) //
+				.build();
+		CryptoFileSystemProvider.initialize(recoveryPath, fsProps, DEFAULT_KEY_ID);
+	}
+}
diff --git a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
new file mode 100644
index 000000000..b91b032dc
--- /dev/null
+++ b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
@@ -0,0 +1,102 @@
+package org.cryptomator.common.recovery;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.SecureRandom;
+import java.util.Arrays;
+import java.util.NoSuchElementException;
+import java.util.Optional;
+import java.util.UUID;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.stream.Stream;
+
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.cryptolib.api.*;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
+import org.cryptomator.ui.recoverykey.RecoveryKeyFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javafx.beans.property.StringProperty;
+
+import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
+import static org.cryptomator.cryptofs.common.Constants.DATA_DIR_NAME;
+
+public final class MasterkeyService {
+
+	private static final Logger LOG = LoggerFactory.getLogger(MasterkeyService.class);
+
+	private MasterkeyService() {}
+
+	public static void recoverFromRecoveryKey(String recoveryKey, RecoveryKeyFactory recoveryKeyFactory, Path recoveryPath, CharSequence newPassword) throws IOException {
+		recoveryKeyFactory.newMasterkeyFileWithPassphrase(recoveryPath, recoveryKey, newPassword);
+	}
+
+	public static Masterkey load(MasterkeyFileAccess masterkeyFileAccess, Path masterkeyFilePath, CharSequence password) throws IOException {
+		return masterkeyFileAccess.load(masterkeyFilePath, password);
+	}
+
+	public static Optional<CryptorProvider.Scheme> validateRecoveryKeyAndDetectCombo(RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, MasterkeyFileAccess masterkeyFileAccess, AtomicBoolean illegalArgumentExceptionOccurred) {
+
+		var tmpPass = UUID.randomUUID().toString();
+		try(RecoveryDirectory recoveryDirectory = RecoveryDirectory.create(vault.getPath())) {
+			var tempRecoveryPath = recoveryDirectory.getRecoveryPath();
+			recoverFromRecoveryKey(recoveryKey.get(), recoveryKeyFactory, tempRecoveryPath, tmpPass);
+			var masterkeyFilePath = tempRecoveryPath.resolve(MASTERKEY_FILENAME);
+
+			try (Masterkey mk = load(masterkeyFileAccess, masterkeyFilePath, tmpPass)) {
+				return detect(mk.getEncoded(), vault.getPath());
+			} catch (IOException | CryptoException e) {
+				LOG.info("Recovery key validation failed", e);
+				return Optional.empty();
+			} catch (IllegalArgumentException e) {
+				illegalArgumentExceptionOccurred.set(true);
+				return Optional.empty();
+			}
+		} catch (IOException | CryptoException e) {
+			LOG.info("Recovery key validation failed");
+		} catch (IllegalArgumentException e) {
+			LOG.info("Recovery key has an illegal argument");
+			illegalArgumentExceptionOccurred.set(true);
+		}
+		return Optional.empty();
+
+	}
+	public static Optional<CryptorProvider.Scheme> detect(byte[] masterkey, Path vaultPath) {
+		try (Stream<Path> paths = Files.walk(vaultPath.resolve(DATA_DIR_NAME))) {
+			Path c9rFile = paths.filter(p -> p.toString().endsWith(".c9r"))
+					.findFirst().orElse(null);
+			if (c9rFile == null) {
+				LOG.info("No *.c9r file found in {}", vaultPath);
+				return Optional.empty();
+			}
+			return determineScheme(c9rFile, masterkey); // jetzt auch ein Optional
+		} catch (IOException e) {
+			LOG.debug("Failed to inspect vault", e);
+			return Optional.empty();
+		}
+	}
+
+	private static Optional<CryptorProvider.Scheme> determineScheme(Path c9rFile, byte[] masterkey) {
+		try {
+			ByteBuffer header = ByteBuffer.wrap(Files.readAllBytes(c9rFile));
+			return Arrays.stream(CryptorProvider.Scheme.values())
+					.filter(s -> tryDecrypt(header, new Masterkey(masterkey), s))
+					.findFirst();
+		} catch (IOException e) {
+			LOG.info("Failed to decrypt .c9r file", e);
+			return Optional.empty();
+		}
+	}
+
+	private static boolean tryDecrypt(ByteBuffer header, Masterkey masterkey, CryptorProvider.Scheme scheme) {
+		try (Cryptor cryptor = CryptorProvider.forScheme(scheme).provide(masterkey, SecureRandom.getInstanceStrong())) {
+			cryptor.fileHeaderCryptor().decryptHeader(header.duplicate());
+			return true;
+		} catch (Exception e) {
+			return false;
+		}
+	}
+}
diff --git a/src/main/java/org/cryptomator/common/recovery/RecoveryActionType.java b/src/main/java/org/cryptomator/common/recovery/RecoveryActionType.java
new file mode 100644
index 000000000..32f28d613
--- /dev/null
+++ b/src/main/java/org/cryptomator/common/recovery/RecoveryActionType.java
@@ -0,0 +1,9 @@
+package org.cryptomator.common.recovery;
+
+public enum RecoveryActionType {
+	RESTORE_VAULT_CONFIG,
+	RESTORE_MASTERKEY,
+	RESET_PASSWORD,
+	SHOW_KEY,
+	CONVERT_VAULT
+}
diff --git a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
new file mode 100644
index 000000000..e57ca4f1d
--- /dev/null
+++ b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
@@ -0,0 +1,65 @@
+package org.cryptomator.common.recovery;
+
+import java.io.IOException;
+import java.nio.file.*;
+import java.util.Comparator;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
+import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
+
+public final class RecoveryDirectory implements AutoCloseable {
+
+	private static final Logger LOG = LoggerFactory.getLogger(RecoveryDirectory.class);
+
+	private final Path recoveryPath;
+	private final Path vaultPath;
+
+
+	private static Path addR(Path p){
+		return p.resolve("r");
+	}
+
+	private RecoveryDirectory(Path vaultPath) {
+		this.vaultPath = vaultPath;
+		this.recoveryPath = addR(vaultPath);
+	}
+
+	public static RecoveryDirectory create(Path vaultPath) throws IOException {
+		//TODO: Files.createTmpDirectory Doku lesen und ggf nutzen
+		Path recovery = addR(vaultPath);
+		Files.createDirectory(recovery);
+		return new RecoveryDirectory(vaultPath);
+	}
+
+	public void moveRecoveredFiles() throws IOException {
+		Files.move(recoveryPath.resolve(MASTERKEY_FILENAME), vaultPath.resolve(MASTERKEY_FILENAME), StandardCopyOption.REPLACE_EXISTING);
+		Files.move(recoveryPath.resolve(VAULTCONFIG_FILENAME), vaultPath.resolve(VAULTCONFIG_FILENAME)); //TODO: ? StandardCopyOption.REPLACE_EXISTING
+	}
+
+	private void deleteRecoveryDirectory() {
+		try (var paths = Files.walk(recoveryPath)) {
+			paths.sorted(Comparator.reverseOrder()).forEach(p -> { //TODO: wieso reverseOrder
+				try {
+					Files.delete(p);
+				} catch (IOException e) {
+					LOG.info("Unable to delete {}. Please delete it manually.", p);
+				}
+			});
+		} catch (IOException e) {
+			LOG.error("Failed to clean up recovery directory", e);
+		}
+	}
+
+	@Override
+	public void close() {
+		deleteRecoveryDirectory();
+	}
+
+	public Path getRecoveryPath() {
+		return recoveryPath;
+	}
+
+}
diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index e9b9d9e37..f3e42a797 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -26,9 +26,11 @@ import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
 import static org.cryptomator.common.vaults.VaultState.Value.ERROR;
 import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
 import static org.cryptomator.common.vaults.VaultState.Value.MASTERKEY_MISSING;
+import static org.cryptomator.common.vaults.VaultState.Value.PROCESSING;
+import static org.cryptomator.common.vaults.VaultState.Value.UNLOCKED;
 
 import org.apache.commons.lang3.SystemUtils;
-import org.cryptomator.common.RecoverUtil;
+import org.cryptomator.common.recovery.BackupRestorer;
 import org.cryptomator.common.settings.Settings;
 import org.cryptomator.common.settings.VaultSettings;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
@@ -146,45 +148,35 @@ public class VaultListManager {
 			return vaultComponentFactory.create(vaultSettings, wrapper, ERROR, e).vault();
 		}
 	}
-
 	public static VaultState.Value redetermineVaultState(Vault vault) {
-		VaultState state = vault.stateProperty();
-		VaultState.Value previousState = state.getValue();
-		return switch (previousState) {
-			case LOCKED, NEEDS_MIGRATION, MISSING, VAULT_CONFIG_MISSING, MASTERKEY_MISSING -> {
-				try {
-					var determinedState = determineVaultState(vault.getPath(), vault.getVaultSettings());
-					if (determinedState == MASTERKEY_MISSING) {
-						var vaultScheme = vault.getVaultConfigCache().getUnchecked().getKeyId().getScheme();
-						if (KeyLoadingStrategy.isHubVault(vaultScheme)) {
-							determinedState = LOCKED;
-						}
-					}
-					if (determinedState == LOCKED) {
-						vault.getVaultConfigCache().reloadConfig();
-					}
-					state.set(determinedState);
-					yield determinedState;
-				} catch (IOException e) {
-					LOG.warn("Failed to determine vault state for {}", vault.getPath(), e);
-					state.set(ERROR);
-					vault.setLastKnownException(e);
-					yield ERROR;
+		VaultState state  = vault.stateProperty();
+		VaultState.Value previous = state.getValue();
+
+		if (previous.equals(UNLOCKED)||previous.equals(PROCESSING)) {
+			return previous;
+		}
+
+		try {
+			VaultState.Value determined = determineVaultState(vault.getPath(), vault.getVaultSettings());
+
+			if (determined == MASTERKEY_MISSING) {
+				if (KeyLoadingStrategy.isHubVault(vault.getVaultConfigCache().getUnchecked().getKeyId().getScheme())) {
+					determined = LOCKED;
 				}
 			}
-			case ERROR -> {
-				try {
-					var determinedState = determineVaultState(vault.getPath(), vault.getVaultSettings());
-					state.set(determinedState);
-					yield determinedState;
-				} catch (IOException e) {
-					LOG.warn("Failed to redetermine vault state for {}", vault.getPath(), e);
-					vault.setLastKnownException(e);
-					yield ERROR;
-				}
+
+			if (determined == LOCKED) {
+				vault.getVaultConfigCache().reloadConfig();
 			}
-			case UNLOCKED, PROCESSING -> previousState;
-		};
+
+			state.set(determined);
+			return determined;
+		} catch (IOException e) {
+			LOG.warn("Failed to (re)determine vault state for {}", vault.getPath(), e);
+			vault.setLastKnownException(e);
+			state.set(ERROR);
+			return ERROR;
+		}
 	}
 
 	private static VaultState.Value determineVaultState(Path pathToVault, VaultSettings vaultSettings) throws IOException {
@@ -195,9 +187,12 @@ public class VaultListManager {
 			return VaultState.Value.MISSING;
 		}
 
-		boolean vaultConfigRestored = Files.notExists(pathToVaultConfig) && RecoverUtil.restoreBackupIfAvailable(pathToVaultConfig, VaultState.Value.VAULT_CONFIG_MISSING);
+		boolean vaultConfigRestored = Files.notExists(pathToVaultConfig)
+				&& BackupRestorer.restoreIfPresent(pathToVaultConfig.getParent(), VaultState.Value.VAULT_CONFIG_MISSING);
 
-		boolean masterkeyRestored = Files.notExists(pathToMasterkey) && KeyLoadingStrategy.isMasterkeyFileVault(vaultSettings.lastKnownKeyLoader.get()) && RecoverUtil.restoreBackupIfAvailable(pathToMasterkey, VaultState.Value.MASTERKEY_MISSING);
+		boolean masterkeyRestored = Files.notExists(pathToMasterkey)
+				&& KeyLoadingStrategy.isMasterkeyFileVault(vaultSettings.lastKnownKeyLoader.get())
+				&& BackupRestorer.restoreIfPresent(pathToMasterkey.getParent(), VaultState.Value.MASTERKEY_MISSING);
 
 		if (vaultConfigRestored || masterkeyRestored) {
 			return LOCKED;
diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
index 1b2f7e7e9..f040154ea 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -22,12 +22,15 @@ import java.util.Optional;
 import java.util.ResourceBundle;
 
 import static org.cryptomator.common.Constants.CRYPTOMATOR_FILENAME_GLOB;
+import static org.cryptomator.common.vaults.VaultState.Value.VAULT_CONFIG_MISSING;
 
 import dagger.Lazy;
 import org.apache.commons.lang3.SystemUtils;
-import org.cryptomator.common.RecoverUtil;
+import org.cryptomator.common.recovery.RecoveryActionType;
+import org.cryptomator.common.settings.VaultSettings;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultComponent;
+import org.cryptomator.common.vaults.VaultConfigCache;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.integrations.mount.MountService;
 import org.cryptomator.integrations.uiappearance.Theme;
@@ -131,14 +134,50 @@ public class ChooseExistingVaultController implements FxController {
 	@FXML
 	public void restoreVaultConfigWithRecoveryKey() {
 		DirectoryChooser directoryChooser = new DirectoryChooser();
-		Optional<Vault> optionalVault = RecoverUtil.checkAndPrepareVaultFromDirectory(directoryChooser, window, dialogs, vaultComponentFactory, mountServices);
 
+		File selectedDirectory;
+		do {
+			selectedDirectory = directoryChooser.showDialog(window);
+			boolean hasSubfolderD = new File(selectedDirectory, "d").isDirectory();
+
+			if (!hasSubfolderD) {
+				dialogs.prepareNoDDirectorySelectedDialog(window).build().showAndWait();
+				selectedDirectory = null;
+			}
+		} while (selectedDirectory == null);
+
+		Optional<Vault> optionalVault = prepareVault(selectedDirectory,vaultComponentFactory,
+				mountServices);
+		//TODO: optional raus, und mit error dialog arbeiten (UI kram in UI package!) hier nur fehler werfen
 		optionalVault.ifPresent(vault -> {
-			ObjectProperty<RecoverUtil.Type> recoverTypeProperty = new SimpleObjectProperty<>(RecoverUtil.Type.RESTORE_VAULT_CONFIG);
+			ObjectProperty<RecoveryActionType> recoverTypeProperty = new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG);
 			recoveryKeyWindow.create(vault, window, recoverTypeProperty).showIsHubVaultDialogWindow();
 		});
 	}
 
+	public static Optional<Vault> prepareVault(File selectedDirectory, VaultComponent.Factory vaultComponentFactory, List<MountService> mountServices) {
+
+		Path selectedPath = selectedDirectory.toPath();
+		VaultSettings vaultSettings = VaultSettings.withRandomId();
+		vaultSettings.path.set(selectedPath);
+		if (selectedPath.getFileName() != null) {
+			vaultSettings.displayName.set(selectedPath.getFileName().toString());
+		} else {
+			vaultSettings.displayName.set("defaultVaultName");
+		}
+
+		var wrapper = new VaultConfigCache(vaultSettings);
+		Vault vault = vaultComponentFactory.create(vaultSettings, wrapper, VAULT_CONFIG_MISSING, null).vault(); //TODO: VAULT_CONFIG_MISSING nicht sicher, stand nochmal überprüfen
+
+		//due to https://github.com/cryptomator/cryptomator/issues/2880#issuecomment-1680313498
+		var nameOfWinfspLocalMounter = "org.cryptomator.frontend.fuse.mount.WinFspMountProvider";
+		if (SystemUtils.IS_OS_WINDOWS && vaultSettings.path.get().toString().contains("Dropbox") && mountServices.stream().anyMatch(s -> s.getClass().getName().equals(nameOfWinfspLocalMounter))) {
+			vaultSettings.mountService.setValue(nameOfWinfspLocalMounter);
+		}
+
+		return Optional.of(vault);
+	}
+
 	/* Getter */
 
 	public ObservableValue<Image> screenshotProperty() {
diff --git a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
index d0b60d0ac..a5fc761aa 100644
--- a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
+++ b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
@@ -4,7 +4,7 @@ import dagger.Binds;
 import dagger.Module;
 import dagger.Provides;
 import dagger.multibindings.IntoMap;
-import org.cryptomator.common.RecoverUtil;
+import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.VaultConfig;
 import org.cryptomator.ui.changepassword.NewPasswordController;
@@ -122,7 +122,7 @@ abstract class ConvertVaultModule {
 	@IntoMap
 	@FxControllerKey(RecoveryKeyValidateController.class)
 	static FxController bindRecoveryKeyValidateController(@ConvertVaultWindow Vault vault, @ConvertVaultWindow VaultConfig.UnverifiedVaultConfig vaultConfig, @ConvertVaultWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory) {
-		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, new SimpleObjectProperty<>(RecoverUtil.Type.CONVERT_VAULT), null, null);
+		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, new SimpleObjectProperty<>(RecoveryActionType.CONVERT_VAULT), null, null);
 	}
 
 }
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
index d7ac79f08..7f53346d7 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
@@ -1,6 +1,6 @@
 package org.cryptomator.ui.mainwindow;
 
-import org.cryptomator.common.RecoverUtil;
+import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.ui.common.FxController;
@@ -61,14 +61,14 @@ public class VaultDetailMissingVaultController implements FxController {
 			dialogs.prepareContactHubAdmin(window).build().showAndWait();
 		}
 		else {
-			ObjectProperty<RecoverUtil.Type> recoverTypeProperty = new SimpleObjectProperty<>(RecoverUtil.Type.RESTORE_VAULT_CONFIG);
+			ObjectProperty<RecoveryActionType> recoverTypeProperty = new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG);
 			recoveryKeyWindow.create(vault.get(), window, recoverTypeProperty).showIsHubVaultDialogWindow();
 		}
 	}
 
 	@FXML
 	void restoreMasterkey() {
-		ObjectProperty<RecoverUtil.Type> recoverTypeProperty = new SimpleObjectProperty<>(RecoverUtil.Type.RESTORE_MASTERKEY);
+		ObjectProperty<RecoveryActionType> recoverTypeProperty = new SimpleObjectProperty<>(RecoveryActionType.RESTORE_MASTERKEY);
 		recoveryKeyWindow.create(vault.get(), window, recoverTypeProperty).showRecoveryKeyRecoverWindow();
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
index 6b799cee2..1c7419d9a 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
@@ -3,7 +3,7 @@ package org.cryptomator.ui.recoverykey;
 import dagger.BindsInstance;
 import dagger.Lazy;
 import dagger.Subcomponent;
-import org.cryptomator.common.RecoverUtil;
+import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
@@ -55,7 +55,7 @@ public interface RecoveryKeyComponent {
 
 		RecoveryKeyComponent create(@BindsInstance @RecoveryKeyWindow Vault vault, //
 									@BindsInstance @Named("keyRecoveryOwner") Stage owner, //
-									@BindsInstance @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType);
+									@BindsInstance @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType);
 	}
 
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
index 6110db9b5..4b0b440ec 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
@@ -9,7 +9,7 @@ import javafx.stage.Stage;
 import java.util.ResourceBundle;
 
 import dagger.Lazy;
-import org.cryptomator.common.RecoverUtil;
+import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
@@ -19,12 +19,12 @@ public class RecoveryKeyIsHubVaultController implements FxController {
 
 	private final Stage window;
 	private final Lazy<Scene> recoverykeyRecoverScene;
-	private final ObjectProperty<RecoverUtil.Type> recoverType;
+	private final ObjectProperty<RecoveryActionType> recoverType;
 
 	@Inject
 	public RecoveryKeyIsHubVaultController(@RecoveryKeyWindow Stage window, //
 										   @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverykeyRecoverScene, //
-										   @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType, //
+										   @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
 										   ResourceBundle resourceBundle) {
 		this.window = window;
 		window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
@@ -40,7 +40,7 @@ public class RecoveryKeyIsHubVaultController implements FxController {
 
 	@FXML
 	public void recover() {
-		recoverType.set(RecoverUtil.Type.RESTORE_VAULT_CONFIG);
+		recoverType.set(RecoveryActionType.RESTORE_VAULT_CONFIG);
 		window.setScene(recoverykeyRecoverScene.get());
 	}
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
index e48bc7825..f120e68b1 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
@@ -5,7 +5,7 @@ import dagger.Module;
 import dagger.Provides;
 import dagger.multibindings.IntoMap;
 import org.cryptomator.common.Nullable;
-import org.cryptomator.common.RecoverUtil;
+import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.VaultConfig;
 import org.cryptomator.cryptolib.api.CryptorProvider;
@@ -177,7 +177,7 @@ abstract class RecoveryKeyModule {
 	@Provides
 	@IntoMap
 	@FxControllerKey(RecoveryKeyValidateController.class)
-	static FxController bindRecoveryKeyValidateController(@RecoveryKeyWindow Vault vault, @RecoveryKeyWindow @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, @RecoveryKeyWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory, @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType, @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo, @Nullable MasterkeyFileAccess masterkeyFileAccess) {
+	static FxController bindRecoveryKeyValidateController(@RecoveryKeyWindow Vault vault, @RecoveryKeyWindow @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, @RecoveryKeyWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory, @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo, @Nullable MasterkeyFileAccess masterkeyFileAccess) {
 		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, recoverType, cipherCombo, masterkeyFileAccess);
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
index 9264b4d22..ed1275d5a 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
@@ -1,7 +1,7 @@
 package org.cryptomator.ui.recoverykey;
 
 import dagger.Lazy;
-import org.cryptomator.common.RecoverUtil;
+import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
@@ -27,7 +27,7 @@ public class RecoveryKeyRecoverController implements FxController {
 	public RecoveryKeyRecoverController(@RecoveryKeyWindow Stage window, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD) Lazy<Scene> resetPasswordScene, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> expertSettingsScene, //
-										ResourceBundle resourceBundle, @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType) {
+										ResourceBundle resourceBundle, @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType) {
 		this.window = window;
 
 		this.nextScene = switch (recoverType.get()) {
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index 4403c6697..640461251 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -5,6 +5,7 @@ import javax.inject.Named;
 import javafx.beans.property.IntegerProperty;
 import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.ReadOnlyBooleanProperty;
+import javafx.beans.property.ReadOnlyBooleanWrapper;
 import javafx.beans.property.SimpleStringProperty;
 import javafx.beans.property.StringProperty;
 import javafx.concurrent.Task;
@@ -19,7 +20,10 @@ import java.util.concurrent.ExecutorService;
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 
 import dagger.Lazy;
-import org.cryptomator.common.RecoverUtil;
+import org.cryptomator.common.recovery.CryptoFsInitializer;
+import org.cryptomator.common.recovery.MasterkeyService;
+import org.cryptomator.common.recovery.RecoveryActionType;
+import org.cryptomator.common.recovery.RecoveryDirectory;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.cryptolib.api.CryptoException;
@@ -50,7 +54,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	private final MasterkeyFileAccess masterkeyFileAccess;
 	private final VaultListManager vaultListManager;
 	private final IntegerProperty shorteningThreshold;
-	private final ObjectProperty<RecoverUtil.Type> recoverType;
+	private final ObjectProperty<RecoveryActionType> recoverType;
 	private final ObjectProperty<CryptorProvider.Scheme> cipherCombo;
 	private final ResourceBundle resourceBundle;
 	private final StringProperty buttonText = new SimpleStringProperty();
@@ -70,7 +74,8 @@ public class RecoveryKeyResetPasswordController implements FxController {
 											  MasterkeyFileAccess masterkeyFileAccess, //
 											  VaultListManager vaultListManager, //
 											  @Named("shorteningThreshold") IntegerProperty shorteningThreshold, //
-											  @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType, @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo,//
+											  @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
+											  @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo,//
 											  ResourceBundle resourceBundle, Dialogs dialogs) {
 		this.window = window;
 		this.vault = vault;
@@ -90,8 +95,8 @@ public class RecoveryKeyResetPasswordController implements FxController {
 		initButtonText(recoverType.get());
 	}
 
-	private void initButtonText(RecoverUtil.Type type) {
-		if (type == RecoverUtil.Type.RESTORE_MASTERKEY) {
+	private void initButtonText(RecoveryActionType type) {
+		if (type == RecoveryActionType.RESTORE_MASTERKEY) {
 			buttonText.set(resourceBundle.getString("generic.button.close"));
 		} else {
 			buttonText.set(resourceBundle.getString("generic.button.back"));
@@ -100,42 +105,68 @@ public class RecoveryKeyResetPasswordController implements FxController {
 
 	@FXML
 	public void close() {
-		if (recoverType.getValue().equals(RecoverUtil.Type.RESTORE_MASTERKEY)) {
+		if (recoverType.getValue().equals(RecoveryActionType.RESTORE_MASTERKEY)) {
 			window.close();
 		} else {
 			window.setScene(recoverExpertSettingsScene.get());
 		}
 	}
+	@FXML
+	public void restorePassword() {
+		try (RecoveryDirectory recoveryDirectory = RecoveryDirectory.create(vault.getPath())) {
+			Path recoveryPath = recoveryDirectory.getRecoveryPath();
+			MasterkeyService.recoverFromRecoveryKey(recoveryKey.get(), recoveryKeyFactory, recoveryPath, newPasswordController.passwordField.getCharacters());
+
+			Path masterkeyFilePath = recoveryPath.resolve(MASTERKEY_FILENAME);
+
+			try (Masterkey masterkey = MasterkeyService.load(masterkeyFileAccess, masterkeyFilePath, newPasswordController.passwordField.getCharacters())) {
+				CryptoFsInitializer.init(recoveryPath, masterkey, shorteningThreshold, cipherCombo.get());
+			}
+
+			recoveryDirectory.moveRecoveredFiles();
+
+			if (!vaultListManager.containsVault(vault.getPath())) {
+				vaultListManager.add(vault.getPath());
+			}
+
+			dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle)
+					.setTitleKey("recoveryKey.recoverVaultConfig.title")
+					.setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message")
+					.build().showAndWait();
+			window.close();
+
+		} catch (IOException | CryptoException e) {
+			LOG.error("Recovery process failed", e);
+			appWindows.showErrorWindow(e, window, null);
+		}
+	}
 
 	@FXML
 	public void resetPassword() {
-		if (vault.isMissingVaultConfig()) {
-			try {
-				Path recoveryPath = RecoverUtil.createRecoveryDirectory(vault.getPath());
-				RecoverUtil.createNewMasterkeyFile(recoveryKeyFactory, recoveryPath, recoveryKey.get(), newPasswordController.passwordField.getCharacters());
-				Path masterkeyFilePath = recoveryPath.resolve(MASTERKEY_FILENAME);
+		Task<Void> task = new ResetPasswordTask(recoveryKeyFactory, vault, recoveryKey, newPasswordController);
 
-				try (Masterkey masterkey = RecoverUtil.loadMasterkey(masterkeyFileAccess, masterkeyFilePath, newPasswordController.passwordField.getCharacters())) {
-					RecoverUtil.initializeCryptoFileSystem(recoveryPath, masterkey, shorteningThreshold, cipherCombo.get());
-				}
+		task.setOnScheduled(_ -> LOG.debug("Using recovery key to reset password for {}.", vault.getDisplayablePath()));
 
-				RecoverUtil.moveRecoveredFiles(recoveryPath, vault.getPath());
-				RecoverUtil.deleteRecoveryDirectory(recoveryPath);
-				RecoverUtil.addVaultToList(vaultListManager, vault.getPath());
-
-				dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle).setTitleKey("recoveryKey.recoverVaultConfig.title").setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message").build().showAndWait();
-				window.close();
-
-			} catch (IOException | CryptoException e) {
-				LOG.error("Recovery process failed", e);
+		task.setOnSucceeded(_ -> {
+			LOG.info("Used recovery key to reset password for {}.", vault.getDisplayablePath());
+			if (vault.getState().equals(org.cryptomator.common.vaults.VaultState.Value.MASTERKEY_MISSING)) {
+				dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle)
+						.setTitleKey("recoveryKey.recoverMasterkey.title")
+						.setMessageKey("recoveryKey.recover.resetMasterkeyFileSuccess.message")
+						.build().showAndWait();
+			} else {
+				dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle)
+						.build().showAndWait();
 			}
-		} else {
-			Task<Void> task = RecoverUtil.createResetPasswordTask( //
-					resourceBundle, owner, recoveryKeyFactory, //
-					vault, recoveryKey, newPasswordController, //
-					window, appWindows, dialogs);
-			executor.submit(task);
-		}
+			window.close();
+		});
+
+		task.setOnFailed(_ -> {
+			LOG.error("Resetting password failed.", task.getException());
+			appWindows.showErrorWindow(task.getException(), window, null);
+		});
+
+		executor.submit(task);
 	}
 
 	/* Getter/Setter */
@@ -155,5 +186,37 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	public boolean isPasswordSufficientAndMatching() {
 		return newPasswordController.isGoodPassword();
 	}
+	private final ReadOnlyBooleanWrapper vaultConfigMissing = new ReadOnlyBooleanWrapper();
 
+	public ReadOnlyBooleanProperty vaultConfigMissingProperty() {
+		return vaultConfigMissing.getReadOnlyProperty();
+	}
+
+	public boolean isVaultConfigMissing() {
+		return vault.isMissingVaultConfig();
+	}
+
+	private static class ResetPasswordTask extends Task<Void> {
+
+		private static final Logger LOG = LoggerFactory.getLogger(ResetPasswordTask.class);
+		private final RecoveryKeyFactory recoveryKeyFactory;
+		private final Vault vault;
+		private final StringProperty recoveryKey;
+		private final NewPasswordController newPasswordController;
+
+		public ResetPasswordTask(RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, NewPasswordController newPasswordController) {
+			this.recoveryKeyFactory = recoveryKeyFactory;
+			this.vault = vault;
+			this.recoveryKey = recoveryKey;
+			this.newPasswordController = newPasswordController;
+
+			setOnFailed(_ -> LOG.error("Failed to reset password", getException()));
+		}
+
+		@Override
+		protected Void call() throws IOException, IllegalArgumentException {
+			recoveryKeyFactory.newMasterkeyFileWithPassphrase(vault.getPath(), recoveryKey.get(), newPasswordController.passwordField.getCharacters());
+			return null;
+		}
+	}
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
index a0e23db27..c579abf57 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
@@ -5,7 +5,6 @@ import com.google.common.base.CharMatcher;
 import com.google.common.base.Strings;
 import org.cryptomator.common.Nullable;
 import org.cryptomator.common.ObservableUtil;
-import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.VaultConfig;
 import org.cryptomator.cryptofs.VaultConfigLoadException;
@@ -28,6 +27,9 @@ import javafx.scene.input.KeyCode;
 import javafx.scene.input.KeyEvent;
 import java.util.concurrent.atomic.AtomicBoolean;
 
+import org.cryptomator.common.recovery.MasterkeyService;
+import org.cryptomator.common.recovery.RecoveryActionType;
+
 public class RecoveryKeyValidateController implements FxController {
 
 	private static final Logger LOG = LoggerFactory.getLogger(RecoveryKeyCreationController.class);
@@ -43,7 +45,7 @@ public class RecoveryKeyValidateController implements FxController {
 	private final ObjectProperty<RecoveryKeyState> recoveryKeyState;
 	private final ObjectProperty<CryptorProvider.Scheme> cipherCombo;
 	private final AutoCompleter autoCompleter;
-	private final ObjectProperty<RecoverUtil.Type> recoverType;
+	private final ObjectProperty<RecoveryActionType> recoverType;
 	private final MasterkeyFileAccess masterkeyFileAccess;
 
 	private volatile boolean isWrongKey;
@@ -54,7 +56,7 @@ public class RecoveryKeyValidateController implements FxController {
 										 @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, //
 										 StringProperty recoveryKey, //
 										 RecoveryKeyFactory recoveryKeyFactory, //
-										 @Named("recoverType") ObjectProperty<RecoverUtil.Type> recoverType, //
+										 @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
 										 @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo,//
 										 MasterkeyFileAccess masterkeyFileAccess) {
 		this.vault = vault;
@@ -137,7 +139,7 @@ public class RecoveryKeyValidateController implements FxController {
 		switch (recoverType.get()) {
 			case RESTORE_VAULT_CONFIG -> {
 				AtomicBoolean illegalArgumentExceptionOccurred = new AtomicBoolean(false);
-				var combo = RecoverUtil.validateRecoveryKeyAndGetCombo(
+				var combo = MasterkeyService.validateRecoveryKeyAndDetectCombo(
 						recoveryKeyFactory, vault, recoveryKey, masterkeyFileAccess, illegalArgumentExceptionOccurred);
 				combo.ifPresent(cipherCombo::set);
 				if (illegalArgumentExceptionOccurred.get()) {
diff --git a/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java b/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
index 36b70eb1d..c489f6230 100644
--- a/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
+++ b/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
@@ -1,7 +1,7 @@
 package org.cryptomator.ui.vaultoptions;
 
-import org.cryptomator.common.RecoverUtil;
 import org.cryptomator.common.keychain.KeychainManager;
+import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.changepassword.ChangePasswordComponent;
 import org.cryptomator.ui.common.FxController;
@@ -50,13 +50,13 @@ public class MasterkeyOptionsController implements FxController {
 
 	@FXML
 	public void showRecoveryKey() {
-		ObjectProperty<RecoverUtil.Type> recoverTypeProperty = new SimpleObjectProperty<>(RecoverUtil.Type.SHOW_KEY);
+		ObjectProperty<RecoveryActionType> recoverTypeProperty = new SimpleObjectProperty<>(RecoveryActionType.SHOW_KEY);
 		recoveryKeyWindow.create(vault, window, recoverTypeProperty).showRecoveryKeyCreationWindow();
 	}
 
 	@FXML
 	public void showRecoverVaultDialog() {
-		ObjectProperty<RecoverUtil.Type> recoverTypeProperty = new SimpleObjectProperty<>(RecoverUtil.Type.RESET_PASSWORD);
+		ObjectProperty<RecoveryActionType> recoverTypeProperty = new SimpleObjectProperty<>(RecoveryActionType.RESET_PASSWORD);
 		recoveryKeyWindow.create(vault, window, recoverTypeProperty).showRecoveryKeyRecoverWindow();
 	}
 
diff --git a/src/main/resources/fxml/recoverykey_reset_password.fxml b/src/main/resources/fxml/recoverykey_reset_password.fxml
index faf93cbf1..2ca139631 100644
--- a/src/main/resources/fxml/recoverykey_reset_password.fxml
+++ b/src/main/resources/fxml/recoverykey_reset_password.fxml
@@ -25,7 +25,8 @@
 			<ButtonBar buttonMinWidth="120" buttonOrder="+CI">
 				<buttons>
 					<Button text="${controller.buttonText}" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
-					<Button text="%recoveryKey.recover.resetBtn" ButtonBar.buttonData="FINISH" defaultButton="true" onAction="#resetPassword" disable="${!controller.passwordSufficientAndMatching}"/>
+					<Button text="%recoveryKey.recover.resetBtn" ButtonBar.buttonData="FINISH" defaultButton="true" onAction="#resetPassword" managed="${!controller.vaultConfigMissing}" disable="${!controller.passwordSufficientAndMatching}"/>
+					<Button text="%recoveryKey.recover.recoverBtn" ButtonBar.buttonData="FINISH" defaultButton="true" onAction="#restorePassword" managed="${controller.vaultConfigMissing}" disable="${!controller.passwordSufficientAndMatching}"/>
 				</buttons>
 			</ButtonBar>
 		</VBox>
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index 7ea99bc00..8bee16005 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -519,6 +519,7 @@ recoveryKey.recover.invalidKey=This recovery key is not valid
 recoveryKey.printout.heading=Cryptomator Recovery Key\n"%s"\n
 ### Reset Password
 recoveryKey.recover.resetBtn=Reset
+recoveryKey.recover.recoverBtn=Recover
 ### Recovery Key Password Reset Success
 recoveryKey.recover.resetSuccess.message=Password reset successful
 recoveryKey.recover.resetSuccess.description=You can unlock your vault with the new password.

From 4de6b83e2f18a864b35d850195ec4a490c8b7955 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 19 May 2025 14:37:39 +0200
Subject: [PATCH 018/117] remove RecoverUtil

---
 .../org/cryptomator/common/RecoverUtil.java   | 295 ------------------
 1 file changed, 295 deletions(-)
 delete mode 100644 src/main/java/org/cryptomator/common/RecoverUtil.java

diff --git a/src/main/java/org/cryptomator/common/RecoverUtil.java b/src/main/java/org/cryptomator/common/RecoverUtil.java
deleted file mode 100644
index 73b7952f5..000000000
--- a/src/main/java/org/cryptomator/common/RecoverUtil.java
+++ /dev/null
@@ -1,295 +0,0 @@
-package org.cryptomator.common;
-
-import javafx.beans.property.IntegerProperty;
-import javafx.beans.property.StringProperty;
-import javafx.concurrent.Task;
-import javafx.stage.DirectoryChooser;
-import javafx.stage.Stage;
-import java.io.File;
-import java.io.IOException;
-import java.nio.ByteBuffer;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.StandardCopyOption;
-import java.security.SecureRandom;
-import java.util.Comparator;
-import java.util.List;
-import java.util.Optional;
-import java.util.ResourceBundle;
-import java.util.concurrent.atomic.AtomicBoolean;
-import java.util.stream.Stream;
-
-import static org.cryptomator.common.Constants.DEFAULT_KEY_ID;
-import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
-import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
-import static org.cryptomator.common.vaults.VaultState.Value.MASTERKEY_MISSING;
-import static org.cryptomator.common.vaults.VaultState.Value.VAULT_CONFIG_MISSING;
-import static org.cryptomator.cryptofs.common.Constants.DATA_DIR_NAME;
-import static org.cryptomator.cryptolib.api.CryptorProvider.Scheme.SIV_CTRMAC;
-import static org.cryptomator.cryptolib.api.CryptorProvider.Scheme.SIV_GCM;
-
-import org.apache.commons.lang3.SystemUtils;
-import org.cryptomator.common.settings.VaultSettings;
-import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.common.vaults.VaultComponent;
-import org.cryptomator.common.vaults.VaultConfigCache;
-import org.cryptomator.common.vaults.VaultListManager;
-import org.cryptomator.common.vaults.VaultState;
-import org.cryptomator.cryptofs.CryptoFileSystemProperties;
-import org.cryptomator.cryptofs.CryptoFileSystemProvider;
-import org.cryptomator.cryptolib.api.CryptoException;
-import org.cryptomator.cryptolib.api.Cryptor;
-import org.cryptomator.cryptolib.api.CryptorProvider;
-import org.cryptomator.cryptolib.api.Masterkey;
-import org.cryptomator.cryptolib.api.MasterkeyLoader;
-import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
-import org.cryptomator.integrations.mount.MountService;
-import org.cryptomator.ui.changepassword.NewPasswordController;
-import org.cryptomator.ui.dialogs.Dialogs;
-import org.cryptomator.ui.fxapp.FxApplicationWindows;
-import org.cryptomator.ui.recoverykey.RecoveryKeyFactory;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class RecoverUtil {
-
-	private static final Logger LOG = LoggerFactory.getLogger(RecoverUtil.class);
-
-	public static CryptorProvider.Scheme detectCipherCombo(byte[] masterkey, Path pathToVault) {
-		try (Stream<Path> paths = Files.walk(pathToVault.resolve(DATA_DIR_NAME))) {
-			Path c9rFile = paths.filter(path -> path.toString().endsWith(".c9r")).findFirst().orElseThrow(() -> new IllegalStateException("No .c9r file found. The vault might not exist or the provided masterkey does not match."));
-			CryptorProvider.Scheme scheme = determineScheme(c9rFile, masterkey);
-			if (scheme == null) {
-				throw new IllegalArgumentException("Invalid masterkey: Decryption failed.");
-			}
-			return scheme;
-		} catch (IOException e) {
-			throw new IllegalStateException("Failed to detect cipher combo.");
-		}
-	}
-
-	private static CryptorProvider.Scheme determineScheme(Path c9rFile, byte[] masterkey) {
-		try {
-			ByteBuffer header = ByteBuffer.wrap(Files.readAllBytes(c9rFile));
-			if (tryDecrypt(header, new Masterkey(masterkey), SIV_GCM)) {
-				return SIV_GCM;
-			}
-			if (tryDecrypt(header, new Masterkey(masterkey), SIV_CTRMAC)) {
-				return SIV_CTRMAC;
-			}
-		} catch (IOException e) {
-			throw new IllegalStateException("Failed to read .c9r file.", e);
-		}
-		return null;
-	}
-
-	private static boolean tryDecrypt(ByteBuffer header, Masterkey masterkey, CryptorProvider.Scheme scheme) {
-		try (Cryptor cryptor = CryptorProvider.forScheme(scheme).provide(masterkey, SecureRandom.getInstanceStrong())) {
-			cryptor.fileHeaderCryptor().decryptHeader(header.duplicate());
-			return true;
-		} catch (Exception e) {
-			return false;
-		}
-	}
-
-	public static boolean restoreBackupIfAvailable(Path configPath, VaultState.Value vaultState) {
-		try (Stream<Path> files = Files.list(configPath.getParent())) {
-			return files.filter(file -> matchesBackupFile(file.getFileName().toString(), vaultState)).findFirst().map(backupFile -> copyBackupFile(backupFile, configPath)).orElse(false);
-		} catch (IOException e) {
-			return false;
-		}
-	}
-
-	private static boolean matchesBackupFile(String fileName, VaultState.Value vaultState) {
-		return switch (vaultState) {
-			case VAULT_CONFIG_MISSING -> fileName.startsWith("vault.cryptomator") && fileName.endsWith(".bkup");
-			case MASTERKEY_MISSING -> fileName.startsWith("masterkey.cryptomator") && fileName.endsWith(".bkup");
-			default -> false;
-		};
-	}
-
-	private static boolean copyBackupFile(Path backupFile, Path configPath) {
-		try {
-			Files.copy(backupFile, configPath, StandardCopyOption.REPLACE_EXISTING);
-			return true;
-		} catch (IOException e) {
-			return false;
-		}
-	}
-
-	public static Path createRecoveryDirectory(Path vaultPath) throws IOException {
-		Path recoveryPath = vaultPath.resolve("r");
-		Files.createDirectory(recoveryPath);
-		return recoveryPath;
-	}
-
-	public static void createNewMasterkeyFile(RecoveryKeyFactory recoveryKeyFactory, Path recoveryPath, String recoveryKey, CharSequence newPassword) throws IOException {
-		recoveryKeyFactory.newMasterkeyFileWithPassphrase(recoveryPath, recoveryKey, newPassword);
-	}
-
-	public static Masterkey loadMasterkey(org.cryptomator.cryptolib.common.MasterkeyFileAccess masterkeyFileAccess, Path masterkeyFilePath, CharSequence password) throws IOException {
-		return masterkeyFileAccess.load(masterkeyFilePath, password);
-	}
-
-	public static void initializeCryptoFileSystem(Path recoveryPath, Masterkey masterkey, IntegerProperty shorteningThreshold, CryptorProvider.Scheme combo) throws IOException, CryptoException {
-		MasterkeyLoader loader = ignored -> masterkey.copy();
-		CryptoFileSystemProperties fsProps = CryptoFileSystemProperties.cryptoFileSystemProperties().withCipherCombo(combo).withKeyLoader(loader).withShorteningThreshold(shorteningThreshold.get()).build();
-		CryptoFileSystemProvider.initialize(recoveryPath, fsProps, DEFAULT_KEY_ID);
-	}
-
-	public static Optional<CryptorProvider.Scheme> getCipherCombo(Path vaultPath, Masterkey masterkey) {
-		try {
-			return Optional.of(RecoverUtil.detectCipherCombo(masterkey.getEncoded(), vaultPath));
-		} catch (Exception e) {
-			LOG.info("Failed to detect cipher combo.");
-			return Optional.empty();
-		}
-	}
-
-	public static Optional<CryptorProvider.Scheme> validateRecoveryKeyAndGetCombo(RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, MasterkeyFileAccess masterkeyFileAccess, AtomicBoolean illegalArgumentExceptionOccurred) {
-		var tmpPass = "asdasdasd";
-
-		try {
-			var tempRecoveryPath = createRecoveryDirectory(vault.getPath());
-			try {
-				createNewMasterkeyFile(recoveryKeyFactory, tempRecoveryPath, recoveryKey.get(), tmpPass);
-				var masterkeyFilePath = tempRecoveryPath.resolve(MASTERKEY_FILENAME);
-
-				try (var masterkey = loadMasterkey(masterkeyFileAccess, masterkeyFilePath, tmpPass)) {
-					return getCipherCombo(vault.getPath(), masterkey);
-				}
-			} finally {
-				deleteRecoveryDirectory(tempRecoveryPath);
-			}
-		} catch (IOException | CryptoException e) {
-			LOG.info("Recovery key validation failed");
-		} catch (IllegalArgumentException e) {
-			LOG.info("Recovery key has an illegal argument");
-			illegalArgumentExceptionOccurred.set(true);
-		}
-		return Optional.empty();
-	}
-
-	public static void moveRecoveredFiles(Path recoveryPath, Path vaultPath) throws IOException {
-		Files.move(recoveryPath.resolve(MASTERKEY_FILENAME), vaultPath.resolve(MASTERKEY_FILENAME), StandardCopyOption.REPLACE_EXISTING);
-		Files.move(recoveryPath.resolve(VAULTCONFIG_FILENAME), vaultPath.resolve(VAULTCONFIG_FILENAME));
-	}
-
-	public static void deleteRecoveryDirectory(Path recoveryPath) {
-		try (var paths = Files.walk(recoveryPath)) {
-			paths.sorted(Comparator.reverseOrder()).forEach(p -> {
-				try {
-					Files.delete(p);
-				} catch (IOException e) {
-					LOG.info("Unable to delete {}. Please delete it manually.", p);
-				}
-			});
-		} catch (IOException e) {
-			LOG.error("Failed to clean up recovery directory", e);
-		}
-	}
-
-	public static void addVaultToList(VaultListManager vaultListManager, Path vaultPath) throws IOException {
-		if (!vaultListManager.containsVault(vaultPath)) {
-			vaultListManager.add(vaultPath);
-		}
-	}
-
-	public static Task<Void> createResetPasswordTask(ResourceBundle resourceBundle, Stage owner, RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, NewPasswordController newPasswordController, Stage window, FxApplicationWindows appWindows, Dialogs dialogs) {
-
-		Task<Void> task = new ResetPasswordTask(recoveryKeyFactory, vault, recoveryKey, newPasswordController);
-
-		task.setOnScheduled(_ -> {
-			LOG.debug("Using recovery key to reset password for {}.", vault.getDisplayablePath());
-		});
-
-		task.setOnSucceeded(_ -> {
-			LOG.info("Used recovery key to reset password for {}.", vault.getDisplayablePath());
-			if (vault.getState().equals(MASTERKEY_MISSING)) {
-				dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle).setTitleKey("recoveryKey.recoverMasterkey.title").setMessageKey("recoveryKey.recover.resetMasterkeyFileSuccess.message").build().showAndWait();
-				window.close();
-			} else {
-				dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle).build().showAndWait();
-				window.close();
-			}
-		});
-
-		task.setOnFailed(_ -> {
-			LOG.error("Resetting password failed.", task.getException());
-			appWindows.showErrorWindow(task.getException(), window, null);
-		});
-
-		return task;
-	}
-
-
-	public static class ResetPasswordTask extends Task<Void> {
-
-		private static final Logger LOG = LoggerFactory.getLogger(ResetPasswordTask.class);
-		private final RecoveryKeyFactory recoveryKeyFactory;
-		private final Vault vault;
-		private final StringProperty recoveryKey;
-		private final NewPasswordController newPasswordController;
-
-		public ResetPasswordTask(RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, NewPasswordController newPasswordController) {
-			this.recoveryKeyFactory = recoveryKeyFactory;
-			this.vault = vault;
-			this.recoveryKey = recoveryKey;
-			this.newPasswordController = newPasswordController;
-
-			setOnFailed(event -> LOG.error("Failed to reset password", getException()));
-		}
-
-		@Override
-		protected Void call() throws IOException, IllegalArgumentException {
-			recoveryKeyFactory.newMasterkeyFileWithPassphrase(vault.getPath(), recoveryKey.get(), newPasswordController.passwordField.getCharacters());
-			return null;
-		}
-	}
-
-	public static Optional<Vault> checkAndPrepareVaultFromDirectory(DirectoryChooser directoryChooser, Stage window, Dialogs dialogs, VaultComponent.Factory vaultComponentFactory, List<MountService> mountServices) {
-
-		File selectedDirectory;
-		do {
-			selectedDirectory = directoryChooser.showDialog(window);
-			if (selectedDirectory == null) {
-				return Optional.empty();
-			}
-			boolean hasSubfolderD = new File(selectedDirectory, "d").isDirectory();
-
-			if (!hasSubfolderD) {
-				dialogs.prepareNoDDirectorySelectedDialog(window).build().showAndWait();
-				selectedDirectory = null;
-			}
-		} while (selectedDirectory == null);
-
-		Path selectedPath = selectedDirectory.toPath();
-		VaultSettings vaultSettings = VaultSettings.withRandomId();
-		vaultSettings.path.set(selectedPath);
-		if (selectedPath.getFileName() != null) {
-			vaultSettings.displayName.set(selectedPath.getFileName().toString());
-		} else {
-			vaultSettings.displayName.set("defaultVaultName");
-		}
-
-		var wrapper = new VaultConfigCache(vaultSettings);
-		Vault vault = vaultComponentFactory.create(vaultSettings, wrapper, VAULT_CONFIG_MISSING, null).vault();
-
-		//due to https://github.com/cryptomator/cryptomator/issues/2880#issuecomment-1680313498
-		var nameOfWinfspLocalMounter = "org.cryptomator.frontend.fuse.mount.WinFspMountProvider";
-		if (SystemUtils.IS_OS_WINDOWS && vaultSettings.path.get().toString().contains("Dropbox") && mountServices.stream().anyMatch(s -> s.getClass().getName().equals(nameOfWinfspLocalMounter))) {
-			vaultSettings.mountService.setValue(nameOfWinfspLocalMounter);
-		}
-
-		return Optional.of(vault);
-	}
-
-	public enum Type {
-		RESTORE_VAULT_CONFIG,
-		RESTORE_MASTERKEY,
-		RESET_PASSWORD,
-		SHOW_KEY,
-		CONVERT_VAULT;
-	}
-
-}

From 968e8f51e448be9f3c2300a42fe11da4fa943f22 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Fri, 30 May 2025 15:30:38 +0200
Subject: [PATCH 019/117] new onboarding dialog remove is hub vault dialog

---
 .../ChooseExistingVaultController.java        |  2 +-
 .../org/cryptomator/ui/common/FxmlFile.java   |  2 +-
 .../VaultDetailMissingVaultController.java    |  2 +-
 .../ui/recoverykey/RecoveryKeyComponent.java  |  8 +--
 .../ui/recoverykey/RecoveryKeyModule.java     | 15 ++--
 ...a => RecoveryKeyOnboardingController.java} |  6 +-
 .../fxml/recoverykey_is_hub_vault.fxml        | 57 ---------------
 .../fxml/recoverykey_onboarding.fxml          | 72 +++++++++++++++++++
 src/main/resources/i18n/strings.properties    |  7 +-
 9 files changed, 95 insertions(+), 76 deletions(-)
 rename src/main/java/org/cryptomator/ui/recoverykey/{RecoveryKeyIsHubVaultController.java => RecoveryKeyOnboardingController.java} (89%)
 delete mode 100644 src/main/resources/fxml/recoverykey_is_hub_vault.fxml
 create mode 100644 src/main/resources/fxml/recoverykey_onboarding.fxml

diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
index f040154ea..09ab0bf11 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -151,7 +151,7 @@ public class ChooseExistingVaultController implements FxController {
 		//TODO: optional raus, und mit error dialog arbeiten (UI kram in UI package!) hier nur fehler werfen
 		optionalVault.ifPresent(vault -> {
 			ObjectProperty<RecoveryActionType> recoverTypeProperty = new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG);
-			recoveryKeyWindow.create(vault, window, recoverTypeProperty).showIsHubVaultDialogWindow();
+			recoveryKeyWindow.create(vault, window, recoverTypeProperty).showOnboardingDialogWindow();
 		});
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/common/FxmlFile.java b/src/main/java/org/cryptomator/ui/common/FxmlFile.java
index 272a7817f..0bd5f5912 100644
--- a/src/main/java/org/cryptomator/ui/common/FxmlFile.java
+++ b/src/main/java/org/cryptomator/ui/common/FxmlFile.java
@@ -40,8 +40,8 @@ public enum FxmlFile {
 	QUIT("/fxml/quit.fxml"), //
 	QUIT_FORCED("/fxml/quit_forced.fxml"), //
 	RECOVERYKEY_CREATE("/fxml/recoverykey_create.fxml"), //
-	RECOVERYKEY_IS_HUB_VAULT("/fxml/recoverykey_is_hub_vault.fxml"), //
 	RECOVERYKEY_EXPERT_SETTINGS("/fxml/recoverykey_expert_settings.fxml"), //
+	RECOVERYKEY_ONBOARDING("/fxml/recoverykey_onboarding.fxml"), //
 	RECOVERYKEY_RECOVER("/fxml/recoverykey_recover.fxml"), //
 	RECOVERYKEY_RESET_PASSWORD("/fxml/recoverykey_reset_password.fxml"), //
 	RECOVERYKEY_SUCCESS("/fxml/recoverykey_success.fxml"), //
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
index 7f53346d7..067f98f97 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
@@ -62,7 +62,7 @@ public class VaultDetailMissingVaultController implements FxController {
 		}
 		else {
 			ObjectProperty<RecoveryActionType> recoverTypeProperty = new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG);
-			recoveryKeyWindow.create(vault.get(), window, recoverTypeProperty).showIsHubVaultDialogWindow();
+			recoveryKeyWindow.create(vault.get(), window, recoverTypeProperty).showOnboardingDialogWindow();
 		}
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
index 1c7419d9a..6bfe36a4f 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
@@ -26,8 +26,8 @@ public interface RecoveryKeyComponent {
 	@FxmlScene(FxmlFile.RECOVERYKEY_RECOVER)
 	Lazy<Scene> recoverScene();
 
-	@FxmlScene(FxmlFile.RECOVERYKEY_IS_HUB_VAULT)
-	Lazy<Scene> recoverIsHubVaultScene();
+	@FxmlScene(FxmlFile.RECOVERYKEY_ONBOARDING)
+	Lazy<Scene> recoverOnboardingScene();
 
 	default void showRecoveryKeyCreationWindow() {
 		Stage stage = window();
@@ -43,9 +43,9 @@ public interface RecoveryKeyComponent {
 		stage.show();
 	}
 
-	default void showIsHubVaultDialogWindow() {
+	default void showOnboardingDialogWindow() {
 		Stage stage = window();
-		stage.setScene(recoverIsHubVaultScene().get());
+		stage.setScene(recoverOnboardingScene().get());
 		stage.sizeToScene();
 		stage.show();
 	}
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
index f120e68b1..75957d374 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
@@ -107,10 +107,10 @@ abstract class RecoveryKeyModule {
 	}
 
 	@Provides
-	@FxmlScene(FxmlFile.RECOVERYKEY_IS_HUB_VAULT)
+	@FxmlScene(FxmlFile.RECOVERYKEY_ONBOARDING)
 	@RecoveryKeyScoped
-	static Scene provideRecoveryKeyIsHubVaultScene(@RecoveryKeyWindow FxmlLoaderFactory fxmlLoaders) {
-		return fxmlLoaders.createScene(FxmlFile.RECOVERYKEY_IS_HUB_VAULT);
+	static Scene provideRecoveryKeyOnboardingScene(@RecoveryKeyWindow FxmlLoaderFactory fxmlLoaders) {
+		return fxmlLoaders.createScene(FxmlFile.RECOVERYKEY_ONBOARDING);
 	}
 
 	@Provides
@@ -153,11 +153,6 @@ abstract class RecoveryKeyModule {
 	@FxControllerKey(RecoveryKeyExpertSettingsController.class)
 	abstract FxController provideRecoveryKeyExpertSettingsController(RecoveryKeyExpertSettingsController controller);
 
-	@Binds
-	@IntoMap
-	@FxControllerKey(RecoveryKeyIsHubVaultController.class)
-	abstract FxController provideRecoveryKeyIsHubVaultController(RecoveryKeyIsHubVaultController controller);
-
 	@Binds
 	@IntoMap
 	@FxControllerKey(RecoveryKeyRecoverController.class)
@@ -173,6 +168,10 @@ abstract class RecoveryKeyModule {
 	@FxControllerKey(RecoveryKeyResetPasswordController.class)
 	abstract FxController bindRecoveryKeyResetPasswordController(RecoveryKeyResetPasswordController controller);
 
+	@Binds
+	@IntoMap
+	@FxControllerKey(RecoveryKeyOnboardingController.class)
+	abstract FxController bindRecoveryKeyOnboardingController(RecoveryKeyOnboardingController controller);
 
 	@Provides
 	@IntoMap
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
similarity index 89%
rename from src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
rename to src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
index 4b0b440ec..7cee97b83 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyIsHubVaultController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
@@ -15,14 +15,14 @@ import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
 
 @RecoveryKeyScoped
-public class RecoveryKeyIsHubVaultController implements FxController {
+public class RecoveryKeyOnboardingController implements FxController {
 
 	private final Stage window;
 	private final Lazy<Scene> recoverykeyRecoverScene;
 	private final ObjectProperty<RecoveryActionType> recoverType;
 
 	@Inject
-	public RecoveryKeyIsHubVaultController(@RecoveryKeyWindow Stage window, //
+	public RecoveryKeyOnboardingController(@RecoveryKeyWindow Stage window, //
 										   @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverykeyRecoverScene, //
 										   @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
 										   ResourceBundle resourceBundle) {
@@ -39,7 +39,7 @@ public class RecoveryKeyIsHubVaultController implements FxController {
 	}
 
 	@FXML
-	public void recover() {
+	public void next() {
 		recoverType.set(RecoveryActionType.RESTORE_VAULT_CONFIG);
 		window.setScene(recoverykeyRecoverScene.get());
 	}
diff --git a/src/main/resources/fxml/recoverykey_is_hub_vault.fxml b/src/main/resources/fxml/recoverykey_is_hub_vault.fxml
deleted file mode 100644
index 953beab10..000000000
--- a/src/main/resources/fxml/recoverykey_is_hub_vault.fxml
+++ /dev/null
@@ -1,57 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<?import javafx.geometry.Insets?>
-<?import javafx.scene.control.Button?>
-<?import javafx.scene.control.ButtonBar?>
-<?import javafx.scene.control.Label?>
-<?import javafx.scene.Group?>
-<?import javafx.scene.layout.HBox?>
-<?import javafx.scene.layout.Region?>
-<?import javafx.scene.layout.StackPane?>
-<?import javafx.scene.layout.VBox?>
-<?import javafx.scene.shape.Circle?>
-<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
-<HBox xmlns:fx="http://javafx.com/fxml"
-	  xmlns="http://javafx.com/javafx"
-	  fx:controller="org.cryptomator.ui.recoverykey.RecoveryKeyIsHubVaultController"
-	  minWidth="400"
-	  maxWidth="400"
-	  minHeight="204"
-	  spacing="12"
-	  alignment="TOP_CENTER">
-	<padding>
-		<Insets topRightBottomLeft="12"/>
-	</padding>
-	<children>
-		<Group>
-			<StackPane>
-				<padding>
-					<Insets topRightBottomLeft="6"/>
-				</padding>
-				<Circle styleClass="glyph-icon-primary" radius="24"/>
-				<FontAwesome5IconView styleClass="glyph-icon-white" glyph="QUESTION" glyphSize="24"/>
-			</StackPane>
-		</Group>
-
-		<VBox HBox.hgrow="ALWAYS">
-			<Label styleClass="label-large" text="%recoveryKey.recover.onBoarding.title" wrapText="true">
-				<padding>
-					<Insets bottom="6" top="6"/>
-				</padding>
-			</Label>
-			<Label text="%recoveryKey.recover.onBoarding.message" wrapText="true"/>
-			<Label text="%recoveryKey.recover.onBoarding.description" wrapText="true">
-				<padding>
-					<Insets bottom="6" top="6"/>
-				</padding>
-			</Label>
-			<Region VBox.vgrow="ALWAYS" minHeight="18"/>
-			<ButtonBar buttonMinWidth="120" buttonOrder="+C">
-				<buttons>
-					<Button text="%generic.button.close" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
-					<Button text="%recoveryKey.recover.onBoarding.confirm" ButtonBar.buttonData="CANCEL_CLOSE" defaultButton="true" onAction="#recover"/>
-				</buttons>
-			</ButtonBar>
-		</VBox>
-	</children>
-</HBox>
diff --git a/src/main/resources/fxml/recoverykey_onboarding.fxml b/src/main/resources/fxml/recoverykey_onboarding.fxml
new file mode 100644
index 000000000..645efb136
--- /dev/null
+++ b/src/main/resources/fxml/recoverykey_onboarding.fxml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<?import javafx.geometry.Insets?>
+<?import javafx.scene.control.Button?>
+<?import javafx.scene.control.ButtonBar?>
+<?import javafx.scene.control.CheckBox?>
+<?import javafx.scene.control.Label?>
+<?import javafx.scene.image.Image?>
+<?import javafx.scene.image.ImageView?>
+<?import javafx.scene.layout.ColumnConstraints?>
+<?import javafx.scene.layout.GridPane?>
+<?import javafx.scene.layout.HBox?>
+<?import javafx.scene.layout.Region?>
+<?import javafx.scene.layout.RowConstraints?>
+<?import javafx.scene.layout.VBox?>
+<VBox xmlns:fx="http://javafx.com/fxml"
+	  xmlns="http://javafx.com/javafx"
+	  fx:controller="org.cryptomator.ui.recoverykey.RecoveryKeyOnboardingController"
+	  prefWidth="650"
+	  prefHeight="400"
+	  spacing="12">
+	<padding>
+		<Insets topRightBottomLeft="12"/>
+	</padding>
+	<children>
+		<HBox VBox.vgrow="ALWAYS">
+			<VBox alignment="CENTER" minWidth="175" maxWidth="175">
+				<ImageView VBox.vgrow="ALWAYS" fitHeight="128" preserveRatio="true" cache="true">
+					<Image url="@../img/logo128.png"/>
+				</ImageView>
+			</VBox>
+			<VBox HBox.hgrow="ALWAYS" alignment="CENTER">
+				<padding>
+					<Insets topRightBottomLeft="12"/>
+				</padding>
+				<Label text="%recoveryKey.recoverVaultConfig.title" styleClass="label-extra-large"/>
+				<Region minHeight="15"/>
+				<VBox>
+					<Label text="%recoveryKey.recover.onBoarding.message" wrapText="true"/>
+					<GridPane alignment="CENTER_LEFT" >
+						<padding>
+							<Insets left="6"/>
+						</padding>
+						<columnConstraints>
+							<ColumnConstraints minWidth="20" halignment="LEFT"/>
+							<ColumnConstraints fillWidth="true"/>
+						</columnConstraints>
+						<rowConstraints>
+							<RowConstraints valignment="TOP"/>
+							<RowConstraints valignment="TOP"/>
+							<RowConstraints valignment="TOP"/>
+						</rowConstraints>
+						<Label text="1." GridPane.rowIndex="0" GridPane.columnIndex="0" />
+						<Label text="%recoveryKey.recover.onBoarding.intro1" wrapText="true" GridPane.rowIndex="0" GridPane.columnIndex="1" />
+						<Label text="2." GridPane.rowIndex="1" GridPane.columnIndex="0" />
+						<Label text="%recoveryKey.recover.onBoarding.intro2" wrapText="true" GridPane.rowIndex="1" GridPane.columnIndex="1" />
+						<Label text="3." GridPane.rowIndex="2" GridPane.columnIndex="0" />
+						<Label text="%recoveryKey.recover.onBoarding.intro3" wrapText="true" GridPane.rowIndex="2" GridPane.columnIndex="1" />
+					</GridPane>
+					<Region minHeight="15"/>
+					<CheckBox text="%recoveryKey.recover.onBoarding.affirmation" fx:id="affirmationBox"/>
+				</VBox>
+			</VBox>
+		</HBox>
+		<ButtonBar buttonMinWidth="120" buttonOrder="+CX">
+			<buttons>
+				<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
+				<Button text="%generic.button.next" ButtonBar.buttonData="NEXT_FORWARD" disable="${!affirmationBox.selected}" defaultButton="true" onAction="#next"/>
+			</buttons>
+		</ButtonBar>
+	</children>
+</VBox>
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index 8bee16005..2f60efb8f 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -537,9 +537,14 @@ recoveryKey.recoverVaultConfig.title=Recover Vault Config
 recoveryKey.recoverMasterkey.title=Recover Masterkey
 
 recoveryKey.recover.onBoarding.title=Restore your vault.cryptomator file
-recoveryKey.recover.onBoarding.message=If your vault is a hub managed vault, the Hub Admin can restore the file for you.
+recoveryKey.recover.onBoarding.message=If your vault is a hub managed vault, the Hub Admin can restore the file for you. Otherwise:
 recoveryKey.recover.onBoarding.description=Otherwise you will need the Recovery Key of the vault, possible some expert settings, and a new vault password.
 recoveryKey.recover.onBoarding.confirm=Use RecoveryKey
+recoveryKey.recover.onBoarding.intro1=Ensure all files are completely synced.
+recoveryKey.recover.onBoarding.intro2=You will need the Recovery Key of the vault.
+recoveryKey.recover.onBoarding.intro3=A new vault password and possible some expert settings.
+recoveryKey.recover.onBoarding.affirmation=I have read and understood the above information
+
 
 # Convert Vault
 convertVault.title=Convert Vault

From 8c84720e24d51b2d584940d1f18afd3a9243446c Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 4 Jun 2025 10:47:56 +0200
Subject: [PATCH 020/117] solve some todos

---
 .../org/cryptomator/common/recovery/RecoveryDirectory.java   | 5 ++---
 .../ui/recoverykey/RecoveryKeyResetPasswordController.java   | 3 +--
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
index e57ca4f1d..654806582 100644
--- a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
+++ b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
@@ -28,7 +28,6 @@ public final class RecoveryDirectory implements AutoCloseable {
 	}
 
 	public static RecoveryDirectory create(Path vaultPath) throws IOException {
-		//TODO: Files.createTmpDirectory Doku lesen und ggf nutzen
 		Path recovery = addR(vaultPath);
 		Files.createDirectory(recovery);
 		return new RecoveryDirectory(vaultPath);
@@ -36,12 +35,12 @@ public final class RecoveryDirectory implements AutoCloseable {
 
 	public void moveRecoveredFiles() throws IOException {
 		Files.move(recoveryPath.resolve(MASTERKEY_FILENAME), vaultPath.resolve(MASTERKEY_FILENAME), StandardCopyOption.REPLACE_EXISTING);
-		Files.move(recoveryPath.resolve(VAULTCONFIG_FILENAME), vaultPath.resolve(VAULTCONFIG_FILENAME)); //TODO: ? StandardCopyOption.REPLACE_EXISTING
+		Files.move(recoveryPath.resolve(VAULTCONFIG_FILENAME), vaultPath.resolve(VAULTCONFIG_FILENAME), StandardCopyOption.REPLACE_EXISTING);
 	}
 
 	private void deleteRecoveryDirectory() {
 		try (var paths = Files.walk(recoveryPath)) {
-			paths.sorted(Comparator.reverseOrder()).forEach(p -> { //TODO: wieso reverseOrder
+			paths.sorted(Comparator.reverseOrder()).forEach(p -> {
 				try {
 					Files.delete(p);
 				} catch (IOException e) {
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index 640461251..fd19c44f7 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -128,12 +128,11 @@ public class RecoveryKeyResetPasswordController implements FxController {
 			if (!vaultListManager.containsVault(vault.getPath())) {
 				vaultListManager.add(vault.getPath());
 			}
-
+			window.close();
 			dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle)
 					.setTitleKey("recoveryKey.recoverVaultConfig.title")
 					.setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message")
 					.build().showAndWait();
-			window.close();
 
 		} catch (IOException | CryptoException e) {
 			LOG.error("Recovery process failed", e);

From 225332bd4fc40ef0671883e9a7100539c8bde795 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 5 Jun 2025 13:01:47 +0200
Subject: [PATCH 021/117] pr mentioned changes

---
 .../common/recovery/BackupRestorer.java       | 33 +++++++++++--------
 1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java b/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
index b61e29c10..76cc5d6ca 100644
--- a/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
+++ b/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
@@ -1,9 +1,10 @@
 package org.cryptomator.common.recovery;
 
-import static org.cryptomator.common.vaults.VaultState.Value.*;
-
 import java.io.IOException;
-import java.nio.file.*;
+import java.nio.file.Path;
+import java.nio.file.Files;
+import java.nio.file.StandardCopyOption;
+import java.nio.file.attribute.FileTime;
 import java.util.stream.Stream;
 
 import org.cryptomator.common.vaults.VaultState.Value;
@@ -13,19 +14,23 @@ public final class BackupRestorer {
 	private BackupRestorer() {}
 
 	public static boolean restoreIfPresent(Path vaultPath, Value vaultState) {
-		Path targetFile;
-		switch (vaultState) {
-			case VAULT_CONFIG_MISSING -> targetFile = vaultPath.resolve("vault.cryptomator");
-			case MASTERKEY_MISSING -> targetFile = vaultPath.resolve("masterkey.cryptomator");
-			default -> {
-				return false;
-			}
-		}
+		Path targetFile = switch (vaultState) {
+			case VAULT_CONFIG_MISSING -> vaultPath.resolve("vault.cryptomator");
+			case MASTERKEY_MISSING -> vaultPath.resolve("masterkey.cryptomator");
+			default -> throw new IllegalArgumentException("Unexpected vault state: " + vaultState);
+		};
 
 		try (Stream<Path> files = Files.list(vaultPath)) {
-			return files
-					.filter(file -> isValidBackupFileForState(file.getFileName().toString(), vaultState))
-					.findFirst()
+			return files.filter(file -> isValidBackupFileForState(file.getFileName().toString(), vaultState))
+					.max((f1, f2) -> {
+						try {
+							FileTime time1 = Files.getLastModifiedTime(f1);
+							FileTime time2 = Files.getLastModifiedTime(f2);
+							return time1.compareTo(time2);
+						} catch (IOException e) {
+							return 0;
+						}
+					})
 					.map(backupFile -> copyBackupFile(backupFile, targetFile))
 					.orElse(false);
 		} catch (IOException e) {

From 6d47f2863417dc314f6752b1527ac793e34d1e36 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 5 Jun 2025 13:15:54 +0200
Subject: [PATCH 022/117] changed shorteningThreshold to int optimize imports

---
 .../common/recovery/CryptoFsInitializer.java         | 12 ++++++------
 .../RecoveryKeyResetPasswordController.java          |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/CryptoFsInitializer.java b/src/main/java/org/cryptomator/common/recovery/CryptoFsInitializer.java
index c69e8dad8..359405d15 100644
--- a/src/main/java/org/cryptomator/common/recovery/CryptoFsInitializer.java
+++ b/src/main/java/org/cryptomator/common/recovery/CryptoFsInitializer.java
@@ -3,12 +3,12 @@ package org.cryptomator.common.recovery;
 import java.io.IOException;
 import java.nio.file.Path;
 
-import javafx.beans.property.IntegerProperty;
-
-import org.cryptomator.common.Constants;
 import org.cryptomator.cryptofs.CryptoFileSystemProperties;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
-import org.cryptomator.cryptolib.api.*;
+import org.cryptomator.cryptolib.api.Masterkey;
+import org.cryptomator.cryptolib.api.CryptorProvider;
+import org.cryptomator.cryptolib.api.CryptoException;
+import org.cryptomator.cryptolib.api.MasterkeyLoader;
 
 import static org.cryptomator.common.Constants.DEFAULT_KEY_ID;
 
@@ -18,7 +18,7 @@ public final class CryptoFsInitializer {
 
 	public static void init(Path recoveryPath,
 							Masterkey masterkey,
-							IntegerProperty shorteningThreshold,
+							int shorteningThreshold,
 							CryptorProvider.Scheme scheme) throws IOException, CryptoException {
 
 		MasterkeyLoader loader = ignored -> masterkey.copy();
@@ -26,7 +26,7 @@ public final class CryptoFsInitializer {
 				.cryptoFileSystemProperties() //
 				.withCipherCombo(scheme) //
 				.withKeyLoader(loader) //
-				.withShorteningThreshold(shorteningThreshold.get()) //
+				.withShorteningThreshold(shorteningThreshold) //
 				.build();
 		CryptoFileSystemProvider.initialize(recoveryPath, fsProps, DEFAULT_KEY_ID);
 	}
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index fd19c44f7..206111114 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -120,7 +120,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 			Path masterkeyFilePath = recoveryPath.resolve(MASTERKEY_FILENAME);
 
 			try (Masterkey masterkey = MasterkeyService.load(masterkeyFileAccess, masterkeyFilePath, newPasswordController.passwordField.getCharacters())) {
-				CryptoFsInitializer.init(recoveryPath, masterkey, shorteningThreshold, cipherCombo.get());
+				CryptoFsInitializer.init(recoveryPath, masterkey, shorteningThreshold.get(), cipherCombo.get());
 			}
 
 			recoveryDirectory.moveRecoveredFiles();

From d00d77b7476b80ff3e050bb7a459a2a088cea6c0 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 11 Jun 2025 13:49:12 +0200
Subject: [PATCH 023/117] optimised imports and some pr mentioned changes

---
 .../common/recovery/MasterkeyService.java     | 58 +++++++++----------
 .../RecoveryKeyValidateController.java        |  2 +-
 2 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
index b91b032dc..0b69d4d3b 100644
--- a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
+++ b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
@@ -1,25 +1,27 @@
 package org.cryptomator.common.recovery;
 
-import java.io.IOException;
-import java.nio.ByteBuffer;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.security.SecureRandom;
-import java.util.Arrays;
-import java.util.NoSuchElementException;
-import java.util.Optional;
-import java.util.UUID;
-import java.util.concurrent.atomic.AtomicBoolean;
-import java.util.stream.Stream;
-
 import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.cryptolib.api.*;
+import org.cryptomator.cryptolib.api.AuthenticationFailedException;
+import org.cryptomator.cryptolib.api.CryptoException;
+import org.cryptomator.cryptolib.api.Cryptor;
+import org.cryptomator.cryptolib.api.CryptorProvider;
+import org.cryptomator.cryptolib.api.Masterkey;
 import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.ui.recoverykey.RecoveryKeyFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javafx.beans.property.StringProperty;
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.Arrays;
+import java.util.Optional;
+import java.util.UUID;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.stream.Stream;
 
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 import static org.cryptomator.cryptofs.common.Constants.DATA_DIR_NAME;
@@ -38,13 +40,13 @@ public final class MasterkeyService {
 		return masterkeyFileAccess.load(masterkeyFilePath, password);
 	}
 
-	public static Optional<CryptorProvider.Scheme> validateRecoveryKeyAndDetectCombo(RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, MasterkeyFileAccess masterkeyFileAccess, AtomicBoolean illegalArgumentExceptionOccurred) {
+	public static Optional<CryptorProvider.Scheme> validateRecoveryKeyAndDetectCombo(RecoveryKeyFactory recoveryKeyFactory, Vault vault, String recoveryKey, MasterkeyFileAccess masterkeyFileAccess, AtomicBoolean illegalArgumentExceptionOccurred) {
 
-		var tmpPass = UUID.randomUUID().toString();
-		try(RecoveryDirectory recoveryDirectory = RecoveryDirectory.create(vault.getPath())) {
-			var tempRecoveryPath = recoveryDirectory.getRecoveryPath();
-			recoverFromRecoveryKey(recoveryKey.get(), recoveryKeyFactory, tempRecoveryPath, tmpPass);
-			var masterkeyFilePath = tempRecoveryPath.resolve(MASTERKEY_FILENAME);
+		String tmpPass = UUID.randomUUID().toString();
+		try (RecoveryDirectory recoveryDirectory = RecoveryDirectory.create(vault.getPath())) {
+			Path tempRecoveryPath = recoveryDirectory.getRecoveryPath();
+			recoverFromRecoveryKey(recoveryKey, recoveryKeyFactory, tempRecoveryPath, tmpPass);
+			Path masterkeyFilePath = tempRecoveryPath.resolve(MASTERKEY_FILENAME);
 
 			try (Masterkey mk = load(masterkeyFileAccess, masterkeyFilePath, tmpPass)) {
 				return detect(mk.getEncoded(), vault.getPath());
@@ -62,17 +64,16 @@ public final class MasterkeyService {
 			illegalArgumentExceptionOccurred.set(true);
 		}
 		return Optional.empty();
-
 	}
+
 	public static Optional<CryptorProvider.Scheme> detect(byte[] masterkey, Path vaultPath) {
 		try (Stream<Path> paths = Files.walk(vaultPath.resolve(DATA_DIR_NAME))) {
-			Path c9rFile = paths.filter(p -> p.toString().endsWith(".c9r"))
-					.findFirst().orElse(null);
-			if (c9rFile == null) {
+			Optional<Path> c9rFile = paths.filter(p -> p.toString().endsWith(".c9r")).findFirst();
+			if (c9rFile.isEmpty()) {
 				LOG.info("No *.c9r file found in {}", vaultPath);
 				return Optional.empty();
 			}
-			return determineScheme(c9rFile, masterkey); // jetzt auch ein Optional
+			return determineScheme(c9rFile.get(), masterkey); //
 		} catch (IOException e) {
 			LOG.debug("Failed to inspect vault", e);
 			return Optional.empty();
@@ -83,19 +84,18 @@ public final class MasterkeyService {
 		try {
 			ByteBuffer header = ByteBuffer.wrap(Files.readAllBytes(c9rFile));
 			return Arrays.stream(CryptorProvider.Scheme.values())
-					.filter(s -> tryDecrypt(header, new Masterkey(masterkey), s))
+					.filter(s -> isDecryptable(header, new Masterkey(masterkey), s))
 					.findFirst();
 		} catch (IOException e) {
 			LOG.info("Failed to decrypt .c9r file", e);
 			return Optional.empty();
 		}
 	}
-
-	private static boolean tryDecrypt(ByteBuffer header, Masterkey masterkey, CryptorProvider.Scheme scheme) {
+	private static boolean isDecryptable(ByteBuffer header, Masterkey masterkey, CryptorProvider.Scheme scheme) {
 		try (Cryptor cryptor = CryptorProvider.forScheme(scheme).provide(masterkey, SecureRandom.getInstanceStrong())) {
 			cryptor.fileHeaderCryptor().decryptHeader(header.duplicate());
 			return true;
-		} catch (Exception e) {
+		} catch (AuthenticationFailedException | NoSuchAlgorithmException e) {
 			return false;
 		}
 	}
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
index c579abf57..9858cad56 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
@@ -140,7 +140,7 @@ public class RecoveryKeyValidateController implements FxController {
 			case RESTORE_VAULT_CONFIG -> {
 				AtomicBoolean illegalArgumentExceptionOccurred = new AtomicBoolean(false);
 				var combo = MasterkeyService.validateRecoveryKeyAndDetectCombo(
-						recoveryKeyFactory, vault, recoveryKey, masterkeyFileAccess, illegalArgumentExceptionOccurred);
+						recoveryKeyFactory, vault, recoveryKey.get(), masterkeyFileAccess, illegalArgumentExceptionOccurred);
 				combo.ifPresent(cipherCombo::set);
 				if (illegalArgumentExceptionOccurred.get()) {
 					recoveryKeyState.set(RecoveryKeyState.INVALID);

From 8c9d75fe574c836b7fb8900748b83f62e114f9b8 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 12 Jun 2025 14:46:15 +0200
Subject: [PATCH 024/117] filter excluded filenames

---
 .../org/cryptomator/common/recovery/MasterkeyService.java  | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
index 0b69d4d3b..42a152d95 100644
--- a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
+++ b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
@@ -18,6 +18,7 @@ import java.nio.file.Path;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Arrays;
+import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
 import java.util.concurrent.atomic.AtomicBoolean;
@@ -68,7 +69,11 @@ public final class MasterkeyService {
 
 	public static Optional<CryptorProvider.Scheme> detect(byte[] masterkey, Path vaultPath) {
 		try (Stream<Path> paths = Files.walk(vaultPath.resolve(DATA_DIR_NAME))) {
-			Optional<Path> c9rFile = paths.filter(p -> p.toString().endsWith(".c9r")).findFirst();
+			List<String> excludedFilenames = List.of("dirid.c9r", "dir.c9r");
+			Optional<Path> c9rFile = paths
+					.filter(p -> p.toString().endsWith(".c9r"))
+					.filter(p -> excludedFilenames.stream().noneMatch(p.toString()::endsWith))
+					.findFirst();
 			if (c9rFile.isEmpty()) {
 				LOG.info("No *.c9r file found in {}", vaultPath);
 				return Optional.empty();

From 034a70d473cb3fac0b007994f52175957f38b8b2 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 16 Jun 2025 13:40:57 +0200
Subject: [PATCH 025/117] throw illegalArgumentException directly

---
 .../common/recovery/MasterkeyService.java     | 11 +++-------
 .../RecoveryKeyValidateController.java        | 21 ++++++++++---------
 2 files changed, 14 insertions(+), 18 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
index 42a152d95..a9f311b1d 100644
--- a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
+++ b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
@@ -41,8 +41,9 @@ public final class MasterkeyService {
 		return masterkeyFileAccess.load(masterkeyFilePath, password);
 	}
 
-	public static Optional<CryptorProvider.Scheme> validateRecoveryKeyAndDetectCombo(RecoveryKeyFactory recoveryKeyFactory, Vault vault, String recoveryKey, MasterkeyFileAccess masterkeyFileAccess, AtomicBoolean illegalArgumentExceptionOccurred) {
-
+	public static Optional<CryptorProvider.Scheme> validateRecoveryKeyAndDetectCombo(RecoveryKeyFactory recoveryKeyFactory, //
+																					 Vault vault, String recoveryKey, //
+																					 MasterkeyFileAccess masterkeyFileAccess) throws  IllegalArgumentException {
 		String tmpPass = UUID.randomUUID().toString();
 		try (RecoveryDirectory recoveryDirectory = RecoveryDirectory.create(vault.getPath())) {
 			Path tempRecoveryPath = recoveryDirectory.getRecoveryPath();
@@ -54,15 +55,9 @@ public final class MasterkeyService {
 			} catch (IOException | CryptoException e) {
 				LOG.info("Recovery key validation failed", e);
 				return Optional.empty();
-			} catch (IllegalArgumentException e) {
-				illegalArgumentExceptionOccurred.set(true);
-				return Optional.empty();
 			}
 		} catch (IOException | CryptoException e) {
 			LOG.info("Recovery key validation failed");
-		} catch (IllegalArgumentException e) {
-			LOG.info("Recovery key has an illegal argument");
-			illegalArgumentExceptionOccurred.set(true);
 		}
 		return Optional.empty();
 	}
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
index 9858cad56..5429f9825 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
@@ -25,7 +25,6 @@ import javafx.scene.control.TextArea;
 import javafx.scene.control.TextFormatter;
 import javafx.scene.input.KeyCode;
 import javafx.scene.input.KeyEvent;
-import java.util.concurrent.atomic.AtomicBoolean;
 
 import org.cryptomator.common.recovery.MasterkeyService;
 import org.cryptomator.common.recovery.RecoveryActionType;
@@ -138,16 +137,18 @@ public class RecoveryKeyValidateController implements FxController {
 	private void validateRecoveryKey() {
 		switch (recoverType.get()) {
 			case RESTORE_VAULT_CONFIG -> {
-				AtomicBoolean illegalArgumentExceptionOccurred = new AtomicBoolean(false);
-				var combo = MasterkeyService.validateRecoveryKeyAndDetectCombo(
-						recoveryKeyFactory, vault, recoveryKey.get(), masterkeyFileAccess, illegalArgumentExceptionOccurred);
-				combo.ifPresent(cipherCombo::set);
-				if (illegalArgumentExceptionOccurred.get()) {
+				try{
+					var combo = MasterkeyService.validateRecoveryKeyAndDetectCombo(
+							recoveryKeyFactory, vault, recoveryKey.get(), masterkeyFileAccess);
+					combo.ifPresent(cipherCombo::set);
+					if (combo.isPresent()) {
+						recoveryKeyState.set(RecoveryKeyState.CORRECT);
+					} else {
+						recoveryKeyState.set(RecoveryKeyState.WRONG);
+					}
+				}
+				catch (IllegalArgumentException e){
 					recoveryKeyState.set(RecoveryKeyState.INVALID);
-				} else if (combo.isPresent()) {
-					recoveryKeyState.set(RecoveryKeyState.CORRECT);
-				} else {
-					recoveryKeyState.set(RecoveryKeyState.WRONG);
 				}
 			}
 			case RESTORE_MASTERKEY, RESET_PASSWORD, SHOW_KEY, CONVERT_VAULT -> {

From abf8392baabf99e7a281faafb33db186806a3017 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 16 Jun 2025 13:49:59 +0200
Subject: [PATCH 026/117] use !Files.exists instead of Files.notExists

---
 .../java/org/cryptomator/common/vaults/VaultListManager.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index f3e42a797..bbe28bd7c 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -183,7 +183,7 @@ public class VaultListManager {
 		Path pathToVaultConfig = pathToVault.resolve("vault.cryptomator");
 		Path pathToMasterkey = pathToVault.resolve("masterkey.cryptomator");
 
-		if (Files.notExists(pathToVault)) {
+		if (!Files.exists(pathToVault)) {
 			return VaultState.Value.MISSING;
 		}
 

From 5c1364792ea01186d59a59144b66c456eb83eb3d Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 16 Jun 2025 14:03:59 +0200
Subject: [PATCH 027/117] unwrap ObjectProperty<RecoveryAction>

---
 .../ui/addvaultwizard/ChooseExistingVaultController.java | 3 +--
 .../cryptomator/ui/convertvault/ConvertVaultModule.java  | 2 +-
 .../ui/mainwindow/VaultDetailMissingVaultController.java | 6 ++----
 .../cryptomator/ui/recoverykey/RecoveryKeyComponent.java | 3 +--
 .../cryptomator/ui/recoverykey/RecoveryKeyModule.java    | 2 +-
 .../ui/recoverykey/RecoveryKeyOnboardingController.java  | 6 +++---
 .../ui/recoverykey/RecoveryKeyRecoverController.java     | 4 ++--
 .../recoverykey/RecoveryKeyResetPasswordController.java  | 8 ++++----
 .../ui/recoverykey/RecoveryKeyValidateController.java    | 9 ++++-----
 .../ui/vaultoptions/MasterkeyOptionsController.java      | 6 ++----
 10 files changed, 21 insertions(+), 28 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
index 09ab0bf11..05c6801fb 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -150,8 +150,7 @@ public class ChooseExistingVaultController implements FxController {
 				mountServices);
 		//TODO: optional raus, und mit error dialog arbeiten (UI kram in UI package!) hier nur fehler werfen
 		optionalVault.ifPresent(vault -> {
-			ObjectProperty<RecoveryActionType> recoverTypeProperty = new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG);
-			recoveryKeyWindow.create(vault, window, recoverTypeProperty).showOnboardingDialogWindow();
+			recoveryKeyWindow.create(vault, window, RecoveryActionType.RESTORE_VAULT_CONFIG).showOnboardingDialogWindow();
 		});
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
index a5fc761aa..438ae369a 100644
--- a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
+++ b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
@@ -122,7 +122,7 @@ abstract class ConvertVaultModule {
 	@IntoMap
 	@FxControllerKey(RecoveryKeyValidateController.class)
 	static FxController bindRecoveryKeyValidateController(@ConvertVaultWindow Vault vault, @ConvertVaultWindow VaultConfig.UnverifiedVaultConfig vaultConfig, @ConvertVaultWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory) {
-		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, new SimpleObjectProperty<>(RecoveryActionType.CONVERT_VAULT), null, null);
+		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, RecoveryActionType.CONVERT_VAULT, null, null);
 	}
 
 }
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
index 067f98f97..e23c4d95d 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
@@ -61,15 +61,13 @@ public class VaultDetailMissingVaultController implements FxController {
 			dialogs.prepareContactHubAdmin(window).build().showAndWait();
 		}
 		else {
-			ObjectProperty<RecoveryActionType> recoverTypeProperty = new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG);
-			recoveryKeyWindow.create(vault.get(), window, recoverTypeProperty).showOnboardingDialogWindow();
+			recoveryKeyWindow.create(vault.get(), window, RecoveryActionType.RESTORE_VAULT_CONFIG).showOnboardingDialogWindow();
 		}
 	}
 
 	@FXML
 	void restoreMasterkey() {
-		ObjectProperty<RecoveryActionType> recoverTypeProperty = new SimpleObjectProperty<>(RecoveryActionType.RESTORE_MASTERKEY);
-		recoveryKeyWindow.create(vault.get(), window, recoverTypeProperty).showRecoveryKeyRecoverWindow();
+		recoveryKeyWindow.create(vault.get(), window, RecoveryActionType.RESTORE_MASTERKEY).showRecoveryKeyRecoverWindow();
 	}
 
 	@FXML
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
index 6bfe36a4f..ddd9dffdd 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
@@ -9,7 +9,6 @@ import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
 
 import javax.inject.Named;
-import javafx.beans.property.ObjectProperty;
 import javafx.scene.Scene;
 import javafx.stage.Stage;
 
@@ -55,7 +54,7 @@ public interface RecoveryKeyComponent {
 
 		RecoveryKeyComponent create(@BindsInstance @RecoveryKeyWindow Vault vault, //
 									@BindsInstance @Named("keyRecoveryOwner") Stage owner, //
-									@BindsInstance @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType);
+									@BindsInstance @Named("recoverType") RecoveryActionType recoverType);
 	}
 
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
index 75957d374..e2ffb8428 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
@@ -176,7 +176,7 @@ abstract class RecoveryKeyModule {
 	@Provides
 	@IntoMap
 	@FxControllerKey(RecoveryKeyValidateController.class)
-	static FxController bindRecoveryKeyValidateController(@RecoveryKeyWindow Vault vault, @RecoveryKeyWindow @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, @RecoveryKeyWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory, @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo, @Nullable MasterkeyFileAccess masterkeyFileAccess) {
+	static FxController bindRecoveryKeyValidateController(@RecoveryKeyWindow Vault vault, @RecoveryKeyWindow @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, @RecoveryKeyWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory, @Named("recoverType") RecoveryActionType recoverType, @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo, @Nullable MasterkeyFileAccess masterkeyFileAccess) {
 		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, recoverType, cipherCombo, masterkeyFileAccess);
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
index 7cee97b83..460ec7436 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
@@ -19,12 +19,12 @@ public class RecoveryKeyOnboardingController implements FxController {
 
 	private final Stage window;
 	private final Lazy<Scene> recoverykeyRecoverScene;
-	private final ObjectProperty<RecoveryActionType> recoverType;
+	private RecoveryActionType recoverType;
 
 	@Inject
 	public RecoveryKeyOnboardingController(@RecoveryKeyWindow Stage window, //
 										   @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverykeyRecoverScene, //
-										   @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
+										   @Named("recoverType") RecoveryActionType recoverType, //
 										   ResourceBundle resourceBundle) {
 		this.window = window;
 		window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
@@ -40,7 +40,7 @@ public class RecoveryKeyOnboardingController implements FxController {
 
 	@FXML
 	public void next() {
-		recoverType.set(RecoveryActionType.RESTORE_VAULT_CONFIG);
+		recoverType = RecoveryActionType.RESTORE_VAULT_CONFIG;
 		window.setScene(recoverykeyRecoverScene.get());
 	}
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
index ed1275d5a..289740bf5 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
@@ -27,10 +27,10 @@ public class RecoveryKeyRecoverController implements FxController {
 	public RecoveryKeyRecoverController(@RecoveryKeyWindow Stage window, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD) Lazy<Scene> resetPasswordScene, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> expertSettingsScene, //
-										ResourceBundle resourceBundle, @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType) {
+										ResourceBundle resourceBundle, @Named("recoverType") RecoveryActionType recoverType) {
 		this.window = window;
 
-		this.nextScene = switch (recoverType.get()) {
+		this.nextScene = switch (recoverType) {
 			case RESTORE_VAULT_CONFIG -> {
 				window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
 				yield expertSettingsScene;
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index 206111114..23badcfcf 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -54,7 +54,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	private final MasterkeyFileAccess masterkeyFileAccess;
 	private final VaultListManager vaultListManager;
 	private final IntegerProperty shorteningThreshold;
-	private final ObjectProperty<RecoveryActionType> recoverType;
+	private final RecoveryActionType recoverType;
 	private final ObjectProperty<CryptorProvider.Scheme> cipherCombo;
 	private final ResourceBundle resourceBundle;
 	private final StringProperty buttonText = new SimpleStringProperty();
@@ -74,7 +74,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 											  MasterkeyFileAccess masterkeyFileAccess, //
 											  VaultListManager vaultListManager, //
 											  @Named("shorteningThreshold") IntegerProperty shorteningThreshold, //
-											  @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
+											  @Named("recoverType") RecoveryActionType recoverType, //
 											  @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo,//
 											  ResourceBundle resourceBundle, Dialogs dialogs) {
 		this.window = window;
@@ -92,7 +92,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 		this.resourceBundle = resourceBundle;
 		this.dialogs = dialogs;
 		this.owner = owner;
-		initButtonText(recoverType.get());
+		initButtonText(recoverType);
 	}
 
 	private void initButtonText(RecoveryActionType type) {
@@ -105,7 +105,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 
 	@FXML
 	public void close() {
-		if (recoverType.getValue().equals(RecoveryActionType.RESTORE_MASTERKEY)) {
+		if (recoverType.equals(RecoveryActionType.RESTORE_MASTERKEY)) {
 			window.close();
 		} else {
 			window.setScene(recoverExpertSettingsScene.get());
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
index 5429f9825..9a6e3d8b0 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
@@ -44,7 +44,7 @@ public class RecoveryKeyValidateController implements FxController {
 	private final ObjectProperty<RecoveryKeyState> recoveryKeyState;
 	private final ObjectProperty<CryptorProvider.Scheme> cipherCombo;
 	private final AutoCompleter autoCompleter;
-	private final ObjectProperty<RecoveryActionType> recoverType;
+	private final RecoveryActionType recoverType;
 	private final MasterkeyFileAccess masterkeyFileAccess;
 
 	private volatile boolean isWrongKey;
@@ -55,7 +55,7 @@ public class RecoveryKeyValidateController implements FxController {
 										 @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, //
 										 StringProperty recoveryKey, //
 										 RecoveryKeyFactory recoveryKeyFactory, //
-										 @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
+										 @Named("recoverType") RecoveryActionType recoverType, //
 										 @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo,//
 										 MasterkeyFileAccess masterkeyFileAccess) {
 		this.vault = vault;
@@ -135,11 +135,10 @@ public class RecoveryKeyValidateController implements FxController {
 	}
 
 	private void validateRecoveryKey() {
-		switch (recoverType.get()) {
+		switch (recoverType) {
 			case RESTORE_VAULT_CONFIG -> {
 				try{
-					var combo = MasterkeyService.validateRecoveryKeyAndDetectCombo(
-							recoveryKeyFactory, vault, recoveryKey.get(), masterkeyFileAccess);
+					var combo = MasterkeyService.validateRecoveryKeyAndDetectCombo(recoveryKeyFactory, vault, recoveryKey.get(), masterkeyFileAccess);
 					combo.ifPresent(cipherCombo::set);
 					if (combo.isPresent()) {
 						recoveryKeyState.set(RecoveryKeyState.CORRECT);
diff --git a/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java b/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
index c489f6230..ffc0ad8f8 100644
--- a/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
+++ b/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
@@ -50,14 +50,12 @@ public class MasterkeyOptionsController implements FxController {
 
 	@FXML
 	public void showRecoveryKey() {
-		ObjectProperty<RecoveryActionType> recoverTypeProperty = new SimpleObjectProperty<>(RecoveryActionType.SHOW_KEY);
-		recoveryKeyWindow.create(vault, window, recoverTypeProperty).showRecoveryKeyCreationWindow();
+		recoveryKeyWindow.create(vault, window, RecoveryActionType.SHOW_KEY).showRecoveryKeyCreationWindow();
 	}
 
 	@FXML
 	public void showRecoverVaultDialog() {
-		ObjectProperty<RecoveryActionType> recoverTypeProperty = new SimpleObjectProperty<>(RecoveryActionType.RESET_PASSWORD);
-		recoveryKeyWindow.create(vault, window, recoverTypeProperty).showRecoveryKeyRecoverWindow();
+		recoveryKeyWindow.create(vault, window, RecoveryActionType.RESET_PASSWORD).showRecoveryKeyRecoverWindow();
 	}
 
 	@FXML

From b0d2dcbff34cae1151ae0af58edd1a56a5954d83 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 16 Jun 2025 14:18:54 +0200
Subject: [PATCH 028/117] use constants

---
 .../java/org/cryptomator/common/vaults/VaultListManager.java  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index bbe28bd7c..9df291a4d 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -180,8 +180,8 @@ public class VaultListManager {
 	}
 
 	private static VaultState.Value determineVaultState(Path pathToVault, VaultSettings vaultSettings) throws IOException {
-		Path pathToVaultConfig = pathToVault.resolve("vault.cryptomator");
-		Path pathToMasterkey = pathToVault.resolve("masterkey.cryptomator");
+		Path pathToVaultConfig = pathToVault.resolve(VAULTCONFIG_FILENAME);
+		Path pathToMasterkey = pathToVault.resolve(MASTERKEY_FILENAME);
 
 		if (!Files.exists(pathToVault)) {
 			return VaultState.Value.MISSING;

From 5305c5a631e863f9321a35815f33e06f0ff5d56c Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 16 Jun 2025 14:28:18 +0200
Subject: [PATCH 029/117] optimised imports

---
 .../org/cryptomator/common/recovery/RecoveryDirectory.java    | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
index 654806582..953708535 100644
--- a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
+++ b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
@@ -1,7 +1,9 @@
 package org.cryptomator.common.recovery;
 
 import java.io.IOException;
-import java.nio.file.*;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.StandardCopyOption;
 import java.util.Comparator;
 
 import org.slf4j.Logger;

From c30a28aae0907157ae0d9ed6767df4bf188f222f Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 16 Jun 2025 14:37:17 +0200
Subject: [PATCH 030/117] Files.createTempDirectory instead of
 Files.createDirectory

---
 .../common/recovery/RecoveryDirectory.java         | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
index 953708535..c1f82e762 100644
--- a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
+++ b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
@@ -19,20 +19,14 @@ public final class RecoveryDirectory implements AutoCloseable {
 	private final Path recoveryPath;
 	private final Path vaultPath;
 
-
-	private static Path addR(Path p){
-		return p.resolve("r");
-	}
-
-	private RecoveryDirectory(Path vaultPath) {
+	private RecoveryDirectory(Path vaultPath, Path recoveryPath) {
 		this.vaultPath = vaultPath;
-		this.recoveryPath = addR(vaultPath);
+		this.recoveryPath = recoveryPath;
 	}
 
 	public static RecoveryDirectory create(Path vaultPath) throws IOException {
-		Path recovery = addR(vaultPath);
-		Files.createDirectory(recovery);
-		return new RecoveryDirectory(vaultPath);
+		Path tempDir = Files.createTempDirectory("r");
+		return new RecoveryDirectory(vaultPath, tempDir);
 	}
 
 	public void moveRecoveredFiles() throws IOException {

From da845c69416e8cb825d5d4235ada7969f4840c3b Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 16 Jun 2025 14:38:37 +0200
Subject: [PATCH 031/117] combined into a single if

---
 .../org/cryptomator/common/vaults/VaultListManager.java     | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index 9df291a4d..2a8f624b4 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -159,10 +159,8 @@ public class VaultListManager {
 		try {
 			VaultState.Value determined = determineVaultState(vault.getPath(), vault.getVaultSettings());
 
-			if (determined == MASTERKEY_MISSING) {
-				if (KeyLoadingStrategy.isHubVault(vault.getVaultConfigCache().getUnchecked().getKeyId().getScheme())) {
-					determined = LOCKED;
-				}
+			if (determined == MASTERKEY_MISSING && KeyLoadingStrategy.isHubVault(vault.getVaultConfigCache().getUnchecked().getKeyId().getScheme())) {
+				determined = LOCKED;
 			}
 
 			if (determined == LOCKED) {

From 4ddb6b73bd95a7cc88c58d660ec0d1310a562dee Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 16 Jun 2025 15:22:27 +0200
Subject: [PATCH 032/117] optimised structure and new function
 initializeLastKnownKeyLoaderIfPossible

---
 .../common/vaults/VaultListManager.java       | 25 +++++++++++++------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index 2a8f624b4..1515f2e3d 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -130,24 +130,33 @@ public class VaultListManager {
 	private Vault create(VaultSettings vaultSettings) {
 		var wrapper = new VaultConfigCache(vaultSettings);
 		try {
-			try {
-				if (Objects.isNull(vaultSettings.lastKnownKeyLoader.get())) {
-					var keyIdScheme = wrapper.get().getKeyId().getScheme();
-					vaultSettings.lastKnownKeyLoader.set(keyIdScheme);
-				}
-			} catch (NoSuchFileException e) {
-				LOG.warn("Vault config file not found.");
-			}
 			var vaultState = determineVaultState(vaultSettings.path.get(), vaultSettings);
 			if (vaultState == LOCKED) { //for legacy reasons: pre v8 vault do not have a config, but they are in the NEEDS_MIGRATION state
 				wrapper.reloadConfig();
 			}
+
+			if (vaultState != VaultState.Value.VAULT_CONFIG_MISSING) {
+				initializeLastKnownKeyLoaderIfPossible(vaultSettings, wrapper);
+			}
+
 			return vaultComponentFactory.create(vaultSettings, wrapper, vaultState, null).vault();
 		} catch (IOException e) {
 			LOG.warn("Failed to determine vault state for {}", vaultSettings.path.get(), e);
 			return vaultComponentFactory.create(vaultSettings, wrapper, ERROR, e).vault();
 		}
 	}
+
+	private void initializeLastKnownKeyLoaderIfPossible(VaultSettings vaultSettings, VaultConfigCache wrapper) throws IOException {
+		try {
+			if (vaultSettings.lastKnownKeyLoader.get() == null) {
+				var keyIdScheme = wrapper.get().getKeyId().getScheme();
+				vaultSettings.lastKnownKeyLoader.set(keyIdScheme);
+			}
+		} catch (NoSuchFileException e) {
+			LOG.warn("Vault config file not found.");
+		}
+	}
+
 	public static VaultState.Value redetermineVaultState(Vault vault) {
 		VaultState state  = vault.stateProperty();
 		VaultState.Value previous = state.getValue();

From 6fcec26eea913c8b873ba115e11c2c728f2e6f8b Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Tue, 17 Jun 2025 14:39:10 +0200
Subject: [PATCH 033/117] removed additional redetermineVaultState

---
 .../java/org/cryptomator/common/vaults/VaultListManager.java  | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index 1515f2e3d..603d17934 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -112,10 +112,6 @@ public class VaultListManager {
 
 	private void addAll(Collection<VaultSettings> vaultSettings) {
 		Collection<Vault> vaults = vaultSettings.stream().map(this::create).toList();
-		vaults.forEach(vault -> {
-			VaultState.Value newState = redetermineVaultState(vault);
-			LOG.info("New state for vault at {}: {}", vault.getPath(), newState);
-		});
 		vaultList.addAll(vaults);
 	}
 

From 5bdfffd151714f039611a442a084c15b39b8ef76 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 23 Jun 2025 09:20:25 +0200
Subject: [PATCH 034/117] directoryChooser cancelable

---
 .../ChooseExistingVaultController.java         | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
index 05c6801fb..e92439b83 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -135,16 +135,16 @@ public class ChooseExistingVaultController implements FxController {
 	public void restoreVaultConfigWithRecoveryKey() {
 		DirectoryChooser directoryChooser = new DirectoryChooser();
 
-		File selectedDirectory;
-		do {
-			selectedDirectory = directoryChooser.showDialog(window);
-			boolean hasSubfolderD = new File(selectedDirectory, "d").isDirectory();
+		File selectedDirectory = directoryChooser.showDialog(window);
+		if (selectedDirectory == null) {
+			return;
+		}
 
-			if (!hasSubfolderD) {
-				dialogs.prepareNoDDirectorySelectedDialog(window).build().showAndWait();
-				selectedDirectory = null;
-			}
-		} while (selectedDirectory == null);
+		boolean hasSubfolderD = new File(selectedDirectory, "d").isDirectory();
+		if (!hasSubfolderD) {
+			dialogs.prepareNoDDirectorySelectedDialog(window).build().showAndWait();
+			return;
+		}
 
 		Optional<Vault> optionalVault = prepareVault(selectedDirectory,vaultComponentFactory,
 				mountServices);

From 323a88471880f9eea28e689766c14c7db983911f Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 23 Jun 2025 09:47:07 +0200
Subject: [PATCH 035/117] fix sonar cloud security hotspot

---
 .../org/cryptomator/common/recovery/RecoveryDirectory.java | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
index c1f82e762..63dd61ac6 100644
--- a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
+++ b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
@@ -1,6 +1,8 @@
 package org.cryptomator.common.recovery;
 
 import java.io.IOException;
+import java.nio.file.attribute.PosixFilePermissions;
+import java.nio.file.attribute.FileAttribute;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.StandardCopyOption;
@@ -25,7 +27,10 @@ public final class RecoveryDirectory implements AutoCloseable {
 	}
 
 	public static RecoveryDirectory create(Path vaultPath) throws IOException {
-		Path tempDir = Files.createTempDirectory("r");
+		FileAttribute<?> attr = PosixFilePermissions.asFileAttribute(
+				PosixFilePermissions.fromString("rwx------")
+		);
+		Path tempDir = Files.createTempDirectory("r", attr);
 		return new RecoveryDirectory(vaultPath, tempDir);
 	}
 

From 321bd2ff8c9fb722a053829b0440f6b0ea66f81f Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 23 Jun 2025 10:00:38 +0200
Subject: [PATCH 036/117] deduplicate generic.button.close by define a constant

---
 src/main/java/org/cryptomator/ui/dialogs/Dialogs.java | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
index a71852050..a22a81a09 100644
--- a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
+++ b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
@@ -20,6 +20,8 @@ public class Dialogs {
 	private final ResourceBundle resourceBundle;
 	private final StageFactory stageFactory;
 
+	private static final String BUTTON_KEY_CLOSE = "generic.button.close";
+
 	@Inject
 	public Dialogs(ResourceBundle resourceBundle, StageFactory stageFactory) {
 		this.resourceBundle = resourceBundle;
@@ -53,7 +55,7 @@ public class Dialogs {
 				.setMessageKey("contactHubAdmin.message") //
 				.setDescriptionKey("contactHubAdmin.description") //
 				.setIcon(FontAwesome5Icon.EXCLAMATION)//
-				.setOkButtonKey("generic.button.close");
+				.setOkButtonKey(BUTTON_KEY_CLOSE);
 	}
 
 	public SimpleDialog.Builder prepareRecoverPasswordSuccess(Stage window, Stage owner, ResourceBundle resourceBundle) {
@@ -69,7 +71,7 @@ public class Dialogs {
 						owner.close();
 					}
 				})
-				.setOkButtonKey("generic.button.close");
+				.setOkButtonKey(BUTTON_KEY_CLOSE);
 	}
 
 	public SimpleDialog.Builder prepareRemoveCertDialog(Stage window, Settings settings) {
@@ -94,7 +96,7 @@ public class Dialogs {
 				.setMessageKey("dokanySupportEnd.message") //
 				.setDescriptionKey("dokanySupportEnd.description") //
 				.setIcon(FontAwesome5Icon.EXCLAMATION) //
-				.setOkButtonKey("generic.button.close") //
+				.setOkButtonKey(BUTTON_KEY_CLOSE) //
 				.setCancelButtonKey("dokanySupportEnd.preferencesBtn") //
 				.setOkAction(Stage::close) //
 				.setCancelAction(cancelAction);
@@ -108,7 +110,7 @@ public class Dialogs {
 				.setDescriptionKey("retryIfReadonly.description") //
 				.setIcon(FontAwesome5Icon.EXCLAMATION) //
 				.setOkButtonKey("retryIfReadonly.retry") //
-				.setCancelButtonKey("generic.button.close") //
+				.setCancelButtonKey(BUTTON_KEY_CLOSE) //
 				.setOkAction(okAction) //
 				.setCancelAction(Stage::close);
 	}

From 4280112eabb7221ad2f13855ad9e713bb1c12115 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 23 Jun 2025 13:19:35 +0200
Subject: [PATCH 037/117] remove Optional and improve prepareVault()

---
 .../common/vaults/VaultListManager.java       |  9 ++++-
 .../ChooseExistingVaultController.java        | 33 +++++++++++++------
 2 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index 105a8b40f..2e24bd404 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -125,6 +125,13 @@ public class VaultListManager {
 				.findAny();
 	}
 
+	public void addVault(Vault vault) {
+		Path path = vault.getPath().normalize().toAbsolutePath();
+		if (!containsVault(path)) {
+			vaultList.add(vault);
+		}
+	}
+
 	private Vault create(VaultSettings vaultSettings) {
 		var wrapper = new VaultConfigCache(vaultSettings);
 		try {
@@ -190,7 +197,7 @@ public class VaultListManager {
 		}
 	}
 
-	private static VaultState.Value determineVaultState(Path pathToVault, VaultSettings vaultSettings) throws IOException {
+	public static VaultState.Value determineVaultState(Path pathToVault, VaultSettings vaultSettings) throws IOException {
 		Path pathToVaultConfig = pathToVault.resolve(VAULTCONFIG_FILENAME);
 		Path pathToMasterkey = pathToVault.resolve(MASTERKEY_FILENAME);
 
diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
index e92439b83..f39fd56a2 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -22,6 +22,8 @@ import java.util.Optional;
 import java.util.ResourceBundle;
 
 import static org.cryptomator.common.Constants.CRYPTOMATOR_FILENAME_GLOB;
+import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
+import static org.cryptomator.common.vaults.VaultState.Value.MASTERKEY_MISSING;
 import static org.cryptomator.common.vaults.VaultState.Value.VAULT_CONFIG_MISSING;
 
 import dagger.Lazy;
@@ -32,7 +34,9 @@ import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultComponent;
 import org.cryptomator.common.vaults.VaultConfigCache;
 import org.cryptomator.common.vaults.VaultListManager;
+import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.integrations.mount.MountService;
+import org.cryptomator.integrations.mount.Mountpoint;
 import org.cryptomator.integrations.uiappearance.Theme;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
@@ -146,16 +150,20 @@ public class ChooseExistingVaultController implements FxController {
 			return;
 		}
 
-		Optional<Vault> optionalVault = prepareVault(selectedDirectory,vaultComponentFactory,
-				mountServices);
-		//TODO: optional raus, und mit error dialog arbeiten (UI kram in UI package!) hier nur fehler werfen
-		optionalVault.ifPresent(vault -> {
-			recoveryKeyWindow.create(vault, window, RecoveryActionType.RESTORE_VAULT_CONFIG).showOnboardingDialogWindow();
-		});
+		Vault preparedVault = prepareVault(selectedDirectory, vaultComponentFactory, mountServices);
+		VaultState.Value state = preparedVault.getState();
+		switch (state) {
+			case VAULT_CONFIG_MISSING -> recoveryKeyWindow.create(preparedVault, window, RecoveryActionType.RESTORE_VAULT_CONFIG).showOnboardingDialogWindow();
+			case MASTERKEY_MISSING -> recoveryKeyWindow.create(preparedVault, window, RecoveryActionType.RESTORE_MASTERKEY).showOnboardingDialogWindow();
+			default -> {
+				vaultListManager.addVault(preparedVault);
+				vault.set(preparedVault);
+				window.setScene(successScene.get());
+			}
+		}
 	}
 
-	public static Optional<Vault> prepareVault(File selectedDirectory, VaultComponent.Factory vaultComponentFactory, List<MountService> mountServices) {
-
+	public static Vault prepareVault(File selectedDirectory, VaultComponent.Factory vaultComponentFactory, List<MountService> mountServices) {
 		Path selectedPath = selectedDirectory.toPath();
 		VaultSettings vaultSettings = VaultSettings.withRandomId();
 		vaultSettings.path.set(selectedPath);
@@ -166,7 +174,12 @@ public class ChooseExistingVaultController implements FxController {
 		}
 
 		var wrapper = new VaultConfigCache(vaultSettings);
-		Vault vault = vaultComponentFactory.create(vaultSettings, wrapper, VAULT_CONFIG_MISSING, null).vault(); //TODO: VAULT_CONFIG_MISSING nicht sicher, stand nochmal überprüfen
+		Vault vault = vaultComponentFactory.create(vaultSettings, wrapper, VAULT_CONFIG_MISSING, null).vault();
+		try {
+			VaultListManager.determineVaultState(vault.getPath(), vaultSettings);
+		} catch (IOException e) {
+			LOG.warn("Failed to determine vault state for {}", vaultSettings.path.get(), e);
+		}
 
 		//due to https://github.com/cryptomator/cryptomator/issues/2880#issuecomment-1680313498
 		var nameOfWinfspLocalMounter = "org.cryptomator.frontend.fuse.mount.WinFspMountProvider";
@@ -174,7 +187,7 @@ public class ChooseExistingVaultController implements FxController {
 			vaultSettings.mountService.setValue(nameOfWinfspLocalMounter);
 		}
 
-		return Optional.of(vault);
+		return vault;
 	}
 
 	/* Getter */

From acf11da202655cd36e9c11fff6fc25a13243929c Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 30 Jun 2025 09:26:30 +0200
Subject: [PATCH 038/117] cleanup removed MASTERKEY_MISSING new
 recoveryActionType RESTORE_ALL

---
 .../common/recovery/BackupRestorer.java       |  20 +--
 .../common/recovery/RecoveryActionType.java   |   3 +-
 .../common/recovery/RecoveryDirectory.java    |   8 +-
 .../org/cryptomator/common/vaults/Vault.java  |  14 +--
 .../common/vaults/VaultListManager.java       |  28 ++---
 .../cryptomator/common/vaults/VaultState.java |   4 +-
 .../ChooseExistingVaultController.java        |  11 +-
 .../ui/convertvault/ConvertVaultModule.java   |   2 +-
 .../ui/fxapp/FxApplicationModule.java         |   7 +-
 .../ChooseMasterkeyFileController.java        |  36 +++++-
 .../ui/mainwindow/VaultDetailController.java  |   2 +-
 .../VaultDetailMissingVaultController.java    |  26 +++-
 .../mainwindow/VaultListCellController.java   |   2 +-
 .../VaultListContextMenuController.java       |   4 +-
 .../ui/recoverykey/RecoveryKeyComponent.java  |   3 +-
 .../RecoveryKeyCreationController.java        | 106 +++++++++++++++-
 .../RecoveryKeyExpertSettingsController.java  |  46 +++++--
 .../ui/recoverykey/RecoveryKeyModule.java     |   2 +-
 .../RecoveryKeyOnboardingController.java      | 119 ++++++++++++++++--
 .../RecoveryKeyRecoverController.java         |  28 ++++-
 .../RecoveryKeyResetPasswordController.java   | 100 ++++++++-------
 .../RecoveryKeyValidateController.java        |   8 +-
 .../cryptomator/ui/unlock/UnlockModule.java   |   3 +-
 .../MasterkeyOptionsController.java           |   5 +-
 .../resources/fxml/recoverykey_create.fxml    |   6 +-
 .../fxml/recoverykey_onboarding.fxml          |  25 ++--
 .../resources/fxml/recoverykey_recover.fxml   |   4 +-
 .../fxml/recoverykey_reset_password.fxml      |   5 +-
 .../fxml/unlock_select_masterkeyfile.fxml     |   4 +-
 src/main/resources/fxml/vault_detail.fxml     |   1 -
 .../fxml/vault_detail_missing_masterkey.fxml  |   5 +
 src/main/resources/i18n/strings.properties    |   6 +
 32 files changed, 468 insertions(+), 175 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java b/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
index 76cc5d6ca..488e5b6e1 100644
--- a/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
+++ b/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
@@ -7,21 +7,17 @@ import java.nio.file.StandardCopyOption;
 import java.nio.file.attribute.FileTime;
 import java.util.stream.Stream;
 
-import org.cryptomator.common.vaults.VaultState.Value;
+import static org.cryptomator.common.Constants.MASTERKEY_BACKUP_SUFFIX;
 
 public final class BackupRestorer {
 
 	private BackupRestorer() {}
 
-	public static boolean restoreIfPresent(Path vaultPath, Value vaultState) {
-		Path targetFile = switch (vaultState) {
-			case VAULT_CONFIG_MISSING -> vaultPath.resolve("vault.cryptomator");
-			case MASTERKEY_MISSING -> vaultPath.resolve("masterkey.cryptomator");
-			default -> throw new IllegalArgumentException("Unexpected vault state: " + vaultState);
-		};
+	public static boolean restoreIfPresent(Path vaultPath, String fileName) {
+		Path targetFile = vaultPath.resolve(fileName);
 
 		try (Stream<Path> files = Files.list(vaultPath)) {
-			return files.filter(file -> isValidBackupFileForState(file.getFileName().toString(), vaultState))
+			return files.filter(file -> isValidBackupFileForState(file.getFileName().toString(), fileName))
 					.max((f1, f2) -> {
 						try {
 							FileTime time1 = Files.getLastModifiedTime(f1);
@@ -38,12 +34,8 @@ public final class BackupRestorer {
 		}
 	}
 
-	private static boolean isValidBackupFileForState(String fileName, Value vaultState) {
-		return switch (vaultState) {
-			case VAULT_CONFIG_MISSING -> fileName.startsWith("vault.cryptomator") && fileName.endsWith(".bkup");
-			case MASTERKEY_MISSING -> fileName.startsWith("masterkey.cryptomator") && fileName.endsWith(".bkup");
-			default -> false;
-		};
+	private static boolean isValidBackupFileForState(String fileName, String vaultState) {
+		return fileName.startsWith(vaultState) && fileName.endsWith(MASTERKEY_BACKUP_SUFFIX);
 	}
 
 	private static boolean copyBackupFile(Path backupFile, Path configPath) {
diff --git a/src/main/java/org/cryptomator/common/recovery/RecoveryActionType.java b/src/main/java/org/cryptomator/common/recovery/RecoveryActionType.java
index 32f28d613..a05073dad 100644
--- a/src/main/java/org/cryptomator/common/recovery/RecoveryActionType.java
+++ b/src/main/java/org/cryptomator/common/recovery/RecoveryActionType.java
@@ -1,8 +1,9 @@
 package org.cryptomator.common.recovery;
 
 public enum RecoveryActionType {
-	RESTORE_VAULT_CONFIG,
+	RESTORE_ALL,
 	RESTORE_MASTERKEY,
+	RESTORE_VAULT_CONFIG,
 	RESET_PASSWORD,
 	SHOW_KEY,
 	CONVERT_VAULT
diff --git a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
index 63dd61ac6..1fa52cf61 100644
--- a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
+++ b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
@@ -11,9 +11,6 @@ import java.util.Comparator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
-import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
-
 public final class RecoveryDirectory implements AutoCloseable {
 
 	private static final Logger LOG = LoggerFactory.getLogger(RecoveryDirectory.class);
@@ -34,9 +31,8 @@ public final class RecoveryDirectory implements AutoCloseable {
 		return new RecoveryDirectory(vaultPath, tempDir);
 	}
 
-	public void moveRecoveredFiles() throws IOException {
-		Files.move(recoveryPath.resolve(MASTERKEY_FILENAME), vaultPath.resolve(MASTERKEY_FILENAME), StandardCopyOption.REPLACE_EXISTING);
-		Files.move(recoveryPath.resolve(VAULTCONFIG_FILENAME), vaultPath.resolve(VAULTCONFIG_FILENAME), StandardCopyOption.REPLACE_EXISTING);
+	public void moveRecoveredFile(String file) throws IOException {
+		Files.move(recoveryPath.resolve(file), vaultPath.resolve(file), StandardCopyOption.REPLACE_EXISTING);
 	}
 
 	private void deleteRecoveryDirectory() {
diff --git a/src/main/java/org/cryptomator/common/vaults/Vault.java b/src/main/java/org/cryptomator/common/vaults/Vault.java
index 5c315283b..2fa613e3e 100644
--- a/src/main/java/org/cryptomator/common/vaults/Vault.java
+++ b/src/main/java/org/cryptomator/common/vaults/Vault.java
@@ -23,7 +23,6 @@ import org.cryptomator.cryptofs.event.FilesystemEvent;
 import org.cryptomator.cryptolib.api.CryptoException;
 import org.cryptomator.cryptolib.api.MasterkeyLoader;
 import org.cryptomator.cryptolib.api.MasterkeyLoadingFailedException;
-import org.cryptomator.event.VaultEvent;
 import org.cryptomator.integrations.mount.MountFailedException;
 import org.cryptomator.integrations.mount.Mountpoint;
 import org.cryptomator.integrations.mount.UnmountFailedException;
@@ -35,7 +34,6 @@ import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
 import javax.inject.Named;
-import javafx.application.Platform;
 import javafx.beans.Observable;
 import javafx.beans.binding.Bindings;
 import javafx.beans.binding.BooleanBinding;
@@ -75,7 +73,6 @@ public class Vault {
 	private final BooleanBinding missing;
 	private final BooleanBinding needsMigration;
 	private final BooleanBinding unknownError;
-	private final BooleanBinding missingMasterkey;
 	private final BooleanBinding missingVaultConfig;
 	private final ObjectBinding<Mountpoint> mountPoint;
 	private final Mounter mounter;
@@ -105,7 +102,6 @@ public class Vault {
 		this.processing = Bindings.createBooleanBinding(this::isProcessing, state);
 		this.unlocked = Bindings.createBooleanBinding(this::isUnlocked, state);
 		this.missing = Bindings.createBooleanBinding(this::isMissing, state);
-		this.missingMasterkey = Bindings.createBooleanBinding(this::isMissingMasterkey, state);
 		this.missingVaultConfig = Bindings.createBooleanBinding(this::isMissingVaultConfig, state);
 		this.needsMigration = Bindings.createBooleanBinding(this::isNeedsMigration, state);
 		this.unknownError = Bindings.createBooleanBinding(this::isUnknownError, state);
@@ -340,20 +336,12 @@ public class Vault {
 		return state.get() == VaultState.Value.ERROR;
 	}
 
-	public BooleanBinding missingMasterkeyProperty() {
-		return missingMasterkey;
-	}
-
-	public boolean isMissingMasterkey() {
-		return state.get() == VaultState.Value.MASTERKEY_MISSING;
-	}
-
 	public BooleanBinding missingVaultConfigProperty() {
 		return missingVaultConfig;
 	}
 
 	public boolean isMissingVaultConfig() {
-		return state.get() == VaultState.Value.VAULT_CONFIG_MISSING;
+		return state.get() == VaultState.Value.VAULT_CONFIG_MISSING || state.get() == VaultState.Value.ALL_MISSING;
 	}
 
 	public ReadOnlyStringProperty displayNameProperty() {
diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index 2e24bd404..c7e03ae70 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -25,10 +25,11 @@ import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
 import static org.cryptomator.common.vaults.VaultState.Value.ERROR;
 import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
-import static org.cryptomator.common.vaults.VaultState.Value.MASTERKEY_MISSING;
+import static org.cryptomator.common.vaults.VaultState.Value.ALL_MISSING;
 import static org.cryptomator.common.vaults.VaultState.Value.NEEDS_MIGRATION;
 import static org.cryptomator.common.vaults.VaultState.Value.PROCESSING;
 import static org.cryptomator.common.vaults.VaultState.Value.UNLOCKED;
+import static org.cryptomator.common.vaults.VaultState.Value.VAULT_CONFIG_MISSING;
 
 import org.apache.commons.lang3.SystemUtils;
 import org.cryptomator.common.Constants;
@@ -39,7 +40,6 @@ import org.cryptomator.cryptofs.CryptoFileSystemProvider;
 import org.cryptomator.cryptofs.DirStructure;
 import org.cryptomator.cryptofs.migration.Migrators;
 import org.cryptomator.integrations.mount.MountService;
-import org.cryptomator.ui.keyloading.KeyLoadingStrategy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -146,7 +146,7 @@ public class VaultListManager {
 				vaultSettings.lastKnownKeyLoader.set(Constants.DEFAULT_KEY_ID.toString());
 			}
 
-			if (vaultState != VaultState.Value.VAULT_CONFIG_MISSING) {
+			if (vaultState != VAULT_CONFIG_MISSING) {
 				initializeLastKnownKeyLoaderIfPossible(vaultSettings, wrapper);
 			}
 
@@ -179,10 +179,6 @@ public class VaultListManager {
 		try {
 			VaultState.Value determined = determineVaultState(vault.getPath(), vault.getVaultSettings());
 
-			if (determined == MASTERKEY_MISSING && KeyLoadingStrategy.isHubVault(vault.getVaultConfigCache().getUnchecked().getKeyId().getScheme())) {
-				determined = LOCKED;
-			}
-
 			if (determined == LOCKED) {
 				vault.getVaultConfigCache().reloadConfig();
 			}
@@ -205,24 +201,18 @@ public class VaultListManager {
 			return VaultState.Value.MISSING;
 		}
 
-		boolean vaultConfigRestored = Files.notExists(pathToVaultConfig)
-				&& BackupRestorer.restoreIfPresent(pathToVaultConfig.getParent(), VaultState.Value.VAULT_CONFIG_MISSING);
+		BackupRestorer.restoreIfPresent(pathToVaultConfig.getParent(), VAULTCONFIG_FILENAME);
 
-		boolean masterkeyRestored = Files.notExists(pathToMasterkey)
-				&& KeyLoadingStrategy.isMasterkeyFileVault(vaultSettings.lastKnownKeyLoader.get())
-				&& BackupRestorer.restoreIfPresent(pathToMasterkey.getParent(), VaultState.Value.MASTERKEY_MISSING);
+		BackupRestorer.restoreIfPresent(pathToMasterkey.getParent(), MASTERKEY_FILENAME);
 
-		if (vaultConfigRestored || masterkeyRestored) {
-			return LOCKED;
+		if (!Files.exists(pathToVaultConfig) && !Files.exists(pathToMasterkey)) {
+			return ALL_MISSING;
 		}
 
-		if (Files.notExists(pathToVaultConfig)) {
-			return VaultState.Value.VAULT_CONFIG_MISSING;
+		if (!Files.exists(pathToVaultConfig)) {
+			return VAULT_CONFIG_MISSING;
 		}
 
-		if (Files.notExists(pathToMasterkey) && KeyLoadingStrategy.isMasterkeyFileVault(vaultSettings.lastKnownKeyLoader.get())) {
-			return VaultState.Value.MASTERKEY_MISSING;
-		}
 
 		return checkDirStructure(pathToVault);
 	}
diff --git a/src/main/java/org/cryptomator/common/vaults/VaultState.java b/src/main/java/org/cryptomator/common/vaults/VaultState.java
index 0d65d5c2e..f8b9b412a 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultState.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultState.java
@@ -31,9 +31,9 @@ public class VaultState extends ObservableValueBase<VaultState.Value> implements
 		VAULT_CONFIG_MISSING,
 
 		/**
-		 * No masterkey found at the provided path
+		 * No vault config and masterkey found at the provided path
 		 */
-		MASTERKEY_MISSING,
+		ALL_MISSING,
 
 		/**
 		 * Vault requires migration to a newer vault format
diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
index f39fd56a2..490b08303 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -18,13 +18,10 @@ import java.io.IOException;
 import java.nio.file.Path;
 import java.util.List;
 import java.util.Objects;
-import java.util.Optional;
 import java.util.ResourceBundle;
 
 import static org.cryptomator.common.Constants.CRYPTOMATOR_FILENAME_GLOB;
 import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
-import static org.cryptomator.common.vaults.VaultState.Value.MASTERKEY_MISSING;
-import static org.cryptomator.common.vaults.VaultState.Value.VAULT_CONFIG_MISSING;
 
 import dagger.Lazy;
 import org.apache.commons.lang3.SystemUtils;
@@ -36,7 +33,6 @@ import org.cryptomator.common.vaults.VaultConfigCache;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.integrations.mount.MountService;
-import org.cryptomator.integrations.mount.Mountpoint;
 import org.cryptomator.integrations.uiappearance.Theme;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
@@ -151,10 +147,11 @@ public class ChooseExistingVaultController implements FxController {
 		}
 
 		Vault preparedVault = prepareVault(selectedDirectory, vaultComponentFactory, mountServices);
+		VaultListManager.redetermineVaultState(preparedVault);
 		VaultState.Value state = preparedVault.getState();
 		switch (state) {
-			case VAULT_CONFIG_MISSING -> recoveryKeyWindow.create(preparedVault, window, RecoveryActionType.RESTORE_VAULT_CONFIG).showOnboardingDialogWindow();
-			case MASTERKEY_MISSING -> recoveryKeyWindow.create(preparedVault, window, RecoveryActionType.RESTORE_MASTERKEY).showOnboardingDialogWindow();
+			case VAULT_CONFIG_MISSING -> recoveryKeyWindow.create(preparedVault, window, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG)).showOnboardingDialogWindow();
+			case ALL_MISSING -> recoveryKeyWindow.create(preparedVault, window, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_ALL)).showOnboardingDialogWindow();
 			default -> {
 				vaultListManager.addVault(preparedVault);
 				vault.set(preparedVault);
@@ -174,7 +171,7 @@ public class ChooseExistingVaultController implements FxController {
 		}
 
 		var wrapper = new VaultConfigCache(vaultSettings);
-		Vault vault = vaultComponentFactory.create(vaultSettings, wrapper, VAULT_CONFIG_MISSING, null).vault();
+		Vault vault = vaultComponentFactory.create(vaultSettings, wrapper, LOCKED, null).vault();
 		try {
 			VaultListManager.determineVaultState(vault.getPath(), vaultSettings);
 		} catch (IOException e) {
diff --git a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
index 438ae369a..a5fc761aa 100644
--- a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
+++ b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
@@ -122,7 +122,7 @@ abstract class ConvertVaultModule {
 	@IntoMap
 	@FxControllerKey(RecoveryKeyValidateController.class)
 	static FxController bindRecoveryKeyValidateController(@ConvertVaultWindow Vault vault, @ConvertVaultWindow VaultConfig.UnverifiedVaultConfig vaultConfig, @ConvertVaultWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory) {
-		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, RecoveryActionType.CONVERT_VAULT, null, null);
+		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, new SimpleObjectProperty<>(RecoveryActionType.CONVERT_VAULT), null, null);
 	}
 
 }
diff --git a/src/main/java/org/cryptomator/ui/fxapp/FxApplicationModule.java b/src/main/java/org/cryptomator/ui/fxapp/FxApplicationModule.java
index 8eb221883..74abac546 100644
--- a/src/main/java/org/cryptomator/ui/fxapp/FxApplicationModule.java
+++ b/src/main/java/org/cryptomator/ui/fxapp/FxApplicationModule.java
@@ -15,15 +15,13 @@ import org.cryptomator.ui.lock.LockComponent;
 import org.cryptomator.ui.mainwindow.MainWindowComponent;
 import org.cryptomator.ui.preferences.PreferencesComponent;
 import org.cryptomator.ui.quit.QuitComponent;
+import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 import org.cryptomator.ui.sharevault.ShareVaultComponent;
 import org.cryptomator.ui.traymenu.TrayMenuComponent;
 import org.cryptomator.ui.unlock.UnlockComponent;
 import org.cryptomator.ui.updatereminder.UpdateReminderComponent;
 import org.cryptomator.ui.vaultoptions.VaultOptionsComponent;
 
-import javax.inject.Named;
-import javafx.beans.property.BooleanProperty;
-import javafx.beans.property.SimpleBooleanProperty;
 import javafx.scene.image.Image;
 import java.io.IOException;
 import java.io.InputStream;
@@ -40,7 +38,8 @@ import java.io.InputStream;
 		HealthCheckComponent.class, //
 		UpdateReminderComponent.class, //
 		ShareVaultComponent.class, //
-		EventViewComponent.class})
+		EventViewComponent.class, //
+		RecoveryKeyComponent.class})
 abstract class FxApplicationModule {
 
 	private static Image createImageFromResource(String resourceName) throws IOException {
diff --git a/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java b/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java
index 9b2231921..722c780b4 100644
--- a/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java
+++ b/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java
@@ -1,14 +1,18 @@
 package org.cryptomator.ui.keyloading.masterkeyfile;
 
+import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.keyloading.KeyLoading;
+import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
-import javafx.beans.binding.StringBinding;
+import javafx.beans.property.SimpleObjectProperty;
 import javafx.fxml.FXML;
+import javafx.scene.control.Button;
+import javafx.scene.control.CheckBox;
 import javafx.stage.FileChooser;
 import javafx.stage.Stage;
 import javafx.stage.WindowEvent;
@@ -27,17 +31,39 @@ public class ChooseMasterkeyFileController implements FxController {
 	private final Stage window;
 	private final Vault vault;
 	private final CompletableFuture<Path> result;
+	private final RecoveryKeyComponent.Factory recoveryKeyWindow;
 	private final ResourceBundle resourceBundle;
 
+	@FXML private CheckBox restoreInsteadCheckBox;
+	@FXML private Button chooseButton;
+
 	@Inject
-	public ChooseMasterkeyFileController(@KeyLoading Stage window, @KeyLoading Vault vault, CompletableFuture<Path> result, ResourceBundle resourceBundle) {
+	public ChooseMasterkeyFileController(@KeyLoading Stage window, //
+										 @KeyLoading Vault vault, //
+										 CompletableFuture<Path> result, //
+										 RecoveryKeyComponent.Factory recoveryKeyWindow, //
+										 ResourceBundle resourceBundle) {
 		this.window = window;
 		this.vault = vault;
 		this.result = result;
+		this.recoveryKeyWindow = recoveryKeyWindow;
 		this.resourceBundle = resourceBundle;
 		this.window.setOnHiding(this::windowClosed);
 	}
 
+	@FXML
+	private void initialize() {
+		restoreInsteadCheckBox.selectedProperty().addListener((_, _, newVal) -> {
+			if (newVal) {
+				chooseButton.setText(resourceBundle.getString("addvaultwizard.existing.restore"));
+				chooseButton.setOnAction(e -> restoreMasterkey());
+			} else {
+				chooseButton.setText(resourceBundle.getString("generic.button.choose"));
+				chooseButton.setOnAction(e -> proceed());
+			}
+		});
+	}
+
 	@FXML
 	public void cancel() {
 		window.close();
@@ -47,6 +73,12 @@ public class ChooseMasterkeyFileController implements FxController {
 		result.cancel(true);
 	}
 
+	@FXML
+	void restoreMasterkey() {
+		window.close();
+		recoveryKeyWindow.create(vault, window, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_MASTERKEY)).showOnboardingDialogWindow();
+	}
+
 	@FXML
 	public void proceed() {
 		LOG.trace("proceed()");
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java
index 7838ba3cb..be4f7f78c 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java
@@ -52,7 +52,7 @@ public class VaultDetailController implements FxController {
 				case LOCKED -> FontAwesome5Icon.LOCK;
 				case PROCESSING -> FontAwesome5Icon.SPINNER;
 				case UNLOCKED -> FontAwesome5Icon.LOCK_OPEN;
-				case NEEDS_MIGRATION, MISSING, VAULT_CONFIG_MISSING, MASTERKEY_MISSING, ERROR -> FontAwesome5Icon.EXCLAMATION_TRIANGLE;
+				case NEEDS_MIGRATION, MISSING, VAULT_CONFIG_MISSING, ALL_MISSING, ERROR -> FontAwesome5Icon.EXCLAMATION_TRIANGLE;
 			};
 		} else {
 			return FontAwesome5Icon.EXCLAMATION_TRIANGLE;
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
index e23c4d95d..dff3c0a4e 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
@@ -3,8 +3,10 @@ package org.cryptomator.ui.mainwindow;
 import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultListManager;
+import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.dialogs.Dialogs;
+import org.cryptomator.ui.fxapp.FxApplicationWindows;
 import org.cryptomator.ui.keyloading.KeyLoadingStrategy;
 import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 
@@ -16,13 +18,17 @@ import javafx.fxml.FXML;
 import javafx.stage.FileChooser;
 import javafx.stage.Stage;
 import java.io.File;
+import java.nio.file.Files;
 import java.util.ResourceBundle;
 
 import static org.cryptomator.common.Constants.CRYPTOMATOR_FILENAME_GLOB;
+import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 
 @MainWindowScoped
 public class VaultDetailMissingVaultController implements FxController {
 
+	private final FxApplicationWindows appWindows;
+	private final Stage mainWindow;
 	private final ObjectProperty<Vault> vault;
 	private final ObservableList<Vault> vaults;
 	private final ResourceBundle resourceBundle;
@@ -31,12 +37,17 @@ public class VaultDetailMissingVaultController implements FxController {
 	private final Dialogs dialogs;
 
 	@Inject
-	public VaultDetailMissingVaultController(ObjectProperty<Vault> vault, //
+	public VaultDetailMissingVaultController(FxApplicationWindows appWindows, //
+											 @MainWindow Stage mainWindow, //
+											 ObjectProperty<Vault> vault, //
 											 ObservableList<Vault> vaults, //
 											 ResourceBundle resourceBundle, //
 											 @MainWindow Stage window, //
 											 Dialogs dialogs, //
 											 RecoveryKeyComponent.Factory recoveryKeyWindow) {
+
+		this.appWindows = appWindows;
+		this.mainWindow = mainWindow;
 		this.vault = vault;
 		this.vaults = vaults;
 		this.resourceBundle = resourceBundle;
@@ -60,14 +71,23 @@ public class VaultDetailMissingVaultController implements FxController {
 		if(KeyLoadingStrategy.isHubVault(vault.get().getVaultSettings().lastKnownKeyLoader.get())){
 			dialogs.prepareContactHubAdmin(window).build().showAndWait();
 		}
+		else if(Files.exists(vault.get().getPath().resolve(MASTERKEY_FILENAME))){
+			recoveryKeyWindow.create(vault.get(), window, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG)).showOnboardingDialogWindow();
+		}
 		else {
-			recoveryKeyWindow.create(vault.get(), window, RecoveryActionType.RESTORE_VAULT_CONFIG).showOnboardingDialogWindow();
+			recoveryKeyWindow.create(vault.get(), window, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_ALL)).showOnboardingDialogWindow();
 		}
 	}
 
 	@FXML
 	void restoreMasterkey() {
-		recoveryKeyWindow.create(vault.get(), window, RecoveryActionType.RESTORE_MASTERKEY).showRecoveryKeyRecoverWindow();
+		recoveryKeyWindow.create(vault.get(), window, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_MASTERKEY)).showRecoveryKeyRecoverWindow();
+	}
+
+	@FXML
+	public void unlock() {
+		vault.get().stateProperty().set(VaultState.Value.LOCKED);
+		appWindows.startUnlockWorkflow(vault.get(), mainWindow);
 	}
 
 	@FXML
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java
index 3697906c0..9324c8c7b 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java
@@ -55,7 +55,7 @@ public class VaultListCellController implements FxController {
 				case LOCKED -> FontAwesome5Icon.LOCK;
 				case PROCESSING -> FontAwesome5Icon.SPINNER;
 				case UNLOCKED -> FontAwesome5Icon.LOCK_OPEN;
-				case NEEDS_MIGRATION, MISSING, VAULT_CONFIG_MISSING, MASTERKEY_MISSING, ERROR -> FontAwesome5Icon.EXCLAMATION_TRIANGLE;
+				case NEEDS_MIGRATION, MISSING, VAULT_CONFIG_MISSING, ALL_MISSING, ERROR -> FontAwesome5Icon.EXCLAMATION_TRIANGLE;
 			};
 		} else {
 			return FontAwesome5Icon.EXCLAMATION_TRIANGLE;
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java
index 5a26967fa..e4b942503 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java
@@ -22,7 +22,7 @@ import java.util.Objects;
 
 import static org.cryptomator.common.vaults.VaultState.Value.ERROR;
 import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
-import static org.cryptomator.common.vaults.VaultState.Value.MASTERKEY_MISSING;
+import static org.cryptomator.common.vaults.VaultState.Value.ALL_MISSING;
 import static org.cryptomator.common.vaults.VaultState.Value.MISSING;
 import static org.cryptomator.common.vaults.VaultState.Value.NEEDS_MIGRATION;
 import static org.cryptomator.common.vaults.VaultState.Value.UNLOCKED;
@@ -65,7 +65,7 @@ public class VaultListContextMenuController implements FxController {
 
 		this.selectedVaultState = selectedVault.flatMap(Vault::stateProperty).orElse(null);
 		this.selectedVaultPassphraseStored = selectedVault.map(this::isPasswordStored).orElse(false);
-		this.selectedVaultRemovable = selectedVaultState.map(EnumSet.of(LOCKED, MISSING, ERROR, NEEDS_MIGRATION, MASTERKEY_MISSING, VAULT_CONFIG_MISSING)::contains).orElse(false);
+		this.selectedVaultRemovable = selectedVaultState.map(EnumSet.of(LOCKED, MISSING, ERROR, NEEDS_MIGRATION, ALL_MISSING, VAULT_CONFIG_MISSING)::contains).orElse(false);
 		this.selectedVaultUnlockable = selectedVaultState.map(LOCKED::equals).orElse(false);
 		this.selectedVaultLockable = selectedVaultState.map(UNLOCKED::equals).orElse(false);
 	}
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
index ddd9dffdd..6bfe36a4f 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
@@ -9,6 +9,7 @@ import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
 
 import javax.inject.Named;
+import javafx.beans.property.ObjectProperty;
 import javafx.scene.Scene;
 import javafx.stage.Stage;
 
@@ -54,7 +55,7 @@ public interface RecoveryKeyComponent {
 
 		RecoveryKeyComponent create(@BindsInstance @RecoveryKeyWindow Vault vault, //
 									@BindsInstance @Named("keyRecoveryOwner") Stage owner, //
-									@BindsInstance @Named("recoverType") RecoveryActionType recoverType);
+									@BindsInstance @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType);
 	}
 
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
index 77f191015..0b1c69286 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
@@ -1,28 +1,45 @@
 package org.cryptomator.ui.recoverykey;
 
 import dagger.Lazy;
+import org.cryptomator.common.recovery.CryptoFsInitializer;
+import org.cryptomator.common.recovery.MasterkeyService;
+import org.cryptomator.common.recovery.RecoveryActionType;
+import org.cryptomator.common.recovery.RecoveryDirectory;
 import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.cryptolib.api.CryptoException;
 import org.cryptomator.cryptolib.api.InvalidPassphraseException;
+import org.cryptomator.cryptolib.api.Masterkey;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.ui.common.Animations;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.controls.FormattedLabel;
 import org.cryptomator.ui.controls.NiceSecurePasswordField;
+import org.cryptomator.ui.dialogs.Dialogs;
 import org.cryptomator.ui.fxapp.FxApplicationWindows;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
+import javax.inject.Named;
+import javafx.beans.property.IntegerProperty;
+import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.StringProperty;
 import javafx.concurrent.Task;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
+import javafx.scene.control.Button;
 import javafx.stage.Stage;
 import java.io.IOException;
+import java.nio.file.Path;
 import java.util.ResourceBundle;
 import java.util.concurrent.ExecutorService;
 
+import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
+import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
+
 @RecoveryKeyScoped
 public class RecoveryKeyCreationController implements FxController {
 
@@ -30,23 +47,74 @@ public class RecoveryKeyCreationController implements FxController {
 
 	private final Stage window;
 	private final Lazy<Scene> successScene;
+	private final Lazy<Scene> recoverykeyExpertSettingsScene;
+	private final MasterkeyFileAccess masterkeyFileAccess;
 	private final Vault vault;
 	private final ExecutorService executor;
 	private final RecoveryKeyFactory recoveryKeyFactory;
 	private final StringProperty recoveryKeyProperty;
 	private final FxApplicationWindows appWindows;
 	public NiceSecurePasswordField passwordField;
+	private final IntegerProperty shorteningThreshold;
+	private final ObjectProperty<RecoveryActionType> recoverType;
+	private final ResourceBundle resourceBundle;
+	public FormattedLabel descriptionLabel;
+	public Button cancelButton;
+	public Button nextButton;
+	private final VaultListManager vaultListManager;
+	private final Dialogs dialogs;
+	private final Stage owner;
 
 	@Inject
-	public RecoveryKeyCreationController(@RecoveryKeyWindow Stage window, @FxmlScene(FxmlFile.RECOVERYKEY_SUCCESS) Lazy<Scene> successScene, @RecoveryKeyWindow Vault vault, RecoveryKeyFactory recoveryKeyFactory, ExecutorService executor, @RecoveryKeyWindow StringProperty recoveryKey, FxApplicationWindows appWindows, ResourceBundle resourceBundle) {
+	public RecoveryKeyCreationController(FxApplicationWindows appWindows, //
+										 @RecoveryKeyWindow Stage window, //
+										 @Named("keyRecoveryOwner") Stage owner, //
+										 @FxmlScene(FxmlFile.RECOVERYKEY_SUCCESS) Lazy<Scene> successScene, //
+										 @FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> recoverykeyExpertSettingsScene, //
+										 @RecoveryKeyWindow Vault vault, //
+										 RecoveryKeyFactory recoveryKeyFactory, //
+										 MasterkeyFileAccess masterkeyFileAccess, //
+										 ExecutorService executor, //
+										 @RecoveryKeyWindow StringProperty recoveryKey, //
+										 @Named("shorteningThreshold") IntegerProperty shorteningThreshold, //
+										 @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
+										 VaultListManager vaultListManager, //
+										 ResourceBundle resourceBundle, //
+										 Dialogs dialogs) {
 		this.window = window;
-		window.setTitle(resourceBundle.getString("recoveryKey.display.title"));
 		this.successScene = successScene;
+		this.recoverykeyExpertSettingsScene = recoverykeyExpertSettingsScene;
 		this.vault = vault;
 		this.executor = executor;
 		this.recoveryKeyFactory = recoveryKeyFactory;
 		this.recoveryKeyProperty = recoveryKey;
 		this.appWindows = appWindows;
+		this.recoverType = recoverType;
+		this.resourceBundle = resourceBundle;
+		this.masterkeyFileAccess = masterkeyFileAccess;
+		this.shorteningThreshold = shorteningThreshold;
+		this.vaultListManager = vaultListManager;
+		this.owner = owner;
+		this.dialogs = dialogs;
+	}
+
+	@FXML
+	public void initialize() {
+		if (recoverType.get().equals(RecoveryActionType.SHOW_KEY)) {
+			window.setTitle(resourceBundle.getString("recoveryKey.display.title"));
+		} else if (recoverType.get().equals(RecoveryActionType.RESTORE_VAULT_CONFIG)) {
+			window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
+			descriptionLabel.formatProperty().set(resourceBundle.getString("recoveryKey.recover.description"));
+			cancelButton.setOnAction((_) -> back());
+			cancelButton.setText(resourceBundle.getString("generic.button.back"));
+			nextButton.setOnAction((_) -> restoreWithPassword());
+		}
+	}
+
+	@FXML
+	public void back() {
+		window.setScene(recoverykeyExpertSettingsScene.get());
+		window.centerOnScreen();
 	}
 
 	@FXML
@@ -71,6 +139,40 @@ public class RecoveryKeyCreationController implements FxController {
 		executor.submit(task);
 	}
 
+	@FXML
+	public void restoreWithPassword() {
+
+		try (RecoveryDirectory recoveryDirectory = RecoveryDirectory.create(vault.getPath())) {
+			Path recoveryPath = recoveryDirectory.getRecoveryPath();
+
+			Path masterkeyFilePath = vault.getPath().resolve(MASTERKEY_FILENAME);
+
+			try (Masterkey masterkey = MasterkeyService.load(masterkeyFileAccess, masterkeyFilePath, passwordField.getCharacters())) {
+				var combo = MasterkeyService.detect(masterkey.getEncoded(), vault.getPath());
+				CryptoFsInitializer.init(recoveryPath, masterkey, shorteningThreshold.get(), combo.get());
+			}
+
+			recoveryDirectory.moveRecoveredFile(VAULTCONFIG_FILENAME);
+
+			if (!vaultListManager.containsVault(vault.getPath())) {
+				vaultListManager.add(vault.getPath());
+			}
+			window.close();
+			dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle) //
+					.setTitleKey("recoveryKey.recoverVaultConfig.title") //
+					.setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message") //
+					.build().showAndWait();
+
+		} catch (InvalidPassphraseException e) {
+			LOG.info("Password invalid", e);
+			Animations.createShakeWindowAnimation(window).play();
+		} catch (IOException | CryptoException e) {
+			LOG.error("Recovery process failed", e);
+			appWindows.showErrorWindow(e, window, null);
+		}
+	}
+
+
 	@FXML
 	public void close() {
 		window.close();
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
index ce9ad4a26..1555eac68 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
@@ -6,17 +6,23 @@ import javafx.application.Application;
 import javafx.beans.binding.Bindings;
 import javafx.beans.binding.BooleanBinding;
 import javafx.beans.property.IntegerProperty;
+import javafx.beans.property.ObjectProperty;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
 import javafx.scene.control.CheckBox;
 import javafx.stage.Stage;
 
 import dagger.Lazy;
+import org.cryptomator.common.recovery.RecoveryActionType;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.ui.addvaultwizard.CreateNewVaultExpertSettingsController;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
 import org.cryptomator.ui.controls.NumericTextField;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 @RecoveryKeyScoped
 public class RecoveryKeyExpertSettingsController implements FxController {
@@ -27,28 +33,40 @@ public class RecoveryKeyExpertSettingsController implements FxController {
 
 	private final Stage window;
 	private final Lazy<Application> application;
-	private final Lazy<Scene> resetPasswordScene;
-	private final Lazy<Scene> recoverScene;
-
-	public CheckBox expertSettingsCheckBox;
-	public NumericTextField shorteningThresholdTextField;
+	private final Vault vault;
+	private final ObjectProperty<RecoveryActionType> recoverType;
 	private final IntegerProperty shorteningThreshold;
+	private final Lazy<Scene> resetPasswordScene;
+	private final Lazy<Scene> createScene;
+	private final Lazy<Scene> onBoardingScene;
+	private final Lazy<Scene> recoverScene;
 	private final BooleanBinding validShorteningThreshold;
 
+	@FXML public CheckBox expertSettingsCheckBox;
+	@FXML public NumericTextField shorteningThresholdTextField;
+
+	private static final Logger LOG = LoggerFactory.getLogger(RecoveryKeyExpertSettingsController.class);
 
 	@Inject
 	public RecoveryKeyExpertSettingsController(@RecoveryKeyWindow Stage window, //
 											   Lazy<Application> application, //
+											   @RecoveryKeyWindow Vault vault, //
+											   @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
 											   @Named("shorteningThreshold") IntegerProperty shorteningThreshold, //
 											   @FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD) Lazy<Scene> resetPasswordScene, //
+											   @FxmlScene(FxmlFile.RECOVERYKEY_CREATE) Lazy<Scene> createScene, //
+											   @FxmlScene(FxmlFile.RECOVERYKEY_ONBOARDING) Lazy<Scene> onBoardingScene, //
 											   @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverScene) {
 		this.window = window;
 		this.application = application;
-		this.resetPasswordScene = resetPasswordScene;
-		this.recoverScene = recoverScene;
+		this.vault = vault;
+		this.recoverType = recoverType;
 		this.shorteningThreshold = shorteningThreshold;
+		this.resetPasswordScene = resetPasswordScene;
+		this.createScene = createScene;
+		this.onBoardingScene = onBoardingScene;
+		this.recoverScene = recoverScene;
 		this.validShorteningThreshold = Bindings.createBooleanBinding(this::isValidShorteningThreshold, shorteningThreshold);
-
 	}
 
 	@FXML
@@ -87,11 +105,19 @@ public class RecoveryKeyExpertSettingsController implements FxController {
 
 	@FXML
 	public void back() {
-		window.setScene(recoverScene.get());
+		if(recoverType.get().equals(RecoveryActionType.RESTORE_ALL) && vault.getState().equals(VaultState.Value.VAULT_CONFIG_MISSING))
+			window.setScene(recoverScene.get());
+		else if(recoverType.get().equals(RecoveryActionType.RESTORE_ALL) && vault.getState().equals(VaultState.Value.ALL_MISSING))
+			window.setScene(recoverScene.get());
+		else if(recoverType.get().equals(RecoveryActionType.RESTORE_VAULT_CONFIG))
+			window.setScene(onBoardingScene.get());
 	}
 
 	@FXML
 	public void next() {
-		window.setScene(resetPasswordScene.get());
+		if(recoverType.get().equals(RecoveryActionType.RESTORE_VAULT_CONFIG))
+			window.setScene(createScene.get());
+		else
+			window.setScene(resetPasswordScene.get());
 	}
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
index e2ffb8428..17f3bc6ba 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
@@ -176,7 +176,7 @@ abstract class RecoveryKeyModule {
 	@Provides
 	@IntoMap
 	@FxControllerKey(RecoveryKeyValidateController.class)
-	static FxController bindRecoveryKeyValidateController(@RecoveryKeyWindow Vault vault, @RecoveryKeyWindow @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, @RecoveryKeyWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory, @Named("recoverType") RecoveryActionType recoverType, @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo, @Nullable MasterkeyFileAccess masterkeyFileAccess) {
+	static FxController bindRecoveryKeyValidateController(@RecoveryKeyWindow Vault vault, @RecoveryKeyWindow @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, @RecoveryKeyWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory, @Named("recoverType") ObjectProperty<RecoveryActionType>  recoverType, @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo, @Nullable MasterkeyFileAccess masterkeyFileAccess) {
 		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, recoverType, cipherCombo, masterkeyFileAccess);
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
index 460ec7436..da46a6741 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
@@ -1,38 +1,119 @@
 package org.cryptomator.ui.recoverykey;
 
-import javax.inject.Inject;
-import javax.inject.Named;
-import javafx.beans.property.ObjectProperty;
-import javafx.fxml.FXML;
-import javafx.scene.Scene;
-import javafx.stage.Stage;
-import java.util.ResourceBundle;
-
 import dagger.Lazy;
 import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
 
+import javax.inject.Inject;
+import javax.inject.Named;
+import javafx.beans.property.BooleanProperty;
+import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.SimpleBooleanProperty;
+import javafx.fxml.FXML;
+import javafx.scene.Scene;
+import javafx.scene.control.Button;
+import javafx.scene.control.CheckBox;
+import javafx.scene.control.Label;
+import javafx.scene.control.RadioButton;
+import javafx.scene.control.ToggleGroup;
+import javafx.scene.layout.VBox;
+import javafx.stage.Stage;
+import java.util.ResourceBundle;
+
+import static org.cryptomator.common.recovery.RecoveryActionType.RESTORE_ALL;
+import static org.cryptomator.common.recovery.RecoveryActionType.RESTORE_VAULT_CONFIG;
+
 @RecoveryKeyScoped
 public class RecoveryKeyOnboardingController implements FxController {
 
 	private final Stage window;
 	private final Lazy<Scene> recoverykeyRecoverScene;
-	private RecoveryActionType recoverType;
+	private final Lazy<Scene> recoverykeyExpertSettingsScene;
+	private ObjectProperty<RecoveryActionType> recoverType;
+
+	public Label titleLabel;
+	public Label messageLabel;
+	public Label secondTextDesc;
+	public Label thirdTextIndex;
+	public Label thirdTextDesc;
+
+	@FXML
+	private CheckBox affirmationBox;
+	@FXML
+	private RadioButton recoveryKeyRadio;
+	@FXML
+	private RadioButton passwordRadio;
+	@FXML
+	private Button nextButton;
+	@FXML
+	private VBox chooseMethodeBox;
+	private final ToggleGroup methodToggleGroup = new ToggleGroup();
+
 
 	@Inject
 	public RecoveryKeyOnboardingController(@RecoveryKeyWindow Stage window, //
 										   @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverykeyRecoverScene, //
-										   @Named("recoverType") RecoveryActionType recoverType, //
+										   @FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> recoverykeyExpertSettingsScene, //
+										   @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
 										   ResourceBundle resourceBundle) {
 		this.window = window;
 		window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
 
 		this.recoverykeyRecoverScene = recoverykeyRecoverScene;
+		this.recoverykeyExpertSettingsScene = recoverykeyExpertSettingsScene;
 		this.recoverType = recoverType;
 	}
 
+	@FXML
+	public void initialize() {
+
+		recoveryKeyRadio.setToggleGroup(methodToggleGroup);
+		passwordRadio.setToggleGroup(methodToggleGroup);
+
+		boolean showMethodSelection = (recoverType.get() == RecoveryActionType.RESTORE_VAULT_CONFIG);
+		chooseMethodeBox.setVisible(showMethodSelection);
+		chooseMethodeBox.setManaged(showMethodSelection);
+
+		nextButton.disableProperty().bind( //
+				affirmationBox.selectedProperty().not() //
+						.or(methodToggleGroup.selectedToggleProperty().isNull() //
+								.and(showMethodSelectionProperty())));
+
+		switch (recoverType.get()) {
+			case RESTORE_VAULT_CONFIG -> {
+				window.setTitle("Recover Vault Config");
+				messageLabel.setText("Read this:");
+				secondTextDesc.setText("You will need the vault password or recovery key, a new password and possible some expert settings.");
+				thirdTextIndex.setVisible(false);
+				thirdTextIndex.setManaged(false);
+				thirdTextDesc.setVisible(false);
+				thirdTextDesc.setManaged(false);
+			}
+			case RESTORE_MASTERKEY -> {
+				window.setTitle("Recover Masterkey");
+				messageLabel.setText("Read this:");
+				titleLabel.setText("Recover Masterkey");
+				secondTextDesc.setText("You will need the vault recovery key.");
+				thirdTextIndex.setVisible(false);
+				thirdTextIndex.setManaged(false);
+				thirdTextDesc.setVisible(false);
+				thirdTextDesc.setManaged(false);
+			}
+			default -> {
+				thirdTextIndex.setVisible(true);
+				thirdTextIndex.setManaged(true);
+				thirdTextDesc.setVisible(true);
+				thirdTextDesc.setManaged(true);
+			}
+		}
+	}
+
+	private BooleanProperty showMethodSelectionProperty() {
+		return new SimpleBooleanProperty(recoverType.get() == RecoveryActionType.RESTORE_VAULT_CONFIG);
+	}
+
 	@FXML
 	public void close() {
 		window.close();
@@ -40,7 +121,21 @@ public class RecoveryKeyOnboardingController implements FxController {
 
 	@FXML
 	public void next() {
-		recoverType = RecoveryActionType.RESTORE_VAULT_CONFIG;
-		window.setScene(recoverykeyRecoverScene.get());
+		switch (recoverType.get()) {
+			case RESTORE_VAULT_CONFIG, RESTORE_ALL -> {
+				Object selectedToggle = methodToggleGroup.getSelectedToggle();
+				if (selectedToggle == recoveryKeyRadio) {
+					recoverType.set(RESTORE_ALL);
+					window.setScene(recoverykeyRecoverScene.get());
+				} else if (selectedToggle == passwordRadio) {
+					recoverType.set(RESTORE_VAULT_CONFIG);
+					window.setScene(recoverykeyExpertSettingsScene.get());
+				} else {
+					window.setScene(recoverykeyRecoverScene.get());
+					window.centerOnScreen();
+				}
+			}
+			case RESTORE_MASTERKEY -> window.setScene(recoverykeyRecoverScene.get());
+		}
 	}
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
index 289740bf5..1045e026a 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
@@ -11,6 +11,7 @@ import javax.inject.Named;
 import javafx.beans.property.ObjectProperty;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
+import javafx.scene.control.Button;
 import javafx.stage.Stage;
 import java.util.ResourceBundle;
 
@@ -19,6 +20,12 @@ public class RecoveryKeyRecoverController implements FxController {
 
 	private final Stage window;
 	private final Lazy<Scene> nextScene;
+	private final Lazy<Scene> onBoardingScene;
+	private final ResourceBundle resourceBundle;
+	public ObjectProperty<RecoveryActionType> recoverType;
+
+	@FXML
+	private Button cancelButton;
 
 	@FXML
 	RecoveryKeyValidateController recoveryKeyValidateController;
@@ -27,11 +34,15 @@ public class RecoveryKeyRecoverController implements FxController {
 	public RecoveryKeyRecoverController(@RecoveryKeyWindow Stage window, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD) Lazy<Scene> resetPasswordScene, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> expertSettingsScene, //
-										ResourceBundle resourceBundle, @Named("recoverType") RecoveryActionType recoverType) {
+										@FxmlScene(FxmlFile.RECOVERYKEY_ONBOARDING) Lazy<Scene> onBoardingScene, //
+										ResourceBundle resourceBundle, //
+										@Named("recoverType") ObjectProperty<RecoveryActionType> recoverType) {
 		this.window = window;
-
-		this.nextScene = switch (recoverType) {
-			case RESTORE_VAULT_CONFIG -> {
+		this.recoverType = recoverType;
+		this.onBoardingScene = onBoardingScene;
+		this.resourceBundle = resourceBundle;
+		this.nextScene = switch (recoverType.get()) {
+			case RESTORE_ALL, RESTORE_VAULT_CONFIG -> {
 				window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
 				yield expertSettingsScene;
 			}
@@ -56,11 +67,18 @@ public class RecoveryKeyRecoverController implements FxController {
 
 	@FXML
 	public void initialize() {
+		switch (recoverType.get()) {
+			case RESTORE_ALL, RESTORE_VAULT_CONFIG -> cancelButton.setText(resourceBundle.getString("generic.button.back"));
+			case RESET_PASSWORD -> cancelButton.setText(resourceBundle.getString("generic.button.cancel"));
+		}
 	}
 
 	@FXML
 	public void close() {
-		window.close();
+		switch (recoverType.get()) {
+			case RESTORE_ALL, RESTORE_VAULT_CONFIG -> window.setScene(onBoardingScene.get());
+			case RESET_PASSWORD -> window.close();
+		}
 	}
 
 	@FXML
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index 23badcfcf..2733e4a7a 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -1,24 +1,5 @@
 package org.cryptomator.ui.recoverykey;
 
-import javax.inject.Inject;
-import javax.inject.Named;
-import javafx.beans.property.IntegerProperty;
-import javafx.beans.property.ObjectProperty;
-import javafx.beans.property.ReadOnlyBooleanProperty;
-import javafx.beans.property.ReadOnlyBooleanWrapper;
-import javafx.beans.property.SimpleStringProperty;
-import javafx.beans.property.StringProperty;
-import javafx.concurrent.Task;
-import javafx.fxml.FXML;
-import javafx.scene.Scene;
-import javafx.stage.Stage;
-import java.io.IOException;
-import java.nio.file.Path;
-import java.util.ResourceBundle;
-import java.util.concurrent.ExecutorService;
-
-import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
-
 import dagger.Lazy;
 import org.cryptomator.common.recovery.CryptoFsInitializer;
 import org.cryptomator.common.recovery.MasterkeyService;
@@ -39,6 +20,27 @@ import org.cryptomator.ui.fxapp.FxApplicationWindows;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.inject.Inject;
+import javax.inject.Named;
+import javafx.beans.property.IntegerProperty;
+import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.ReadOnlyBooleanProperty;
+import javafx.beans.property.ReadOnlyBooleanWrapper;
+import javafx.beans.property.SimpleStringProperty;
+import javafx.beans.property.StringProperty;
+import javafx.concurrent.Task;
+import javafx.fxml.FXML;
+import javafx.scene.Scene;
+import javafx.scene.control.Button;
+import javafx.stage.Stage;
+import java.io.IOException;
+import java.nio.file.Path;
+import java.util.ResourceBundle;
+import java.util.concurrent.ExecutorService;
+
+import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
+import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
+
 @RecoveryKeyScoped
 public class RecoveryKeyResetPasswordController implements FxController {
 
@@ -50,11 +52,12 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	private final ExecutorService executor;
 	private final StringProperty recoveryKey;
 	private final Lazy<Scene> recoverExpertSettingsScene;
+	private final Lazy<Scene> recoverykeyRecoverScene;
 	private final FxApplicationWindows appWindows;
 	private final MasterkeyFileAccess masterkeyFileAccess;
 	private final VaultListManager vaultListManager;
 	private final IntegerProperty shorteningThreshold;
-	private final RecoveryActionType recoverType;
+	private final ObjectProperty<RecoveryActionType> recoverType;
 	private final ObjectProperty<CryptorProvider.Scheme> cipherCombo;
 	private final ResourceBundle resourceBundle;
 	private final StringProperty buttonText = new SimpleStringProperty();
@@ -62,6 +65,8 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	private final Stage owner;
 
 	public NewPasswordController newPasswordController;
+	public Button backButton;
+	public Button nextButton;
 
 	@Inject
 	public RecoveryKeyResetPasswordController(@RecoveryKeyWindow Stage window, //
@@ -70,11 +75,12 @@ public class RecoveryKeyResetPasswordController implements FxController {
 											  ExecutorService executor, //
 											  @Named("keyRecoveryOwner") Stage owner, @RecoveryKeyWindow StringProperty recoveryKey, //
 											  @FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> recoverExpertSettingsScene, //
+											  @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverykeyRecoverScene, //
 											  FxApplicationWindows appWindows, //
 											  MasterkeyFileAccess masterkeyFileAccess, //
 											  VaultListManager vaultListManager, //
 											  @Named("shorteningThreshold") IntegerProperty shorteningThreshold, //
-											  @Named("recoverType") RecoveryActionType recoverType, //
+											  @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
 											  @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo,//
 											  ResourceBundle resourceBundle, Dialogs dialogs) {
 		this.window = window;
@@ -83,6 +89,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 		this.executor = executor;
 		this.recoveryKey = recoveryKey;
 		this.recoverExpertSettingsScene = recoverExpertSettingsScene;
+		this.recoverykeyRecoverScene = recoverykeyRecoverScene;
 		this.appWindows = appWindows;
 		this.masterkeyFileAccess = masterkeyFileAccess;
 		this.vaultListManager = vaultListManager;
@@ -92,25 +99,35 @@ public class RecoveryKeyResetPasswordController implements FxController {
 		this.resourceBundle = resourceBundle;
 		this.dialogs = dialogs;
 		this.owner = owner;
-		initButtonText(recoverType);
 	}
 
-	private void initButtonText(RecoveryActionType type) {
-		if (type == RecoveryActionType.RESTORE_MASTERKEY) {
-			buttonText.set(resourceBundle.getString("generic.button.close"));
-		} else {
-			buttonText.set(resourceBundle.getString("generic.button.back"));
+	@FXML
+	public void initialize() {
+		switch (recoverType.get()) {
+			case RESTORE_MASTERKEY -> {
+				nextButton.setText(resourceBundle.getString("recoveryKey.recover.recoverBtn"));
+				nextButton.setOnAction((_) -> resetPassword());
+			}
+			case RESTORE_ALL -> {
+				nextButton.setText(resourceBundle.getString("recoveryKey.recover.recoverBtn"));
+				nextButton.setOnAction((_) -> restorePassword());
+			}
+			case RESET_PASSWORD -> {
+				nextButton.setText(resourceBundle.getString("recoveryKey.recover.resetBtn"));
+				nextButton.setOnAction((_) -> resetPassword());
+			}
 		}
 	}
 
 	@FXML
 	public void close() {
-		if (recoverType.equals(RecoveryActionType.RESTORE_MASTERKEY)) {
-			window.close();
-		} else {
-			window.setScene(recoverExpertSettingsScene.get());
+		switch (recoverType.get()) {
+			case RESTORE_ALL -> window.setScene(recoverExpertSettingsScene.get());
+			case RESTORE_MASTERKEY, RESET_PASSWORD -> window.setScene(recoverykeyRecoverScene.get());
+			default -> window.close();
 		}
 	}
+
 	@FXML
 	public void restorePassword() {
 		try (RecoveryDirectory recoveryDirectory = RecoveryDirectory.create(vault.getPath())) {
@@ -123,16 +140,14 @@ public class RecoveryKeyResetPasswordController implements FxController {
 				CryptoFsInitializer.init(recoveryPath, masterkey, shorteningThreshold.get(), cipherCombo.get());
 			}
 
-			recoveryDirectory.moveRecoveredFiles();
+			recoveryDirectory.moveRecoveredFile(MASTERKEY_FILENAME);
+			recoveryDirectory.moveRecoveredFile(VAULTCONFIG_FILENAME);
 
 			if (!vaultListManager.containsVault(vault.getPath())) {
 				vaultListManager.add(vault.getPath());
 			}
 			window.close();
-			dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle)
-					.setTitleKey("recoveryKey.recoverVaultConfig.title")
-					.setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message")
-					.build().showAndWait();
+			dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle).setTitleKey("recoveryKey.recoverVaultConfig.title").setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message").build().showAndWait();
 
 		} catch (IOException | CryptoException e) {
 			LOG.error("Recovery process failed", e);
@@ -148,14 +163,12 @@ public class RecoveryKeyResetPasswordController implements FxController {
 
 		task.setOnSucceeded(_ -> {
 			LOG.info("Used recovery key to reset password for {}.", vault.getDisplayablePath());
-			if (vault.getState().equals(org.cryptomator.common.vaults.VaultState.Value.MASTERKEY_MISSING)) {
-				dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle)
-						.setTitleKey("recoveryKey.recoverMasterkey.title")
-						.setMessageKey("recoveryKey.recover.resetMasterkeyFileSuccess.message")
-						.build().showAndWait();
+			if (recoverType.get().equals(RecoveryActionType.RESET_PASSWORD)) {
+				window.close();
+				dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle).build().showAndWait();
 			} else {
-				dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle)
-						.build().showAndWait();
+				window.close();
+				dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle).setTitleKey("recoveryKey.recoverMasterkey.title").setMessageKey("recoveryKey.recover.resetMasterkeyFileSuccess.message").build().showAndWait();
 			}
 			window.close();
 		});
@@ -185,6 +198,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	public boolean isPasswordSufficientAndMatching() {
 		return newPasswordController.isGoodPassword();
 	}
+
 	private final ReadOnlyBooleanWrapper vaultConfigMissing = new ReadOnlyBooleanWrapper();
 
 	public ReadOnlyBooleanProperty vaultConfigMissingProperty() {
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
index 9a6e3d8b0..163d734ed 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
@@ -44,7 +44,7 @@ public class RecoveryKeyValidateController implements FxController {
 	private final ObjectProperty<RecoveryKeyState> recoveryKeyState;
 	private final ObjectProperty<CryptorProvider.Scheme> cipherCombo;
 	private final AutoCompleter autoCompleter;
-	private final RecoveryActionType recoverType;
+	private final ObjectProperty<RecoveryActionType> recoverType;
 	private final MasterkeyFileAccess masterkeyFileAccess;
 
 	private volatile boolean isWrongKey;
@@ -55,7 +55,7 @@ public class RecoveryKeyValidateController implements FxController {
 										 @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, //
 										 StringProperty recoveryKey, //
 										 RecoveryKeyFactory recoveryKeyFactory, //
-										 @Named("recoverType") RecoveryActionType recoverType, //
+										 @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
 										 @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo,//
 										 MasterkeyFileAccess masterkeyFileAccess) {
 		this.vault = vault;
@@ -135,8 +135,8 @@ public class RecoveryKeyValidateController implements FxController {
 	}
 
 	private void validateRecoveryKey() {
-		switch (recoverType) {
-			case RESTORE_VAULT_CONFIG -> {
+		switch (recoverType.get()) {
+			case RESTORE_ALL, RESTORE_VAULT_CONFIG -> {
 				try{
 					var combo = MasterkeyService.validateRecoveryKeyAndDetectCombo(recoveryKeyFactory, vault, recoveryKey.get(), masterkeyFileAccess);
 					combo.ifPresent(cipherCombo::set);
diff --git a/src/main/java/org/cryptomator/ui/unlock/UnlockModule.java b/src/main/java/org/cryptomator/ui/unlock/UnlockModule.java
index 95f13d383..1c8d758fc 100644
--- a/src/main/java/org/cryptomator/ui/unlock/UnlockModule.java
+++ b/src/main/java/org/cryptomator/ui/unlock/UnlockModule.java
@@ -15,6 +15,7 @@ import org.cryptomator.ui.common.FxmlScene;
 import org.cryptomator.ui.common.StageFactory;
 import org.cryptomator.ui.keyloading.KeyLoadingComponent;
 import org.cryptomator.ui.keyloading.KeyLoadingStrategy;
+import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 import org.jetbrains.annotations.Nullable;
 
 import javax.inject.Named;
@@ -27,7 +28,7 @@ import javafx.stage.Stage;
 import java.util.Map;
 import java.util.ResourceBundle;
 
-@Module(subcomponents = {KeyLoadingComponent.class})
+@Module(subcomponents = {KeyLoadingComponent.class, RecoveryKeyComponent.class})
 abstract class UnlockModule {
 
 	@Provides
diff --git a/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java b/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
index ffc0ad8f8..67ae2f42d 100644
--- a/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
+++ b/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
@@ -9,7 +9,6 @@ import org.cryptomator.ui.forgetpassword.ForgetPasswordComponent;
 import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 
 import javax.inject.Inject;
-import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.SimpleBooleanProperty;
 import javafx.beans.property.SimpleObjectProperty;
 import javafx.beans.value.ObservableValue;
@@ -50,12 +49,12 @@ public class MasterkeyOptionsController implements FxController {
 
 	@FXML
 	public void showRecoveryKey() {
-		recoveryKeyWindow.create(vault, window, RecoveryActionType.SHOW_KEY).showRecoveryKeyCreationWindow();
+		recoveryKeyWindow.create(vault, window, new SimpleObjectProperty<>(RecoveryActionType.SHOW_KEY)).showRecoveryKeyCreationWindow();
 	}
 
 	@FXML
 	public void showRecoverVaultDialog() {
-		recoveryKeyWindow.create(vault, window, RecoveryActionType.RESET_PASSWORD).showRecoveryKeyRecoverWindow();
+		recoveryKeyWindow.create(vault, window, new SimpleObjectProperty<>(RecoveryActionType.RESET_PASSWORD)).showRecoveryKeyRecoverWindow();
 	}
 
 	@FXML
diff --git a/src/main/resources/fxml/recoverykey_create.fxml b/src/main/resources/fxml/recoverykey_create.fxml
index 784ba49ed..2d9f0f418 100644
--- a/src/main/resources/fxml/recoverykey_create.fxml
+++ b/src/main/resources/fxml/recoverykey_create.fxml
@@ -40,7 +40,7 @@
 					<Insets bottom="6" top="6"/>
 				</padding>
 			</Label>
-			<FormattedLabel format="%recoveryKey.create.description" arg1="${controller.vault.displayName}" wrapText="true">
+			<FormattedLabel fx:id="descriptionLabel" format="%recoveryKey.create.description" arg1="${controller.vault.displayName}" wrapText="true">
 				<padding>
 					<Insets bottom="6"/>
 				</padding>
@@ -49,8 +49,8 @@
 			<Region VBox.vgrow="ALWAYS" minHeight="18"/>
 			<ButtonBar buttonMinWidth="120" buttonOrder="+CX">
 				<buttons>
-					<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
-					<Button text="%generic.button.next" ButtonBar.buttonData="NEXT_FORWARD" defaultButton="true" onAction="#createRecoveryKey" disable="${passwordField.text.empty}"/>
+					<Button fx:id="cancelButton" text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
+					<Button fx:id="nextButton" text="%generic.button.next" ButtonBar.buttonData="NEXT_FORWARD" defaultButton="true" onAction="#createRecoveryKey" disable="${passwordField.text.empty}"/>
 				</buttons>
 			</ButtonBar>
 		</VBox>
diff --git a/src/main/resources/fxml/recoverykey_onboarding.fxml b/src/main/resources/fxml/recoverykey_onboarding.fxml
index 645efb136..7092f11f2 100644
--- a/src/main/resources/fxml/recoverykey_onboarding.fxml
+++ b/src/main/resources/fxml/recoverykey_onboarding.fxml
@@ -6,6 +6,7 @@
 <?import javafx.scene.control.CheckBox?>
 <?import javafx.scene.control.Label?>
 <?import javafx.scene.image.Image?>
+<?import javafx.scene.control.ToggleGroup?>
 <?import javafx.scene.image.ImageView?>
 <?import javafx.scene.layout.ColumnConstraints?>
 <?import javafx.scene.layout.GridPane?>
@@ -13,6 +14,7 @@
 <?import javafx.scene.layout.Region?>
 <?import javafx.scene.layout.RowConstraints?>
 <?import javafx.scene.layout.VBox?>
+<?import javafx.scene.control.RadioButton?>
 <VBox xmlns:fx="http://javafx.com/fxml"
 	  xmlns="http://javafx.com/javafx"
 	  fx:controller="org.cryptomator.ui.recoverykey.RecoveryKeyOnboardingController"
@@ -33,10 +35,10 @@
 				<padding>
 					<Insets topRightBottomLeft="12"/>
 				</padding>
-				<Label text="%recoveryKey.recoverVaultConfig.title" styleClass="label-extra-large"/>
+				<Label fx:id="titleLabel" text="%recoveryKey.recoverVaultConfig.title" styleClass="label-extra-large"/>
 				<Region minHeight="15"/>
 				<VBox>
-					<Label text="%recoveryKey.recover.onBoarding.message" wrapText="true"/>
+					<Label fx:id="messageLabel" text="%recoveryKey.recover.onBoarding.message" wrapText="true"/>
 					<GridPane alignment="CENTER_LEFT" >
 						<padding>
 							<Insets left="6"/>
@@ -53,19 +55,28 @@
 						<Label text="1." GridPane.rowIndex="0" GridPane.columnIndex="0" />
 						<Label text="%recoveryKey.recover.onBoarding.intro1" wrapText="true" GridPane.rowIndex="0" GridPane.columnIndex="1" />
 						<Label text="2." GridPane.rowIndex="1" GridPane.columnIndex="0" />
-						<Label text="%recoveryKey.recover.onBoarding.intro2" wrapText="true" GridPane.rowIndex="1" GridPane.columnIndex="1" />
-						<Label text="3." GridPane.rowIndex="2" GridPane.columnIndex="0" />
-						<Label text="%recoveryKey.recover.onBoarding.intro3" wrapText="true" GridPane.rowIndex="2" GridPane.columnIndex="1" />
+						<Label fx:id="secondTextDesc" text="%recoveryKey.recover.onBoarding.intro2" wrapText="true" GridPane.rowIndex="1" GridPane.columnIndex="1" />
+						<Label fx:id="thirdTextIndex" text="3." GridPane.rowIndex="2" GridPane.columnIndex="0" />
+						<Label fx:id="thirdTextDesc" text="%recoveryKey.recover.onBoarding.intro3" wrapText="true" GridPane.rowIndex="2" GridPane.columnIndex="1" />
 					</GridPane>
 					<Region minHeight="15"/>
-					<CheckBox text="%recoveryKey.recover.onBoarding.affirmation" fx:id="affirmationBox"/>
+					<VBox fx:id="chooseMethodeBox">
+						<Label text="%recoveryKey.recover.onBoarding.chooseMethod"/>
+						<RadioButton fx:id="recoveryKeyRadio" text="%recoveryKey.recover.onBoarding.useRecoveryKey">
+							<toggleGroup>
+								<ToggleGroup fx:id="methodToggleGroup"/>
+							</toggleGroup>
+						</RadioButton>
+						<RadioButton fx:id="passwordRadio" text="%recoveryKey.recover.onBoarding.usePassword"/>
+					</VBox>
+					<CheckBox fx:id="affirmationBox" text="%recoveryKey.recover.onBoarding.affirmation"/>
 				</VBox>
 			</VBox>
 		</HBox>
 		<ButtonBar buttonMinWidth="120" buttonOrder="+CX">
 			<buttons>
 				<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
-				<Button text="%generic.button.next" ButtonBar.buttonData="NEXT_FORWARD" disable="${!affirmationBox.selected}" defaultButton="true" onAction="#next"/>
+				<Button fx:id="nextButton" text="%generic.button.next" ButtonBar.buttonData="NEXT_FORWARD" disable="${!affirmationBox.selected}" defaultButton="true" onAction="#next"/>
 			</buttons>
 		</ButtonBar>
 	</children>
diff --git a/src/main/resources/fxml/recoverykey_recover.fxml b/src/main/resources/fxml/recoverykey_recover.fxml
index 4c85f9356..6fad1a601 100644
--- a/src/main/resources/fxml/recoverykey_recover.fxml
+++ b/src/main/resources/fxml/recoverykey_recover.fxml
@@ -23,9 +23,9 @@
 		<Region VBox.vgrow="ALWAYS"/>
 
 		<VBox alignment="BOTTOM_CENTER" VBox.vgrow="ALWAYS">
-			<ButtonBar buttonMinWidth="120" buttonOrder="+CX">
+			<ButtonBar buttonMinWidth="120" buttonOrder="+BX">
 				<buttons>
-					<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
+					<Button fx:id="cancelButton" text="%generic.button.back" ButtonBar.buttonData="BACK_PREVIOUS" cancelButton="true" onAction="#close"/>
 					<Button text="%generic.button.next" ButtonBar.buttonData="NEXT_FORWARD" defaultButton="true" onAction="#recover" disable="${!controller.validateController.recoveryKeyCorrect}"/>
 				</buttons>
 			</ButtonBar>
diff --git a/src/main/resources/fxml/recoverykey_reset_password.fxml b/src/main/resources/fxml/recoverykey_reset_password.fxml
index 2ca139631..a6b255ed8 100644
--- a/src/main/resources/fxml/recoverykey_reset_password.fxml
+++ b/src/main/resources/fxml/recoverykey_reset_password.fxml
@@ -24,9 +24,8 @@
 		<VBox alignment="BOTTOM_CENTER" VBox.vgrow="ALWAYS">
 			<ButtonBar buttonMinWidth="120" buttonOrder="+CI">
 				<buttons>
-					<Button text="${controller.buttonText}" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
-					<Button text="%recoveryKey.recover.resetBtn" ButtonBar.buttonData="FINISH" defaultButton="true" onAction="#resetPassword" managed="${!controller.vaultConfigMissing}" disable="${!controller.passwordSufficientAndMatching}"/>
-					<Button text="%recoveryKey.recover.recoverBtn" ButtonBar.buttonData="FINISH" defaultButton="true" onAction="#restorePassword" managed="${controller.vaultConfigMissing}" disable="${!controller.passwordSufficientAndMatching}"/>
+					<Button fx:id="backButton" text="%generic.button.back" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
+					<Button fx:id="nextButton" text="%recoveryKey.recover.recoverBtn" ButtonBar.buttonData="FINISH" defaultButton="true" disable="${!controller.passwordSufficientAndMatching}"/>
 				</buttons>
 			</ButtonBar>
 		</VBox>
diff --git a/src/main/resources/fxml/unlock_select_masterkeyfile.fxml b/src/main/resources/fxml/unlock_select_masterkeyfile.fxml
index bfc995ceb..079032dee 100644
--- a/src/main/resources/fxml/unlock_select_masterkeyfile.fxml
+++ b/src/main/resources/fxml/unlock_select_masterkeyfile.fxml
@@ -12,6 +12,7 @@
 <?import javafx.scene.Group?>
 <?import javafx.scene.layout.Region?>
 <?import org.cryptomator.ui.controls.FormattedLabel?>
+<?import javafx.scene.control.CheckBox?>
 <HBox xmlns:fx="http://javafx.com/fxml"
 	  xmlns="http://javafx.com/javafx"
 	  fx:controller="org.cryptomator.ui.keyloading.masterkeyfile.ChooseMasterkeyFileController"
@@ -40,12 +41,13 @@
 				</padding>
 			</Label>
 			<FormattedLabel format="%unlock.chooseMasterkey.description" arg1="${controller.displayName}" wrapText="true"/>
+			<CheckBox fx:id="restoreInsteadCheckBox" text="%unlock.chooseMasterkey.restoreInstead" wrapText="true"/>
 
 			<Region VBox.vgrow="ALWAYS" minHeight="18"/>
 			<ButtonBar buttonMinWidth="120" buttonOrder="+CX">
 				<buttons>
 					<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#cancel"/>
-					<Button text="%generic.button.choose" ButtonBar.buttonData="NEXT_FORWARD" defaultButton="true" onAction="#proceed"/>
+					<Button fx:id="chooseButton" text="%generic.button.choose" ButtonBar.buttonData="NEXT_FORWARD" defaultButton="true" onAction="#proceed"/>
 				</buttons>
 			</ButtonBar>
 		</VBox>
diff --git a/src/main/resources/fxml/vault_detail.fxml b/src/main/resources/fxml/vault_detail.fxml
index b87df488a..cfae48d8b 100644
--- a/src/main/resources/fxml/vault_detail.fxml
+++ b/src/main/resources/fxml/vault_detail.fxml
@@ -53,7 +53,6 @@
 		<fx:include VBox.vgrow="ALWAYS" source="vault_detail_missing.fxml" visible="${controller.vault.missing}" managed="${controller.vault.missing}"/>
 		<fx:include VBox.vgrow="ALWAYS" source="vault_detail_needsmigration.fxml" visible="${controller.vault.needsMigration}" managed="${controller.vault.needsMigration}"/>
 		<fx:include VBox.vgrow="ALWAYS" source="vault_detail_unknownerror.fxml" visible="${controller.vault.unknownError}" managed="${controller.vault.unknownError}"/>
-		<fx:include VBox.vgrow="ALWAYS" source="vault_detail_missing_masterkey.fxml" visible="${controller.vault.missingMasterkey}" managed="${controller.vault.missingMasterkey}"/>
 		<fx:include VBox.vgrow="ALWAYS" source="vault_detail_missing_vault_config.fxml" visible="${controller.vault.missingVaultConfig}" managed="${controller.vault.missingVaultConfig}"/>
 	</children>
 </VBox>
diff --git a/src/main/resources/fxml/vault_detail_missing_masterkey.fxml b/src/main/resources/fxml/vault_detail_missing_masterkey.fxml
index 87d1d9b9e..4f127839b 100644
--- a/src/main/resources/fxml/vault_detail_missing_masterkey.fxml
+++ b/src/main/resources/fxml/vault_detail_missing_masterkey.fxml
@@ -29,6 +29,11 @@
 					<FontAwesome5IconView glyph="REDO"/>
 				</graphic>
 			</Button>
+			<Button text="Select Masterkey" minWidth="120" onAction="#unlock">
+				<graphic>
+					<FontAwesome5IconView glyph="MAGIC"/>
+				</graphic>
+			</Button>
 			<Button text="%main.vaultDetail.missingMasterkey.restore" minWidth="120" onAction="#restoreMasterkey">
 				<graphic>
 					<FontAwesome5IconView glyph="MAGIC"/>
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index 10a1c0de5..ef1cdca73 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -135,6 +135,7 @@ unlock.unlockBtn=Unlock
 ## Select
 unlock.chooseMasterkey.message=Masterkey file not found
 unlock.chooseMasterkey.description=Cryptomator could not find the masterkey file for vault "%s". Please choose the key file manually.
+unlock.chooseMasterkey.restoreInstead=Restore instead... blablabla
 unlock.chooseMasterkey.filePickerTitle=Select Masterkey File
 unlock.chooseMasterkey.filePickerMimeDesc=Cryptomator Masterkey
 ## Success
@@ -511,6 +512,7 @@ vaultOptions.hub.convertBtn=Convert to Password-Based Vault
 recoveryKey.display.title=Show Recovery Key
 recoveryKey.create.message=Password required
 recoveryKey.create.description=Enter the password for "%s" to show its recovery key.
+recoveryKey.recover.description=Enter the password for "%s" to recover the vault config.
 recoveryKey.display.description=The following recovery key can be used to restore access to "%s":
 recoveryKey.display.StorageHints=Keep it somewhere very secure, e.g.:\n • Store it using a password manager\n • Save it on a USB flash drive\n • Print it on paper
 ## Reset Password
@@ -547,6 +549,9 @@ recoveryKey.recover.onBoarding.confirm=Use RecoveryKey
 recoveryKey.recover.onBoarding.intro1=Ensure all files are completely synced.
 recoveryKey.recover.onBoarding.intro2=You will need the Recovery Key of the vault.
 recoveryKey.recover.onBoarding.intro3=A new vault password and possible some expert settings.
+recoveryKey.recover.onBoarding.chooseMethod=Choose recovery method:
+recoveryKey.recover.onBoarding.useRecoveryKey=Use Recovery Key
+recoveryKey.recover.onBoarding.usePassword=Use Password
 recoveryKey.recover.onBoarding.affirmation=I have read and understood the above information
 
 
@@ -568,6 +573,7 @@ passwordStrength.messageLabel.1=Weak
 passwordStrength.messageLabel.2=Fair
 passwordStrength.messageLabel.3=Strong
 passwordStrength.messageLabel.4=Very strong
+password.promptText=Enter password
 
 # Quit
 quit.title=Quit Application

From ad214691f99e0feeed657905190b3aec881c11e3 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 30 Jun 2025 14:04:13 +0200
Subject: [PATCH 039/117] fix sonar cloud quality gate fail

---
 .../ui/recoverykey/RecoveryKeyCreationController.java       | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
index 0b1c69286..24aa6b0c3 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
@@ -148,8 +148,10 @@ public class RecoveryKeyCreationController implements FxController {
 			Path masterkeyFilePath = vault.getPath().resolve(MASTERKEY_FILENAME);
 
 			try (Masterkey masterkey = MasterkeyService.load(masterkeyFileAccess, masterkeyFilePath, passwordField.getCharacters())) {
-				var combo = MasterkeyService.detect(masterkey.getEncoded(), vault.getPath());
-				CryptoFsInitializer.init(recoveryPath, masterkey, shorteningThreshold.get(), combo.get());
+				var combo = MasterkeyService.detect(masterkey.getEncoded(), vault.getPath())
+						.orElseThrow(() -> new IllegalStateException("Could not detect combo for vault path: " + vault.getPath()));
+
+				CryptoFsInitializer.init(recoveryPath, masterkey, shorteningThreshold.get(), combo);
 			}
 
 			recoveryDirectory.moveRecoveredFile(VAULTCONFIG_FILENAME);

From edc308ccd1a528f23cfc8b40621f9c491b0cb63b Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 30 Jun 2025 17:36:30 +0200
Subject: [PATCH 040/117] recover button now in VaultListController

---
 .../AddVaultWizardComponent.java              | 63 +++++++++++++
 .../ChooseExistingVaultController.java        | 91 ++++---------------
 .../ui/controls/FontAwesome5Icon.java         |  1 +
 .../org/cryptomator/ui/dialogs/Dialogs.java   | 20 +++-
 .../ui/mainwindow/VaultListController.java    | 19 ++++
 .../resources/fxml/addvault_existing.fxml     | 17 ++--
 src/main/resources/fxml/vault_list.fxml       |  5 +
 src/main/resources/i18n/strings.properties    | 11 ++-
 8 files changed, 141 insertions(+), 86 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultWizardComponent.java b/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultWizardComponent.java
index c67f999e8..cd68bf254 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultWizardComponent.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultWizardComponent.java
@@ -7,13 +7,28 @@ package org.cryptomator.ui.addvaultwizard;
 
 import dagger.Lazy;
 import dagger.Subcomponent;
+import org.cryptomator.common.recovery.RecoveryActionType;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.common.vaults.VaultComponent;
+import org.cryptomator.common.vaults.VaultListManager;
+import org.cryptomator.common.vaults.VaultState;
+import org.cryptomator.integrations.mount.MountService;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.dialogs.Dialogs;
+import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 
+import javafx.beans.property.SimpleObjectProperty;
 import javafx.scene.Scene;
+import javafx.stage.DirectoryChooser;
 import javafx.stage.Stage;
+import javafx.stage.Window;
+import java.io.File;
+import java.util.List;
 import java.util.ResourceBundle;
 
+import static org.cryptomator.ui.addvaultwizard.ChooseExistingVaultController.prepareVault;
+
 @AddVaultWizardScoped
 @Subcomponent(modules = {AddVaultModule.class})
 public interface AddVaultWizardComponent {
@@ -23,9 +38,13 @@ public interface AddVaultWizardComponent {
 
 	@FxmlScene(FxmlFile.ADDVAULT_NEW_NAME)
 	Lazy<Scene> sceneNew();
+
 	@FxmlScene(FxmlFile.ADDVAULT_EXISTING)
 	Lazy<Scene> sceneExisting();
 
+	@FxmlScene(FxmlFile.ADDVAULT_SUCCESS)
+	Lazy<Scene> sceneSuccess();
+
 	default void showAddNewVaultWizard(ResourceBundle resourceBundle) {
 		Stage stage = window();
 		stage.setScene(sceneNew().get());
@@ -42,6 +61,50 @@ public interface AddVaultWizardComponent {
 		stage.show();
 	}
 
+	default void showRecoverExistingVaultWizard(Window mainWindow, //
+												Dialogs dialogs, //
+												VaultComponent.Factory vaultComponentFactory, //
+												List<MountService> mountServices, //
+												VaultListManager vaultListManager, //
+												RecoveryKeyComponent.Factory recoveryKeyWindow) {
+		Stage stage = window();
+		DirectoryChooser directoryChooser = new DirectoryChooser();
+
+		while (true) {
+			File selectedDirectory = directoryChooser.showDialog(mainWindow);
+			if (selectedDirectory == null) {
+				return;
+			}
+
+			boolean hasSubfolderD = new File(selectedDirectory, "d").isDirectory();
+			if (!hasSubfolderD) {
+				dialogs.prepareNoDDirectorySelectedDialog(stage).build().showAndWait();
+				continue;
+			}
+
+			Vault preparedVault = prepareVault(selectedDirectory, vaultComponentFactory, mountServices);
+
+			if (!vaultListManager.containsVault(preparedVault.getPath())) {
+				vaultListManager.addVault(preparedVault);
+				dialogs.prepareRecoveryVaultAdded(stage).setOkAction(Stage::close).build().showAndWait();
+			}
+
+			VaultListManager.redetermineVaultState(preparedVault);
+			VaultState.Value state = preparedVault.getState();
+
+			switch (state) {
+				case VAULT_CONFIG_MISSING -> recoveryKeyWindow.create(preparedVault, stage, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG)) //
+						.showOnboardingDialogWindow();
+				case ALL_MISSING -> recoveryKeyWindow.create(preparedVault, stage, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_ALL)) //
+						.showOnboardingDialogWindow();
+				default -> dialogs.prepareRecoveryVaultAlreadyExists(stage)//
+						.setOkAction(Stage::close)//
+						.build().showAndWait();
+			}
+			break;
+		}
+	}
+
 	@Subcomponent.Builder
 	interface Builder {
 
diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
index 490b08303..e89184510 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -1,16 +1,30 @@
 package org.cryptomator.ui.addvaultwizard;
 
+import dagger.Lazy;
+import org.apache.commons.lang3.SystemUtils;
+import org.cryptomator.common.settings.VaultSettings;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.common.vaults.VaultComponent;
+import org.cryptomator.common.vaults.VaultConfigCache;
+import org.cryptomator.common.vaults.VaultListManager;
+import org.cryptomator.integrations.mount.MountService;
+import org.cryptomator.integrations.uiappearance.Theme;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.fxapp.FxApplicationStyle;
+import org.cryptomator.ui.fxapp.FxApplicationWindows;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import javax.inject.Inject;
 import javafx.beans.property.BooleanProperty;
 import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.SimpleBooleanProperty;
-import javafx.beans.property.SimpleObjectProperty;
 import javafx.beans.value.ObservableValue;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
-import javafx.scene.control.CheckBox;
 import javafx.scene.image.Image;
-import javafx.stage.DirectoryChooser;
 import javafx.stage.FileChooser;
 import javafx.stage.Stage;
 import java.io.File;
@@ -23,27 +37,6 @@ import java.util.ResourceBundle;
 import static org.cryptomator.common.Constants.CRYPTOMATOR_FILENAME_GLOB;
 import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
 
-import dagger.Lazy;
-import org.apache.commons.lang3.SystemUtils;
-import org.cryptomator.common.recovery.RecoveryActionType;
-import org.cryptomator.common.settings.VaultSettings;
-import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.common.vaults.VaultComponent;
-import org.cryptomator.common.vaults.VaultConfigCache;
-import org.cryptomator.common.vaults.VaultListManager;
-import org.cryptomator.common.vaults.VaultState;
-import org.cryptomator.integrations.mount.MountService;
-import org.cryptomator.integrations.uiappearance.Theme;
-import org.cryptomator.ui.common.FxController;
-import org.cryptomator.ui.common.FxmlFile;
-import org.cryptomator.ui.common.FxmlScene;
-import org.cryptomator.ui.dialogs.Dialogs;
-import org.cryptomator.ui.fxapp.FxApplicationStyle;
-import org.cryptomator.ui.fxapp.FxApplicationWindows;
-import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 @AddVaultWizardScoped
 public class ChooseExistingVaultController implements FxController {
 
@@ -57,13 +50,6 @@ public class ChooseExistingVaultController implements FxController {
 	private final VaultListManager vaultListManager;
 	private final ResourceBundle resourceBundle;
 	private final ObservableValue<Image> screenshot;
-	private final Dialogs dialogs;
-	private final VaultComponent.Factory vaultComponentFactory;
-	private final RecoveryKeyComponent.Factory recoveryKeyWindow;
-	private final List<MountService> mountServices;
-
-	@FXML
-	private CheckBox restoreCheckBox;
 
 	private final BooleanProperty restoreButtonVisible = new SimpleBooleanProperty(false);
 
@@ -76,11 +62,7 @@ public class ChooseExistingVaultController implements FxController {
 								  @AddVaultWizardWindow ObjectProperty<Vault> vault, //
 								  VaultListManager vaultListManager, //
 								  ResourceBundle resourceBundle, //
-								  FxApplicationStyle applicationStyle, //
-								  RecoveryKeyComponent.Factory recoveryKeyWindow, //
-								  VaultComponent.Factory vaultComponentFactory, //
-								  List<MountService> mountServices, //
-								  Dialogs dialogs) {
+								  FxApplicationStyle applicationStyle) {
 		this.window = window;
 		this.successScene = successScene;
 		this.appWindows = appWindows;
@@ -89,14 +71,6 @@ public class ChooseExistingVaultController implements FxController {
 		this.vaultListManager = vaultListManager;
 		this.resourceBundle = resourceBundle;
 		this.screenshot = applicationStyle.appliedThemeProperty().map(this::selectScreenshot);
-		this.recoveryKeyWindow = recoveryKeyWindow;
-		this.vaultComponentFactory = vaultComponentFactory;
-		this.mountServices = mountServices;
-		this.dialogs = dialogs;
-	}
-
-	public void initialize() {
-		restoreButtonVisible.bind(restoreCheckBox.selectedProperty());
 	}
 
 	private Image selectScreenshot(Theme theme) {
@@ -131,35 +105,6 @@ public class ChooseExistingVaultController implements FxController {
 		}
 	}
 
-	@FXML
-	public void restoreVaultConfigWithRecoveryKey() {
-		DirectoryChooser directoryChooser = new DirectoryChooser();
-
-		File selectedDirectory = directoryChooser.showDialog(window);
-		if (selectedDirectory == null) {
-			return;
-		}
-
-		boolean hasSubfolderD = new File(selectedDirectory, "d").isDirectory();
-		if (!hasSubfolderD) {
-			dialogs.prepareNoDDirectorySelectedDialog(window).build().showAndWait();
-			return;
-		}
-
-		Vault preparedVault = prepareVault(selectedDirectory, vaultComponentFactory, mountServices);
-		VaultListManager.redetermineVaultState(preparedVault);
-		VaultState.Value state = preparedVault.getState();
-		switch (state) {
-			case VAULT_CONFIG_MISSING -> recoveryKeyWindow.create(preparedVault, window, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG)).showOnboardingDialogWindow();
-			case ALL_MISSING -> recoveryKeyWindow.create(preparedVault, window, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_ALL)).showOnboardingDialogWindow();
-			default -> {
-				vaultListManager.addVault(preparedVault);
-				vault.set(preparedVault);
-				window.setScene(successScene.get());
-			}
-		}
-	}
-
 	public static Vault prepareVault(File selectedDirectory, VaultComponent.Factory vaultComponentFactory, List<MountService> mountServices) {
 		Path selectedPath = selectedDirectory.toPath();
 		VaultSettings vaultSettings = VaultSettings.withRandomId();
diff --git a/src/main/java/org/cryptomator/ui/controls/FontAwesome5Icon.java b/src/main/java/org/cryptomator/ui/controls/FontAwesome5Icon.java
index 348b3a26b..2c7f385fd 100644
--- a/src/main/java/org/cryptomator/ui/controls/FontAwesome5Icon.java
+++ b/src/main/java/org/cryptomator/ui/controls/FontAwesome5Icon.java
@@ -6,6 +6,7 @@ package org.cryptomator.ui.controls;
 public enum FontAwesome5Icon {
 	ANCHOR("\uF13D"), //
 	ARROW_UP("\uF062"), //
+	ARROWS_ROTATE("\uF021"),
 	BAN("\uF05E"), //
 	BELL("\uF0F3"), //
 	BUG("\uF188"), //
diff --git a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
index a22a81a09..6e5d91ecd 100644
--- a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
+++ b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
@@ -58,6 +58,23 @@ public class Dialogs {
 				.setOkButtonKey(BUTTON_KEY_CLOSE);
 	}
 
+	public SimpleDialog.Builder prepareRecoveryVaultAdded(Stage window) {
+		return createDialogBuilder().setOwner(window) //
+				.setTitleKey("recoveryKey.recoverExisting.title") //
+				.setMessageKey("recoveryKey.recoverExisting.message") //
+				.setDescriptionKey("recoveryKey.recoverExisting.description") //
+				.setIcon(FontAwesome5Icon.EXCLAMATION)//
+				.setOkButtonKey(BUTTON_KEY_CLOSE);
+	}
+	public SimpleDialog.Builder prepareRecoveryVaultAlreadyExists(Stage window) {
+		return createDialogBuilder().setOwner(window) //
+				.setTitleKey("recoveryKey.alreadyExists.title") //
+				.setMessageKey("recoveryKey.alreadyExists.message") //
+				.setDescriptionKey("recoveryKey.alreadyExists.description") //
+				.setIcon(FontAwesome5Icon.EXCLAMATION)//
+				.setOkButtonKey(BUTTON_KEY_CLOSE);
+	}
+
 	public SimpleDialog.Builder prepareRecoverPasswordSuccess(Stage window, Stage owner, ResourceBundle resourceBundle) {
 		return createDialogBuilder()
 				.setOwner(window) //
@@ -67,7 +84,8 @@ public class Dialogs {
 				.setIcon(FontAwesome5Icon.CHECK)
 				.setOkAction(stage -> {
 					stage.close();
-					if (owner.getTitle().equals(resourceBundle.getString("addvaultwizard.existing.title"))) {
+					String ownerTitle = owner.getTitle();
+					if (ownerTitle != null && ownerTitle.equals(resourceBundle.getString("addvaultwizard.existing.title"))) {
 						owner.close();
 					}
 				})
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
index a457ade3f..2c95da688 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
@@ -3,9 +3,11 @@ package org.cryptomator.ui.mainwindow;
 import org.apache.commons.lang3.SystemUtils;
 import org.cryptomator.common.settings.Settings;
 import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.common.vaults.VaultComponent;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
 import org.cryptomator.cryptofs.DirStructure;
+import org.cryptomator.integrations.mount.MountService;
 import org.cryptomator.ui.addvaultwizard.AddVaultWizardComponent;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.VaultService;
@@ -13,6 +15,7 @@ import org.cryptomator.ui.dialogs.Dialogs;
 import org.cryptomator.ui.fxapp.FxFSEventList;
 import org.cryptomator.ui.fxapp.FxApplicationWindows;
 import org.cryptomator.ui.preferences.SelectedPreferencesTab;
+import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -42,6 +45,7 @@ import java.io.File;
 import java.io.IOException;
 import java.nio.file.Path;
 import java.util.EnumSet;
+import java.util.List;
 import java.util.Optional;
 import java.util.ResourceBundle;
 import java.util.Set;
@@ -75,6 +79,10 @@ public class VaultListController implements FxController {
 	private final ObservableValue<Double> cellSize;
 	private final Dialogs dialogs;
 
+	private final VaultComponent.Factory vaultComponentFactory;
+	private final RecoveryKeyComponent.Factory recoveryKeyWindow;
+	private final List<MountService> mountServices;
+
 	public ListView<Vault> vaultList;
 	public StackPane root;
 	@FXML
@@ -94,6 +102,9 @@ public class VaultListController implements FxController {
 						FxApplicationWindows appWindows, //
 						Settings settings, //
 						Dialogs dialogs, //
+						RecoveryKeyComponent.Factory recoveryKeyWindow, //
+						VaultComponent.Factory vaultComponentFactory, //
+						List<MountService> mountServices, //
 						FxFSEventList fxFSEventList) {
 		this.mainWindow = mainWindow;
 		this.vaults = vaults;
@@ -105,6 +116,9 @@ public class VaultListController implements FxController {
 		this.resourceBundle = resourceBundle;
 		this.appWindows = appWindows;
 		this.dialogs = dialogs;
+		this.recoveryKeyWindow = recoveryKeyWindow;
+		this.vaultComponentFactory = vaultComponentFactory;
+		this.mountServices = mountServices;
 
 		this.emptyVaultList = Bindings.isEmpty(vaults);
 		this.unreadEvents = fxFSEventList.unreadEventsProperty();
@@ -214,6 +228,11 @@ public class VaultListController implements FxController {
 		addVaultWizard.build().showAddExistingVaultWizard(resourceBundle);
 	}
 
+	@FXML
+	public void didClickRecoverExistingVault() {
+		addVaultWizard.build().showRecoverExistingVaultWizard(mainWindow, dialogs, vaultComponentFactory,mountServices,vaultListManager,recoveryKeyWindow);
+	}
+
 	private void pressedShortcutToRemoveVault() {
 		final var vault = selectedVault.get();
 		if (vault != null && EnumSet.of(LOCKED, MISSING, ERROR, NEEDS_MIGRATION).contains(vault.getState())) {
diff --git a/src/main/resources/fxml/addvault_existing.fxml b/src/main/resources/fxml/addvault_existing.fxml
index 5cc7fc4b6..cfbeb2018 100644
--- a/src/main/resources/fxml/addvault_existing.fxml
+++ b/src/main/resources/fxml/addvault_existing.fxml
@@ -3,7 +3,6 @@
 <?import javafx.geometry.Insets?>
 <?import javafx.scene.control.Button?>
 <?import javafx.scene.control.ButtonBar?>
-<?import javafx.scene.control.CheckBox?>
 <?import javafx.scene.control.Label?>
 <?import javafx.scene.image.ImageView?>
 <?import javafx.scene.layout.Region?>
@@ -12,25 +11,21 @@
 	  xmlns="http://javafx.com/javafx"
 	  fx:controller="org.cryptomator.ui.addvaultwizard.ChooseExistingVaultController"
 	  prefWidth="450"
-	  prefHeight="480">
+	  prefHeight="450"
+	  spacing="24"
+	  alignment="CENTER">
 	<padding>
 		<Insets topRightBottomLeft="24"/>
 	</padding>
 	<children>
 		<ImageView VBox.vgrow="ALWAYS" fitWidth="400" preserveRatio="true" smooth="true" image="${controller.screenshot}"/>
 
-		<Label text="%addvaultwizard.existing.instruction" wrapText="true">
-			<padding>
-				<Insets bottom="6" top="6"/>
-			</padding>
-		</Label>
+		<Label text="%addvaultwizard.existing.instruction" wrapText="true" labelFor="$finishButton"/>
 
-		<CheckBox fx:id="restoreCheckBox" text="%addvaultwizard.existing.instruction.restore" wrapText="true"/>
 		<Region VBox.vgrow="ALWAYS"/>
-		<ButtonBar buttonMinWidth="120" buttonOrder="+CX">
+		<ButtonBar buttonMinWidth="120" buttonOrder="+X">
 			<buttons>
-				<Button text="%addvaultwizard.existing.restore" ButtonBar.buttonData="NEXT_FORWARD" onAction="#restoreVaultConfigWithRecoveryKey" visible="${controller.restoreButtonVisible}"/>
-				<Button text="%addvaultwizard.existing.chooseBtn" ButtonBar.buttonData="NEXT_FORWARD" onAction="#chooseFileAndNext" defaultButton="true"/>
+				<Button fx:id="finishButton" text="%addvaultwizard.existing.chooseBtn" ButtonBar.buttonData="NEXT_FORWARD" onAction="#chooseFileAndNext" defaultButton="true"/>
 			</buttons>
 		</ButtonBar>
 	</children>
diff --git a/src/main/resources/fxml/vault_list.fxml b/src/main/resources/fxml/vault_list.fxml
index 6706ec293..723e73f79 100644
--- a/src/main/resources/fxml/vault_list.fxml
+++ b/src/main/resources/fxml/vault_list.fxml
@@ -80,6 +80,11 @@
 						<FontAwesome5IconView glyph="FOLDER_OPEN" textAlignment="CENTER" wrappingWidth="14"/>
 					</graphic>
 				</MenuItem>
+				<MenuItem styleClass="dropdown-button-context-menu-item" text="%main.vaultlist.addVaultBtn.menuItemRecover" onAction="#didClickRecoverExistingVault">
+					<graphic>
+						<FontAwesome5IconView glyph="ARROWS_ROTATE" textAlignment="CENTER" wrappingWidth="14"/>
+					</graphic>
+				</MenuItem>
 			</items>
 		</ContextMenu>
 	</fx:define>
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index ef1cdca73..9abc37c27 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -96,7 +96,7 @@ addvault.new.readme.accessLocation.3=Any files added to this volume will be encr
 addvault.new.readme.accessLocation.4=Feel free to remove this file.
 ## Existing
 addvaultwizard.existing.title=Add Existing Vault
-addvaultwizard.existing.instruction=Choose the "vault.cryptomator" file of your existing vault. If only a file named "masterkey.cryptomator" exists, select that instead. If your vault.cryptomator lost you can recover it with your RecoveryKey.
+addvaultwizard.existing.instruction=Choose the "vault.cryptomator" file of your existing vault. If only a file named "masterkey.cryptomator" exists, select that instead.
 addvaultwizard.existing.instruction.restore=If your vault.cryptomator file went missing you can enable restore mode here.
 addvaultwizard.existing.restore=Restore…
 addvaultwizard.existing.chooseBtn=Choose…
@@ -404,6 +404,7 @@ main.vaultlist.contextMenu.vaultoptions=Show Vault Options
 main.vaultlist.contextMenu.reveal=Reveal Drive
 main.vaultlist.addVaultBtn.menuItemNew=Create New Vault...
 main.vaultlist.addVaultBtn.menuItemExisting=Open Existing Vault...
+main.vaultlist.addVaultBtn.menuItemRecover=Recover Existing Vault...
 main.vaultlist.showEventsButton.tooltip=Open event view
 ##Notificaition
 main.notification.updateAvailable=Update is available.
@@ -534,6 +535,14 @@ recoveryKey.recover.resetVaultConfigSuccess.message=Vault config reset successfu
 recoveryKey.recover.resetMasterkeyFileSuccess.message=Masterkey file reset successful
 
 ### Recover Kram
+recoveryKey.recoverExisting.title=Vault Added
+recoveryKey.recoverExisting.message=Recovery Vault added
+recoveryKey.recoverExisting.description=Your Vault added successfully.
+
+recoveryKey.alreadyExists.title=Vault Already Exists
+recoveryKey.alreadyExists.message=Vault already exists in VaultList.
+recoveryKey.alreadyExists.description=Nothing happend.
+
 
 recoveryKey.noDDirDetected.title=Invalid Selection
 recoveryKey.noDDirDetected.description=The selected folder must contain a subfolder named "d".

From c9b9eee5640408231ad0de4c0cca110944244621 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Tue, 1 Jul 2025 10:42:36 +0200
Subject: [PATCH 041/117] remove unused methods

---
 .../ui/addvaultwizard/ChooseExistingVaultController.java   | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
index e89184510..0eda9ae2b 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -142,11 +142,4 @@ public class ChooseExistingVaultController implements FxController {
 		return screenshot.getValue();
 	}
 
-	public boolean isRestoreButtonVisible() {
-		return restoreButtonVisible.get();
-	}
-
-	public BooleanProperty restoreButtonVisibleProperty() {
-		return restoreButtonVisible;
-	}
 }

From 626a692d636696a5677806e432b75656c6c72b86 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Tue, 1 Jul 2025 10:43:10 +0200
Subject: [PATCH 042/117] optimized LOGs

---
 .../org/cryptomator/common/recovery/MasterkeyService.java   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
index a9f311b1d..5f89d3611 100644
--- a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
+++ b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
@@ -70,12 +70,12 @@ public final class MasterkeyService {
 					.filter(p -> excludedFilenames.stream().noneMatch(p.toString()::endsWith))
 					.findFirst();
 			if (c9rFile.isEmpty()) {
-				LOG.info("No *.c9r file found in {}", vaultPath);
+				LOG.info("Unable to detect Crypto scheme: No *.c9r file found in {}", vaultPath);
 				return Optional.empty();
 			}
 			return determineScheme(c9rFile.get(), masterkey); //
 		} catch (IOException e) {
-			LOG.debug("Failed to inspect vault", e);
+			LOG.info("Unable to detect Crypto scheme: Failed to inspect vault", e);
 			return Optional.empty();
 		}
 	}
@@ -87,7 +87,7 @@ public final class MasterkeyService {
 					.filter(s -> isDecryptable(header, new Masterkey(masterkey), s))
 					.findFirst();
 		} catch (IOException e) {
-			LOG.info("Failed to decrypt .c9r file", e);
+			LOG.info("Unable to detect Crypto scheme: Failed to decrypt .c9r file", e);
 			return Optional.empty();
 		}
 	}

From 50fa8e06083574ec55f33d753b8790863f5332a2 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Tue, 1 Jul 2025 10:44:11 +0200
Subject: [PATCH 043/117] tmpDir renamed to cryptomator

---
 .../java/org/cryptomator/common/recovery/RecoveryDirectory.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
index 1fa52cf61..24b91d476 100644
--- a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
+++ b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
@@ -27,7 +27,7 @@ public final class RecoveryDirectory implements AutoCloseable {
 		FileAttribute<?> attr = PosixFilePermissions.asFileAttribute(
 				PosixFilePermissions.fromString("rwx------")
 		);
-		Path tempDir = Files.createTempDirectory("r", attr);
+		Path tempDir = Files.createTempDirectory("cryptomator", attr);
 		return new RecoveryDirectory(vaultPath, tempDir);
 	}
 

From 81307b6d7514d9d4250615251302b36e75810585 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 2 Jul 2025 11:26:05 +0200
Subject: [PATCH 044/117] remove PosixFilePermissions

---
 .../org/cryptomator/common/recovery/RecoveryDirectory.java   | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
index 24b91d476..b8244c9e9 100644
--- a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
+++ b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
@@ -24,10 +24,7 @@ public final class RecoveryDirectory implements AutoCloseable {
 	}
 
 	public static RecoveryDirectory create(Path vaultPath) throws IOException {
-		FileAttribute<?> attr = PosixFilePermissions.asFileAttribute(
-				PosixFilePermissions.fromString("rwx------")
-		);
-		Path tempDir = Files.createTempDirectory("cryptomator", attr);
+		Path tempDir = Files.createTempDirectory("cryptomator");
 		return new RecoveryDirectory(vaultPath, tempDir);
 	}
 

From 8a1ec1d073dcd907fd98eb5af63e92b389e13052 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 2 Jul 2025 11:29:01 +0200
Subject: [PATCH 045/117] read file header instead of allBytes to determine
 Scheme

---
 .../common/recovery/MasterkeyService.java     | 33 +++++++++++++------
 1 file changed, 23 insertions(+), 10 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
index 5f89d3611..d150c7feb 100644
--- a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
+++ b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
@@ -13,15 +13,16 @@ import org.slf4j.LoggerFactory;
 
 import java.io.IOException;
 import java.nio.ByteBuffer;
+import java.nio.channels.FileChannel;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.file.StandardOpenOption;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
-import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.stream.Stream;
 
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
@@ -81,16 +82,28 @@ public final class MasterkeyService {
 	}
 
 	private static Optional<CryptorProvider.Scheme> determineScheme(Path c9rFile, byte[] masterkey) {
-		try {
-			ByteBuffer header = ByteBuffer.wrap(Files.readAllBytes(c9rFile));
-			return Arrays.stream(CryptorProvider.Scheme.values())
-					.filter(s -> isDecryptable(header, new Masterkey(masterkey), s))
-					.findFirst();
-		} catch (IOException e) {
-			LOG.info("Unable to detect Crypto scheme: Failed to decrypt .c9r file", e);
-			return Optional.empty();
-		}
+		return Arrays.stream(CryptorProvider.Scheme.values()).filter(scheme -> {
+			try {
+				try (Masterkey mk = new Masterkey(masterkey); Cryptor cryptor = CryptorProvider.forScheme(scheme).provide(mk, SecureRandom.getInstanceStrong())) {
+					int headerSize = cryptor.fileHeaderCryptor().headerSize();
+
+					ByteBuffer headerBuf = ByteBuffer.allocate(headerSize);
+
+					try (FileChannel channel = FileChannel.open(c9rFile, StandardOpenOption.READ)) {
+						channel.read(headerBuf, 0);
+					}
+
+					headerBuf.flip();
+
+					return isDecryptable(headerBuf, mk, scheme);
+				}
+			} catch (IOException | CryptoException | NoSuchAlgorithmException e) {
+				LOG.info("Unable to detect Crypto scheme: Failed to decrypt .c9r file", e);
+				return false;
+			}
+		}).findFirst();
 	}
+
 	private static boolean isDecryptable(ByteBuffer header, Masterkey masterkey, CryptorProvider.Scheme scheme) {
 		try (Cryptor cryptor = CryptorProvider.forScheme(scheme).provide(masterkey, SecureRandom.getInstanceStrong())) {
 			cryptor.fileHeaderCryptor().decryptHeader(header.duplicate());

From c546f3363bfac9b474827cac1b9b0df6dfc42306 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Thu, 3 Jul 2025 12:08:41 +0200
Subject: [PATCH 046/117] reduce object creation and conversion

---
 .../common/recovery/MasterkeyService.java     | 42 +++++++------------
 .../RecoveryKeyCreationController.java        |  2 +-
 2 files changed, 15 insertions(+), 29 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
index d150c7feb..5fd74a7f0 100644
--- a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
+++ b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
@@ -1,7 +1,6 @@
 package org.cryptomator.common.recovery;
 
 import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.cryptolib.api.AuthenticationFailedException;
 import org.cryptomator.cryptolib.api.CryptoException;
 import org.cryptomator.cryptolib.api.Cryptor;
 import org.cryptomator.cryptolib.api.CryptorProvider;
@@ -44,7 +43,7 @@ public final class MasterkeyService {
 
 	public static Optional<CryptorProvider.Scheme> validateRecoveryKeyAndDetectCombo(RecoveryKeyFactory recoveryKeyFactory, //
 																					 Vault vault, String recoveryKey, //
-																					 MasterkeyFileAccess masterkeyFileAccess) throws  IllegalArgumentException {
+																					 MasterkeyFileAccess masterkeyFileAccess) throws IllegalArgumentException {
 		String tmpPass = UUID.randomUUID().toString();
 		try (RecoveryDirectory recoveryDirectory = RecoveryDirectory.create(vault.getPath())) {
 			Path tempRecoveryPath = recoveryDirectory.getRecoveryPath();
@@ -52,7 +51,7 @@ public final class MasterkeyService {
 			Path masterkeyFilePath = tempRecoveryPath.resolve(MASTERKEY_FILENAME);
 
 			try (Masterkey mk = load(masterkeyFileAccess, masterkeyFilePath, tmpPass)) {
-				return detect(mk.getEncoded(), vault.getPath());
+				return detect(mk, vault.getPath());
 			} catch (IOException | CryptoException e) {
 				LOG.info("Recovery key validation failed", e);
 				return Optional.empty();
@@ -63,13 +62,10 @@ public final class MasterkeyService {
 		return Optional.empty();
 	}
 
-	public static Optional<CryptorProvider.Scheme> detect(byte[] masterkey, Path vaultPath) {
+	public static Optional<CryptorProvider.Scheme> detect(Masterkey masterkey, Path vaultPath) {
 		try (Stream<Path> paths = Files.walk(vaultPath.resolve(DATA_DIR_NAME))) {
 			List<String> excludedFilenames = List.of("dirid.c9r", "dir.c9r");
-			Optional<Path> c9rFile = paths
-					.filter(p -> p.toString().endsWith(".c9r"))
-					.filter(p -> excludedFilenames.stream().noneMatch(p.toString()::endsWith))
-					.findFirst();
+			Optional<Path> c9rFile = paths.filter(p -> p.toString().endsWith(".c9r")).filter(p -> excludedFilenames.stream().noneMatch(p.toString()::endsWith)).findFirst();
 			if (c9rFile.isEmpty()) {
 				LOG.info("Unable to detect Crypto scheme: No *.c9r file found in {}", vaultPath);
 				return Optional.empty();
@@ -81,22 +77,20 @@ public final class MasterkeyService {
 		}
 	}
 
-	private static Optional<CryptorProvider.Scheme> determineScheme(Path c9rFile, byte[] masterkey) {
+	private static Optional<CryptorProvider.Scheme> determineScheme(Path c9rFile, Masterkey masterkey) {
 		return Arrays.stream(CryptorProvider.Scheme.values()).filter(scheme -> {
-			try {
-				try (Masterkey mk = new Masterkey(masterkey); Cryptor cryptor = CryptorProvider.forScheme(scheme).provide(mk, SecureRandom.getInstanceStrong())) {
-					int headerSize = cryptor.fileHeaderCryptor().headerSize();
+			try (Cryptor cryptor = CryptorProvider.forScheme(scheme).provide(masterkey.copy(), SecureRandom.getInstanceStrong())) {
+				int headerSize = cryptor.fileHeaderCryptor().headerSize();
 
-					ByteBuffer headerBuf = ByteBuffer.allocate(headerSize);
+				ByteBuffer headerBuf = ByteBuffer.allocate(headerSize);
 
-					try (FileChannel channel = FileChannel.open(c9rFile, StandardOpenOption.READ)) {
-						channel.read(headerBuf, 0);
-					}
-
-					headerBuf.flip();
-
-					return isDecryptable(headerBuf, mk, scheme);
+				try (FileChannel channel = FileChannel.open(c9rFile, StandardOpenOption.READ)) {
+					channel.read(headerBuf, 0);
 				}
+
+				headerBuf.flip();
+				cryptor.fileHeaderCryptor().decryptHeader(headerBuf.duplicate());
+				return true;
 			} catch (IOException | CryptoException | NoSuchAlgorithmException e) {
 				LOG.info("Unable to detect Crypto scheme: Failed to decrypt .c9r file", e);
 				return false;
@@ -104,12 +98,4 @@ public final class MasterkeyService {
 		}).findFirst();
 	}
 
-	private static boolean isDecryptable(ByteBuffer header, Masterkey masterkey, CryptorProvider.Scheme scheme) {
-		try (Cryptor cryptor = CryptorProvider.forScheme(scheme).provide(masterkey, SecureRandom.getInstanceStrong())) {
-			cryptor.fileHeaderCryptor().decryptHeader(header.duplicate());
-			return true;
-		} catch (AuthenticationFailedException | NoSuchAlgorithmException e) {
-			return false;
-		}
-	}
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
index 24aa6b0c3..56b0aab5e 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
@@ -148,7 +148,7 @@ public class RecoveryKeyCreationController implements FxController {
 			Path masterkeyFilePath = vault.getPath().resolve(MASTERKEY_FILENAME);
 
 			try (Masterkey masterkey = MasterkeyService.load(masterkeyFileAccess, masterkeyFilePath, passwordField.getCharacters())) {
-				var combo = MasterkeyService.detect(masterkey.getEncoded(), vault.getPath())
+				var combo = MasterkeyService.detect(masterkey, vault.getPath())
 						.orElseThrow(() -> new IllegalStateException("Could not detect combo for vault path: " + vault.getPath()));
 
 				CryptoFsInitializer.init(recoveryPath, masterkey, shorteningThreshold.get(), combo);

From f623b1ee7e3089d519e09b33a8e42d2997473cea Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 3 Jul 2025 15:48:21 +0200
Subject: [PATCH 047/117] better naming, void instead of unused boolean and
 LOGs

---
 .../common/recovery/BackupRestorer.java       | 26 ++++++++++---------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java b/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
index 488e5b6e1..bbb1fa4c9 100644
--- a/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
+++ b/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
@@ -1,5 +1,8 @@
 package org.cryptomator.common.recovery;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import java.io.IOException;
 import java.nio.file.Path;
 import java.nio.file.Files;
@@ -11,13 +14,15 @@ import static org.cryptomator.common.Constants.MASTERKEY_BACKUP_SUFFIX;
 
 public final class BackupRestorer {
 
+	private static final Logger LOG = LoggerFactory.getLogger(BackupRestorer.class);
+
 	private BackupRestorer() {}
 
-	public static boolean restoreIfPresent(Path vaultPath, String fileName) {
-		Path targetFile = vaultPath.resolve(fileName);
+	public static void restoreIfPresent(Path vaultPath, String filePrefix) {
+		Path targetFile = vaultPath.resolve(filePrefix);
 
 		try (Stream<Path> files = Files.list(vaultPath)) {
-			return files.filter(file -> isValidBackupFileForState(file.getFileName().toString(), fileName))
+			files.filter(file -> isFileMatchingPattern(file.getFileName().toString(), filePrefix))
 					.max((f1, f2) -> {
 						try {
 							FileTime time1 = Files.getLastModifiedTime(f1);
@@ -27,23 +32,20 @@ public final class BackupRestorer {
 							return 0;
 						}
 					})
-					.map(backupFile -> copyBackupFile(backupFile, targetFile))
-					.orElse(false);
+					.ifPresent(backupFile -> copyBackupFile(backupFile, targetFile));
 		} catch (IOException e) {
-			return false;
+			LOG.info("Unable to restore backup files in '{}'", vaultPath, e);
 		}
 	}
 
-	private static boolean isValidBackupFileForState(String fileName, String vaultState) {
-		return fileName.startsWith(vaultState) && fileName.endsWith(MASTERKEY_BACKUP_SUFFIX);
+	private static boolean isFileMatchingPattern(String fileName, String filePrefix) {
+		return fileName.startsWith(filePrefix) && fileName.endsWith(MASTERKEY_BACKUP_SUFFIX);
 	}
 
-	private static boolean copyBackupFile(Path backupFile, Path configPath) {
+	private static void copyBackupFile(Path backupFile, Path configPath) {
 		try {
 			Files.copy(backupFile, configPath, StandardCopyOption.REPLACE_EXISTING);
-			return true;
 		} catch (IOException e) {
-			return false;
-		}
+			LOG.warn("Unable to copy backup file from '{}' to '{}'", backupFile, configPath, e);		}
 	}
 }

From 8089bcd0d0fa2b77ded9cd6d813cf78b597e4fb4 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Fri, 4 Jul 2025 17:16:32 +0200
Subject: [PATCH 048/117] cleanup

---
 .../common/vaults/VaultListManager.java       |  4 +-
 .../AddVaultWizardComponent.java              | 62 ----------------
 .../ChooseExistingVaultController.java        | 38 ----------
 .../org/cryptomator/ui/dialogs/Dialogs.java   | 10 +--
 .../cryptomator/ui/dialogs/SimpleDialog.java  |  6 +-
 .../ui/mainwindow/VaultListController.java    | 72 ++++++++++++++++++-
 .../RecoveryKeyCreationController.java        |  6 +-
 .../RecoveryKeyExpertSettingsController.java  | 22 +++---
 .../RecoveryKeyResetPasswordController.java   |  2 +-
 src/main/resources/i18n/strings.properties    |  9 ++-
 10 files changed, 101 insertions(+), 130 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index c7e03ae70..cb084359a 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -72,7 +72,7 @@ public class VaultListManager {
 		autoLocker.init();
 	}
 
-	public boolean containsVault(Path vaultPath) {
+	public boolean isAlreadyAdded(Path vaultPath) {
 		assert vaultPath.isAbsolute();
 		assert vaultPath.normalize().equals(vaultPath);
 		return vaultList.stream().anyMatch(v -> vaultPath.equals(v.getPath()));
@@ -127,7 +127,7 @@ public class VaultListManager {
 
 	public void addVault(Vault vault) {
 		Path path = vault.getPath().normalize().toAbsolutePath();
-		if (!containsVault(path)) {
+		if (!isAlreadyAdded(path)) {
 			vaultList.add(vault);
 		}
 	}
diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultWizardComponent.java b/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultWizardComponent.java
index cd68bf254..5b01a6b2f 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultWizardComponent.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultWizardComponent.java
@@ -7,28 +7,13 @@ package org.cryptomator.ui.addvaultwizard;
 
 import dagger.Lazy;
 import dagger.Subcomponent;
-import org.cryptomator.common.recovery.RecoveryActionType;
-import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.common.vaults.VaultComponent;
-import org.cryptomator.common.vaults.VaultListManager;
-import org.cryptomator.common.vaults.VaultState;
-import org.cryptomator.integrations.mount.MountService;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
-import org.cryptomator.ui.dialogs.Dialogs;
-import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 
-import javafx.beans.property.SimpleObjectProperty;
 import javafx.scene.Scene;
-import javafx.stage.DirectoryChooser;
 import javafx.stage.Stage;
-import javafx.stage.Window;
-import java.io.File;
-import java.util.List;
 import java.util.ResourceBundle;
 
-import static org.cryptomator.ui.addvaultwizard.ChooseExistingVaultController.prepareVault;
-
 @AddVaultWizardScoped
 @Subcomponent(modules = {AddVaultModule.class})
 public interface AddVaultWizardComponent {
@@ -42,9 +27,6 @@ public interface AddVaultWizardComponent {
 	@FxmlScene(FxmlFile.ADDVAULT_EXISTING)
 	Lazy<Scene> sceneExisting();
 
-	@FxmlScene(FxmlFile.ADDVAULT_SUCCESS)
-	Lazy<Scene> sceneSuccess();
-
 	default void showAddNewVaultWizard(ResourceBundle resourceBundle) {
 		Stage stage = window();
 		stage.setScene(sceneNew().get());
@@ -61,50 +43,6 @@ public interface AddVaultWizardComponent {
 		stage.show();
 	}
 
-	default void showRecoverExistingVaultWizard(Window mainWindow, //
-												Dialogs dialogs, //
-												VaultComponent.Factory vaultComponentFactory, //
-												List<MountService> mountServices, //
-												VaultListManager vaultListManager, //
-												RecoveryKeyComponent.Factory recoveryKeyWindow) {
-		Stage stage = window();
-		DirectoryChooser directoryChooser = new DirectoryChooser();
-
-		while (true) {
-			File selectedDirectory = directoryChooser.showDialog(mainWindow);
-			if (selectedDirectory == null) {
-				return;
-			}
-
-			boolean hasSubfolderD = new File(selectedDirectory, "d").isDirectory();
-			if (!hasSubfolderD) {
-				dialogs.prepareNoDDirectorySelectedDialog(stage).build().showAndWait();
-				continue;
-			}
-
-			Vault preparedVault = prepareVault(selectedDirectory, vaultComponentFactory, mountServices);
-
-			if (!vaultListManager.containsVault(preparedVault.getPath())) {
-				vaultListManager.addVault(preparedVault);
-				dialogs.prepareRecoveryVaultAdded(stage).setOkAction(Stage::close).build().showAndWait();
-			}
-
-			VaultListManager.redetermineVaultState(preparedVault);
-			VaultState.Value state = preparedVault.getState();
-
-			switch (state) {
-				case VAULT_CONFIG_MISSING -> recoveryKeyWindow.create(preparedVault, stage, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG)) //
-						.showOnboardingDialogWindow();
-				case ALL_MISSING -> recoveryKeyWindow.create(preparedVault, stage, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_ALL)) //
-						.showOnboardingDialogWindow();
-				default -> dialogs.prepareRecoveryVaultAlreadyExists(stage)//
-						.setOkAction(Stage::close)//
-						.build().showAndWait();
-			}
-			break;
-		}
-	}
-
 	@Subcomponent.Builder
 	interface Builder {
 
diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
index 0eda9ae2b..27c9f6204 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -2,12 +2,8 @@ package org.cryptomator.ui.addvaultwizard;
 
 import dagger.Lazy;
 import org.apache.commons.lang3.SystemUtils;
-import org.cryptomator.common.settings.VaultSettings;
 import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.common.vaults.VaultComponent;
-import org.cryptomator.common.vaults.VaultConfigCache;
 import org.cryptomator.common.vaults.VaultListManager;
-import org.cryptomator.integrations.mount.MountService;
 import org.cryptomator.integrations.uiappearance.Theme;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
@@ -18,9 +14,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
-import javafx.beans.property.BooleanProperty;
 import javafx.beans.property.ObjectProperty;
-import javafx.beans.property.SimpleBooleanProperty;
 import javafx.beans.value.ObservableValue;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
@@ -30,12 +24,10 @@ import javafx.stage.Stage;
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Path;
-import java.util.List;
 import java.util.Objects;
 import java.util.ResourceBundle;
 
 import static org.cryptomator.common.Constants.CRYPTOMATOR_FILENAME_GLOB;
-import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
 
 @AddVaultWizardScoped
 public class ChooseExistingVaultController implements FxController {
@@ -51,9 +43,6 @@ public class ChooseExistingVaultController implements FxController {
 	private final ResourceBundle resourceBundle;
 	private final ObservableValue<Image> screenshot;
 
-	private final BooleanProperty restoreButtonVisible = new SimpleBooleanProperty(false);
-
-
 	@Inject
 	ChooseExistingVaultController(@AddVaultWizardWindow Stage window, //
 								  @FxmlScene(FxmlFile.ADDVAULT_SUCCESS) Lazy<Scene> successScene, //
@@ -105,33 +94,6 @@ public class ChooseExistingVaultController implements FxController {
 		}
 	}
 
-	public static Vault prepareVault(File selectedDirectory, VaultComponent.Factory vaultComponentFactory, List<MountService> mountServices) {
-		Path selectedPath = selectedDirectory.toPath();
-		VaultSettings vaultSettings = VaultSettings.withRandomId();
-		vaultSettings.path.set(selectedPath);
-		if (selectedPath.getFileName() != null) {
-			vaultSettings.displayName.set(selectedPath.getFileName().toString());
-		} else {
-			vaultSettings.displayName.set("defaultVaultName");
-		}
-
-		var wrapper = new VaultConfigCache(vaultSettings);
-		Vault vault = vaultComponentFactory.create(vaultSettings, wrapper, LOCKED, null).vault();
-		try {
-			VaultListManager.determineVaultState(vault.getPath(), vaultSettings);
-		} catch (IOException e) {
-			LOG.warn("Failed to determine vault state for {}", vaultSettings.path.get(), e);
-		}
-
-		//due to https://github.com/cryptomator/cryptomator/issues/2880#issuecomment-1680313498
-		var nameOfWinfspLocalMounter = "org.cryptomator.frontend.fuse.mount.WinFspMountProvider";
-		if (SystemUtils.IS_OS_WINDOWS && vaultSettings.path.get().toString().contains("Dropbox") && mountServices.stream().anyMatch(s -> s.getClass().getName().equals(nameOfWinfspLocalMounter))) {
-			vaultSettings.mountService.setValue(nameOfWinfspLocalMounter);
-		}
-
-		return vault;
-	}
-
 	/* Getter */
 
 	public ObservableValue<Image> screenshotProperty() {
diff --git a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
index 6e5d91ecd..5ba3e1eb3 100644
--- a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
+++ b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
@@ -58,19 +58,19 @@ public class Dialogs {
 				.setOkButtonKey(BUTTON_KEY_CLOSE);
 	}
 
-	public SimpleDialog.Builder prepareRecoveryVaultAdded(Stage window) {
+	public SimpleDialog.Builder prepareRecoveryVaultAdded(Stage window, String displayName) {
 		return createDialogBuilder().setOwner(window) //
 				.setTitleKey("recoveryKey.recoverExisting.title") //
 				.setMessageKey("recoveryKey.recoverExisting.message") //
-				.setDescriptionKey("recoveryKey.recoverExisting.description") //
-				.setIcon(FontAwesome5Icon.EXCLAMATION)//
+				.setDescriptionKey("recoveryKey.recoverExisting.description", displayName) //
+				.setIcon(FontAwesome5Icon.CHECK)//
 				.setOkButtonKey(BUTTON_KEY_CLOSE);
 	}
-	public SimpleDialog.Builder prepareRecoveryVaultAlreadyExists(Stage window) {
+	public SimpleDialog.Builder prepareRecoveryVaultAlreadyExists(Stage window, String displayName) {
 		return createDialogBuilder().setOwner(window) //
 				.setTitleKey("recoveryKey.alreadyExists.title") //
 				.setMessageKey("recoveryKey.alreadyExists.message") //
-				.setDescriptionKey("recoveryKey.alreadyExists.description") //
+				.setDescriptionKey("recoveryKey.alreadyExists.description", displayName) //
 				.setIcon(FontAwesome5Icon.EXCLAMATION)//
 				.setOkButtonKey(BUTTON_KEY_CLOSE);
 	}
diff --git a/src/main/java/org/cryptomator/ui/dialogs/SimpleDialog.java b/src/main/java/org/cryptomator/ui/dialogs/SimpleDialog.java
index 08f77849e..5efe4abfe 100644
--- a/src/main/java/org/cryptomator/ui/dialogs/SimpleDialog.java
+++ b/src/main/java/org/cryptomator/ui/dialogs/SimpleDialog.java
@@ -30,7 +30,7 @@ public class SimpleDialog {
 
 		FxmlLoaderFactory loaderFactory = FxmlLoaderFactory.forController( //
 				new SimpleDialogController(resolveText(builder.messageKey, null), //
-						resolveText(builder.descriptionKey, null), //
+						resolveText(builder.descriptionKey, builder.descriptionArgs), //
 						builder.icon, //
 						resolveText(builder.okButtonKey, null), //
 						builder.cancelButtonKey != null ? resolveText(builder.cancelButtonKey, null) : null, //
@@ -66,6 +66,7 @@ public class SimpleDialog {
 		private String[] titleArgs;
 		private String messageKey;
 		private String descriptionKey;
+		private String[] descriptionArgs;
 		private String okButtonKey;
 		private String cancelButtonKey;
 		private FontAwesome5Icon icon;
@@ -93,8 +94,9 @@ public class SimpleDialog {
 			return this;
 		}
 
-		public Builder setDescriptionKey(String descriptionKey) {
+		public Builder setDescriptionKey(String descriptionKey, String... args) {
 			this.descriptionKey = descriptionKey;
+			this.descriptionArgs = args;
 			return this;
 		}
 
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
index 2c95da688..e836eff9c 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
@@ -1,10 +1,14 @@
 package org.cryptomator.ui.mainwindow;
 
 import org.apache.commons.lang3.SystemUtils;
+import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.common.settings.Settings;
+import org.cryptomator.common.settings.VaultSettings;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultComponent;
+import org.cryptomator.common.vaults.VaultConfigCache;
 import org.cryptomator.common.vaults.VaultListManager;
+import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
 import org.cryptomator.cryptofs.DirStructure;
 import org.cryptomator.integrations.mount.MountService;
@@ -25,6 +29,7 @@ import javafx.beans.binding.BooleanBinding;
 import javafx.beans.property.BooleanProperty;
 import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.SimpleBooleanProperty;
+import javafx.beans.property.SimpleObjectProperty;
 import javafx.beans.value.ObservableValue;
 import javafx.collections.ListChangeListener;
 import javafx.collections.ObservableList;
@@ -40,6 +45,7 @@ import javafx.scene.input.KeyEvent;
 import javafx.scene.input.MouseEvent;
 import javafx.scene.input.TransferMode;
 import javafx.scene.layout.StackPane;
+import javafx.stage.DirectoryChooser;
 import javafx.stage.Stage;
 import java.io.File;
 import java.io.IOException;
@@ -230,7 +236,71 @@ public class VaultListController implements FxController {
 
 	@FXML
 	public void didClickRecoverExistingVault() {
-		addVaultWizard.build().showRecoverExistingVaultWizard(mainWindow, dialogs, vaultComponentFactory,mountServices,vaultListManager,recoveryKeyWindow);
+		DirectoryChooser directoryChooser = new DirectoryChooser();
+
+		while (true) {
+			File selectedDirectory = directoryChooser.showDialog(mainWindow);
+			if (selectedDirectory == null) {
+				return;
+			}
+
+			boolean hasSubfolderD = new File(selectedDirectory, "d").isDirectory();
+			if (!hasSubfolderD) {
+				dialogs.prepareNoDDirectorySelectedDialog(mainWindow).build().showAndWait();
+				continue;
+			}
+
+			Vault preparedVault = prepareVault(selectedDirectory, vaultComponentFactory, mountServices);
+
+			if (vaultListManager.get(preparedVault.getPath()).isPresent()) {
+				dialogs.prepareRecoveryVaultAlreadyExists(mainWindow, vaultListManager.get(preparedVault.getPath()).get().getDisplayName()) //
+						.setOkAction(Stage::close) //
+						.build().showAndWait();
+				break;
+			}
+
+			VaultListManager.redetermineVaultState(preparedVault);
+			VaultState.Value state = preparedVault.getState();
+
+			switch (state) {
+				case VAULT_CONFIG_MISSING ->
+						recoveryKeyWindow.create(preparedVault, mainWindow, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG)).showOnboardingDialogWindow();
+				case ALL_MISSING ->
+						recoveryKeyWindow.create(preparedVault, mainWindow, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_ALL)).showOnboardingDialogWindow();
+				case LOCKED -> {
+					vaultListManager.addVault(preparedVault);
+					dialogs.prepareRecoveryVaultAdded(mainWindow, preparedVault.getDisplayName()).setOkAction(Stage::close).build().showAndWait();
+				}
+			}
+			break;
+		}
+	}
+
+	public static Vault prepareVault(File selectedDirectory, VaultComponent.Factory vaultComponentFactory, List<MountService> mountServices) {
+		Path selectedPath = selectedDirectory.toPath();
+		VaultSettings vaultSettings = VaultSettings.withRandomId();
+		vaultSettings.path.set(selectedPath);
+		if (selectedPath.getFileName() != null) {
+			vaultSettings.displayName.set(selectedPath.getFileName().toString());
+		} else {
+			vaultSettings.displayName.set("defaultVaultName");
+		}
+
+		var wrapper = new VaultConfigCache(vaultSettings);
+		Vault vault = vaultComponentFactory.create(vaultSettings, wrapper, LOCKED, null).vault();
+		try {
+			VaultListManager.determineVaultState(vault.getPath(), vaultSettings);
+		} catch (IOException e) {
+			LOG.warn("Failed to determine vault state for {}", vaultSettings.path.get(), e);
+		}
+
+		//due to https://github.com/cryptomator/cryptomator/issues/2880#issuecomment-1680313498
+		var nameOfWinfspLocalMounter = "org.cryptomator.frontend.fuse.mount.WinFspMountProvider";
+		if (SystemUtils.IS_OS_WINDOWS && vaultSettings.path.get().toString().contains("Dropbox") && mountServices.stream().anyMatch(s -> s.getClass().getName().equals(nameOfWinfspLocalMounter))) {
+			vaultSettings.mountService.setValue(nameOfWinfspLocalMounter);
+		}
+
+		return vault;
 	}
 
 	private void pressedShortcutToRemoveVault() {
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
index 56b0aab5e..b4c1db68a 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
@@ -100,9 +100,9 @@ public class RecoveryKeyCreationController implements FxController {
 
 	@FXML
 	public void initialize() {
-		if (recoverType.get().equals(RecoveryActionType.SHOW_KEY)) {
+		if (recoverType.get() == RecoveryActionType.SHOW_KEY) {
 			window.setTitle(resourceBundle.getString("recoveryKey.display.title"));
-		} else if (recoverType.get().equals(RecoveryActionType.RESTORE_VAULT_CONFIG)) {
+		} else if (recoverType.get() == RecoveryActionType.RESTORE_VAULT_CONFIG) {
 			window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
 			descriptionLabel.formatProperty().set(resourceBundle.getString("recoveryKey.recover.description"));
 			cancelButton.setOnAction((_) -> back());
@@ -156,7 +156,7 @@ public class RecoveryKeyCreationController implements FxController {
 
 			recoveryDirectory.moveRecoveredFile(VAULTCONFIG_FILENAME);
 
-			if (!vaultListManager.containsVault(vault.getPath())) {
+			if (!vaultListManager.isAlreadyAdded(vault.getPath())) {
 				vaultListManager.add(vault.getPath());
 			}
 			window.close();
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
index 1555eac68..f84529b1e 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
@@ -21,8 +21,6 @@ import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
 import org.cryptomator.ui.controls.NumericTextField;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 @RecoveryKeyScoped
 public class RecoveryKeyExpertSettingsController implements FxController {
@@ -42,10 +40,10 @@ public class RecoveryKeyExpertSettingsController implements FxController {
 	private final Lazy<Scene> recoverScene;
 	private final BooleanBinding validShorteningThreshold;
 
-	@FXML public CheckBox expertSettingsCheckBox;
-	@FXML public NumericTextField shorteningThresholdTextField;
-
-	private static final Logger LOG = LoggerFactory.getLogger(RecoveryKeyExpertSettingsController.class);
+	@FXML
+	public CheckBox expertSettingsCheckBox;
+	@FXML
+	public NumericTextField shorteningThresholdTextField;
 
 	@Inject
 	public RecoveryKeyExpertSettingsController(@RecoveryKeyWindow Stage window, //
@@ -105,19 +103,21 @@ public class RecoveryKeyExpertSettingsController implements FxController {
 
 	@FXML
 	public void back() {
-		if(recoverType.get().equals(RecoveryActionType.RESTORE_ALL) && vault.getState().equals(VaultState.Value.VAULT_CONFIG_MISSING))
+		if (recoverType.get() == RecoveryActionType.RESTORE_ALL && vault.getState() == VaultState.Value.VAULT_CONFIG_MISSING) {
 			window.setScene(recoverScene.get());
-		else if(recoverType.get().equals(RecoveryActionType.RESTORE_ALL) && vault.getState().equals(VaultState.Value.ALL_MISSING))
+		} else if (recoverType.get() == RecoveryActionType.RESTORE_ALL && vault.getState() == VaultState.Value.ALL_MISSING) {
 			window.setScene(recoverScene.get());
-		else if(recoverType.get().equals(RecoveryActionType.RESTORE_VAULT_CONFIG))
+		} else if (recoverType.get() == RecoveryActionType.RESTORE_VAULT_CONFIG) {
 			window.setScene(onBoardingScene.get());
+		}
 	}
 
 	@FXML
 	public void next() {
-		if(recoverType.get().equals(RecoveryActionType.RESTORE_VAULT_CONFIG))
+		if (recoverType.get() == RecoveryActionType.RESTORE_VAULT_CONFIG) {
 			window.setScene(createScene.get());
-		else
+		} else {
 			window.setScene(resetPasswordScene.get());
+		}
 	}
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index 2733e4a7a..460372ca1 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -143,7 +143,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 			recoveryDirectory.moveRecoveredFile(MASTERKEY_FILENAME);
 			recoveryDirectory.moveRecoveredFile(VAULTCONFIG_FILENAME);
 
-			if (!vaultListManager.containsVault(vault.getPath())) {
+			if (!vaultListManager.isAlreadyAdded(vault.getPath())) {
 				vaultListManager.add(vault.getPath());
 			}
 			window.close();
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index 9abc37c27..008a6c945 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -536,13 +536,12 @@ recoveryKey.recover.resetMasterkeyFileSuccess.message=Masterkey file reset succe
 
 ### Recover Kram
 recoveryKey.recoverExisting.title=Vault Added
-recoveryKey.recoverExisting.message=Recovery Vault added
-recoveryKey.recoverExisting.description=Your Vault added successfully.
+recoveryKey.recoverExisting.message=The vault was added successfully
+recoveryKey.recoverExisting.description=Your vault "%s" has been added to your vault list. No recovery process was started.
 
 recoveryKey.alreadyExists.title=Vault Already Exists
-recoveryKey.alreadyExists.message=Vault already exists in VaultList.
-recoveryKey.alreadyExists.description=Nothing happend.
-
+recoveryKey.alreadyExists.message=This vault has already been added
+recoveryKey.alreadyExists.description=Your vault "%s" is already present in your vault list and was therefore not added again.
 
 recoveryKey.noDDirDetected.title=Invalid Selection
 recoveryKey.noDDirDetected.description=The selected folder must contain a subfolder named "d".

From 191d9473c0ecd1c566a329af1e1a533f592440bb Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Fri, 4 Jul 2025 19:17:24 +0200
Subject: [PATCH 049/117] small enhancements

---
 .../cryptomator/common/vaults/VaultListManager.java | 13 ++++++-------
 .../ChooseMasterkeyFileController.java              |  4 ++--
 .../ui/mainwindow/VaultListController.java          |  2 +-
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index cb084359a..551988828 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -135,7 +135,7 @@ public class VaultListManager {
 	private Vault create(VaultSettings vaultSettings) {
 		var wrapper = new VaultConfigCache(vaultSettings);
 		try {
-			var vaultState = determineVaultState(vaultSettings.path.get(), vaultSettings);
+			var vaultState = determineVaultState(vaultSettings.path.get());
 			if (vaultState == LOCKED) { //for legacy reasons: pre v8 vault do not have a config, but they are in the NEEDS_MIGRATION state
 				wrapper.reloadConfig();
 				if (Objects.isNull(vaultSettings.lastKnownKeyLoader.get())) {
@@ -169,15 +169,15 @@ public class VaultListManager {
 	}
 
 	public static VaultState.Value redetermineVaultState(Vault vault) {
-		VaultState state  = vault.stateProperty();
+		VaultState state = vault.stateProperty();
 		VaultState.Value previous = state.getValue();
 
-		if (previous.equals(UNLOCKED)||previous.equals(PROCESSING)) {
+		if (previous.equals(UNLOCKED) || previous.equals(PROCESSING)) {
 			return previous;
 		}
 
 		try {
-			VaultState.Value determined = determineVaultState(vault.getPath(), vault.getVaultSettings());
+			VaultState.Value determined = determineVaultState(vault.getPath());
 
 			if (determined == LOCKED) {
 				vault.getVaultConfigCache().reloadConfig();
@@ -193,7 +193,7 @@ public class VaultListManager {
 		}
 	}
 
-	public static VaultState.Value determineVaultState(Path pathToVault, VaultSettings vaultSettings) throws IOException {
+	public static VaultState.Value determineVaultState(Path pathToVault) throws IOException {
 		Path pathToVaultConfig = pathToVault.resolve(VAULTCONFIG_FILENAME);
 		Path pathToMasterkey = pathToVault.resolve(MASTERKEY_FILENAME);
 
@@ -213,7 +213,6 @@ public class VaultListManager {
 			return VAULT_CONFIG_MISSING;
 		}
 
-
 		return checkDirStructure(pathToVault);
 	}
 
@@ -222,7 +221,7 @@ public class VaultListManager {
 			case VAULT -> VaultState.Value.LOCKED;
 			case UNRELATED -> VaultState.Value.MISSING;
 			case MAYBE_LEGACY -> Migrators.get().needsMigration(pathToVault, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME) ? //
-					NEEDS_MIGRATION //
+					VaultState.Value.NEEDS_MIGRATION //
 					: VaultState.Value.MISSING;
 		};
 	}
diff --git a/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java b/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java
index 722c780b4..4f6403e87 100644
--- a/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java
+++ b/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java
@@ -56,10 +56,10 @@ public class ChooseMasterkeyFileController implements FxController {
 		restoreInsteadCheckBox.selectedProperty().addListener((_, _, newVal) -> {
 			if (newVal) {
 				chooseButton.setText(resourceBundle.getString("addvaultwizard.existing.restore"));
-				chooseButton.setOnAction(e -> restoreMasterkey());
+				chooseButton.setOnAction(_ -> restoreMasterkey());
 			} else {
 				chooseButton.setText(resourceBundle.getString("generic.button.choose"));
-				chooseButton.setOnAction(e -> proceed());
+				chooseButton.setOnAction(_ -> proceed());
 			}
 		});
 	}
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
index e836eff9c..d625d6662 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
@@ -289,7 +289,7 @@ public class VaultListController implements FxController {
 		var wrapper = new VaultConfigCache(vaultSettings);
 		Vault vault = vaultComponentFactory.create(vaultSettings, wrapper, LOCKED, null).vault();
 		try {
-			VaultListManager.determineVaultState(vault.getPath(), vaultSettings);
+			VaultListManager.determineVaultState(vault.getPath());
 		} catch (IOException e) {
 			LOG.warn("Failed to determine vault state for {}", vaultSettings.path.get(), e);
 		}

From a9444182bb58bf5ba0734f001350b0caa1209047 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Fri, 4 Jul 2025 22:17:27 +0200
Subject: [PATCH 050/117] clean up

---
 .../common/vaults/VaultListManager.java       | 10 ++--
 .../ui/fxapp/FxApplicationTerminator.java     |  2 +-
 .../ChooseMasterkeyFileController.java        | 16 +++---
 .../ui/mainwindow/VaultListController.java    |  4 +-
 .../RecoveryKeyOnboardingController.java      |  3 +-
 .../RecoveryKeyRecoverController.java         | 16 +++---
 .../resources/fxml/recoverykey_recover.fxml   |  2 +-
 .../fxml/unlock_select_masterkeyfile.fxml     |  2 +-
 .../fxml/vault_detail_missing_masterkey.fxml  | 49 -------------------
 src/main/resources/i18n/strings.properties    |  1 -
 10 files changed, 30 insertions(+), 75 deletions(-)
 delete mode 100644 src/main/resources/fxml/vault_detail_missing_masterkey.fxml

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index 551988828..9a0b7977e 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -158,13 +158,9 @@ public class VaultListManager {
 	}
 
 	private void initializeLastKnownKeyLoaderIfPossible(VaultSettings vaultSettings, VaultConfigCache wrapper) throws IOException {
-		try {
-			if (vaultSettings.lastKnownKeyLoader.get() == null) {
-				var keyIdScheme = wrapper.get().getKeyId().getScheme();
-				vaultSettings.lastKnownKeyLoader.set(keyIdScheme);
-			}
-		} catch (NoSuchFileException e) {
-			LOG.warn("Vault config file not found.");
+		if (vaultSettings.lastKnownKeyLoader.get() == null) {
+			var keyIdScheme = wrapper.get().getKeyId().getScheme();
+			vaultSettings.lastKnownKeyLoader.set(keyIdScheme);
 		}
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/fxapp/FxApplicationTerminator.java b/src/main/java/org/cryptomator/ui/fxapp/FxApplicationTerminator.java
index 74938bc64..28c6d986d 100644
--- a/src/main/java/org/cryptomator/ui/fxapp/FxApplicationTerminator.java
+++ b/src/main/java/org/cryptomator/ui/fxapp/FxApplicationTerminator.java
@@ -28,7 +28,7 @@ import static org.cryptomator.common.vaults.VaultState.Value.*;
 @FxApplicationScoped
 public class FxApplicationTerminator {
 
-	private static final Set<VaultState.Value> STATES_ALLOWING_TERMINATION = EnumSet.of(LOCKED, NEEDS_MIGRATION, MISSING, ERROR);
+	private static final Set<VaultState.Value> STATES_ALLOWING_TERMINATION = EnumSet.of(LOCKED, NEEDS_MIGRATION, MISSING, ERROR, VAULT_CONFIG_MISSING, ALL_MISSING);
 	private static final Set<VaultState.Value> STATES_PREVENT_TERMINATION = EnumSet.of(PROCESSING);
 	private static final Logger LOG = LoggerFactory.getLogger(FxApplicationTerminator.class);
 
diff --git a/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java b/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java
index 4f6403e87..0ced00170 100644
--- a/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java
+++ b/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java
@@ -34,8 +34,10 @@ public class ChooseMasterkeyFileController implements FxController {
 	private final RecoveryKeyComponent.Factory recoveryKeyWindow;
 	private final ResourceBundle resourceBundle;
 
-	@FXML private CheckBox restoreInsteadCheckBox;
-	@FXML private Button chooseButton;
+	@FXML
+	private CheckBox restoreInsteadCheckBox;
+	@FXML
+	private Button forwardButton;
 
 	@Inject
 	public ChooseMasterkeyFileController(@KeyLoading Stage window, //
@@ -55,11 +57,11 @@ public class ChooseMasterkeyFileController implements FxController {
 	private void initialize() {
 		restoreInsteadCheckBox.selectedProperty().addListener((_, _, newVal) -> {
 			if (newVal) {
-				chooseButton.setText(resourceBundle.getString("addvaultwizard.existing.restore"));
-				chooseButton.setOnAction(_ -> restoreMasterkey());
+				forwardButton.setText(resourceBundle.getString("addvaultwizard.existing.restore"));
+				forwardButton.setOnAction(_ -> restoreMasterkey());
 			} else {
-				chooseButton.setText(resourceBundle.getString("generic.button.choose"));
-				chooseButton.setOnAction(_ -> proceed());
+				forwardButton.setText(resourceBundle.getString("generic.button.choose"));
+				forwardButton.setOnAction(_ -> proceed());
 			}
 		});
 	}
@@ -94,7 +96,7 @@ public class ChooseMasterkeyFileController implements FxController {
 
 	//--- Setter & Getter ---
 
-	public String getDisplayName(){
+	public String getDisplayName() {
 		return vault.getDisplayName();
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
index d625d6662..fa3d96d0e 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
@@ -60,10 +60,12 @@ import java.util.stream.Collectors;
 import static org.cryptomator.common.Constants.CRYPTOMATOR_FILENAME_EXT;
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
+import static org.cryptomator.common.vaults.VaultState.Value.ALL_MISSING;
 import static org.cryptomator.common.vaults.VaultState.Value.ERROR;
 import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
 import static org.cryptomator.common.vaults.VaultState.Value.MISSING;
 import static org.cryptomator.common.vaults.VaultState.Value.NEEDS_MIGRATION;
+import static org.cryptomator.common.vaults.VaultState.Value.VAULT_CONFIG_MISSING;
 
 @MainWindowScoped
 public class VaultListController implements FxController {
@@ -305,7 +307,7 @@ public class VaultListController implements FxController {
 
 	private void pressedShortcutToRemoveVault() {
 		final var vault = selectedVault.get();
-		if (vault != null && EnumSet.of(LOCKED, MISSING, ERROR, NEEDS_MIGRATION).contains(vault.getState())) {
+		if (vault != null && EnumSet.of(LOCKED, MISSING, ERROR, NEEDS_MIGRATION, ALL_MISSING, VAULT_CONFIG_MISSING).contains(vault.getState())) {
 			dialogs.prepareRemoveVaultDialog(mainWindow, vault, vaults).build().showAndWait();
 		}
 	}
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
index da46a6741..aec2243ab 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
@@ -132,10 +132,11 @@ public class RecoveryKeyOnboardingController implements FxController {
 					window.setScene(recoverykeyExpertSettingsScene.get());
 				} else {
 					window.setScene(recoverykeyRecoverScene.get());
-					window.centerOnScreen();
 				}
 			}
 			case RESTORE_MASTERKEY -> window.setScene(recoverykeyRecoverScene.get());
 		}
+		window.centerOnScreen();
 	}
 }
+
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
index 1045e026a..15d32ccd9 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
@@ -13,6 +13,7 @@ import javafx.fxml.FXML;
 import javafx.scene.Scene;
 import javafx.scene.control.Button;
 import javafx.stage.Stage;
+import java.util.Objects;
 import java.util.ResourceBundle;
 
 @RecoveryKeyScoped
@@ -67,17 +68,20 @@ public class RecoveryKeyRecoverController implements FxController {
 
 	@FXML
 	public void initialize() {
-		switch (recoverType.get()) {
-			case RESTORE_ALL, RESTORE_VAULT_CONFIG -> cancelButton.setText(resourceBundle.getString("generic.button.back"));
-			case RESET_PASSWORD -> cancelButton.setText(resourceBundle.getString("generic.button.cancel"));
+		if (Objects.requireNonNull(recoverType.get()) == RecoveryActionType.RESET_PASSWORD) {
+			cancelButton.setText(resourceBundle.getString("generic.button.cancel"));
+		} else {
+			cancelButton.setText(resourceBundle.getString("generic.button.back"));
 		}
 	}
 
 	@FXML
 	public void close() {
-		switch (recoverType.get()) {
-			case RESTORE_ALL, RESTORE_VAULT_CONFIG -> window.setScene(onBoardingScene.get());
-			case RESET_PASSWORD -> window.close();
+		if (Objects.requireNonNull(recoverType.get()) == RecoveryActionType.RESET_PASSWORD) {
+			window.close();
+		} else {
+			window.setScene(onBoardingScene.get());
+			window.centerOnScreen();
 		}
 	}
 
diff --git a/src/main/resources/fxml/recoverykey_recover.fxml b/src/main/resources/fxml/recoverykey_recover.fxml
index 6fad1a601..29264c797 100644
--- a/src/main/resources/fxml/recoverykey_recover.fxml
+++ b/src/main/resources/fxml/recoverykey_recover.fxml
@@ -25,7 +25,7 @@
 		<VBox alignment="BOTTOM_CENTER" VBox.vgrow="ALWAYS">
 			<ButtonBar buttonMinWidth="120" buttonOrder="+BX">
 				<buttons>
-					<Button fx:id="cancelButton" text="%generic.button.back" ButtonBar.buttonData="BACK_PREVIOUS" cancelButton="true" onAction="#close"/>
+					<Button fx:id="cancelButton" ButtonBar.buttonData="BACK_PREVIOUS" cancelButton="true" onAction="#close"/>
 					<Button text="%generic.button.next" ButtonBar.buttonData="NEXT_FORWARD" defaultButton="true" onAction="#recover" disable="${!controller.validateController.recoveryKeyCorrect}"/>
 				</buttons>
 			</ButtonBar>
diff --git a/src/main/resources/fxml/unlock_select_masterkeyfile.fxml b/src/main/resources/fxml/unlock_select_masterkeyfile.fxml
index 079032dee..60934cdba 100644
--- a/src/main/resources/fxml/unlock_select_masterkeyfile.fxml
+++ b/src/main/resources/fxml/unlock_select_masterkeyfile.fxml
@@ -47,7 +47,7 @@
 			<ButtonBar buttonMinWidth="120" buttonOrder="+CX">
 				<buttons>
 					<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#cancel"/>
-					<Button fx:id="chooseButton" text="%generic.button.choose" ButtonBar.buttonData="NEXT_FORWARD" defaultButton="true" onAction="#proceed"/>
+					<Button fx:id="forwardButton" text="%generic.button.choose" ButtonBar.buttonData="NEXT_FORWARD" defaultButton="true" onAction="#proceed"/>
 				</buttons>
 			</ButtonBar>
 		</VBox>
diff --git a/src/main/resources/fxml/vault_detail_missing_masterkey.fxml b/src/main/resources/fxml/vault_detail_missing_masterkey.fxml
deleted file mode 100644
index 4f127839b..000000000
--- a/src/main/resources/fxml/vault_detail_missing_masterkey.fxml
+++ /dev/null
@@ -1,49 +0,0 @@
-<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
-<?import javafx.geometry.Insets?>
-<?import javafx.scene.control.Button?>
-<?import javafx.scene.control.Label?>
-<?import javafx.scene.layout.StackPane?>
-<?import javafx.scene.layout.VBox?>
-<?import javafx.scene.shape.Circle?>
-<VBox xmlns:fx="http://javafx.com/fxml"
-	  xmlns="http://javafx.com/javafx"
-	  fx:controller="org.cryptomator.ui.mainwindow.VaultDetailMissingVaultController"
-	  alignment="TOP_CENTER"
-	  spacing="9">
-	<children>
-		<VBox spacing="9" alignment="CENTER">
-			<StackPane alignment="CENTER">
-				<Circle styleClass="glyph-icon-primary" radius="48"/>
-				<FontAwesome5IconView styleClass="glyph-icon-white" glyph="FILE" glyphSize="48"/>
-				<FontAwesome5IconView styleClass="glyph-icon-primary" glyph="SEARCH" glyphSize="24">
-					<StackPane.margin>
-						<Insets top="12"/>
-					</StackPane.margin>
-				</FontAwesome5IconView>
-			</StackPane>
-			<Label text="%main.vaultDetail.missingMasterkey.info" wrapText="true"/>
-		</VBox>
-		<VBox spacing="6" alignment="CENTER">
-			<Button text="%main.vaultDetail.missing.recheck" minWidth="120" onAction="#recheck">
-				<graphic>
-					<FontAwesome5IconView glyph="REDO"/>
-				</graphic>
-			</Button>
-			<Button text="Select Masterkey" minWidth="120" onAction="#unlock">
-				<graphic>
-					<FontAwesome5IconView glyph="MAGIC"/>
-				</graphic>
-			</Button>
-			<Button text="%main.vaultDetail.missingMasterkey.restore" minWidth="120" onAction="#restoreMasterkey">
-				<graphic>
-					<FontAwesome5IconView glyph="MAGIC"/>
-				</graphic>
-			</Button>
-			<Button text="%main.vaultDetail.missing.remove" minWidth="120" onAction="#didClickRemoveVault">
-				<graphic>
-					<FontAwesome5IconView glyph="TRASH"/>
-				</graphic>
-			</Button>
-		</VBox>
-	</children>
-</VBox>
\ No newline at end of file
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index 008a6c945..6b4420ed5 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -581,7 +581,6 @@ passwordStrength.messageLabel.1=Weak
 passwordStrength.messageLabel.2=Fair
 passwordStrength.messageLabel.3=Strong
 passwordStrength.messageLabel.4=Very strong
-password.promptText=Enter password
 
 # Quit
 quit.title=Quit Application

From f5ecf846f21bdac8161ae11cb8ec11bb132bf74a Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Sat, 5 Jul 2025 14:15:59 +0200
Subject: [PATCH 051/117] resolve SonarCloud issue by safely accessing Optional
 value

---
 .../org/cryptomator/ui/mainwindow/VaultListController.java   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
index fa3d96d0e..3d63fd6be 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
@@ -254,8 +254,9 @@ public class VaultListController implements FxController {
 
 			Vault preparedVault = prepareVault(selectedDirectory, vaultComponentFactory, mountServices);
 
-			if (vaultListManager.get(preparedVault.getPath()).isPresent()) {
-				dialogs.prepareRecoveryVaultAlreadyExists(mainWindow, vaultListManager.get(preparedVault.getPath()).get().getDisplayName()) //
+			Optional<Vault> matchingVaultListEntry = vaultListManager.get(preparedVault.getPath());
+			if (matchingVaultListEntry.isPresent()) {
+				dialogs.prepareRecoveryVaultAlreadyExists(mainWindow, matchingVaultListEntry.get().getDisplayName()) //
 						.setOkAction(Stage::close) //
 						.build().showAndWait();
 				break;

From b00ee4740a8cb52a09ee090d23ef0f40264f9111 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 7 Jul 2025 14:58:19 +0200
Subject: [PATCH 052/117] legacy vaults supported now

---
 .../common/recovery/BackupRestorer.java       |  6 ++--
 .../common/recovery/MasterkeyService.java     | 18 ++++++----
 .../common/vaults/VaultListManager.java       | 33 ++++++++-----------
 .../ui/mainwindow/VaultListController.java    |  2 +-
 .../RecoveryKeyResetPasswordController.java   | 27 +++++++--------
 .../RecoveryKeyValidateController.java        | 16 ++++-----
 .../fxml/recoverykey_reset_password.fxml      |  4 +--
 7 files changed, 50 insertions(+), 56 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java b/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
index bbb1fa4c9..e5afc5112 100644
--- a/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
+++ b/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
@@ -18,7 +18,7 @@ public final class BackupRestorer {
 
 	private BackupRestorer() {}
 
-	public static void restoreIfPresent(Path vaultPath, String filePrefix) {
+	public static void restoreIfBackupPresent(Path vaultPath, String filePrefix) {
 		Path targetFile = vaultPath.resolve(filePrefix);
 
 		try (Stream<Path> files = Files.list(vaultPath)) {
@@ -45,7 +45,9 @@ public final class BackupRestorer {
 	private static void copyBackupFile(Path backupFile, Path configPath) {
 		try {
 			Files.copy(backupFile, configPath, StandardCopyOption.REPLACE_EXISTING);
+			LOG.debug("Backup restored - file: '{}'  path: '{}'", backupFile, configPath);
 		} catch (IOException e) {
-			LOG.warn("Unable to copy backup file from '{}' to '{}'", backupFile, configPath, e);		}
+			LOG.warn("Unable to copy backup file from '{}' to '{}'", backupFile, configPath, e);
+		}
 	}
 }
diff --git a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
index 5fd74a7f0..d434b2a36 100644
--- a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
+++ b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
@@ -19,7 +19,6 @@ import java.nio.file.StandardOpenOption;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Arrays;
-import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
 import java.util.stream.Stream;
@@ -64,19 +63,22 @@ public final class MasterkeyService {
 
 	public static Optional<CryptorProvider.Scheme> detect(Masterkey masterkey, Path vaultPath) {
 		try (Stream<Path> paths = Files.walk(vaultPath.resolve(DATA_DIR_NAME))) {
-			List<String> excludedFilenames = List.of("dirid.c9r", "dir.c9r");
-			Optional<Path> c9rFile = paths.filter(p -> p.toString().endsWith(".c9r")).filter(p -> excludedFilenames.stream().noneMatch(p.toString()::endsWith)).findFirst();
+			Optional<Path> c9rFile = paths //
+					.filter(p -> p.toString().endsWith(".c9r")) //
+					.filter(p -> !p.toString().equals("dir.c9r")) //
+					.findFirst();
 			if (c9rFile.isEmpty()) {
 				LOG.info("Unable to detect Crypto scheme: No *.c9r file found in {}", vaultPath);
 				return Optional.empty();
 			}
-			return determineScheme(c9rFile.get(), masterkey); //
+			return determineScheme(c9rFile.get(), masterkey);
 		} catch (IOException e) {
 			LOG.info("Unable to detect Crypto scheme: Failed to inspect vault", e);
 			return Optional.empty();
 		}
 	}
 
+
 	private static Optional<CryptorProvider.Scheme> determineScheme(Path c9rFile, Masterkey masterkey) {
 		return Arrays.stream(CryptorProvider.Scheme.values()).filter(scheme -> {
 			try (Cryptor cryptor = CryptorProvider.forScheme(scheme).provide(masterkey.copy(), SecureRandom.getInstanceStrong())) {
@@ -90,9 +92,13 @@ public final class MasterkeyService {
 
 				headerBuf.flip();
 				cryptor.fileHeaderCryptor().decryptHeader(headerBuf.duplicate());
+				LOG.debug("Detected Crypto scheme: {}", scheme);
 				return true;
-			} catch (IOException | CryptoException | NoSuchAlgorithmException e) {
-				LOG.info("Unable to detect Crypto scheme: Failed to decrypt .c9r file", e);
+			} catch (CryptoException e) {
+				LOG.debug("Could not decrypt with scheme: {}", scheme);
+				return false;
+			} catch (IOException | NoSuchAlgorithmException e) {
+				LOG.warn("Unable to detect Crypto scheme: Failed to decrypt .c9r file", e);
 				return false;
 			}
 		}).findFirst();
diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index 9a0b7977e..34ee47b45 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -23,13 +23,7 @@ import java.util.ResourceBundle;
 
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
-import static org.cryptomator.common.vaults.VaultState.Value.ERROR;
-import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
-import static org.cryptomator.common.vaults.VaultState.Value.ALL_MISSING;
-import static org.cryptomator.common.vaults.VaultState.Value.NEEDS_MIGRATION;
-import static org.cryptomator.common.vaults.VaultState.Value.PROCESSING;
-import static org.cryptomator.common.vaults.VaultState.Value.UNLOCKED;
-import static org.cryptomator.common.vaults.VaultState.Value.VAULT_CONFIG_MISSING;
+import static org.cryptomator.common.vaults.VaultState.Value.*;
 
 import org.apache.commons.lang3.SystemUtils;
 import org.cryptomator.common.Constants;
@@ -194,31 +188,32 @@ public class VaultListManager {
 		Path pathToMasterkey = pathToVault.resolve(MASTERKEY_FILENAME);
 
 		if (!Files.exists(pathToVault)) {
-			return VaultState.Value.MISSING;
+			return MISSING;
 		}
 
-		BackupRestorer.restoreIfPresent(pathToVaultConfig.getParent(), VAULTCONFIG_FILENAME);
-
-		BackupRestorer.restoreIfPresent(pathToMasterkey.getParent(), MASTERKEY_FILENAME);
+		if(!Files.exists(pathToVaultConfig)) {
+			BackupRestorer.restoreIfBackupPresent(pathToVault, VAULTCONFIG_FILENAME);
+		}
+		if(!Files.exists(pathToMasterkey)){
+			BackupRestorer.restoreIfBackupPresent(pathToVault, MASTERKEY_FILENAME);
+		}
 
 		if (!Files.exists(pathToVaultConfig) && !Files.exists(pathToMasterkey)) {
 			return ALL_MISSING;
 		}
-
+		var checkedDirStructureVaultState = checkDirStructure(pathToVault);
 		if (!Files.exists(pathToVaultConfig)) {
-			return VAULT_CONFIG_MISSING;
+			return checkedDirStructureVaultState.equals(LOCKED) ? VAULT_CONFIG_MISSING : checkedDirStructureVaultState ;
 		}
 
-		return checkDirStructure(pathToVault);
+		return checkedDirStructureVaultState;
 	}
 
 	private static VaultState.Value checkDirStructure(Path pathToVault) throws IOException {
 		return switch (CryptoFileSystemProvider.checkDirStructureForVault(pathToVault, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME)) {
-			case VAULT -> VaultState.Value.LOCKED;
-			case UNRELATED -> VaultState.Value.MISSING;
-			case MAYBE_LEGACY -> Migrators.get().needsMigration(pathToVault, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME) ? //
-					VaultState.Value.NEEDS_MIGRATION //
-					: VaultState.Value.MISSING;
+			case VAULT -> LOCKED;
+			case UNRELATED -> MISSING;
+			case MAYBE_LEGACY -> Migrators.get().needsMigration(pathToVault, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME) ? NEEDS_MIGRATION : MISSING;
 		};
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
index 3d63fd6be..0e2065c62 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
@@ -270,7 +270,7 @@ public class VaultListController implements FxController {
 						recoveryKeyWindow.create(preparedVault, mainWindow, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG)).showOnboardingDialogWindow();
 				case ALL_MISSING ->
 						recoveryKeyWindow.create(preparedVault, mainWindow, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_ALL)).showOnboardingDialogWindow();
-				case LOCKED -> {
+				case LOCKED, NEEDS_MIGRATION -> {
 					vaultListManager.addVault(preparedVault);
 					dialogs.prepareRecoveryVaultAdded(mainWindow, preparedVault.getDisplayName()).setOkAction(Stage::close).build().showAndWait();
 				}
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index 460372ca1..c810d5f22 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -65,7 +65,6 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	private final Stage owner;
 
 	public NewPasswordController newPasswordController;
-	public Button backButton;
 	public Button nextButton;
 
 	@Inject
@@ -104,18 +103,8 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	@FXML
 	public void initialize() {
 		switch (recoverType.get()) {
-			case RESTORE_MASTERKEY -> {
-				nextButton.setText(resourceBundle.getString("recoveryKey.recover.recoverBtn"));
-				nextButton.setOnAction((_) -> resetPassword());
-			}
-			case RESTORE_ALL -> {
-				nextButton.setText(resourceBundle.getString("recoveryKey.recover.recoverBtn"));
-				nextButton.setOnAction((_) -> restorePassword());
-			}
-			case RESET_PASSWORD -> {
-				nextButton.setText(resourceBundle.getString("recoveryKey.recover.resetBtn"));
-				nextButton.setOnAction((_) -> resetPassword());
-			}
+			case RESTORE_MASTERKEY, RESTORE_ALL -> nextButton.setText(resourceBundle.getString("recoveryKey.recover.recoverBtn"));
+			case RESET_PASSWORD -> nextButton.setText(resourceBundle.getString("recoveryKey.recover.resetBtn"));
 		}
 	}
 
@@ -128,15 +117,21 @@ public class RecoveryKeyResetPasswordController implements FxController {
 		}
 	}
 
+	@FXML
+	public void next() {
+		switch (recoverType.get()) {
+			case RESTORE_ALL -> restorePassword();
+			case RESTORE_MASTERKEY, RESET_PASSWORD -> resetPassword();
+		}
+	}
+
 	@FXML
 	public void restorePassword() {
 		try (RecoveryDirectory recoveryDirectory = RecoveryDirectory.create(vault.getPath())) {
 			Path recoveryPath = recoveryDirectory.getRecoveryPath();
 			MasterkeyService.recoverFromRecoveryKey(recoveryKey.get(), recoveryKeyFactory, recoveryPath, newPasswordController.passwordField.getCharacters());
 
-			Path masterkeyFilePath = recoveryPath.resolve(MASTERKEY_FILENAME);
-
-			try (Masterkey masterkey = MasterkeyService.load(masterkeyFileAccess, masterkeyFilePath, newPasswordController.passwordField.getCharacters())) {
+			try (Masterkey masterkey = MasterkeyService.load(masterkeyFileAccess, recoveryPath.resolve(MASTERKEY_FILENAME), newPasswordController.passwordField.getCharacters())) {
 				CryptoFsInitializer.init(recoveryPath, masterkey, shorteningThreshold.get(), cipherCombo.get());
 			}
 
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
index 163d734ed..2e292d539 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
@@ -1,10 +1,11 @@
 package org.cryptomator.ui.recoverykey;
 
-
 import com.google.common.base.CharMatcher;
 import com.google.common.base.Strings;
 import org.cryptomator.common.Nullable;
 import org.cryptomator.common.ObservableUtil;
+import org.cryptomator.common.recovery.MasterkeyService;
+import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.VaultConfig;
 import org.cryptomator.cryptofs.VaultConfigLoadException;
@@ -26,12 +27,9 @@ import javafx.scene.control.TextFormatter;
 import javafx.scene.input.KeyCode;
 import javafx.scene.input.KeyEvent;
 
-import org.cryptomator.common.recovery.MasterkeyService;
-import org.cryptomator.common.recovery.RecoveryActionType;
-
 public class RecoveryKeyValidateController implements FxController {
 
-	private static final Logger LOG = LoggerFactory.getLogger(RecoveryKeyCreationController.class);
+	private static final Logger LOG = LoggerFactory.getLogger(RecoveryKeyValidateController.class);
 	private static final CharMatcher ALLOWED_CHARS = CharMatcher.inRange('a', 'z').or(CharMatcher.is(' '));
 
 	private final Vault vault;
@@ -137,7 +135,7 @@ public class RecoveryKeyValidateController implements FxController {
 	private void validateRecoveryKey() {
 		switch (recoverType.get()) {
 			case RESTORE_ALL, RESTORE_VAULT_CONFIG -> {
-				try{
+				try {
 					var combo = MasterkeyService.validateRecoveryKeyAndDetectCombo(recoveryKeyFactory, vault, recoveryKey.get(), masterkeyFileAccess);
 					combo.ifPresent(cipherCombo::set);
 					if (combo.isPresent()) {
@@ -145,15 +143,13 @@ public class RecoveryKeyValidateController implements FxController {
 					} else {
 						recoveryKeyState.set(RecoveryKeyState.WRONG);
 					}
-				}
-				catch (IllegalArgumentException e){
+				} catch (IllegalArgumentException e) {
 					recoveryKeyState.set(RecoveryKeyState.INVALID);
 				}
 			}
 			case RESTORE_MASTERKEY, RESET_PASSWORD, SHOW_KEY, CONVERT_VAULT -> {
 				isWrongKey = false;
-				boolean valid = recoveryKeyFactory.validateRecoveryKey(recoveryKey.get(),
-						unverifiedVaultConfig != null ? this::checkKeyAgainstVaultConfig : null);
+				boolean valid = recoveryKeyFactory.validateRecoveryKey(recoveryKey.get(), unverifiedVaultConfig != null ? this::checkKeyAgainstVaultConfig : null);
 				if (valid) {
 					recoveryKeyState.set(RecoveryKeyState.CORRECT);
 				} else if (isWrongKey) { //set via side effect in checkKeyAgainstVaultConfig()
diff --git a/src/main/resources/fxml/recoverykey_reset_password.fxml b/src/main/resources/fxml/recoverykey_reset_password.fxml
index a6b255ed8..648e761fd 100644
--- a/src/main/resources/fxml/recoverykey_reset_password.fxml
+++ b/src/main/resources/fxml/recoverykey_reset_password.fxml
@@ -24,8 +24,8 @@
 		<VBox alignment="BOTTOM_CENTER" VBox.vgrow="ALWAYS">
 			<ButtonBar buttonMinWidth="120" buttonOrder="+CI">
 				<buttons>
-					<Button fx:id="backButton" text="%generic.button.back" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
-					<Button fx:id="nextButton" text="%recoveryKey.recover.recoverBtn" ButtonBar.buttonData="FINISH" defaultButton="true" disable="${!controller.passwordSufficientAndMatching}"/>
+					<Button text="%generic.button.back" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
+					<Button fx:id="nextButton" ButtonBar.buttonData="FINISH" defaultButton="true" disable="${!controller.passwordSufficientAndMatching}" onAction="#next"/>
 				</buttons>
 			</ButtonBar>
 		</VBox>

From 9fee4afd2a77c977f8f20ab54dc5142d003fe02e Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 9 Jul 2025 18:37:38 +0200
Subject: [PATCH 053/117] remove duplicate unicode value

---
 src/main/java/org/cryptomator/ui/controls/FontAwesome5Icon.java | 1 -
 src/main/resources/fxml/vault_list.fxml                         | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/controls/FontAwesome5Icon.java b/src/main/java/org/cryptomator/ui/controls/FontAwesome5Icon.java
index 2c7f385fd..348b3a26b 100644
--- a/src/main/java/org/cryptomator/ui/controls/FontAwesome5Icon.java
+++ b/src/main/java/org/cryptomator/ui/controls/FontAwesome5Icon.java
@@ -6,7 +6,6 @@ package org.cryptomator.ui.controls;
 public enum FontAwesome5Icon {
 	ANCHOR("\uF13D"), //
 	ARROW_UP("\uF062"), //
-	ARROWS_ROTATE("\uF021"),
 	BAN("\uF05E"), //
 	BELL("\uF0F3"), //
 	BUG("\uF188"), //
diff --git a/src/main/resources/fxml/vault_list.fxml b/src/main/resources/fxml/vault_list.fxml
index 723e73f79..ab41aa2ef 100644
--- a/src/main/resources/fxml/vault_list.fxml
+++ b/src/main/resources/fxml/vault_list.fxml
@@ -82,7 +82,7 @@
 				</MenuItem>
 				<MenuItem styleClass="dropdown-button-context-menu-item" text="%main.vaultlist.addVaultBtn.menuItemRecover" onAction="#didClickRecoverExistingVault">
 					<graphic>
-						<FontAwesome5IconView glyph="ARROWS_ROTATE" textAlignment="CENTER" wrappingWidth="14"/>
+						<FontAwesome5IconView glyph="SYNC" textAlignment="CENTER" wrappingWidth="14"/>
 					</graphic>
 				</MenuItem>
 			</items>

From 1089e90ebf980218bf48391ea73af60a08b0468b Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 9 Jul 2025 18:39:28 +0200
Subject: [PATCH 054/117] remove unused imports

---
 .../java/org/cryptomator/common/recovery/RecoveryDirectory.java | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
index b8244c9e9..be2af245b 100644
--- a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
+++ b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
@@ -1,8 +1,6 @@
 package org.cryptomator.common.recovery;
 
 import java.io.IOException;
-import java.nio.file.attribute.PosixFilePermissions;
-import java.nio.file.attribute.FileAttribute;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.StandardCopyOption;

From 2bf2f2b616a7bf196bfa618fa0481fa846cf1d73 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 9 Jul 2025 19:27:51 +0200
Subject: [PATCH 055/117] exclude dirid.c9r

---
 .../org/cryptomator/common/recovery/MasterkeyService.java  | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
index d434b2a36..917ff932b 100644
--- a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
+++ b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
@@ -19,6 +19,7 @@ import java.nio.file.StandardOpenOption;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Arrays;
+import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
 import java.util.stream.Stream;
@@ -63,10 +64,8 @@ public final class MasterkeyService {
 
 	public static Optional<CryptorProvider.Scheme> detect(Masterkey masterkey, Path vaultPath) {
 		try (Stream<Path> paths = Files.walk(vaultPath.resolve(DATA_DIR_NAME))) {
-			Optional<Path> c9rFile = paths //
-					.filter(p -> p.toString().endsWith(".c9r")) //
-					.filter(p -> !p.toString().equals("dir.c9r")) //
-					.findFirst();
+			List<String> excludedFilenames = List.of("dirid.c9r", "dir.c9r");
+			Optional<Path> c9rFile = paths.filter(p -> p.toString().endsWith(".c9r")).filter(p -> excludedFilenames.stream().noneMatch(p.toString()::endsWith)).findFirst();
 			if (c9rFile.isEmpty()) {
 				LOG.info("Unable to detect Crypto scheme: No *.c9r file found in {}", vaultPath);
 				return Optional.empty();

From 5d8b016e5f88511c3f473b552a4f83288e5824ab Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 10 Jul 2025 08:29:51 +0200
Subject: [PATCH 056/117] refactoring

---
 .../java/org/cryptomator/common/vaults/VaultListManager.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index 34ee47b45..63cbcc3e0 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -203,7 +203,10 @@ public class VaultListManager {
 		}
 		var checkedDirStructureVaultState = checkDirStructure(pathToVault);
 		if (!Files.exists(pathToVaultConfig)) {
-			return checkedDirStructureVaultState.equals(LOCKED) ? VAULT_CONFIG_MISSING : checkedDirStructureVaultState ;
+			return switch (checkedDirStructureVaultState) {
+				case LOCKED, MISSING -> VAULT_CONFIG_MISSING;
+				default -> checkedDirStructureVaultState;
+			};
 		}
 
 		return checkedDirStructureVaultState;

From f6479ddf247c062fbd97472548138e01f8e1f600 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 10 Jul 2025 08:30:46 +0200
Subject: [PATCH 057/117] optimize dialogs

---
 .../common/recovery/MasterkeyService.java        |  1 -
 .../java/org/cryptomator/ui/dialogs/Dialogs.java | 10 ++--------
 .../RecoveryKeyCreationController.java           |  3 ++-
 .../RecoveryKeyResetPasswordController.java      | 16 ++++++++--------
 src/main/resources/i18n/strings.properties       |  3 ++-
 5 files changed, 14 insertions(+), 19 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
index 917ff932b..efa750326 100644
--- a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
+++ b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
@@ -77,7 +77,6 @@ public final class MasterkeyService {
 		}
 	}
 
-
 	private static Optional<CryptorProvider.Scheme> determineScheme(Path c9rFile, Masterkey masterkey) {
 		return Arrays.stream(CryptorProvider.Scheme.values()).filter(scheme -> {
 			try (Cryptor cryptor = CryptorProvider.forScheme(scheme).provide(masterkey.copy(), SecureRandom.getInstanceStrong())) {
diff --git a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
index 5ba3e1eb3..4469c2ca7 100644
--- a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
+++ b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
@@ -75,20 +75,14 @@ public class Dialogs {
 				.setOkButtonKey(BUTTON_KEY_CLOSE);
 	}
 
-	public SimpleDialog.Builder prepareRecoverPasswordSuccess(Stage window, Stage owner, ResourceBundle resourceBundle) {
+	public SimpleDialog.Builder prepareRecoverPasswordSuccess(Stage window) {
 		return createDialogBuilder()
 				.setOwner(window) //
 				.setTitleKey("recoveryKey.recover.title") //
 				.setMessageKey("recoveryKey.recover.resetSuccess.message") //
 				.setDescriptionKey("recoveryKey.recover.resetSuccess.description") //
 				.setIcon(FontAwesome5Icon.CHECK)
-				.setOkAction(stage -> {
-					stage.close();
-					String ownerTitle = owner.getTitle();
-					if (ownerTitle != null && ownerTitle.equals(resourceBundle.getString("addvaultwizard.existing.title"))) {
-						owner.close();
-					}
-				})
+				.setOkAction(Stage::close)
 				.setOkButtonKey(BUTTON_KEY_CLOSE);
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
index b4c1db68a..0042b181e 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
@@ -160,9 +160,10 @@ public class RecoveryKeyCreationController implements FxController {
 				vaultListManager.add(vault.getPath());
 			}
 			window.close();
-			dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle) //
+			dialogs.prepareRecoverPasswordSuccess(window) //
 					.setTitleKey("recoveryKey.recoverVaultConfig.title") //
 					.setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message") //
+					.setDescriptionKey("recoveryKey.recover.resetMasterkeyFileSuccess.description")
 					.build().showAndWait();
 
 		} catch (InvalidPassphraseException e) {
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index c810d5f22..000382f0b 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -142,7 +142,10 @@ public class RecoveryKeyResetPasswordController implements FxController {
 				vaultListManager.add(vault.getPath());
 			}
 			window.close();
-			dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle).setTitleKey("recoveryKey.recoverVaultConfig.title").setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message").build().showAndWait();
+			dialogs.prepareRecoverPasswordSuccess(window) //
+					.setTitleKey("recoveryKey.recoverVaultConfig.title") //
+					.setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message") //
+					.build().showAndWait();
 
 		} catch (IOException | CryptoException e) {
 			LOG.error("Recovery process failed", e);
@@ -158,14 +161,11 @@ public class RecoveryKeyResetPasswordController implements FxController {
 
 		task.setOnSucceeded(_ -> {
 			LOG.info("Used recovery key to reset password for {}.", vault.getDisplayablePath());
-			if (recoverType.get().equals(RecoveryActionType.RESET_PASSWORD)) {
-				window.close();
-				dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle).build().showAndWait();
-			} else {
-				window.close();
-				dialogs.prepareRecoverPasswordSuccess(window, owner, resourceBundle).setTitleKey("recoveryKey.recoverMasterkey.title").setMessageKey("recoveryKey.recover.resetMasterkeyFileSuccess.message").build().showAndWait();
-			}
 			window.close();
+			switch (recoverType.get()){
+				case RESET_PASSWORD -> dialogs.prepareRecoverPasswordSuccess(window).build().showAndWait();
+				case RESTORE_MASTERKEY -> dialogs.prepareRecoverPasswordSuccess(window).setTitleKey("recoveryKey.recoverMasterkey.title").setMessageKey("recoveryKey.recover.resetMasterkeyFileSuccess.message").build().showAndWait();
+			}
 		});
 
 		task.setOnFailed(_ -> {
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index 6b4420ed5..22eb7047c 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -135,7 +135,7 @@ unlock.unlockBtn=Unlock
 ## Select
 unlock.chooseMasterkey.message=Masterkey file not found
 unlock.chooseMasterkey.description=Cryptomator could not find the masterkey file for vault "%s". Please choose the key file manually.
-unlock.chooseMasterkey.restoreInstead=Restore instead... blablabla
+unlock.chooseMasterkey.restoreInstead=Restore the masterkey file instead
 unlock.chooseMasterkey.filePickerTitle=Select Masterkey File
 unlock.chooseMasterkey.filePickerMimeDesc=Cryptomator Masterkey
 ## Success
@@ -533,6 +533,7 @@ recoveryKey.recover.resetSuccess.description=You can unlock your vault with the
 ### Recovery Key Vault Config Reset Success
 recoveryKey.recover.resetVaultConfigSuccess.message=Vault config reset successful
 recoveryKey.recover.resetMasterkeyFileSuccess.message=Masterkey file reset successful
+recoveryKey.recover.resetMasterkeyFileSuccess.description=You can unlock your vault with your password now.
 
 ### Recover Kram
 recoveryKey.recoverExisting.title=Vault Added

From 499960b3ec4e9772ceb09f51702d9de99e614729 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 10 Jul 2025 09:42:00 +0200
Subject: [PATCH 058/117] replace while with do-while and use
 Constants.DATA_DIR_NAME

---
 .../ui/mainwindow/VaultListController.java    | 57 +++++++++----------
 1 file changed, 28 insertions(+), 29 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
index 0e2065c62..91c41775f 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
@@ -8,9 +8,9 @@ import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultComponent;
 import org.cryptomator.common.vaults.VaultConfigCache;
 import org.cryptomator.common.vaults.VaultListManager;
-import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
 import org.cryptomator.cryptofs.DirStructure;
+import org.cryptomator.cryptofs.common.Constants;
 import org.cryptomator.integrations.mount.MountService;
 import org.cryptomator.ui.addvaultwizard.AddVaultWizardComponent;
 import org.cryptomator.ui.common.FxController;
@@ -49,6 +49,7 @@ import javafx.stage.DirectoryChooser;
 import javafx.stage.Stage;
 import java.io.File;
 import java.io.IOException;
+import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.EnumSet;
 import java.util.List;
@@ -239,44 +240,42 @@ public class VaultListController implements FxController {
 	@FXML
 	public void didClickRecoverExistingVault() {
 		DirectoryChooser directoryChooser = new DirectoryChooser();
+		File selectedDirectory;
 
-		while (true) {
-			File selectedDirectory = directoryChooser.showDialog(mainWindow);
+		do {
+			selectedDirectory = directoryChooser.showDialog(mainWindow);
 			if (selectedDirectory == null) {
 				return;
 			}
 
-			boolean hasSubfolderD = new File(selectedDirectory, "d").isDirectory();
-			if (!hasSubfolderD) {
+			Path selectedPath = selectedDirectory.toPath();
+			if (!Files.isDirectory(selectedPath.resolve(Constants.DATA_DIR_NAME))) {
 				dialogs.prepareNoDDirectorySelectedDialog(mainWindow).build().showAndWait();
-				continue;
+				selectedDirectory = null;
 			}
+		} while (selectedDirectory == null);
 
-			Vault preparedVault = prepareVault(selectedDirectory, vaultComponentFactory, mountServices);
+		Vault preparedVault = prepareVault(selectedDirectory, vaultComponentFactory, mountServices);
 
-			Optional<Vault> matchingVaultListEntry = vaultListManager.get(preparedVault.getPath());
-			if (matchingVaultListEntry.isPresent()) {
-				dialogs.prepareRecoveryVaultAlreadyExists(mainWindow, matchingVaultListEntry.get().getDisplayName()) //
-						.setOkAction(Stage::close) //
-						.build().showAndWait();
-				break;
-			}
-
-			VaultListManager.redetermineVaultState(preparedVault);
-			VaultState.Value state = preparedVault.getState();
-
-			switch (state) {
-				case VAULT_CONFIG_MISSING ->
-						recoveryKeyWindow.create(preparedVault, mainWindow, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG)).showOnboardingDialogWindow();
-				case ALL_MISSING ->
-						recoveryKeyWindow.create(preparedVault, mainWindow, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_ALL)).showOnboardingDialogWindow();
-				case LOCKED, NEEDS_MIGRATION -> {
-					vaultListManager.addVault(preparedVault);
-					dialogs.prepareRecoveryVaultAdded(mainWindow, preparedVault.getDisplayName()).setOkAction(Stage::close).build().showAndWait();
-				}
-			}
-			break;
+		Optional<Vault> matchingVaultListEntry = vaultListManager.get(preparedVault.getPath());
+		if (matchingVaultListEntry.isPresent()) {
+			dialogs.prepareRecoveryVaultAlreadyExists(mainWindow, matchingVaultListEntry.get().getDisplayName()) //
+					.setOkAction(Stage::close) //
+					.build().showAndWait();
+			return;
 		}
+
+		VaultListManager.redetermineVaultState(preparedVault);
+
+		switch (preparedVault.getState()) {
+			case VAULT_CONFIG_MISSING -> recoveryKeyWindow.create(preparedVault, mainWindow, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG)).showOnboardingDialogWindow();
+			case ALL_MISSING -> recoveryKeyWindow.create(preparedVault, mainWindow, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_ALL)).showOnboardingDialogWindow();
+			case LOCKED, NEEDS_MIGRATION -> {
+				vaultListManager.addVault(preparedVault);
+				dialogs.prepareRecoveryVaultAdded(mainWindow, preparedVault.getDisplayName()).setOkAction(Stage::close).build().showAndWait();
+			}
+		}
+
 	}
 
 	public static Vault prepareVault(File selectedDirectory, VaultComponent.Factory vaultComponentFactory, List<MountService> mountServices) {

From 5110b35690476a12e40fe9b071ebcf522966eff6 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 10 Jul 2025 10:15:11 +0200
Subject: [PATCH 059/117] hard coded UI strings replaced showThirdText property
 binding

---
 .../RecoveryKeyOnboardingController.java      | 47 +++++++++----------
 .../fxml/recoverykey_onboarding.fxml          |  4 +-
 src/main/resources/i18n/strings.properties    |  7 ++-
 3 files changed, 30 insertions(+), 28 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
index aec2243ab..700c911f0 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
@@ -31,13 +31,12 @@ public class RecoveryKeyOnboardingController implements FxController {
 	private final Stage window;
 	private final Lazy<Scene> recoverykeyRecoverScene;
 	private final Lazy<Scene> recoverykeyExpertSettingsScene;
-	private ObjectProperty<RecoveryActionType> recoverType;
+	private final ObjectProperty<RecoveryActionType> recoverType;
+	private final ResourceBundle resourceBundle;
 
 	public Label titleLabel;
 	public Label messageLabel;
 	public Label secondTextDesc;
-	public Label thirdTextIndex;
-	public Label thirdTextDesc;
 
 	@FXML
 	private CheckBox affirmationBox;
@@ -50,7 +49,7 @@ public class RecoveryKeyOnboardingController implements FxController {
 	@FXML
 	private VBox chooseMethodeBox;
 	private final ToggleGroup methodToggleGroup = new ToggleGroup();
-
+	private final BooleanProperty showThirdText = new SimpleBooleanProperty(true);
 
 	@Inject
 	public RecoveryKeyOnboardingController(@RecoveryKeyWindow Stage window, //
@@ -64,6 +63,7 @@ public class RecoveryKeyOnboardingController implements FxController {
 		this.recoverykeyRecoverScene = recoverykeyRecoverScene;
 		this.recoverykeyExpertSettingsScene = recoverykeyExpertSettingsScene;
 		this.recoverType = recoverType;
+		this.resourceBundle = resourceBundle;
 	}
 
 	@FXML
@@ -83,29 +83,17 @@ public class RecoveryKeyOnboardingController implements FxController {
 
 		switch (recoverType.get()) {
 			case RESTORE_VAULT_CONFIG -> {
-				window.setTitle("Recover Vault Config");
-				messageLabel.setText("Read this:");
-				secondTextDesc.setText("You will need the vault password or recovery key, a new password and possible some expert settings.");
-				thirdTextIndex.setVisible(false);
-				thirdTextIndex.setManaged(false);
-				thirdTextDesc.setVisible(false);
-				thirdTextDesc.setManaged(false);
+				window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
+				messageLabel.setText(resourceBundle.getString("recoveryKey.recover.onBoarding.readThis"));
+				secondTextDesc.setText(resourceBundle.getString("recoveryKey.recover.onBoarding.recoverVaultConfig.intro2"));
+				showThirdText.set(false);
 			}
 			case RESTORE_MASTERKEY -> {
-				window.setTitle("Recover Masterkey");
-				messageLabel.setText("Read this:");
-				titleLabel.setText("Recover Masterkey");
-				secondTextDesc.setText("You will need the vault recovery key.");
-				thirdTextIndex.setVisible(false);
-				thirdTextIndex.setManaged(false);
-				thirdTextDesc.setVisible(false);
-				thirdTextDesc.setManaged(false);
-			}
-			default -> {
-				thirdTextIndex.setVisible(true);
-				thirdTextIndex.setManaged(true);
-				thirdTextDesc.setVisible(true);
-				thirdTextDesc.setManaged(true);
+				window.setTitle(resourceBundle.getString("recoveryKey.recoverMasterkey.title"));
+				messageLabel.setText(resourceBundle.getString("recoveryKey.recover.onBoarding.readThis"));
+				titleLabel.setText(resourceBundle.getString("recoveryKey.recoverMasterkey.title"));
+				secondTextDesc.setText(resourceBundle.getString("recoveryKey.recover.onBoarding.recoverMasterkey.intro2"));
+				showThirdText.set(false);
 			}
 		}
 	}
@@ -138,5 +126,14 @@ public class RecoveryKeyOnboardingController implements FxController {
 		}
 		window.centerOnScreen();
 	}
+
+	public BooleanProperty showThirdTextProperty() {
+		return showThirdText;
+	}
+
+	public boolean getShowThirdText() {
+		return showThirdText.get();
+	}
+
 }
 
diff --git a/src/main/resources/fxml/recoverykey_onboarding.fxml b/src/main/resources/fxml/recoverykey_onboarding.fxml
index 7092f11f2..4fa7d8282 100644
--- a/src/main/resources/fxml/recoverykey_onboarding.fxml
+++ b/src/main/resources/fxml/recoverykey_onboarding.fxml
@@ -56,8 +56,8 @@
 						<Label text="%recoveryKey.recover.onBoarding.intro1" wrapText="true" GridPane.rowIndex="0" GridPane.columnIndex="1" />
 						<Label text="2." GridPane.rowIndex="1" GridPane.columnIndex="0" />
 						<Label fx:id="secondTextDesc" text="%recoveryKey.recover.onBoarding.intro2" wrapText="true" GridPane.rowIndex="1" GridPane.columnIndex="1" />
-						<Label fx:id="thirdTextIndex" text="3." GridPane.rowIndex="2" GridPane.columnIndex="0" />
-						<Label fx:id="thirdTextDesc" text="%recoveryKey.recover.onBoarding.intro3" wrapText="true" GridPane.rowIndex="2" GridPane.columnIndex="1" />
+						<Label text="3." GridPane.rowIndex="2" GridPane.columnIndex="0" visible="${controller.showThirdText}" managed="${controller.showThirdText}" />
+						<Label text="%recoveryKey.recover.onBoarding.intro3" wrapText="true" GridPane.rowIndex="2" GridPane.columnIndex="1" visible="${controller.showThirdText}" managed="${controller.showThirdText}" />
 					</GridPane>
 					<Region minHeight="15"/>
 					<VBox fx:id="chooseMethodeBox">
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index 22eb7047c..7e5061c0c 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -551,7 +551,12 @@ recoveryKey.noDDirDetected.message=Please choose a different folder that include
 recoveryKey.recoverVaultConfig.title=Recover Vault Config
 recoveryKey.recoverMasterkey.title=Recover Masterkey
 
-recoveryKey.recover.onBoarding.title=Restore your vault.cryptomator file
+
+recoveryKey.recover.onBoarding.recoverMasterkey.title=Restore your vault.cryptomator file
+recoveryKey.recover.onBoarding.recoverMasterkey.intro2=You will need the vault recovery key.
+recoveryKey.recover.onBoarding.recoverVaultConfig.intro2=You will need the vault password or recovery key, a new password and possible some expert settings.
+
+recoveryKey.recover.onBoarding.readThis=Read this:
 recoveryKey.recover.onBoarding.message=If your vault is a hub managed vault, the Hub Admin can restore the file for you. Otherwise:
 recoveryKey.recover.onBoarding.description=Otherwise you will need the Recovery Key of the vault, possible some expert settings, and a new vault password.
 recoveryKey.recover.onBoarding.confirm=Use RecoveryKey

From 5e956c50c2f6d94e04b836d98a574384da8b9953 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 10 Jul 2025 11:54:00 +0200
Subject: [PATCH 060/117] handle unexpected recovery action type

---
 .../ui/recoverykey/RecoveryKeyRecoverController.java          | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
index 15d32ccd9..d3ba87b08 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
@@ -59,9 +59,7 @@ public class RecoveryKeyRecoverController implements FxController {
 				window.setTitle(resourceBundle.getString("recoveryKey.display.title"));
 				yield resetPasswordScene;
 			}
-			default -> {
-				yield null;
-			}
+			default -> throw new IllegalArgumentException("Unexpected recovery action type: " + recoverType.get());
 		};
 
 	}

From fc5ed9ecc028ee7c7cc2e9fd9ea91bbaf0bab828 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 10 Jul 2025 17:26:45 +0200
Subject: [PATCH 061/117] remove unused property

---
 .../RecoveryKeyResetPasswordController.java            | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index 000382f0b..9de9c6d5d 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -194,16 +194,6 @@ public class RecoveryKeyResetPasswordController implements FxController {
 		return newPasswordController.isGoodPassword();
 	}
 
-	private final ReadOnlyBooleanWrapper vaultConfigMissing = new ReadOnlyBooleanWrapper();
-
-	public ReadOnlyBooleanProperty vaultConfigMissingProperty() {
-		return vaultConfigMissing.getReadOnlyProperty();
-	}
-
-	public boolean isVaultConfigMissing() {
-		return vault.isMissingVaultConfig();
-	}
-
 	private static class ResetPasswordTask extends Task<Void> {
 
 		private static final Logger LOG = LoggerFactory.getLogger(ResetPasswordTask.class);

From 2067c5a33bf52ae7431d29b41af0e540b7a6253f Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 10 Jul 2025 18:45:58 +0200
Subject: [PATCH 062/117] optimize exception handling exclude only dir.c9r

---
 .../common/recovery/MasterkeyService.java           | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
index efa750326..af1b0c271 100644
--- a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
+++ b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
@@ -52,20 +52,19 @@ public final class MasterkeyService {
 
 			try (Masterkey mk = load(masterkeyFileAccess, masterkeyFilePath, tmpPass)) {
 				return detect(mk, vault.getPath());
-			} catch (IOException | CryptoException e) {
-				LOG.info("Recovery key validation failed", e);
-				return Optional.empty();
 			}
 		} catch (IOException | CryptoException e) {
 			LOG.info("Recovery key validation failed");
+			return Optional.empty();
 		}
-		return Optional.empty();
 	}
 
 	public static Optional<CryptorProvider.Scheme> detect(Masterkey masterkey, Path vaultPath) {
 		try (Stream<Path> paths = Files.walk(vaultPath.resolve(DATA_DIR_NAME))) {
-			List<String> excludedFilenames = List.of("dirid.c9r", "dir.c9r");
-			Optional<Path> c9rFile = paths.filter(p -> p.toString().endsWith(".c9r")).filter(p -> excludedFilenames.stream().noneMatch(p.toString()::endsWith)).findFirst();
+			Optional<Path> c9rFile = paths //
+					.filter(p -> p.toString().endsWith(".c9r")) //
+					.filter(p -> !p.toString().equals("dir.c9r")) //
+					.findFirst();
 			if (c9rFile.isEmpty()) {
 				LOG.info("Unable to detect Crypto scheme: No *.c9r file found in {}", vaultPath);
 				return Optional.empty();
@@ -92,7 +91,7 @@ public final class MasterkeyService {
 				cryptor.fileHeaderCryptor().decryptHeader(headerBuf.duplicate());
 				LOG.debug("Detected Crypto scheme: {}", scheme);
 				return true;
-			} catch (CryptoException e) {
+			} catch (IllegalArgumentException | CryptoException e) {
 				LOG.debug("Could not decrypt with scheme: {}", scheme);
 				return false;
 			} catch (IOException | NoSuchAlgorithmException e) {

From 44f92cfb26ac54d208bd948c277284aa1c838bb1 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Thu, 17 Jul 2025 12:37:57 +0200
Subject: [PATCH 063/117] replace null parameter

---
 .../org/cryptomator/ui/convertvault/ConvertVaultModule.java  | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
index a5fc761aa..73c74f296 100644
--- a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
+++ b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
@@ -7,6 +7,7 @@ import dagger.multibindings.IntoMap;
 import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.VaultConfig;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.ui.changepassword.NewPasswordController;
 import org.cryptomator.ui.changepassword.PasswordStrengthUtil;
 import org.cryptomator.ui.common.DefaultSceneFactory;
@@ -121,8 +122,8 @@ abstract class ConvertVaultModule {
 	@Provides
 	@IntoMap
 	@FxControllerKey(RecoveryKeyValidateController.class)
-	static FxController bindRecoveryKeyValidateController(@ConvertVaultWindow Vault vault, @ConvertVaultWindow VaultConfig.UnverifiedVaultConfig vaultConfig, @ConvertVaultWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory) {
-		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, new SimpleObjectProperty<>(RecoveryActionType.CONVERT_VAULT), null, null);
+	static FxController bindRecoveryKeyValidateController(@ConvertVaultWindow Vault vault, @ConvertVaultWindow VaultConfig.UnverifiedVaultConfig vaultConfig, @ConvertVaultWindow StringProperty recoveryKey, MasterkeyService service) {
+		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, new SimpleObjectProperty<>(RecoveryActionType.CONVERT_VAULT), new SimpleObjectProperty<>()); //we don't need the ciphercombo
 	}
 
 }

From 22a37699ea405c468c1c7e7000ebca51a2ac0013 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Tue, 22 Jul 2025 12:58:51 +0200
Subject: [PATCH 064/117] Fixes commit
 44f92cfb26ac54d208bd948c277284aa1c838bb1.

---
 .../org/cryptomator/ui/convertvault/ConvertVaultModule.java  | 4 ++--
 .../org/cryptomator/ui/recoverykey/RecoveryKeyModule.java    | 2 +-
 .../ui/recoverykey/RecoveryKeyValidateController.java        | 5 +++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
index 73c74f296..d010ede43 100644
--- a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
+++ b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
@@ -122,8 +122,8 @@ abstract class ConvertVaultModule {
 	@Provides
 	@IntoMap
 	@FxControllerKey(RecoveryKeyValidateController.class)
-	static FxController bindRecoveryKeyValidateController(@ConvertVaultWindow Vault vault, @ConvertVaultWindow VaultConfig.UnverifiedVaultConfig vaultConfig, @ConvertVaultWindow StringProperty recoveryKey, MasterkeyService service) {
-		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, new SimpleObjectProperty<>(RecoveryActionType.CONVERT_VAULT), new SimpleObjectProperty<>()); //we don't need the ciphercombo
+	static FxController provideRecoveryKeyValidateController(@ConvertVaultWindow Vault vault, @ConvertVaultWindow VaultConfig.UnverifiedVaultConfig vaultConfig, @ConvertVaultWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory, MasterkeyFileAccess masterkeyFileAccess) {
+		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, masterkeyFileAccess, new SimpleObjectProperty<>(RecoveryActionType.CONVERT_VAULT), new SimpleObjectProperty<>(null));
 	}
 
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
index 17f3bc6ba..809d16b61 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
@@ -177,7 +177,7 @@ abstract class RecoveryKeyModule {
 	@IntoMap
 	@FxControllerKey(RecoveryKeyValidateController.class)
 	static FxController bindRecoveryKeyValidateController(@RecoveryKeyWindow Vault vault, @RecoveryKeyWindow @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, @RecoveryKeyWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory, @Named("recoverType") ObjectProperty<RecoveryActionType>  recoverType, @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo, @Nullable MasterkeyFileAccess masterkeyFileAccess) {
-		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, recoverType, cipherCombo, masterkeyFileAccess);
+		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, masterkeyFileAccess, recoverType, cipherCombo);
 	}
 
 	@Provides
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
index 2e292d539..6f9748fd4 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
@@ -53,9 +53,10 @@ public class RecoveryKeyValidateController implements FxController {
 										 @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, //
 										 StringProperty recoveryKey, //
 										 RecoveryKeyFactory recoveryKeyFactory, //
+										 MasterkeyFileAccess masterkeyFileAccess, //
 										 @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
-										 @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo,//
-										 MasterkeyFileAccess masterkeyFileAccess) {
+										 @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo
+										 ) {
 		this.vault = vault;
 		this.unverifiedVaultConfig = vaultConfig;
 		this.recoveryKey = recoveryKey;

From 164a4de6de8f23e32a2519c8ab3a25cf9bb13c42 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Fri, 1 Aug 2025 09:52:03 +0200
Subject: [PATCH 065/117] fix filter

---
 .../java/org/cryptomator/common/recovery/MasterkeyService.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
index af1b0c271..e5d808654 100644
--- a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
+++ b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
@@ -63,7 +63,7 @@ public final class MasterkeyService {
 		try (Stream<Path> paths = Files.walk(vaultPath.resolve(DATA_DIR_NAME))) {
 			Optional<Path> c9rFile = paths //
 					.filter(p -> p.toString().endsWith(".c9r")) //
-					.filter(p -> !p.toString().equals("dir.c9r")) //
+					.filter(p -> !p.endsWith("dir.c9r")) //
 					.findFirst();
 			if (c9rFile.isEmpty()) {
 				LOG.info("Unable to detect Crypto scheme: No *.c9r file found in {}", vaultPath);

From c199d1cb3bb09d9a1554cc15608fa617b3cfefaa Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Fri, 1 Aug 2025 12:51:27 +0200
Subject: [PATCH 066/117] remove optional

---
 .../common/recovery/MasterkeyService.java     | 12 ++++--------
 .../RecoveryKeyValidateController.java        | 19 ++++++++++++-------
 2 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
index e5d808654..3402e82b1 100644
--- a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
+++ b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
@@ -19,7 +19,6 @@ import java.nio.file.StandardOpenOption;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Arrays;
-import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
 import java.util.stream.Stream;
@@ -41,9 +40,9 @@ public final class MasterkeyService {
 		return masterkeyFileAccess.load(masterkeyFilePath, password);
 	}
 
-	public static Optional<CryptorProvider.Scheme> validateRecoveryKeyAndDetectCombo(RecoveryKeyFactory recoveryKeyFactory, //
-																					 Vault vault, String recoveryKey, //
-																					 MasterkeyFileAccess masterkeyFileAccess) throws IllegalArgumentException {
+	public static CryptorProvider.Scheme validateRecoveryKeyAndDetectCombo(RecoveryKeyFactory recoveryKeyFactory, //
+																		   Vault vault, String recoveryKey, //
+																		   MasterkeyFileAccess masterkeyFileAccess) throws IOException, CryptoException {
 		String tmpPass = UUID.randomUUID().toString();
 		try (RecoveryDirectory recoveryDirectory = RecoveryDirectory.create(vault.getPath())) {
 			Path tempRecoveryPath = recoveryDirectory.getRecoveryPath();
@@ -51,11 +50,8 @@ public final class MasterkeyService {
 			Path masterkeyFilePath = tempRecoveryPath.resolve(MASTERKEY_FILENAME);
 
 			try (Masterkey mk = load(masterkeyFileAccess, masterkeyFilePath, tmpPass)) {
-				return detect(mk, vault.getPath());
+				return detect(mk, vault.getPath()).orElseThrow();
 			}
-		} catch (IOException | CryptoException e) {
-			LOG.info("Recovery key validation failed");
-			return Optional.empty();
 		}
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
index 6f9748fd4..23e99ee9e 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
@@ -10,6 +10,7 @@ import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.VaultConfig;
 import org.cryptomator.cryptofs.VaultConfigLoadException;
 import org.cryptomator.cryptofs.VaultKeyInvalidException;
+import org.cryptomator.cryptolib.api.CryptoException;
 import org.cryptomator.cryptolib.api.CryptorProvider;
 import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.ui.common.FxController;
@@ -26,6 +27,7 @@ import javafx.scene.control.TextArea;
 import javafx.scene.control.TextFormatter;
 import javafx.scene.input.KeyCode;
 import javafx.scene.input.KeyEvent;
+import java.io.IOException;
 
 public class RecoveryKeyValidateController implements FxController {
 
@@ -137,14 +139,17 @@ public class RecoveryKeyValidateController implements FxController {
 		switch (recoverType.get()) {
 			case RESTORE_ALL, RESTORE_VAULT_CONFIG -> {
 				try {
-					var combo = MasterkeyService.validateRecoveryKeyAndDetectCombo(recoveryKeyFactory, vault, recoveryKey.get(), masterkeyFileAccess);
-					combo.ifPresent(cipherCombo::set);
-					if (combo.isPresent()) {
-						recoveryKeyState.set(RecoveryKeyState.CORRECT);
-					} else {
-						recoveryKeyState.set(RecoveryKeyState.WRONG);
-					}
+					var scheme = MasterkeyService.validateRecoveryKeyAndDetectCombo(recoveryKeyFactory, vault, recoveryKey.get(), masterkeyFileAccess);
+					cipherCombo.set(scheme);
+					recoveryKeyState.set(RecoveryKeyState.CORRECT);
+				} catch (CryptoException e) {
+					LOG.info("Recovery key is valid but crypto scheme couldn't be determined", e);
+					recoveryKeyState.set(RecoveryKeyState.WRONG);
 				} catch (IllegalArgumentException e) {
+					LOG.info("Recovery key is syntactically invalid", e);
+					recoveryKeyState.set(RecoveryKeyState.INVALID);
+				} catch (IOException e) {
+					LOG.warn("IO error while validating recovery key", e);
 					recoveryKeyState.set(RecoveryKeyState.INVALID);
 				}
 			}

From 3b38049d710ffea3cc4b2be1914d51e482d69926 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 6 Aug 2025 08:18:32 +0200
Subject: [PATCH 067/117] remove Objects.requireNonNull

---
 .../ui/addvaultwizard/AddVaultWizardComponent.java            | 1 -
 .../ui/addvaultwizard/ChooseExistingVaultController.java      | 1 +
 .../ui/recoverykey/RecoveryKeyRecoverController.java          | 4 ++--
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultWizardComponent.java b/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultWizardComponent.java
index 5b01a6b2f..c67f999e8 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultWizardComponent.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultWizardComponent.java
@@ -23,7 +23,6 @@ public interface AddVaultWizardComponent {
 
 	@FxmlScene(FxmlFile.ADDVAULT_NEW_NAME)
 	Lazy<Scene> sceneNew();
-
 	@FxmlScene(FxmlFile.ADDVAULT_EXISTING)
 	Lazy<Scene> sceneExisting();
 
diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
index 27c9f6204..be9ea15c7 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -104,4 +104,5 @@ public class ChooseExistingVaultController implements FxController {
 		return screenshot.getValue();
 	}
 
+
 }
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
index d3ba87b08..ae0f84b25 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
@@ -66,7 +66,7 @@ public class RecoveryKeyRecoverController implements FxController {
 
 	@FXML
 	public void initialize() {
-		if (Objects.requireNonNull(recoverType.get()) == RecoveryActionType.RESET_PASSWORD) {
+		if (recoverType.get() == RecoveryActionType.RESET_PASSWORD) {
 			cancelButton.setText(resourceBundle.getString("generic.button.cancel"));
 		} else {
 			cancelButton.setText(resourceBundle.getString("generic.button.back"));
@@ -75,7 +75,7 @@ public class RecoveryKeyRecoverController implements FxController {
 
 	@FXML
 	public void close() {
-		if (Objects.requireNonNull(recoverType.get()) == RecoveryActionType.RESET_PASSWORD) {
+		if (recoverType.get() == RecoveryActionType.RESET_PASSWORD) {
 			window.close();
 		} else {
 			window.setScene(onBoardingScene.get());

From e78a064af61012ca0bf60b8b373572e462623004 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 13 Aug 2025 11:40:10 +0200
Subject: [PATCH 068/117] dialogs with icons and some other ui improvements

---
 .../ChooseMasterkeyFileController.java        |   3 +-
 .../RecoveryKeyExpertSettingsController.java  |   2 +-
 .../RecoveryKeyOnboardingController.java      |  88 +++++++------
 .../convertvault_hubtopassword_convert.fxml   |  46 ++++---
 .../convertvault_hubtopassword_start.fxml     |  38 +++---
 .../fxml/recoverykey_expert_settings.fxml     |   1 +
 .../fxml/recoverykey_onboarding.fxml          | 119 +++++++++---------
 .../resources/fxml/recoverykey_recover.fxml   |  28 +++--
 .../fxml/recoverykey_reset_password.fxml      |  38 ++++--
 .../resources/fxml/recoverykey_validate.fxml  |  23 ++--
 src/main/resources/i18n/strings.properties    |  25 ++--
 11 files changed, 240 insertions(+), 171 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java b/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java
index 0ced00170..4e1c663e9 100644
--- a/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java
+++ b/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java
@@ -77,8 +77,9 @@ public class ChooseMasterkeyFileController implements FxController {
 
 	@FXML
 	void restoreMasterkey() {
+		Stage ownerStage = (Stage) window.getOwner();
 		window.close();
-		recoveryKeyWindow.create(vault, window, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_MASTERKEY)).showOnboardingDialogWindow();
+		recoveryKeyWindow.create(vault, ownerStage, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_MASTERKEY)).showOnboardingDialogWindow();
 	}
 
 	@FXML
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
index f84529b1e..5e72b8969 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
@@ -27,7 +27,7 @@ public class RecoveryKeyExpertSettingsController implements FxController {
 
 	public static final int MAX_SHORTENING_THRESHOLD = 220;
 	public static final int MIN_SHORTENING_THRESHOLD = 36;
-	private static final String DOCS_NAME_SHORTENING_URL = "https://docs.cryptomator.org/security/architecture/#name-shortening";
+	private static final String DOCS_NAME_SHORTENING_URL = "https://docs.cryptomator.org/security/vault/#name-shortening";
 
 	private final Stage window;
 	private final Lazy<Application> application;
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
index 700c911f0..3c9017619 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
@@ -8,16 +8,19 @@ import org.cryptomator.ui.common.FxmlScene;
 
 import javax.inject.Inject;
 import javax.inject.Named;
-import javafx.beans.property.BooleanProperty;
+import javafx.beans.binding.Bindings;
+import javafx.beans.binding.BooleanBinding;
 import javafx.beans.property.ObjectProperty;
-import javafx.beans.property.SimpleBooleanProperty;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
 import javafx.scene.control.Button;
 import javafx.scene.control.CheckBox;
 import javafx.scene.control.Label;
 import javafx.scene.control.RadioButton;
+import javafx.scene.control.Toggle;
 import javafx.scene.control.ToggleGroup;
+import javafx.scene.layout.HBox;
+import javafx.scene.layout.Region;
 import javafx.scene.layout.VBox;
 import javafx.stage.Stage;
 import java.util.ResourceBundle;
@@ -48,8 +51,10 @@ public class RecoveryKeyOnboardingController implements FxController {
 	private Button nextButton;
 	@FXML
 	private VBox chooseMethodeBox;
-	private final ToggleGroup methodToggleGroup = new ToggleGroup();
-	private final BooleanProperty showThirdText = new SimpleBooleanProperty(true);
+	@FXML
+	private ToggleGroup methodToggleGroup = new ToggleGroup();
+	@FXML
+	private HBox hBox;
 
 	@Inject
 	public RecoveryKeyOnboardingController(@RecoveryKeyWindow Stage window, //
@@ -68,38 +73,57 @@ public class RecoveryKeyOnboardingController implements FxController {
 
 	@FXML
 	public void initialize() {
-
 		recoveryKeyRadio.setToggleGroup(methodToggleGroup);
 		passwordRadio.setToggleGroup(methodToggleGroup);
 
-		boolean showMethodSelection = (recoverType.get() == RecoveryActionType.RESTORE_VAULT_CONFIG);
-		chooseMethodeBox.setVisible(showMethodSelection);
-		chooseMethodeBox.setManaged(showMethodSelection);
+		BooleanBinding showMethodSelection = Bindings.createBooleanBinding(
+				() -> recoverType.get() == RecoveryActionType.RESTORE_VAULT_CONFIG, recoverType);
+		chooseMethodeBox.visibleProperty().bind(showMethodSelection);
+		chooseMethodeBox.managedProperty().bind(showMethodSelection);
 
-		nextButton.disableProperty().bind( //
-				affirmationBox.selectedProperty().not() //
-						.or(methodToggleGroup.selectedToggleProperty().isNull() //
-								.and(showMethodSelectionProperty())));
+		nextButton.disableProperty().bind(
+				affirmationBox.selectedProperty().not()
+						.or(methodToggleGroup.selectedToggleProperty().isNull().and(showMethodSelection))
+		);
 
 		switch (recoverType.get()) {
-			case RESTORE_VAULT_CONFIG -> {
-				window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
-				messageLabel.setText(resourceBundle.getString("recoveryKey.recover.onBoarding.readThis"));
-				secondTextDesc.setText(resourceBundle.getString("recoveryKey.recover.onBoarding.recoverVaultConfig.intro2"));
-				showThirdText.set(false);
-			}
-			case RESTORE_MASTERKEY -> {
-				window.setTitle(resourceBundle.getString("recoveryKey.recoverMasterkey.title"));
-				messageLabel.setText(resourceBundle.getString("recoveryKey.recover.onBoarding.readThis"));
-				titleLabel.setText(resourceBundle.getString("recoveryKey.recoverMasterkey.title"));
-				secondTextDesc.setText(resourceBundle.getString("recoveryKey.recover.onBoarding.recoverMasterkey.intro2"));
-				showThirdText.set(false);
-			}
+			case RESTORE_MASTERKEY ->
+					window.setTitle(resourceBundle.getString("recoveryKey.recoverMasterkey.title"));
+			case RESTORE_ALL, RESTORE_VAULT_CONFIG ->
+					window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
+			default -> window.setTitle("");
 		}
-	}
 
-	private BooleanProperty showMethodSelectionProperty() {
-		return new SimpleBooleanProperty(recoverType.get() == RecoveryActionType.RESTORE_VAULT_CONFIG);
+		messageLabel.textProperty().bind(Bindings.createStringBinding(
+				() -> resourceBundle.getString("recoveryKey.recover.onBoarding.readThis"), recoverType));
+
+		titleLabel.textProperty().bind(Bindings.createStringBinding(() ->
+				recoverType.get() == RecoveryActionType.RESTORE_MASTERKEY
+						? resourceBundle.getString("recoveryKey.recoverMasterkey.title")
+						: resourceBundle.getString("recoveryKey.recoverVaultConfig.title"), recoverType));
+
+		BooleanBinding isMaster = Bindings.createBooleanBinding(
+				() -> recoverType.get() == RecoveryActionType.RESTORE_MASTERKEY, recoverType);
+		hBox.minHeightProperty().bind(Bindings.when(isMaster).then(206.0).otherwise(Region.USE_COMPUTED_SIZE));
+
+		secondTextDesc.textProperty().bind(Bindings.createStringBinding(() -> {
+			RecoveryActionType type = recoverType.get();
+			Toggle sel = methodToggleGroup.getSelectedToggle();
+			return switch (type) {
+				case RESTORE_VAULT_CONFIG -> resourceBundle.getString(sel == passwordRadio
+						? "recoveryKey.recover.onBoarding.recoverVaultConfig.intro2.password"
+						: "recoveryKey.recover.onBoarding.recoverVaultConfig.intro2.recoveryKey");
+				case RESTORE_MASTERKEY -> resourceBundle.getString("recoveryKey.recover.onBoarding.recoverMasterkey.intro2");
+				case RESTORE_ALL       -> resourceBundle.getString("recoveryKey.recover.onBoarding.recoverVaultConfig.intro2.recoveryKey");
+				default                -> "";
+			};
+		}, recoverType, methodToggleGroup.selectedToggleProperty()));
+
+		showMethodSelection.addListener((_, _, nowShown) -> {
+			if (nowShown && methodToggleGroup.getSelectedToggle() == null) {
+				methodToggleGroup.selectToggle(recoveryKeyRadio);
+			}
+		});
 	}
 
 	@FXML
@@ -127,13 +151,5 @@ public class RecoveryKeyOnboardingController implements FxController {
 		window.centerOnScreen();
 	}
 
-	public BooleanProperty showThirdTextProperty() {
-		return showThirdText;
-	}
-
-	public boolean getShowThirdText() {
-		return showThirdText.get();
-	}
-
 }
 
diff --git a/src/main/resources/fxml/convertvault_hubtopassword_convert.fxml b/src/main/resources/fxml/convertvault_hubtopassword_convert.fxml
index 7ea190fd4..a5be0fc17 100644
--- a/src/main/resources/fxml/convertvault_hubtopassword_convert.fxml
+++ b/src/main/resources/fxml/convertvault_hubtopassword_convert.fxml
@@ -6,7 +6,12 @@
 <?import javafx.scene.control.ButtonBar?>
 <?import javafx.scene.layout.Region?>
 <?import javafx.scene.layout.VBox?>
-<VBox xmlns:fx="http://javafx.com/fxml"
+<?import javafx.scene.layout.HBox?>
+<?import javafx.scene.layout.StackPane?>
+<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
+<?import javafx.scene.shape.Circle?>
+<?import javafx.scene.Group?>
+<HBox xmlns:fx="http://javafx.com/fxml"
 	  xmlns="http://javafx.com/javafx"
 	  fx:controller="org.cryptomator.ui.convertvault.HubToPasswordConvertController"
 	  minWidth="400"
@@ -18,21 +23,32 @@
 		<Insets topRightBottomLeft="12"/>
 	</padding>
 	<children>
-		<fx:include fx:id="newPassword" source="new_password.fxml"/>
+		<Group>
+			<StackPane>
+				<padding>
+					<Insets topRightBottomLeft="6"/>
+				</padding>
+				<Circle styleClass="glyph-icon-primary" radius="24"/>
+				<FontAwesome5IconView styleClass="glyph-icon-white" glyph="KEY" glyphSize="24"/>
+			</StackPane>
+		</Group>
+			<VBox spacing="12" HBox.hgrow="ALWAYS" alignment="TOP_CENTER">
+			<fx:include fx:id="newPassword" source="new_password.fxml"/>
 
-		<Region VBox.vgrow="ALWAYS"/>
+			<Region VBox.vgrow="ALWAYS"/>
 
-		<VBox alignment="BOTTOM_CENTER" VBox.vgrow="ALWAYS">
-			<ButtonBar buttonMinWidth="120" buttonOrder="+CI">
-				<buttons>
-					<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
-					<Button fx:id="convertBtn" ButtonBar.buttonData="FINISH" defaultButton="true" onAction="#convert"> <!-- for button logic, see controller -->
-						<graphic>
-							<FontAwesome5Spinner glyphSize="12"/>
-						</graphic>
-					</Button>
-				</buttons>
-			</ButtonBar>
+			<VBox alignment="BOTTOM_CENTER" VBox.vgrow="ALWAYS">
+				<ButtonBar buttonMinWidth="120" buttonOrder="+CI">
+					<buttons>
+						<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
+						<Button fx:id="convertBtn" ButtonBar.buttonData="FINISH" defaultButton="true" onAction="#convert"> <!-- for button logic, see controller -->
+							<graphic>
+								<FontAwesome5Spinner glyphSize="12"/>
+							</graphic>
+						</Button>
+					</buttons>
+				</ButtonBar>
+			</VBox>
 		</VBox>
 	</children>
-</VBox>
+</HBox>
diff --git a/src/main/resources/fxml/convertvault_hubtopassword_start.fxml b/src/main/resources/fxml/convertvault_hubtopassword_start.fxml
index d5c0a5e0b..4cdf76fc4 100644
--- a/src/main/resources/fxml/convertvault_hubtopassword_start.fxml
+++ b/src/main/resources/fxml/convertvault_hubtopassword_start.fxml
@@ -5,29 +5,39 @@
 <?import javafx.geometry.Insets?>
 <?import javafx.scene.control.ButtonBar?>
 <?import javafx.scene.control.Button?>
-<VBox xmlns:fx="http://javafx.com/fxml"
+<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
+<?import javafx.scene.shape.Circle?>
+<?import javafx.scene.Group?>
+<HBox xmlns:fx="http://javafx.com/fxml"
 	  xmlns="http://javafx.com/javafx"
 	  fx:controller="org.cryptomator.ui.convertvault.HubToPasswordStartController"
 	  minWidth="400"
 	  maxWidth="400"
 	  minHeight="145"
-	  spacing="12"
-	  alignment="TOP_CENTER">
+	  spacing="12">
 	<padding>
 		<Insets topRightBottomLeft="12"/>
 	</padding>
-	<children>
+	<Group>
+		<StackPane>
+			<padding>
+				<Insets topRightBottomLeft="6"/>
+			</padding>
+			<Circle styleClass="glyph-icon-primary" radius="24"/>
+			<FontAwesome5IconView styleClass="glyph-icon-white" glyph="SYNC" glyphSize="24"/>
+		</StackPane>
+	</Group>
+
+	<VBox spacing="12" HBox.hgrow="ALWAYS" alignment="TOP_CENTER">
 		<fx:include fx:id="recoveryKeyValidate" source="recoverykey_validate.fxml"/>
 
 		<Region VBox.vgrow="ALWAYS"/>
 
-		<VBox alignment="BOTTOM_CENTER" VBox.vgrow="ALWAYS">
-			<ButtonBar buttonMinWidth="120" buttonOrder="+CX">
-				<buttons>
-					<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
-					<Button text="%generic.button.next" ButtonBar.buttonData="NEXT_FORWARD" defaultButton="true" onAction="#next" disable="${!controller.validateController.recoveryKeyCorrect}"/>
-				</buttons>
-			</ButtonBar>
-		</VBox>
-	</children>
-</VBox>
+		<ButtonBar buttonMinWidth="120" buttonOrder="+CX">
+			<buttons>
+				<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
+				<Button text="%generic.button.next" ButtonBar.buttonData="NEXT_FORWARD" defaultButton="true" onAction="#next" disable="${!controller.validateController.recoveryKeyCorrect}"/>
+			</buttons>
+		</ButtonBar>
+	</VBox>
+</HBox>
diff --git a/src/main/resources/fxml/recoverykey_expert_settings.fxml b/src/main/resources/fxml/recoverykey_expert_settings.fxml
index 0f81e23c6..70cf0bcea 100644
--- a/src/main/resources/fxml/recoverykey_expert_settings.fxml
+++ b/src/main/resources/fxml/recoverykey_expert_settings.fxml
@@ -57,6 +57,7 @@
 					</tooltip>
 				</Hyperlink>
 			</HBox>
+			<Label text="%recoveryKey.recover.expertSettings.shorteningThreshold.title" wrapText="true"/>
 			<NumericTextField fx:id="shorteningThresholdTextField"/>
 			<HBox alignment="TOP_RIGHT">
 				<Region minWidth="4" prefWidth="4" HBox.hgrow="NEVER"/>
diff --git a/src/main/resources/fxml/recoverykey_onboarding.fxml b/src/main/resources/fxml/recoverykey_onboarding.fxml
index 4fa7d8282..ce4ca0b46 100644
--- a/src/main/resources/fxml/recoverykey_onboarding.fxml
+++ b/src/main/resources/fxml/recoverykey_onboarding.fxml
@@ -5,79 +5,84 @@
 <?import javafx.scene.control.ButtonBar?>
 <?import javafx.scene.control.CheckBox?>
 <?import javafx.scene.control.Label?>
-<?import javafx.scene.image.Image?>
+<?import javafx.scene.control.RadioButton?>
 <?import javafx.scene.control.ToggleGroup?>
-<?import javafx.scene.image.ImageView?>
 <?import javafx.scene.layout.ColumnConstraints?>
 <?import javafx.scene.layout.GridPane?>
 <?import javafx.scene.layout.HBox?>
 <?import javafx.scene.layout.Region?>
 <?import javafx.scene.layout.RowConstraints?>
+<?import javafx.scene.layout.StackPane?>
 <?import javafx.scene.layout.VBox?>
-<?import javafx.scene.control.RadioButton?>
-<VBox xmlns:fx="http://javafx.com/fxml"
+<?import javafx.scene.shape.Circle?>
+<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
+
+<?import javafx.scene.Group?>
+<HBox xmlns:fx="http://javafx.com/fxml"
 	  xmlns="http://javafx.com/javafx"
+	  fx:id="hBox"
 	  fx:controller="org.cryptomator.ui.recoverykey.RecoveryKeyOnboardingController"
-	  prefWidth="650"
-	  prefHeight="400"
-	  spacing="12">
+	  prefWidth="480"
+	  minHeight="242"
+	  spacing="12"
+	  VBox.vgrow="ALWAYS"
+>
 	<padding>
 		<Insets topRightBottomLeft="12"/>
 	</padding>
-	<children>
-		<HBox VBox.vgrow="ALWAYS">
-			<VBox alignment="CENTER" minWidth="175" maxWidth="175">
-				<ImageView VBox.vgrow="ALWAYS" fitHeight="128" preserveRatio="true" cache="true">
-					<Image url="@../img/logo128.png"/>
-				</ImageView>
+	<Group>
+		<StackPane>
+			<padding>
+				<Insets topRightBottomLeft="6"/>
+			</padding>
+			<Circle styleClass="glyph-icon-primary" radius="24"/>
+			<FontAwesome5IconView styleClass="glyph-icon-white" glyph="SYNC" glyphSize="24"/>
+		</StackPane>
+	</Group>
+	<VBox HBox.hgrow="ALWAYS" spacing="12">
+		<Label fx:id="titleLabel" text="%recoveryKey.recoverVaultConfig.title" styleClass="label-extra-large"/>
+		<VBox spacing="6">
+			<VBox fx:id="chooseMethodeBox" spacing="6">
+				<Label text="%recoveryKey.recover.onBoarding.chooseMethod"/>
+				<RadioButton fx:id="recoveryKeyRadio" text="%recoveryKey.recover.onBoarding.useRecoveryKey" selected="true">
+					<toggleGroup>
+						<ToggleGroup fx:id="methodToggleGroup"/>
+					</toggleGroup>
+				</RadioButton>
+				<RadioButton fx:id="passwordRadio" text="%recoveryKey.recover.onBoarding.usePassword"/>
 			</VBox>
-			<VBox HBox.hgrow="ALWAYS" alignment="CENTER">
+
+			<Label fx:id="messageLabel" text="%recoveryKey.recover.onBoarding.message" wrapText="true"/>
+			<GridPane alignment="CENTER_LEFT">
 				<padding>
-					<Insets topRightBottomLeft="12"/>
+					<Insets left="6"/>
 				</padding>
-				<Label fx:id="titleLabel" text="%recoveryKey.recoverVaultConfig.title" styleClass="label-extra-large"/>
-				<Region minHeight="15"/>
-				<VBox>
-					<Label fx:id="messageLabel" text="%recoveryKey.recover.onBoarding.message" wrapText="true"/>
-					<GridPane alignment="CENTER_LEFT" >
-						<padding>
-							<Insets left="6"/>
-						</padding>
-						<columnConstraints>
-							<ColumnConstraints minWidth="20" halignment="LEFT"/>
-							<ColumnConstraints fillWidth="true"/>
-						</columnConstraints>
-						<rowConstraints>
-							<RowConstraints valignment="TOP"/>
-							<RowConstraints valignment="TOP"/>
-							<RowConstraints valignment="TOP"/>
-						</rowConstraints>
-						<Label text="1." GridPane.rowIndex="0" GridPane.columnIndex="0" />
-						<Label text="%recoveryKey.recover.onBoarding.intro1" wrapText="true" GridPane.rowIndex="0" GridPane.columnIndex="1" />
-						<Label text="2." GridPane.rowIndex="1" GridPane.columnIndex="0" />
-						<Label fx:id="secondTextDesc" text="%recoveryKey.recover.onBoarding.intro2" wrapText="true" GridPane.rowIndex="1" GridPane.columnIndex="1" />
-						<Label text="3." GridPane.rowIndex="2" GridPane.columnIndex="0" visible="${controller.showThirdText}" managed="${controller.showThirdText}" />
-						<Label text="%recoveryKey.recover.onBoarding.intro3" wrapText="true" GridPane.rowIndex="2" GridPane.columnIndex="1" visible="${controller.showThirdText}" managed="${controller.showThirdText}" />
-					</GridPane>
-					<Region minHeight="15"/>
-					<VBox fx:id="chooseMethodeBox">
-						<Label text="%recoveryKey.recover.onBoarding.chooseMethod"/>
-						<RadioButton fx:id="recoveryKeyRadio" text="%recoveryKey.recover.onBoarding.useRecoveryKey">
-							<toggleGroup>
-								<ToggleGroup fx:id="methodToggleGroup"/>
-							</toggleGroup>
-						</RadioButton>
-						<RadioButton fx:id="passwordRadio" text="%recoveryKey.recover.onBoarding.usePassword"/>
-					</VBox>
-					<CheckBox fx:id="affirmationBox" text="%recoveryKey.recover.onBoarding.affirmation"/>
-				</VBox>
-			</VBox>
-		</HBox>
-		<ButtonBar buttonMinWidth="120" buttonOrder="+CX">
+				<columnConstraints>
+					<ColumnConstraints minWidth="20" halignment="LEFT"/>
+					<ColumnConstraints />
+				</columnConstraints>
+				<rowConstraints>
+					<RowConstraints valignment="TOP"/>
+					<RowConstraints valignment="TOP"/>
+					<RowConstraints valignment="TOP"/>
+				</rowConstraints>
+				<Label text="1." GridPane.rowIndex="0" GridPane.columnIndex="0"/>
+				<Label text="%recoveryKey.recover.onBoarding.intro1" wrapText="true" GridPane.rowIndex="0" GridPane.columnIndex="1"/>
+				<Label text="2." GridPane.rowIndex="1" GridPane.columnIndex="0"/>
+				<Label fx:id="secondTextDesc" text="%recoveryKey.recover.onBoarding.recoverVaultConfig.intro2.recoveryKey" wrapText="true" GridPane.rowIndex="1" GridPane.columnIndex="1"/>
+			</GridPane>
+			<CheckBox fx:id="affirmationBox" text="%recoveryKey.recover.onBoarding.affirmation"/>
+		</VBox>
+
+		<Region VBox.vgrow="ALWAYS"/>
+
+		<ButtonBar buttonMinWidth="120" buttonOrder="+CX" VBox.vgrow="NEVER">
 			<buttons>
 				<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
-				<Button fx:id="nextButton" text="%generic.button.next" ButtonBar.buttonData="NEXT_FORWARD" disable="${!affirmationBox.selected}" defaultButton="true" onAction="#next"/>
+				<Button fx:id="nextButton" text="%generic.button.next" ButtonBar.buttonData="NEXT_FORWARD"
+						disable="${!affirmationBox.selected}" defaultButton="true" onAction="#next"/>
 			</buttons>
 		</ButtonBar>
-	</children>
-</VBox>
+
+	</VBox>
+</HBox>
diff --git a/src/main/resources/fxml/recoverykey_recover.fxml b/src/main/resources/fxml/recoverykey_recover.fxml
index 29264c797..43f44c639 100644
--- a/src/main/resources/fxml/recoverykey_recover.fxml
+++ b/src/main/resources/fxml/recoverykey_recover.fxml
@@ -3,26 +3,40 @@
 <?import javafx.geometry.Insets?>
 <?import javafx.scene.control.Button?>
 <?import javafx.scene.control.ButtonBar?>
+<?import javafx.scene.layout.HBox?>
 <?import javafx.scene.layout.Region?>
+<?import javafx.scene.layout.StackPane?>
 <?import javafx.scene.layout.VBox?>
-<VBox xmlns:fx="http://javafx.com/fxml"
+<?import javafx.scene.shape.Circle?>
+<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
+<?import javafx.scene.Group?>
+
+<HBox xmlns:fx="http://javafx.com/fxml"
 	  xmlns="http://javafx.com/javafx"
 	  fx:controller="org.cryptomator.ui.recoverykey.RecoveryKeyRecoverController"
 	  minWidth="400"
 	  maxWidth="400"
 	  minHeight="145"
-	  spacing="12"
-	  alignment="TOP_CENTER">
+	  spacing="12">
 	<padding>
 		<Insets topRightBottomLeft="12"/>
 	</padding>
 	<children>
+		<Group>
+			<StackPane>
+				<padding>
+					<Insets topRightBottomLeft="6"/>
+				</padding>
+				<Circle styleClass="glyph-icon-primary" radius="24"/>
+				<FontAwesome5IconView styleClass="glyph-icon-white" glyph="SYNC" glyphSize="24"/>
+			</StackPane>
+		</Group>
 
-		<fx:include fx:id="recoveryKeyValidate" source="recoverykey_validate.fxml"/>
+		<VBox spacing="12" HBox.hgrow="ALWAYS" alignment="TOP_CENTER">
+			<fx:include fx:id="recoveryKeyValidate" source="recoverykey_validate.fxml"/>
 
-		<Region VBox.vgrow="ALWAYS"/>
+			<Region VBox.vgrow="ALWAYS"/>
 
-		<VBox alignment="BOTTOM_CENTER" VBox.vgrow="ALWAYS">
 			<ButtonBar buttonMinWidth="120" buttonOrder="+BX">
 				<buttons>
 					<Button fx:id="cancelButton" ButtonBar.buttonData="BACK_PREVIOUS" cancelButton="true" onAction="#close"/>
@@ -31,4 +45,4 @@
 			</ButtonBar>
 		</VBox>
 	</children>
-</VBox>
+</HBox>
diff --git a/src/main/resources/fxml/recoverykey_reset_password.fxml b/src/main/resources/fxml/recoverykey_reset_password.fxml
index 648e761fd..8c28a1c9f 100644
--- a/src/main/resources/fxml/recoverykey_reset_password.fxml
+++ b/src/main/resources/fxml/recoverykey_reset_password.fxml
@@ -5,7 +5,12 @@
 <?import javafx.scene.control.ButtonBar?>
 <?import javafx.scene.layout.Region?>
 <?import javafx.scene.layout.VBox?>
-<VBox xmlns:fx="http://javafx.com/fxml"
+<?import javafx.scene.layout.HBox?>
+<?import javafx.scene.layout.StackPane?>
+<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
+<?import javafx.scene.shape.Circle?>
+<?import javafx.scene.Group?>
+<HBox xmlns:fx="http://javafx.com/fxml"
 	  xmlns="http://javafx.com/javafx"
 	  fx:controller="org.cryptomator.ui.recoverykey.RecoveryKeyResetPasswordController"
 	  minWidth="400"
@@ -17,17 +22,28 @@
 		<Insets topRightBottomLeft="12"/>
 	</padding>
 	<children>
-		<fx:include fx:id="newPassword" source="new_password.fxml"/>
+		<Group>
+			<StackPane>
+				<padding>
+					<Insets topRightBottomLeft="6"/>
+				</padding>
+				<Circle styleClass="glyph-icon-primary" radius="24"/>
+				<FontAwesome5IconView styleClass="glyph-icon-white" glyph="KEY" glyphSize="24"/>
+			</StackPane>
+		</Group>
+		<VBox spacing="12" HBox.hgrow="ALWAYS" alignment="TOP_CENTER">
+			<fx:include fx:id="newPassword" source="new_password.fxml"/>
 
-		<Region VBox.vgrow="ALWAYS"/>
+			<Region VBox.vgrow="ALWAYS"/>
 
-		<VBox alignment="BOTTOM_CENTER" VBox.vgrow="ALWAYS">
-			<ButtonBar buttonMinWidth="120" buttonOrder="+CI">
-				<buttons>
-					<Button text="%generic.button.back" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
-					<Button fx:id="nextButton" ButtonBar.buttonData="FINISH" defaultButton="true" disable="${!controller.passwordSufficientAndMatching}" onAction="#next"/>
-				</buttons>
-			</ButtonBar>
+			<VBox alignment="BOTTOM_CENTER" VBox.vgrow="ALWAYS">
+				<ButtonBar buttonMinWidth="120" buttonOrder="+CI">
+					<buttons>
+						<Button text="%generic.button.back" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
+						<Button fx:id="nextButton" ButtonBar.buttonData="FINISH" defaultButton="true" disable="${!controller.passwordSufficientAndMatching}" onAction="#next"/>
+					</buttons>
+				</ButtonBar>
+			</VBox>
 		</VBox>
 	</children>
-</VBox>
+</HBox>
diff --git a/src/main/resources/fxml/recoverykey_validate.fxml b/src/main/resources/fxml/recoverykey_validate.fxml
index 920dcd2b0..7f66f8ae2 100644
--- a/src/main/resources/fxml/recoverykey_validate.fxml
+++ b/src/main/resources/fxml/recoverykey_validate.fxml
@@ -2,48 +2,41 @@
 
 <?import org.cryptomator.ui.controls.FontAwesome5IconView?>
 <?import org.cryptomator.ui.controls.FormattedLabel?>
-<?import javafx.geometry.Insets?>
 <?import javafx.scene.control.Label?>
 <?import javafx.scene.control.TextArea?>
-<?import javafx.scene.layout.StackPane?>
 <?import javafx.scene.layout.VBox?>
 <VBox xmlns:fx="http://javafx.com/fxml"
 	  xmlns="http://javafx.com/javafx"
 	  fx:controller="org.cryptomator.ui.recoverykey.RecoveryKeyValidateController"
-	  minWidth="400"
 	  maxWidth="400"
 	  minHeight="145"
-	  spacing="12"
-	  alignment="TOP_CENTER">
-	<padding>
-		<Insets topRightBottomLeft="12"/>
-	</padding>
+	  spacing="12">
 	<children>
 		<FormattedLabel format="%recoveryKey.recover.prompt" arg1="${controller.vault.displayName}" wrapText="true"/>
 
 		<TextArea wrapText="true" prefRowCount="4" fx:id="textarea" textFormatter="${controller.recoveryKeyTextFormatter}" onKeyPressed="#onKeyPressed"/>
-
-		<StackPane>
-			<Label text="Just some Filler" visible="false" graphicTextGap="6">
+		<VBox>
+			<Label text="Just some Filler" visible="false" managed="${textarea.text.empty}" graphicTextGap="6">
 				<graphic>
 					<FontAwesome5IconView glyph="ANCHOR"/>
 				</graphic>
 			</Label>
-			<Label text="%recoveryKey.recover.correctKey" graphicTextGap="6" contentDisplay="LEFT" visible="${(!textarea.text.empty) &amp;&amp; controller.recoveryKeyCorrect}">
+			<Label text="%recoveryKey.recover.correctKey" graphicTextGap="6" visible="${(!textarea.text.empty) &amp;&amp; controller.recoveryKeyCorrect}" managed="${(!textarea.text.empty) &amp;&amp; controller.recoveryKeyCorrect}">
 				<graphic>
 					<FontAwesome5IconView glyph="CHECK"/>
 				</graphic>
 			</Label>
-			<Label text="%recoveryKey.recover.wrongKey" graphicTextGap="6" contentDisplay="LEFT" visible="${(!textarea.text.empty) &amp;&amp; controller.recoveryKeyWrong}">
+			<Label text="%recoveryKey.recover.wrongKey" graphicTextGap="6"  visible="${(!textarea.text.empty) &amp;&amp; controller.recoveryKeyWrong}" managed="${(!textarea.text.empty) &amp;&amp; controller.recoveryKeyWrong}">
 				<graphic>
 					<FontAwesome5IconView glyph="TIMES" styleClass="glyph-icon-red"/>
 				</graphic>
 			</Label>
-			<Label text="%recoveryKey.recover.invalidKey" graphicTextGap="6" contentDisplay="LEFT" visible="${(!textarea.text.empty) &amp;&amp; controller.recoveryKeyInvalid}">
+			<Label text="%recoveryKey.recover.invalidKey" graphicTextGap="6"  visible="${(!textarea.text.empty) &amp;&amp; controller.recoveryKeyInvalid}" managed="${(!textarea.text.empty) &amp;&amp; controller.recoveryKeyInvalid}">
 				<graphic>
 					<FontAwesome5IconView glyph="TIMES" styleClass="glyph-icon-red"/>
 				</graphic>
 			</Label>
-		</StackPane>
+		</VBox>
+
 	</children>
 </VBox>
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index 7e5061c0c..c7629dc11 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -112,9 +112,9 @@ removeVault.message=Remove vault?
 removeVault.description=This will only make Cryptomator forget about this vault. You can add it again. No encrypted files will be deleted from your hard drive.
 
 # Contact Hub Admin
-contactHubAdmin.title=Contact Admin
-contactHubAdmin.message=Contact Admin
-contactHubAdmin.description=You should contact your vault admin.
+contactHubAdmin.title=Hub Vault
+contactHubAdmin.message=This vault was created with Cryptomator Hub
+contactHubAdmin.description=Please reach out to the vault owner to restore the missing file. They can download the vault template from Cryptomator Hub.
 
 # Change Password
 changepassword.title=Change Password
@@ -545,24 +545,21 @@ recoveryKey.alreadyExists.message=This vault has already been added
 recoveryKey.alreadyExists.description=Your vault "%s" is already present in your vault list and was therefore not added again.
 
 recoveryKey.noDDirDetected.title=Invalid Selection
+recoveryKey.noDDirDetected.message=Your selection is not a vault
 recoveryKey.noDDirDetected.description=The selected folder must contain a subfolder named "d".
-recoveryKey.noDDirDetected.message=Please choose a different folder that includes a subfolder named "d".
 
 recoveryKey.recoverVaultConfig.title=Recover Vault Config
 recoveryKey.recoverMasterkey.title=Recover Masterkey
 
+recoveryKey.recover.expertSettings.shorteningThreshold.title=This value must match the one used before recovery to ensure compatibility with previously encrypted data.
 
-recoveryKey.recover.onBoarding.recoverMasterkey.title=Restore your vault.cryptomator file
-recoveryKey.recover.onBoarding.recoverMasterkey.intro2=You will need the vault recovery key.
-recoveryKey.recover.onBoarding.recoverVaultConfig.intro2=You will need the vault password or recovery key, a new password and possible some expert settings.
-
-recoveryKey.recover.onBoarding.readThis=Read this:
-recoveryKey.recover.onBoarding.message=If your vault is a hub managed vault, the Hub Admin can restore the file for you. Otherwise:
-recoveryKey.recover.onBoarding.description=Otherwise you will need the Recovery Key of the vault, possible some expert settings, and a new vault password.
-recoveryKey.recover.onBoarding.confirm=Use RecoveryKey
+recoveryKey.recover.onBoarding.readThis=Make sure to check the following:
+recoveryKey.recover.onBoarding.message=If your vault is a Hub vault, the vault owner can restore the file for you. Otherwise:
 recoveryKey.recover.onBoarding.intro1=Ensure all files are completely synced.
-recoveryKey.recover.onBoarding.intro2=You will need the Recovery Key of the vault.
-recoveryKey.recover.onBoarding.intro3=A new vault password and possible some expert settings.
+recoveryKey.recover.onBoarding.recoverVaultConfig.intro2.recoveryKey=You will need the recovery key, a new vault password and possibly some expert settings.
+recoveryKey.recover.onBoarding.recoverVaultConfig.intro2.password=You will need the vault password and possibly some expert settings.
+recoveryKey.recover.onBoarding.recoverMasterkey.intro2=You will need the vault recovery key.
+
 recoveryKey.recover.onBoarding.chooseMethod=Choose recovery method:
 recoveryKey.recover.onBoarding.useRecoveryKey=Use Recovery Key
 recoveryKey.recover.onBoarding.usePassword=Use Password

From fa053ac3df839015514bee5268017d5e75e3c71b Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 20 Aug 2025 10:00:08 +0200
Subject: [PATCH 069/117] undo no longer needed changes

---
 .../RecoveryKeyResetPasswordController.java   | 35 ++++---------------
 1 file changed, 7 insertions(+), 28 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index 9de9c6d5d..4cbace436 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -25,8 +25,6 @@ import javax.inject.Named;
 import javafx.beans.property.IntegerProperty;
 import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.ReadOnlyBooleanProperty;
-import javafx.beans.property.ReadOnlyBooleanWrapper;
-import javafx.beans.property.SimpleStringProperty;
 import javafx.beans.property.StringProperty;
 import javafx.concurrent.Task;
 import javafx.fxml.FXML;
@@ -60,9 +58,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	private final ObjectProperty<RecoveryActionType> recoverType;
 	private final ObjectProperty<CryptorProvider.Scheme> cipherCombo;
 	private final ResourceBundle resourceBundle;
-	private final StringProperty buttonText = new SimpleStringProperty();
 	private final Dialogs dialogs;
-	private final Stage owner;
 
 	public NewPasswordController newPasswordController;
 	public Button nextButton;
@@ -72,7 +68,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 											  @RecoveryKeyWindow Vault vault, //
 											  RecoveryKeyFactory recoveryKeyFactory, //
 											  ExecutorService executor, //
-											  @Named("keyRecoveryOwner") Stage owner, @RecoveryKeyWindow StringProperty recoveryKey, //
+											  @RecoveryKeyWindow StringProperty recoveryKey, //
 											  @FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> recoverExpertSettingsScene, //
 											  @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverykeyRecoverScene, //
 											  FxApplicationWindows appWindows, //
@@ -80,8 +76,9 @@ public class RecoveryKeyResetPasswordController implements FxController {
 											  VaultListManager vaultListManager, //
 											  @Named("shorteningThreshold") IntegerProperty shorteningThreshold, //
 											  @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
-											  @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo,//
-											  ResourceBundle resourceBundle, Dialogs dialogs) {
+											  @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo, //
+											  ResourceBundle resourceBundle, //
+											  Dialogs dialogs) {
 		this.window = window;
 		this.vault = vault;
 		this.recoveryKeyFactory = recoveryKeyFactory;
@@ -97,7 +94,6 @@ public class RecoveryKeyResetPasswordController implements FxController {
 		this.recoverType = recoverType;
 		this.resourceBundle = resourceBundle;
 		this.dialogs = dialogs;
-		this.owner = owner;
 	}
 
 	@FXML
@@ -155,7 +151,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 
 	@FXML
 	public void resetPassword() {
-		Task<Void> task = new ResetPasswordTask(recoveryKeyFactory, vault, recoveryKey, newPasswordController);
+		Task<Void> task = new ResetPasswordTask();
 
 		task.setOnScheduled(_ -> LOG.debug("Using recovery key to reset password for {}.", vault.getDisplayablePath()));
 
@@ -178,14 +174,6 @@ public class RecoveryKeyResetPasswordController implements FxController {
 
 	/* Getter/Setter */
 
-	public StringProperty buttonTextProperty() {
-		return buttonText;
-	}
-
-	public String getButtonText() {
-		return buttonText.get();
-	}
-
 	public ReadOnlyBooleanProperty passwordSufficientAndMatchingProperty() {
 		return newPasswordController.goodPasswordProperty();
 	}
@@ -194,20 +182,11 @@ public class RecoveryKeyResetPasswordController implements FxController {
 		return newPasswordController.isGoodPassword();
 	}
 
-	private static class ResetPasswordTask extends Task<Void> {
+	private class ResetPasswordTask extends Task<Void> {
 
 		private static final Logger LOG = LoggerFactory.getLogger(ResetPasswordTask.class);
-		private final RecoveryKeyFactory recoveryKeyFactory;
-		private final Vault vault;
-		private final StringProperty recoveryKey;
-		private final NewPasswordController newPasswordController;
-
-		public ResetPasswordTask(RecoveryKeyFactory recoveryKeyFactory, Vault vault, StringProperty recoveryKey, NewPasswordController newPasswordController) {
-			this.recoveryKeyFactory = recoveryKeyFactory;
-			this.vault = vault;
-			this.recoveryKey = recoveryKey;
-			this.newPasswordController = newPasswordController;
 
+		public ResetPasswordTask() {
 			setOnFailed(_ -> LOG.error("Failed to reset password", getException()));
 		}
 

From 16d441ec445339f616b7b35a917215f6aaca4c7a Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 21 Aug 2025 12:26:16 +0200
Subject: [PATCH 070/117] cleanup

---
 .../VaultDetailMissingVaultController.java    |  5 --
 .../VaultListContextMenuController.java       |  2 +-
 .../RecoveryKeyCreationController.java        |  4 --
 .../RecoveryKeyOnboardingController.java      |  1 -
 .../RecoveryKeyRecoverController.java         |  8 +--
 .../RecoveryKeyResetPasswordController.java   | 27 +++++----
 .../resources/fxml/addvault_existing.fxml     |  1 +
 .../convertvault_hubtopassword_convert.fxml   | 50 ++++++++--------
 .../convertvault_hubtopassword_start.fxml     |  3 +-
 .../fxml/recoverykey_onboarding.fxml          |  3 +-
 .../resources/fxml/recoverykey_recover.fxml   |  2 +-
 .../fxml/recoverykey_reset_password.fxml      |  2 +-
 .../resources/fxml/recoverykey_validate.fxml  |  1 -
 .../vault_detail_missing_vault_config.fxml    | 60 +++++++++----------
 src/main/resources/fxml/vault_list.fxml       |  2 -
 15 files changed, 78 insertions(+), 93 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
index dff3c0a4e..7e5998e39 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
@@ -79,11 +79,6 @@ public class VaultDetailMissingVaultController implements FxController {
 		}
 	}
 
-	@FXML
-	void restoreMasterkey() {
-		recoveryKeyWindow.create(vault.get(), window, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_MASTERKEY)).showRecoveryKeyRecoverWindow();
-	}
-
 	@FXML
 	public void unlock() {
 		vault.get().stateProperty().set(VaultState.Value.LOCKED);
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java
index e4b942503..6274224a4 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java
@@ -20,9 +20,9 @@ import javafx.stage.Stage;
 import java.util.EnumSet;
 import java.util.Objects;
 
+import static org.cryptomator.common.vaults.VaultState.Value.ALL_MISSING;
 import static org.cryptomator.common.vaults.VaultState.Value.ERROR;
 import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
-import static org.cryptomator.common.vaults.VaultState.Value.ALL_MISSING;
 import static org.cryptomator.common.vaults.VaultState.Value.MISSING;
 import static org.cryptomator.common.vaults.VaultState.Value.NEEDS_MIGRATION;
 import static org.cryptomator.common.vaults.VaultState.Value.UNLOCKED;
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
index 0042b181e..228a6e2d4 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
@@ -63,12 +63,10 @@ public class RecoveryKeyCreationController implements FxController {
 	public Button nextButton;
 	private final VaultListManager vaultListManager;
 	private final Dialogs dialogs;
-	private final Stage owner;
 
 	@Inject
 	public RecoveryKeyCreationController(FxApplicationWindows appWindows, //
 										 @RecoveryKeyWindow Stage window, //
-										 @Named("keyRecoveryOwner") Stage owner, //
 										 @FxmlScene(FxmlFile.RECOVERYKEY_SUCCESS) Lazy<Scene> successScene, //
 										 @FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> recoverykeyExpertSettingsScene, //
 										 @RecoveryKeyWindow Vault vault, //
@@ -94,7 +92,6 @@ public class RecoveryKeyCreationController implements FxController {
 		this.masterkeyFileAccess = masterkeyFileAccess;
 		this.shorteningThreshold = shorteningThreshold;
 		this.vaultListManager = vaultListManager;
-		this.owner = owner;
 		this.dialogs = dialogs;
 	}
 
@@ -175,7 +172,6 @@ public class RecoveryKeyCreationController implements FxController {
 		}
 	}
 
-
 	@FXML
 	public void close() {
 		window.close();
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
index 3c9017619..c7f560466 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
@@ -152,4 +152,3 @@ public class RecoveryKeyOnboardingController implements FxController {
 	}
 
 }
-
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
index ae0f84b25..bb8d53ff1 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
@@ -13,7 +13,6 @@ import javafx.fxml.FXML;
 import javafx.scene.Scene;
 import javafx.scene.control.Button;
 import javafx.stage.Stage;
-import java.util.Objects;
 import java.util.ResourceBundle;
 
 @RecoveryKeyScoped
@@ -33,15 +32,15 @@ public class RecoveryKeyRecoverController implements FxController {
 
 	@Inject
 	public RecoveryKeyRecoverController(@RecoveryKeyWindow Stage window, //
+										ResourceBundle resourceBundle, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD) Lazy<Scene> resetPasswordScene, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> expertSettingsScene, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_ONBOARDING) Lazy<Scene> onBoardingScene, //
-										ResourceBundle resourceBundle, //
 										@Named("recoverType") ObjectProperty<RecoveryActionType> recoverType) {
 		this.window = window;
-		this.recoverType = recoverType;
-		this.onBoardingScene = onBoardingScene;
 		this.resourceBundle = resourceBundle;
+		this.onBoardingScene = onBoardingScene;
+		this.recoverType = recoverType;
 		this.nextScene = switch (recoverType.get()) {
 			case RESTORE_ALL, RESTORE_VAULT_CONFIG -> {
 				window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
@@ -61,7 +60,6 @@ public class RecoveryKeyRecoverController implements FxController {
 			}
 			default -> throw new IllegalArgumentException("Unexpected recovery action type: " + recoverType.get());
 		};
-
 	}
 
 	@FXML
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index 4cbace436..a876e1930 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -153,10 +153,12 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	public void resetPassword() {
 		Task<Void> task = new ResetPasswordTask();
 
-		task.setOnScheduled(_ -> LOG.debug("Using recovery key to reset password for {}.", vault.getDisplayablePath()));
+		task.setOnScheduled(_ -> {
+			LOG.debug("Using recovery key to reset password for {}.", vault.getDisplayablePath());
+		});
 
 		task.setOnSucceeded(_ -> {
-			LOG.info("Used recovery key to reset password for {}.", vault.getDisplayablePath());
+			LOG.debug("Used recovery key to reset password for {}.", vault.getDisplayablePath());
 			window.close();
 			switch (recoverType.get()){
 				case RESET_PASSWORD -> dialogs.prepareRecoverPasswordSuccess(window).build().showAndWait();
@@ -172,16 +174,6 @@ public class RecoveryKeyResetPasswordController implements FxController {
 		executor.submit(task);
 	}
 
-	/* Getter/Setter */
-
-	public ReadOnlyBooleanProperty passwordSufficientAndMatchingProperty() {
-		return newPasswordController.goodPasswordProperty();
-	}
-
-	public boolean isPasswordSufficientAndMatching() {
-		return newPasswordController.isGoodPassword();
-	}
-
 	private class ResetPasswordTask extends Task<Void> {
 
 		private static final Logger LOG = LoggerFactory.getLogger(ResetPasswordTask.class);
@@ -196,4 +188,15 @@ public class RecoveryKeyResetPasswordController implements FxController {
 			return null;
 		}
 	}
+
+	/* Getter/Setter */
+
+	public ReadOnlyBooleanProperty passwordSufficientAndMatchingProperty() {
+		return newPasswordController.goodPasswordProperty();
+	}
+
+	public boolean isPasswordSufficientAndMatching() {
+		return newPasswordController.isGoodPassword();
+	}
+
 }
diff --git a/src/main/resources/fxml/addvault_existing.fxml b/src/main/resources/fxml/addvault_existing.fxml
index cfbeb2018..200eae4f9 100644
--- a/src/main/resources/fxml/addvault_existing.fxml
+++ b/src/main/resources/fxml/addvault_existing.fxml
@@ -23,6 +23,7 @@
 		<Label text="%addvaultwizard.existing.instruction" wrapText="true" labelFor="$finishButton"/>
 
 		<Region VBox.vgrow="ALWAYS"/>
+
 		<ButtonBar buttonMinWidth="120" buttonOrder="+X">
 			<buttons>
 				<Button fx:id="finishButton" text="%addvaultwizard.existing.chooseBtn" ButtonBar.buttonData="NEXT_FORWARD" onAction="#chooseFileAndNext" defaultButton="true"/>
diff --git a/src/main/resources/fxml/convertvault_hubtopassword_convert.fxml b/src/main/resources/fxml/convertvault_hubtopassword_convert.fxml
index a5be0fc17..a248c347b 100644
--- a/src/main/resources/fxml/convertvault_hubtopassword_convert.fxml
+++ b/src/main/resources/fxml/convertvault_hubtopassword_convert.fxml
@@ -22,33 +22,31 @@
 	<padding>
 		<Insets topRightBottomLeft="12"/>
 	</padding>
-	<children>
-		<Group>
-			<StackPane>
-				<padding>
-					<Insets topRightBottomLeft="6"/>
-				</padding>
-				<Circle styleClass="glyph-icon-primary" radius="24"/>
-				<FontAwesome5IconView styleClass="glyph-icon-white" glyph="KEY" glyphSize="24"/>
-			</StackPane>
-		</Group>
-			<VBox spacing="12" HBox.hgrow="ALWAYS" alignment="TOP_CENTER">
-			<fx:include fx:id="newPassword" source="new_password.fxml"/>
+	<Group>
+		<StackPane>
+			<padding>
+				<Insets topRightBottomLeft="6"/>
+			</padding>
+			<Circle styleClass="glyph-icon-primary" radius="24"/>
+			<FontAwesome5IconView styleClass="glyph-icon-white" glyph="KEY" glyphSize="24"/>
+		</StackPane>
+	</Group>
+	<VBox spacing="12" HBox.hgrow="ALWAYS" alignment="TOP_CENTER">
+		<fx:include source="new_password.fxml"/>
 
-			<Region VBox.vgrow="ALWAYS"/>
+		<Region VBox.vgrow="ALWAYS"/>
 
-			<VBox alignment="BOTTOM_CENTER" VBox.vgrow="ALWAYS">
-				<ButtonBar buttonMinWidth="120" buttonOrder="+CI">
-					<buttons>
-						<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
-						<Button fx:id="convertBtn" ButtonBar.buttonData="FINISH" defaultButton="true" onAction="#convert"> <!-- for button logic, see controller -->
-							<graphic>
-								<FontAwesome5Spinner glyphSize="12"/>
-							</graphic>
-						</Button>
-					</buttons>
-				</ButtonBar>
-			</VBox>
+		<VBox alignment="BOTTOM_CENTER" VBox.vgrow="ALWAYS">
+			<ButtonBar buttonMinWidth="120" buttonOrder="+CI">
+				<buttons>
+					<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
+					<Button fx:id="convertBtn" ButtonBar.buttonData="FINISH" defaultButton="true" onAction="#convert">
+						<graphic>
+							<FontAwesome5Spinner glyphSize="12"/>
+						</graphic>
+					</Button>
+				</buttons>
+			</ButtonBar>
 		</VBox>
-	</children>
+	</VBox>
 </HBox>
diff --git a/src/main/resources/fxml/convertvault_hubtopassword_start.fxml b/src/main/resources/fxml/convertvault_hubtopassword_start.fxml
index 4cdf76fc4..27b6911f7 100644
--- a/src/main/resources/fxml/convertvault_hubtopassword_start.fxml
+++ b/src/main/resources/fxml/convertvault_hubtopassword_start.fxml
@@ -14,7 +14,8 @@
 	  minWidth="400"
 	  maxWidth="400"
 	  minHeight="145"
-	  spacing="12">
+	  spacing="12"
+	  alignment="TOP_CENTER">
 	<padding>
 		<Insets topRightBottomLeft="12"/>
 	</padding>
diff --git a/src/main/resources/fxml/recoverykey_onboarding.fxml b/src/main/resources/fxml/recoverykey_onboarding.fxml
index ce4ca0b46..61c54d5e4 100644
--- a/src/main/resources/fxml/recoverykey_onboarding.fxml
+++ b/src/main/resources/fxml/recoverykey_onboarding.fxml
@@ -25,8 +25,7 @@
 	  prefWidth="480"
 	  minHeight="242"
 	  spacing="12"
-	  VBox.vgrow="ALWAYS"
->
+	  VBox.vgrow="ALWAYS">
 	<padding>
 		<Insets topRightBottomLeft="12"/>
 	</padding>
diff --git a/src/main/resources/fxml/recoverykey_recover.fxml b/src/main/resources/fxml/recoverykey_recover.fxml
index 43f44c639..53850b1c4 100644
--- a/src/main/resources/fxml/recoverykey_recover.fxml
+++ b/src/main/resources/fxml/recoverykey_recover.fxml
@@ -33,7 +33,7 @@
 		</Group>
 
 		<VBox spacing="12" HBox.hgrow="ALWAYS" alignment="TOP_CENTER">
-			<fx:include fx:id="recoveryKeyValidate" source="recoverykey_validate.fxml"/>
+			<fx:include source="recoverykey_validate.fxml"/>
 
 			<Region VBox.vgrow="ALWAYS"/>
 
diff --git a/src/main/resources/fxml/recoverykey_reset_password.fxml b/src/main/resources/fxml/recoverykey_reset_password.fxml
index 8c28a1c9f..d1b51435d 100644
--- a/src/main/resources/fxml/recoverykey_reset_password.fxml
+++ b/src/main/resources/fxml/recoverykey_reset_password.fxml
@@ -32,7 +32,7 @@
 			</StackPane>
 		</Group>
 		<VBox spacing="12" HBox.hgrow="ALWAYS" alignment="TOP_CENTER">
-			<fx:include fx:id="newPassword" source="new_password.fxml"/>
+			<fx:include source="new_password.fxml"/>
 
 			<Region VBox.vgrow="ALWAYS"/>
 
diff --git a/src/main/resources/fxml/recoverykey_validate.fxml b/src/main/resources/fxml/recoverykey_validate.fxml
index 7f66f8ae2..b1420a899 100644
--- a/src/main/resources/fxml/recoverykey_validate.fxml
+++ b/src/main/resources/fxml/recoverykey_validate.fxml
@@ -37,6 +37,5 @@
 				</graphic>
 			</Label>
 		</VBox>
-
 	</children>
 </VBox>
diff --git a/src/main/resources/fxml/vault_detail_missing_vault_config.fxml b/src/main/resources/fxml/vault_detail_missing_vault_config.fxml
index 8291b5de6..26fa3e096 100644
--- a/src/main/resources/fxml/vault_detail_missing_vault_config.fxml
+++ b/src/main/resources/fxml/vault_detail_missing_vault_config.fxml
@@ -10,35 +10,33 @@
 	  fx:controller="org.cryptomator.ui.mainwindow.VaultDetailMissingVaultController"
 	  alignment="TOP_CENTER"
 	  spacing="9">
-	<children>
-		<VBox spacing="9" alignment="CENTER">
-			<StackPane alignment="CENTER">
-				<Circle styleClass="glyph-icon-primary" radius="48"/>
-				<FontAwesome5IconView styleClass="glyph-icon-white" glyph="FILE" glyphSize="48"/>
-				<FontAwesome5IconView styleClass="glyph-icon-primary" glyph="SEARCH" glyphSize="24">
-					<StackPane.margin>
-						<Insets top="12"/>
-					</StackPane.margin>
-				</FontAwesome5IconView>
-			</StackPane>
-			<Label text="%main.vaultDetail.missingVaultConfig.info" wrapText="true"/>
-		</VBox>
-		<VBox spacing="6" alignment="CENTER">
-			<Button text="%main.vaultDetail.missing.recheck" minWidth="120" onAction="#recheck">
-				<graphic>
-					<FontAwesome5IconView glyph="REDO"/>
-				</graphic>
-			</Button>
-			<Button text="%main.vaultDetail.missingVaultConfig.restore" minWidth="120" onAction="#restoreVaultConfig">
-				<graphic>
-					<FontAwesome5IconView glyph="MAGIC"/>
-				</graphic>
-			</Button>
-			<Button text="%main.vaultDetail.missing.remove" minWidth="120" onAction="#didClickRemoveVault">
-				<graphic>
-					<FontAwesome5IconView glyph="TRASH"/>
-				</graphic>
-			</Button>
-		</VBox>
-	</children>
+	<VBox spacing="9" alignment="CENTER">
+		<StackPane>
+			<Circle styleClass="glyph-icon-primary" radius="48"/>
+			<FontAwesome5IconView styleClass="glyph-icon-white" glyph="FILE" glyphSize="48"/>
+			<FontAwesome5IconView styleClass="glyph-icon-primary" glyph="SEARCH" glyphSize="24">
+				<StackPane.margin>
+					<Insets top="12"/>
+				</StackPane.margin>
+			</FontAwesome5IconView>
+		</StackPane>
+		<Label text="%main.vaultDetail.missingVaultConfig.info" wrapText="true"/>
+	</VBox>
+	<VBox spacing="6" alignment="CENTER">
+		<Button text="%main.vaultDetail.missing.recheck" minWidth="120" onAction="#recheck">
+			<graphic>
+				<FontAwesome5IconView glyph="REDO"/>
+			</graphic>
+		</Button>
+		<Button text="%main.vaultDetail.missingVaultConfig.restore" minWidth="120" onAction="#restoreVaultConfig">
+			<graphic>
+				<FontAwesome5IconView glyph="MAGIC"/>
+			</graphic>
+		</Button>
+		<Button text="%main.vaultDetail.missing.remove" minWidth="120" onAction="#didClickRemoveVault">
+			<graphic>
+				<FontAwesome5IconView glyph="TRASH"/>
+			</graphic>
+		</Button>
+	</VBox>
 </VBox>
\ No newline at end of file
diff --git a/src/main/resources/fxml/vault_list.fxml b/src/main/resources/fxml/vault_list.fxml
index ab41aa2ef..e21237a43 100644
--- a/src/main/resources/fxml/vault_list.fxml
+++ b/src/main/resources/fxml/vault_list.fxml
@@ -13,8 +13,6 @@
 <?import javafx.scene.layout.VBox?>
 <?import javafx.scene.shape.Arc?>
 <?import javafx.scene.shape.Circle?>
-<?import javafx.geometry.Insets?>
-<?import javafx.scene.shape.Rectangle?>
 <?import javafx.scene.layout.AnchorPane?>
 <StackPane xmlns:fx="http://javafx.com/fxml"
 		   xmlns="http://javafx.com/javafx"

From 53c6045cca8fe747e9d2eb486695c3cce2669cbb Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 27 Aug 2025 07:26:37 +0200
Subject: [PATCH 071/117] extend initializeLastKnownKeyLoaderIfPossible and
 deduplicate in create

---
 .../common/vaults/VaultListManager.java       | 36 ++++++++++---------
 1 file changed, 19 insertions(+), 17 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index 3301d461c..b6abdffba 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -130,19 +130,7 @@ public class VaultListManager {
 		var wrapper = new VaultConfigCache(vaultSettings);
 		try {
 			var vaultState = determineVaultState(vaultSettings.path.get());
-			if (vaultState == LOCKED) { //for legacy reasons: pre v8 vault do not have a config, but they are in the NEEDS_MIGRATION state
-				wrapper.reloadConfig();
-				if (Objects.isNull(vaultSettings.lastKnownKeyLoader.get())) {
-					var keyIdScheme = wrapper.get().getKeyId().getScheme();
-					vaultSettings.lastKnownKeyLoader.set(keyIdScheme);
-				}
-			} else if (vaultState == NEEDS_MIGRATION) {
-				vaultSettings.lastKnownKeyLoader.set(MasterkeyFileLoadingStrategy.SCHEME);
-			}
-
-			if (vaultState != VAULT_CONFIG_MISSING) {
-				initializeLastKnownKeyLoaderIfPossible(vaultSettings, wrapper);
-			}
+			initializeLastKnownKeyLoaderIfPossible(vaultSettings, vaultState, wrapper);
 
 			return vaultComponentFactory.create(vaultSettings, wrapper, vaultState, null).vault();
 		} catch (IOException e) {
@@ -151,10 +139,24 @@ public class VaultListManager {
 		}
 	}
 
-	private void initializeLastKnownKeyLoaderIfPossible(VaultSettings vaultSettings, VaultConfigCache wrapper) throws IOException {
-		if (vaultSettings.lastKnownKeyLoader.get() == null) {
-			var keyIdScheme = wrapper.get().getKeyId().getScheme();
-			vaultSettings.lastKnownKeyLoader.set(keyIdScheme);
+	private void initializeLastKnownKeyLoaderIfPossible(VaultSettings vaultSettings, VaultState.Value vaultState, VaultConfigCache wrapper) throws IOException {
+		if (vaultSettings.lastKnownKeyLoader.get() != null) {
+			return;
+		}
+
+		switch (vaultState) {
+			case LOCKED -> { //for legacy reasons: pre v8 vault do not have a config, but they are in the NEEDS_MIGRATION state
+				wrapper.reloadConfig();
+				vaultSettings.lastKnownKeyLoader.set(wrapper.get().getKeyId().getScheme());
+			}
+			case NEEDS_MIGRATION -> {
+				vaultSettings.lastKnownKeyLoader.set(MasterkeyFileLoadingStrategy.SCHEME);
+			}
+			default -> {
+				if (vaultState != VaultState.Value.VAULT_CONFIG_MISSING) {
+					vaultSettings.lastKnownKeyLoader.set(wrapper.get().getKeyId().getScheme());
+				}
+			}
 		}
 	}
 

From 14c56935940238b6d16f05e1c147894abd756396 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 27 Aug 2025 08:37:04 +0200
Subject: [PATCH 072/117] check dir structure first in determineVaultState

---
 .../common/vaults/VaultListManager.java       | 30 +++++++++++--------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index b6abdffba..a7f7427f8 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -186,32 +186,36 @@ public class VaultListManager {
 	}
 
 	public static VaultState.Value determineVaultState(Path pathToVault) throws IOException {
-		Path pathToVaultConfig = pathToVault.resolve(VAULTCONFIG_FILENAME);
-		Path pathToMasterkey = pathToVault.resolve(MASTERKEY_FILENAME);
-
 		if (!Files.exists(pathToVault)) {
 			return MISSING;
 		}
 
-		if(!Files.exists(pathToVaultConfig)) {
+		VaultState.Value structureResult = checkDirStructure(pathToVault);
+
+		if (structureResult == LOCKED || structureResult == NEEDS_MIGRATION) {
+			return structureResult;
+		}
+
+		Path pathToVaultConfig = pathToVault.resolve(VAULTCONFIG_FILENAME);
+		Path pathToMasterkey = pathToVault.resolve(MASTERKEY_FILENAME);
+
+		if (!Files.exists(pathToVaultConfig)) {
 			BackupRestorer.restoreIfBackupPresent(pathToVault, VAULTCONFIG_FILENAME);
 		}
-		if(!Files.exists(pathToMasterkey)){
+		if (!Files.exists(pathToMasterkey)) {
 			BackupRestorer.restoreIfBackupPresent(pathToVault, MASTERKEY_FILENAME);
 		}
 
-		if (!Files.exists(pathToVaultConfig) && !Files.exists(pathToMasterkey)) {
+		boolean hasConfig = Files.exists(pathToVaultConfig);
+
+		if (!hasConfig && !Files.exists(pathToMasterkey)) {
 			return ALL_MISSING;
 		}
-		var checkedDirStructureVaultState = checkDirStructure(pathToVault);
-		if (!Files.exists(pathToVaultConfig)) {
-			return switch (checkedDirStructureVaultState) {
-				case LOCKED, MISSING -> VAULT_CONFIG_MISSING;
-				default -> checkedDirStructureVaultState;
-			};
+		if (!hasConfig) {
+			return VAULT_CONFIG_MISSING;
 		}
 
-		return checkedDirStructureVaultState;
+		return structureResult;
 	}
 
 	private static VaultState.Value checkDirStructure(Path pathToVault) throws IOException {

From 5bffa28cdb6679622a4eab76032fc721c31e89e0 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 27 Aug 2025 08:52:51 +0200
Subject: [PATCH 073/117] remove unused method

---
 .../ui/mainwindow/VaultDetailMissingVaultController.java    | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
index 7e5998e39..6c5b55e7c 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
@@ -79,12 +79,6 @@ public class VaultDetailMissingVaultController implements FxController {
 		}
 	}
 
-	@FXML
-	public void unlock() {
-		vault.get().stateProperty().set(VaultState.Value.LOCKED);
-		appWindows.startUnlockWorkflow(vault.get(), mainWindow);
-	}
-
 	@FXML
 	void changeLocation() {
 		// copied from ChooseExistingVaultController class

From 4497fb160e44d2a6ebda44ef9810ef70f09fd032 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 27 Aug 2025 09:22:26 +0200
Subject: [PATCH 074/117] new class VaultPreparator in recovery package

---
 .../common/recovery/VaultPreparator.java      | 52 +++++++++++++++++++
 .../ui/mainwindow/VaultListController.java    | 32 +-----------
 2 files changed, 54 insertions(+), 30 deletions(-)
 create mode 100644 src/main/java/org/cryptomator/common/recovery/VaultPreparator.java

diff --git a/src/main/java/org/cryptomator/common/recovery/VaultPreparator.java b/src/main/java/org/cryptomator/common/recovery/VaultPreparator.java
new file mode 100644
index 000000000..9ad22f94e
--- /dev/null
+++ b/src/main/java/org/cryptomator/common/recovery/VaultPreparator.java
@@ -0,0 +1,52 @@
+package org.cryptomator.common.recovery;
+
+import org.apache.commons.lang3.SystemUtils;
+import org.cryptomator.common.settings.VaultSettings;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.common.vaults.VaultComponent;
+import org.cryptomator.common.vaults.VaultConfigCache;
+import org.cryptomator.common.vaults.VaultListManager;
+import org.cryptomator.integrations.mount.MountService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Path;
+import java.util.List;
+
+import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
+
+public final class VaultPreparator {
+
+	private static final Logger LOG = LoggerFactory.getLogger(VaultPreparator.class);
+
+	private VaultPreparator() {}
+
+	public static Vault prepareVault(File selectedDirectory, VaultComponent.Factory vaultComponentFactory, List<MountService> mountServices) {
+		Path selectedPath = selectedDirectory.toPath();
+		VaultSettings vaultSettings = VaultSettings.withRandomId();
+		vaultSettings.path.set(selectedPath);
+		if (selectedPath.getFileName() != null) {
+			vaultSettings.displayName.set(selectedPath.getFileName().toString());
+		} else {
+			vaultSettings.displayName.set("defaultVaultName");
+		}
+
+		var wrapper = new VaultConfigCache(vaultSettings);
+		Vault vault = vaultComponentFactory.create(vaultSettings, wrapper, LOCKED, null).vault();
+		try {
+			VaultListManager.determineVaultState(vault.getPath());
+		} catch (IOException e) {
+			LOG.warn("Failed to determine vault state for {}", vaultSettings.path.get(), e);
+		}
+
+		//due to https://github.com/cryptomator/cryptomator/issues/2880#issuecomment-1680313498
+		var nameOfWinfspLocalMounter = "org.cryptomator.frontend.fuse.mount.WinFspMountProvider";
+		if (SystemUtils.IS_OS_WINDOWS && vaultSettings.path.get().toString().contains("Dropbox") && mountServices.stream().anyMatch(s -> s.getClass().getName().equals(nameOfWinfspLocalMounter))) {
+			vaultSettings.mountService.setValue(nameOfWinfspLocalMounter);
+		}
+
+		return vault;
+	}
+}
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
index 91c41775f..faa25e7c5 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
@@ -2,11 +2,10 @@ package org.cryptomator.ui.mainwindow;
 
 import org.apache.commons.lang3.SystemUtils;
 import org.cryptomator.common.recovery.RecoveryActionType;
+import org.cryptomator.common.recovery.VaultPreparator;
 import org.cryptomator.common.settings.Settings;
-import org.cryptomator.common.settings.VaultSettings;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultComponent;
-import org.cryptomator.common.vaults.VaultConfigCache;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
 import org.cryptomator.cryptofs.DirStructure;
@@ -255,7 +254,7 @@ public class VaultListController implements FxController {
 			}
 		} while (selectedDirectory == null);
 
-		Vault preparedVault = prepareVault(selectedDirectory, vaultComponentFactory, mountServices);
+		Vault preparedVault = VaultPreparator.prepareVault(selectedDirectory, vaultComponentFactory, mountServices);
 
 		Optional<Vault> matchingVaultListEntry = vaultListManager.get(preparedVault.getPath());
 		if (matchingVaultListEntry.isPresent()) {
@@ -278,33 +277,6 @@ public class VaultListController implements FxController {
 
 	}
 
-	public static Vault prepareVault(File selectedDirectory, VaultComponent.Factory vaultComponentFactory, List<MountService> mountServices) {
-		Path selectedPath = selectedDirectory.toPath();
-		VaultSettings vaultSettings = VaultSettings.withRandomId();
-		vaultSettings.path.set(selectedPath);
-		if (selectedPath.getFileName() != null) {
-			vaultSettings.displayName.set(selectedPath.getFileName().toString());
-		} else {
-			vaultSettings.displayName.set("defaultVaultName");
-		}
-
-		var wrapper = new VaultConfigCache(vaultSettings);
-		Vault vault = vaultComponentFactory.create(vaultSettings, wrapper, LOCKED, null).vault();
-		try {
-			VaultListManager.determineVaultState(vault.getPath());
-		} catch (IOException e) {
-			LOG.warn("Failed to determine vault state for {}", vaultSettings.path.get(), e);
-		}
-
-		//due to https://github.com/cryptomator/cryptomator/issues/2880#issuecomment-1680313498
-		var nameOfWinfspLocalMounter = "org.cryptomator.frontend.fuse.mount.WinFspMountProvider";
-		if (SystemUtils.IS_OS_WINDOWS && vaultSettings.path.get().toString().contains("Dropbox") && mountServices.stream().anyMatch(s -> s.getClass().getName().equals(nameOfWinfspLocalMounter))) {
-			vaultSettings.mountService.setValue(nameOfWinfspLocalMounter);
-		}
-
-		return vault;
-	}
-
 	private void pressedShortcutToRemoveVault() {
 		final var vault = selectedVault.get();
 		if (vault != null && EnumSet.of(LOCKED, MISSING, ERROR, NEEDS_MIGRATION, ALL_MISSING, VAULT_CONFIG_MISSING).contains(vault.getState())) {

From d1ce0362b41eff57cec373f3ddab1fb5570b3806 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 27 Aug 2025 09:34:04 +0200
Subject: [PATCH 075/117] extract vault directory selection into new method
 chooseValidVaultDirectory using Optional

---
 .../ui/mainwindow/VaultListController.java    | 41 +++++++++++--------
 1 file changed, 25 insertions(+), 16 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
index faa25e7c5..32cf012e1 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
@@ -226,6 +226,26 @@ public class VaultListController implements FxController {
 		VaultListManager.redetermineVaultState(newValue);
 	}
 
+	private Optional<File> chooseValidVaultDirectory() {
+		DirectoryChooser directoryChooser = new DirectoryChooser();
+		File selectedDirectory;
+
+		do {
+			selectedDirectory = directoryChooser.showDialog(mainWindow);
+			if (selectedDirectory == null) {
+				return Optional.empty();
+			}
+
+			Path selectedPath = selectedDirectory.toPath();
+			if (!Files.isDirectory(selectedPath.resolve(Constants.DATA_DIR_NAME))) {
+				dialogs.prepareNoDDirectorySelectedDialog(mainWindow).build().showAndWait();
+				selectedDirectory = null;
+			}
+		} while (selectedDirectory == null);
+
+		return Optional.of(selectedDirectory);
+	}
+
 	@FXML
 	public void didClickAddNewVault() {
 		addVaultWizard.build().showAddNewVaultWizard(resourceBundle);
@@ -238,23 +258,12 @@ public class VaultListController implements FxController {
 
 	@FXML
 	public void didClickRecoverExistingVault() {
-		DirectoryChooser directoryChooser = new DirectoryChooser();
-		File selectedDirectory;
+		Optional<File> selectedDirectory = chooseValidVaultDirectory();
+		if (selectedDirectory.isEmpty()) {
+			return;
+		}
 
-		do {
-			selectedDirectory = directoryChooser.showDialog(mainWindow);
-			if (selectedDirectory == null) {
-				return;
-			}
-
-			Path selectedPath = selectedDirectory.toPath();
-			if (!Files.isDirectory(selectedPath.resolve(Constants.DATA_DIR_NAME))) {
-				dialogs.prepareNoDDirectorySelectedDialog(mainWindow).build().showAndWait();
-				selectedDirectory = null;
-			}
-		} while (selectedDirectory == null);
-
-		Vault preparedVault = VaultPreparator.prepareVault(selectedDirectory, vaultComponentFactory, mountServices);
+		Vault preparedVault = VaultPreparator.prepareVault(selectedDirectory.get(), vaultComponentFactory, mountServices);
 
 		Optional<Vault> matchingVaultListEntry = vaultListManager.get(preparedVault.getPath());
 		if (matchingVaultListEntry.isPresent()) {

From f4c0bc29edbfd377d091d00e935f235f0ff4815a Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 27 Aug 2025 09:43:28 +0200
Subject: [PATCH 076/117] handle NoSuchElementException during recovery key
 validation

---
 .../ui/recoverykey/RecoveryKeyValidateController.java         | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
index 23e99ee9e..a9d8f2901 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
@@ -28,6 +28,7 @@ import javafx.scene.control.TextFormatter;
 import javafx.scene.input.KeyCode;
 import javafx.scene.input.KeyEvent;
 import java.io.IOException;
+import java.util.NoSuchElementException;
 
 public class RecoveryKeyValidateController implements FxController {
 
@@ -151,6 +152,9 @@ public class RecoveryKeyValidateController implements FxController {
 				} catch (IOException e) {
 					LOG.warn("IO error while validating recovery key", e);
 					recoveryKeyState.set(RecoveryKeyState.INVALID);
+				} catch (NoSuchElementException e) {
+					LOG.warn("Missing expected element during recovery key validation.", e);
+					recoveryKeyState.set(RecoveryKeyState.INVALID);
 				}
 			}
 			case RESTORE_MASTERKEY, RESET_PASSWORD, SHOW_KEY, CONVERT_VAULT -> {

From 216513405a7916e90bc442673c2e20c3d5af4a89 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 27 Aug 2025 10:35:11 +0200
Subject: [PATCH 077/117] removed unused strings

---
 src/main/resources/i18n/strings.properties | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index c7629dc11..90a249ab6 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -97,7 +97,6 @@ addvault.new.readme.accessLocation.4=Feel free to remove this file.
 ## Existing
 addvaultwizard.existing.title=Add Existing Vault
 addvaultwizard.existing.instruction=Choose the "vault.cryptomator" file of your existing vault. If only a file named "masterkey.cryptomator" exists, select that instead.
-addvaultwizard.existing.instruction.restore=If your vault.cryptomator file went missing you can enable restore mode here.
 addvaultwizard.existing.restore=Restore…
 addvaultwizard.existing.chooseBtn=Choose…
 addvaultwizard.existing.filePickerTitle=Select Vault File
@@ -445,10 +444,6 @@ main.vaultDetail.missing.changeLocation=Change Vault Location…
 ### Missing Vault Config
 main.vaultDetail.missingVaultConfig.info=VaultConfig is missing.
 main.vaultDetail.missingVaultConfig.restore=Restore VaultConfig
-### Missing Masterkey
-main.vaultDetail.missingMasterkey.info=Masterkey is missing.
-main.vaultDetail.missingMasterkey.restore=Restore Masterkey
-
 ### Needs Migration
 main.vaultDetail.migrateButton=Upgrade Vault
 main.vaultDetail.migratePrompt=Your vault needs to be upgraded to a new format, before you can access it

From d65442f04282c301b37a93570a4e6c5343d9fac5 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 1 Sep 2025 08:21:28 +0200
Subject: [PATCH 078/117] add explicit VAULT_CONFIG_MISSING case and move
 legacy comment from LOCKED to NEEDS_MIGRATION

---
 .../cryptomator/common/vaults/VaultListManager.java    | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index a7f7427f8..7e17f52e8 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -145,17 +145,19 @@ public class VaultListManager {
 		}
 
 		switch (vaultState) {
-			case LOCKED -> { //for legacy reasons: pre v8 vault do not have a config, but they are in the NEEDS_MIGRATION state
+			case LOCKED -> {
 				wrapper.reloadConfig();
 				vaultSettings.lastKnownKeyLoader.set(wrapper.get().getKeyId().getScheme());
 			}
 			case NEEDS_MIGRATION -> {
+				//for legacy reasons: pre v8 vault do not have a config, but they are in the NEEDS_MIGRATION state
 				vaultSettings.lastKnownKeyLoader.set(MasterkeyFileLoadingStrategy.SCHEME);
 			}
+			case VAULT_CONFIG_MISSING ->  {
+				//Nothing to do here, since there is no config to read
+			}
 			default -> {
-				if (vaultState != VaultState.Value.VAULT_CONFIG_MISSING) {
-					vaultSettings.lastKnownKeyLoader.set(wrapper.get().getKeyId().getScheme());
-				}
+				vaultSettings.lastKnownKeyLoader.set(wrapper.get().getKeyId().getScheme());
 			}
 		}
 	}

From 8eedc62fbe18652c2a39dc54859593f97c1cbd32 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 1 Sep 2025 09:14:21 +0200
Subject: [PATCH 079/117] Check vault path before preparing new vault in
 recovery flow and refactor chooseValidVaultDirectory() to return Path instead
 of File

---
 .../cryptomator/common/recovery/VaultPreparator.java |  9 ++++-----
 .../ui/mainwindow/VaultListController.java           | 12 ++++++------
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/VaultPreparator.java b/src/main/java/org/cryptomator/common/recovery/VaultPreparator.java
index 9ad22f94e..62494717e 100644
--- a/src/main/java/org/cryptomator/common/recovery/VaultPreparator.java
+++ b/src/main/java/org/cryptomator/common/recovery/VaultPreparator.java
@@ -23,12 +23,11 @@ public final class VaultPreparator {
 
 	private VaultPreparator() {}
 
-	public static Vault prepareVault(File selectedDirectory, VaultComponent.Factory vaultComponentFactory, List<MountService> mountServices) {
-		Path selectedPath = selectedDirectory.toPath();
+	public static Vault prepareVault(Path selectedDirectory, VaultComponent.Factory vaultComponentFactory, List<MountService> mountServices) {
 		VaultSettings vaultSettings = VaultSettings.withRandomId();
-		vaultSettings.path.set(selectedPath);
-		if (selectedPath.getFileName() != null) {
-			vaultSettings.displayName.set(selectedPath.getFileName().toString());
+		vaultSettings.path.set(selectedDirectory);
+		if (selectedDirectory.getFileName() != null) {
+			vaultSettings.displayName.set(selectedDirectory.getFileName().toString());
 		} else {
 			vaultSettings.displayName.set("defaultVaultName");
 		}
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
index 32cf012e1..5a9b423a3 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
@@ -226,7 +226,7 @@ public class VaultListController implements FxController {
 		VaultListManager.redetermineVaultState(newValue);
 	}
 
-	private Optional<File> chooseValidVaultDirectory() {
+	private Optional<Path> chooseValidVaultDirectory() {
 		DirectoryChooser directoryChooser = new DirectoryChooser();
 		File selectedDirectory;
 
@@ -243,7 +243,7 @@ public class VaultListController implements FxController {
 			}
 		} while (selectedDirectory == null);
 
-		return Optional.of(selectedDirectory);
+		return Optional.of(selectedDirectory.toPath());
 	}
 
 	@FXML
@@ -258,14 +258,13 @@ public class VaultListController implements FxController {
 
 	@FXML
 	public void didClickRecoverExistingVault() {
-		Optional<File> selectedDirectory = chooseValidVaultDirectory();
+		Optional<Path> selectedDirectory = chooseValidVaultDirectory();
 		if (selectedDirectory.isEmpty()) {
 			return;
 		}
 
-		Vault preparedVault = VaultPreparator.prepareVault(selectedDirectory.get(), vaultComponentFactory, mountServices);
-
-		Optional<Vault> matchingVaultListEntry = vaultListManager.get(preparedVault.getPath());
+		Path path = selectedDirectory.get();
+		Optional<Vault> matchingVaultListEntry = vaultListManager.get(path);
 		if (matchingVaultListEntry.isPresent()) {
 			dialogs.prepareRecoveryVaultAlreadyExists(mainWindow, matchingVaultListEntry.get().getDisplayName()) //
 					.setOkAction(Stage::close) //
@@ -273,6 +272,7 @@ public class VaultListController implements FxController {
 			return;
 		}
 
+		Vault preparedVault = VaultPreparator.prepareVault(path, vaultComponentFactory, mountServices);
 		VaultListManager.redetermineVaultState(preparedVault);
 
 		switch (preparedVault.getState()) {

From daad48d5afff0ec78e673df64838e47699de25a1 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Mon, 1 Sep 2025 09:33:03 +0200
Subject: [PATCH 080/117] clarify NoSuchElementException log message

---
 .../ui/recoverykey/RecoveryKeyValidateController.java           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
index a9d8f2901..35f4c15ed 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyValidateController.java
@@ -153,7 +153,7 @@ public class RecoveryKeyValidateController implements FxController {
 					LOG.warn("IO error while validating recovery key", e);
 					recoveryKeyState.set(RecoveryKeyState.INVALID);
 				} catch (NoSuchElementException e) {
-					LOG.warn("Missing expected element during recovery key validation.", e);
+					LOG.warn("Could not determine scheme from masterkey during recovery key validation, because no valid *.c9r file is present in vault", e);
 					recoveryKeyState.set(RecoveryKeyState.INVALID);
 				}
 			}

From 1ba21b531ae29c86ae03c5645068d54f79065874 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Tue, 2 Sep 2025 07:27:02 +0200
Subject: [PATCH 081/117] declare NoSuchElementException in method head

---
 .../java/org/cryptomator/common/recovery/MasterkeyService.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
index 3402e82b1..7d487ec54 100644
--- a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
+++ b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
@@ -19,6 +19,7 @@ import java.nio.file.StandardOpenOption;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Arrays;
+import java.util.NoSuchElementException;
 import java.util.Optional;
 import java.util.UUID;
 import java.util.stream.Stream;
@@ -42,7 +43,7 @@ public final class MasterkeyService {
 
 	public static CryptorProvider.Scheme validateRecoveryKeyAndDetectCombo(RecoveryKeyFactory recoveryKeyFactory, //
 																		   Vault vault, String recoveryKey, //
-																		   MasterkeyFileAccess masterkeyFileAccess) throws IOException, CryptoException {
+																		   MasterkeyFileAccess masterkeyFileAccess) throws IOException, CryptoException, NoSuchElementException {
 		String tmpPass = UUID.randomUUID().toString();
 		try (RecoveryDirectory recoveryDirectory = RecoveryDirectory.create(vault.getPath())) {
 			Path tempRecoveryPath = recoveryDirectory.getRecoveryPath();

From 8fac541024268fa49d903da7b41d7551ccc0f4b9 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Tue, 2 Sep 2025 07:40:02 +0200
Subject: [PATCH 082/117] use defaults.vault.vaultName as fallback displayName

---
 .../org/cryptomator/common/recovery/VaultPreparator.java | 9 ++++++---
 .../cryptomator/ui/mainwindow/VaultListController.java   | 2 +-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/cryptomator/common/recovery/VaultPreparator.java b/src/main/java/org/cryptomator/common/recovery/VaultPreparator.java
index 62494717e..d99ba50a0 100644
--- a/src/main/java/org/cryptomator/common/recovery/VaultPreparator.java
+++ b/src/main/java/org/cryptomator/common/recovery/VaultPreparator.java
@@ -10,10 +10,10 @@ import org.cryptomator.integrations.mount.MountService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.io.File;
 import java.io.IOException;
 import java.nio.file.Path;
 import java.util.List;
+import java.util.ResourceBundle;
 
 import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
 
@@ -23,13 +23,16 @@ public final class VaultPreparator {
 
 	private VaultPreparator() {}
 
-	public static Vault prepareVault(Path selectedDirectory, VaultComponent.Factory vaultComponentFactory, List<MountService> mountServices) {
+	public static Vault prepareVault(Path selectedDirectory, //
+									 VaultComponent.Factory vaultComponentFactory, //
+									 List<MountService> mountServices, //
+									 ResourceBundle resourceBundle) {
 		VaultSettings vaultSettings = VaultSettings.withRandomId();
 		vaultSettings.path.set(selectedDirectory);
 		if (selectedDirectory.getFileName() != null) {
 			vaultSettings.displayName.set(selectedDirectory.getFileName().toString());
 		} else {
-			vaultSettings.displayName.set("defaultVaultName");
+			vaultSettings.displayName.set(resourceBundle.getString("defaults.vault.vaultName"));
 		}
 
 		var wrapper = new VaultConfigCache(vaultSettings);
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
index 5a9b423a3..3333db498 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
@@ -272,7 +272,7 @@ public class VaultListController implements FxController {
 			return;
 		}
 
-		Vault preparedVault = VaultPreparator.prepareVault(path, vaultComponentFactory, mountServices);
+		Vault preparedVault = VaultPreparator.prepareVault(path, vaultComponentFactory, mountServices, resourceBundle);
 		VaultListManager.redetermineVaultState(preparedVault);
 
 		switch (preparedVault.getState()) {

From 59f47116f00c775cef398ca55c758a677bc35211 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 3 Sep 2025 12:42:24 +0200
Subject: [PATCH 083/117] change wording

---
 src/main/resources/i18n/strings.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index 90a249ab6..eef9d6c14 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -541,7 +541,7 @@ recoveryKey.alreadyExists.description=Your vault "%s" is already present in your
 
 recoveryKey.noDDirDetected.title=Invalid Selection
 recoveryKey.noDDirDetected.message=Your selection is not a vault
-recoveryKey.noDDirDetected.description=The selected folder must contain a subfolder named "d".
+recoveryKey.noDDirDetected.description=The selected folder must be a valid Cryptomator vault.
 
 recoveryKey.recoverVaultConfig.title=Recover Vault Config
 recoveryKey.recoverMasterkey.title=Recover Masterkey

From 87675649772adbf1650f0347692d5f71be55b603 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 3 Sep 2025 13:39:08 +0200
Subject: [PATCH 084/117] revert cleanup that introduced a bug

---
 src/main/resources/fxml/recoverykey_recover.fxml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/resources/fxml/recoverykey_recover.fxml b/src/main/resources/fxml/recoverykey_recover.fxml
index 53850b1c4..43f44c639 100644
--- a/src/main/resources/fxml/recoverykey_recover.fxml
+++ b/src/main/resources/fxml/recoverykey_recover.fxml
@@ -33,7 +33,7 @@
 		</Group>
 
 		<VBox spacing="12" HBox.hgrow="ALWAYS" alignment="TOP_CENTER">
-			<fx:include source="recoverykey_validate.fxml"/>
+			<fx:include fx:id="recoveryKeyValidate" source="recoverykey_validate.fxml"/>
 
 			<Region VBox.vgrow="ALWAYS"/>
 

From f758388063f3436e88d038c07e999f55f14f09ac Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 3 Sep 2025 14:28:16 +0200
Subject: [PATCH 085/117] fix closeOrReturn button

---
 .../RecoveryKeyRecoverController.java         | 28 +++++++++++++++----
 .../resources/fxml/recoverykey_recover.fxml   |  2 +-
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
index bb8d53ff1..a92a7c471 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
@@ -2,6 +2,8 @@ package org.cryptomator.ui.recoverykey;
 
 import dagger.Lazy;
 import org.cryptomator.common.recovery.RecoveryActionType;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
@@ -19,6 +21,7 @@ import java.util.ResourceBundle;
 public class RecoveryKeyRecoverController implements FxController {
 
 	private final Stage window;
+	private final Vault vault;
 	private final Lazy<Scene> nextScene;
 	private final Lazy<Scene> onBoardingScene;
 	private final ResourceBundle resourceBundle;
@@ -32,12 +35,14 @@ public class RecoveryKeyRecoverController implements FxController {
 
 	@Inject
 	public RecoveryKeyRecoverController(@RecoveryKeyWindow Stage window, //
+										@RecoveryKeyWindow Vault vault, //
 										ResourceBundle resourceBundle, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD) Lazy<Scene> resetPasswordScene, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> expertSettingsScene, //
 										@FxmlScene(FxmlFile.RECOVERYKEY_ONBOARDING) Lazy<Scene> onBoardingScene, //
 										@Named("recoverType") ObjectProperty<RecoveryActionType> recoverType) {
 		this.window = window;
+		this.vault = vault;
 		this.resourceBundle = resourceBundle;
 		this.onBoardingScene = onBoardingScene;
 		this.recoverType = recoverType;
@@ -72,12 +77,23 @@ public class RecoveryKeyRecoverController implements FxController {
 	}
 
 	@FXML
-	public void close() {
-		if (recoverType.get() == RecoveryActionType.RESET_PASSWORD) {
-			window.close();
-		} else {
-			window.setScene(onBoardingScene.get());
-			window.centerOnScreen();
+	public void closeOrReturn() {
+		switch (recoverType.get()) {
+			case RESET_PASSWORD -> window.close();
+			case RESTORE_MASTERKEY -> {
+				window.setScene(onBoardingScene.get());
+				window.centerOnScreen();
+			}
+			default -> {
+				if(vault.getState().equals(VaultState.Value.ALL_MISSING)){
+					recoverType.set(RecoveryActionType.RESTORE_ALL);
+				}
+				else {
+					recoverType.set(RecoveryActionType.RESTORE_VAULT_CONFIG);
+				}
+				window.setScene(onBoardingScene.get());
+				window.centerOnScreen();
+			}
 		}
 	}
 
diff --git a/src/main/resources/fxml/recoverykey_recover.fxml b/src/main/resources/fxml/recoverykey_recover.fxml
index 43f44c639..5a9fddbdf 100644
--- a/src/main/resources/fxml/recoverykey_recover.fxml
+++ b/src/main/resources/fxml/recoverykey_recover.fxml
@@ -39,7 +39,7 @@
 
 			<ButtonBar buttonMinWidth="120" buttonOrder="+BX">
 				<buttons>
-					<Button fx:id="cancelButton" ButtonBar.buttonData="BACK_PREVIOUS" cancelButton="true" onAction="#close"/>
+					<Button fx:id="cancelButton" ButtonBar.buttonData="BACK_PREVIOUS" cancelButton="true" onAction="#closeOrReturn"/>
 					<Button text="%generic.button.next" ButtonBar.buttonData="NEXT_FORWARD" defaultButton="true" onAction="#recover" disable="${!controller.validateController.recoveryKeyCorrect}"/>
 				</buttons>
 			</ButtonBar>

From 17166c45ac83d7887a9e283d45197bbd05e28ffc Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 3 Sep 2025 14:42:20 +0200
Subject: [PATCH 086/117] show correct message

---
 .../recoverykey/RecoveryKeyOnboardingController.java  | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
index c7f560466..74b4afc79 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
@@ -2,6 +2,8 @@ package org.cryptomator.ui.recoverykey;
 
 import dagger.Lazy;
 import org.cryptomator.common.recovery.RecoveryActionType;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
@@ -32,6 +34,7 @@ import static org.cryptomator.common.recovery.RecoveryActionType.RESTORE_VAULT_C
 public class RecoveryKeyOnboardingController implements FxController {
 
 	private final Stage window;
+	private final Vault vault;
 	private final Lazy<Scene> recoverykeyRecoverScene;
 	private final Lazy<Scene> recoverykeyExpertSettingsScene;
 	private final ObjectProperty<RecoveryActionType> recoverType;
@@ -58,11 +61,13 @@ public class RecoveryKeyOnboardingController implements FxController {
 
 	@Inject
 	public RecoveryKeyOnboardingController(@RecoveryKeyWindow Stage window, //
+										   @RecoveryKeyWindow Vault vault, //
 										   @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverykeyRecoverScene, //
 										   @FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> recoverykeyExpertSettingsScene, //
 										   @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
 										   ResourceBundle resourceBundle) {
 		this.window = window;
+		this.vault = vault;
 		window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
 
 		this.recoverykeyRecoverScene = recoverykeyRecoverScene;
@@ -94,8 +99,10 @@ public class RecoveryKeyOnboardingController implements FxController {
 			default -> window.setTitle("");
 		}
 
-		messageLabel.textProperty().bind(Bindings.createStringBinding(
-				() -> resourceBundle.getString("recoveryKey.recover.onBoarding.readThis"), recoverType));
+		messageLabel.textProperty().bind(Bindings.createStringBinding(() ->
+				vault.getState() == VaultState.Value.ALL_MISSING
+				? resourceBundle.getString("recoveryKey.recover.onBoarding.message")
+				: resourceBundle.getString("recoveryKey.recover.onBoarding.readThis")));
 
 		titleLabel.textProperty().bind(Bindings.createStringBinding(() ->
 				recoverType.get() == RecoveryActionType.RESTORE_MASTERKEY

From 1d3c62e2c7289dbcdad2fa9099339e3c203eb56f Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 3 Sep 2025 14:58:25 +0200
Subject: [PATCH 087/117] revert cleanup that introduced a bug

---
 src/main/resources/fxml/recoverykey_reset_password.fxml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/resources/fxml/recoverykey_reset_password.fxml b/src/main/resources/fxml/recoverykey_reset_password.fxml
index d1b51435d..8c28a1c9f 100644
--- a/src/main/resources/fxml/recoverykey_reset_password.fxml
+++ b/src/main/resources/fxml/recoverykey_reset_password.fxml
@@ -32,7 +32,7 @@
 			</StackPane>
 		</Group>
 		<VBox spacing="12" HBox.hgrow="ALWAYS" alignment="TOP_CENTER">
-			<fx:include source="new_password.fxml"/>
+			<fx:include fx:id="newPassword" source="new_password.fxml"/>
 
 			<Region VBox.vgrow="ALWAYS"/>
 

From 2b79c5857728d309c3ced31f056557a4291fa10e Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 4 Sep 2025 08:44:18 +0200
Subject: [PATCH 088/117] renaming and reordering

---
 .../org/cryptomator/ui/dialogs/Dialogs.java   | 26 ++++----
 .../VaultDetailMissingVaultController.java    |  2 +-
 .../RecoveryKeyCreationController.java        |  4 +-
 .../RecoveryKeyOnboardingController.java      | 22 +++----
 .../RecoveryKeyRecoverController.java         |  4 +-
 .../RecoveryKeyResetPasswordController.java   |  4 +-
 .../fxml/recoverykey_expert_settings.fxml     |  2 +-
 .../fxml/recoverykey_onboarding.fxml          | 16 ++---
 src/main/resources/i18n/strings.properties    | 63 ++++++++++---------
 9 files changed, 75 insertions(+), 68 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
index 4469c2ca7..6f3a86026 100644
--- a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
+++ b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
@@ -49,28 +49,28 @@ public class Dialogs {
 				});
 	}
 
-	public SimpleDialog.Builder prepareContactHubAdmin(Stage window) {
+	public SimpleDialog.Builder prepareContactHubVaultOwner(Stage window) {
 		return createDialogBuilder().setOwner(window) //
-				.setTitleKey("contactHubAdmin.title") //
-				.setMessageKey("contactHubAdmin.message") //
-				.setDescriptionKey("contactHubAdmin.description") //
+				.setTitleKey("contactHubVaultOwner.title") //
+				.setMessageKey("contactHubVaultOwner.message") //
+				.setDescriptionKey("contactHubVaultOwner.description") //
 				.setIcon(FontAwesome5Icon.EXCLAMATION)//
 				.setOkButtonKey(BUTTON_KEY_CLOSE);
 	}
 
 	public SimpleDialog.Builder prepareRecoveryVaultAdded(Stage window, String displayName) {
 		return createDialogBuilder().setOwner(window) //
-				.setTitleKey("recoveryKey.recoverExisting.title") //
-				.setMessageKey("recoveryKey.recoverExisting.message") //
-				.setDescriptionKey("recoveryKey.recoverExisting.description", displayName) //
+				.setTitleKey("recover.existing.title") //
+				.setMessageKey("recover.existing.message") //
+				.setDescriptionKey("recover.existing.description", displayName) //
 				.setIcon(FontAwesome5Icon.CHECK)//
 				.setOkButtonKey(BUTTON_KEY_CLOSE);
 	}
 	public SimpleDialog.Builder prepareRecoveryVaultAlreadyExists(Stage window, String displayName) {
 		return createDialogBuilder().setOwner(window) //
-				.setTitleKey("recoveryKey.alreadyExists.title") //
-				.setMessageKey("recoveryKey.alreadyExists.message") //
-				.setDescriptionKey("recoveryKey.alreadyExists.description", displayName) //
+				.setTitleKey("recover.alreadyExists.title") //
+				.setMessageKey("recover.alreadyExists.message") //
+				.setDescriptionKey("recover.alreadyExists.description", displayName) //
 				.setIcon(FontAwesome5Icon.EXCLAMATION)//
 				.setOkButtonKey(BUTTON_KEY_CLOSE);
 	}
@@ -130,9 +130,9 @@ public class Dialogs {
 	public SimpleDialog.Builder prepareNoDDirectorySelectedDialog(Stage window) {
 		return createDialogBuilder() //
 				.setOwner(window) //
-				.setTitleKey("recoveryKey.noDDirDetected.title") //
-				.setMessageKey("recoveryKey.noDDirDetected.message") //
-				.setDescriptionKey("recoveryKey.noDDirDetected.description") //
+				.setTitleKey("recover.invalidSelection.title") //
+				.setMessageKey("recover.invalidSelection.message") //
+				.setDescriptionKey("recover.invalidSelection.description") //
 				.setIcon(FontAwesome5Icon.EXCLAMATION) //
 				.setOkButtonKey("generic.button.change") //
 				.setOkAction(Stage::close);
diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
index 6c5b55e7c..30dd88d68 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
@@ -69,7 +69,7 @@ public class VaultDetailMissingVaultController implements FxController {
 	@FXML
 	void restoreVaultConfig() {
 		if(KeyLoadingStrategy.isHubVault(vault.get().getVaultSettings().lastKnownKeyLoader.get())){
-			dialogs.prepareContactHubAdmin(window).build().showAndWait();
+			dialogs.prepareContactHubVaultOwner(window).build().showAndWait();
 		}
 		else if(Files.exists(vault.get().getPath().resolve(MASTERKEY_FILENAME))){
 			recoveryKeyWindow.create(vault.get(), window, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG)).showOnboardingDialogWindow();
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
index 228a6e2d4..900172189 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
@@ -100,7 +100,7 @@ public class RecoveryKeyCreationController implements FxController {
 		if (recoverType.get() == RecoveryActionType.SHOW_KEY) {
 			window.setTitle(resourceBundle.getString("recoveryKey.display.title"));
 		} else if (recoverType.get() == RecoveryActionType.RESTORE_VAULT_CONFIG) {
-			window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
+			window.setTitle(resourceBundle.getString("recover.recoverVaultConfig.title"));
 			descriptionLabel.formatProperty().set(resourceBundle.getString("recoveryKey.recover.description"));
 			cancelButton.setOnAction((_) -> back());
 			cancelButton.setText(resourceBundle.getString("generic.button.back"));
@@ -158,7 +158,7 @@ public class RecoveryKeyCreationController implements FxController {
 			}
 			window.close();
 			dialogs.prepareRecoverPasswordSuccess(window) //
-					.setTitleKey("recoveryKey.recoverVaultConfig.title") //
+					.setTitleKey("recover.recoverVaultConfig.title") //
 					.setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message") //
 					.setDescriptionKey("recoveryKey.recover.resetMasterkeyFileSuccess.description")
 					.build().showAndWait();
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
index 74b4afc79..f098a2d03 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
@@ -68,7 +68,7 @@ public class RecoveryKeyOnboardingController implements FxController {
 										   ResourceBundle resourceBundle) {
 		this.window = window;
 		this.vault = vault;
-		window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
+		window.setTitle(resourceBundle.getString("recover.recoverVaultConfig.title"));
 
 		this.recoverykeyRecoverScene = recoverykeyRecoverScene;
 		this.recoverykeyExpertSettingsScene = recoverykeyExpertSettingsScene;
@@ -93,21 +93,21 @@ public class RecoveryKeyOnboardingController implements FxController {
 
 		switch (recoverType.get()) {
 			case RESTORE_MASTERKEY ->
-					window.setTitle(resourceBundle.getString("recoveryKey.recoverMasterkey.title"));
+					window.setTitle(resourceBundle.getString("recover.recoverMasterkey.title"));
 			case RESTORE_ALL, RESTORE_VAULT_CONFIG ->
-					window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
+					window.setTitle(resourceBundle.getString("recover.recoverVaultConfig.title"));
 			default -> window.setTitle("");
 		}
 
 		messageLabel.textProperty().bind(Bindings.createStringBinding(() ->
 				vault.getState() == VaultState.Value.ALL_MISSING
-				? resourceBundle.getString("recoveryKey.recover.onBoarding.message")
-				: resourceBundle.getString("recoveryKey.recover.onBoarding.readThis")));
+				? resourceBundle.getString("recover.onBoarding.allMissing.intro")
+				: resourceBundle.getString("recover.onBoarding.intro")));
 
 		titleLabel.textProperty().bind(Bindings.createStringBinding(() ->
 				recoverType.get() == RecoveryActionType.RESTORE_MASTERKEY
-						? resourceBundle.getString("recoveryKey.recoverMasterkey.title")
-						: resourceBundle.getString("recoveryKey.recoverVaultConfig.title"), recoverType));
+						? resourceBundle.getString("recover.recoverMasterkey.title")
+						: resourceBundle.getString("recover.recoverVaultConfig.title"), recoverType));
 
 		BooleanBinding isMaster = Bindings.createBooleanBinding(
 				() -> recoverType.get() == RecoveryActionType.RESTORE_MASTERKEY, recoverType);
@@ -118,10 +118,10 @@ public class RecoveryKeyOnboardingController implements FxController {
 			Toggle sel = methodToggleGroup.getSelectedToggle();
 			return switch (type) {
 				case RESTORE_VAULT_CONFIG -> resourceBundle.getString(sel == passwordRadio
-						? "recoveryKey.recover.onBoarding.recoverVaultConfig.intro2.password"
-						: "recoveryKey.recover.onBoarding.recoverVaultConfig.intro2.recoveryKey");
-				case RESTORE_MASTERKEY -> resourceBundle.getString("recoveryKey.recover.onBoarding.recoverMasterkey.intro2");
-				case RESTORE_ALL       -> resourceBundle.getString("recoveryKey.recover.onBoarding.recoverVaultConfig.intro2.recoveryKey");
+						? "recover.onBoarding.intro.password"
+						: "recover.onBoarding.intro.recoveryKey");
+				case RESTORE_MASTERKEY -> resourceBundle.getString("recover.onBoarding.intro.masterkey.recoveryKey");
+				case RESTORE_ALL       -> resourceBundle.getString("recover.onBoarding.intro.recoveryKey");
 				default                -> "";
 			};
 		}, recoverType, methodToggleGroup.selectedToggleProperty()));
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
index a92a7c471..8eb505d47 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyRecoverController.java
@@ -48,11 +48,11 @@ public class RecoveryKeyRecoverController implements FxController {
 		this.recoverType = recoverType;
 		this.nextScene = switch (recoverType.get()) {
 			case RESTORE_ALL, RESTORE_VAULT_CONFIG -> {
-				window.setTitle(resourceBundle.getString("recoveryKey.recoverVaultConfig.title"));
+				window.setTitle(resourceBundle.getString("recover.recoverVaultConfig.title"));
 				yield expertSettingsScene;
 			}
 			case RESTORE_MASTERKEY -> {
-				window.setTitle(resourceBundle.getString("recoveryKey.recoverMasterkey.title"));
+				window.setTitle(resourceBundle.getString("recover.recoverMasterkey.title"));
 				yield resetPasswordScene;
 			}
 			case RESET_PASSWORD -> {
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index a876e1930..b5b448239 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -139,7 +139,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 			}
 			window.close();
 			dialogs.prepareRecoverPasswordSuccess(window) //
-					.setTitleKey("recoveryKey.recoverVaultConfig.title") //
+					.setTitleKey("recover.recoverVaultConfig.title") //
 					.setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message") //
 					.build().showAndWait();
 
@@ -162,7 +162,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 			window.close();
 			switch (recoverType.get()){
 				case RESET_PASSWORD -> dialogs.prepareRecoverPasswordSuccess(window).build().showAndWait();
-				case RESTORE_MASTERKEY -> dialogs.prepareRecoverPasswordSuccess(window).setTitleKey("recoveryKey.recoverMasterkey.title").setMessageKey("recoveryKey.recover.resetMasterkeyFileSuccess.message").build().showAndWait();
+				case RESTORE_MASTERKEY -> dialogs.prepareRecoverPasswordSuccess(window).setTitleKey("recover.recoverMasterkey.title").setMessageKey("recoveryKey.recover.resetMasterkeyFileSuccess.message").build().showAndWait();
 			}
 		});
 
diff --git a/src/main/resources/fxml/recoverykey_expert_settings.fxml b/src/main/resources/fxml/recoverykey_expert_settings.fxml
index 70cf0bcea..cceac8388 100644
--- a/src/main/resources/fxml/recoverykey_expert_settings.fxml
+++ b/src/main/resources/fxml/recoverykey_expert_settings.fxml
@@ -57,7 +57,7 @@
 					</tooltip>
 				</Hyperlink>
 			</HBox>
-			<Label text="%recoveryKey.recover.expertSettings.shorteningThreshold.title" wrapText="true"/>
+			<Label text="%recover.expertSettings.shorteningThreshold.title" wrapText="true"/>
 			<NumericTextField fx:id="shorteningThresholdTextField"/>
 			<HBox alignment="TOP_RIGHT">
 				<Region minWidth="4" prefWidth="4" HBox.hgrow="NEVER"/>
diff --git a/src/main/resources/fxml/recoverykey_onboarding.fxml b/src/main/resources/fxml/recoverykey_onboarding.fxml
index 61c54d5e4..da8248599 100644
--- a/src/main/resources/fxml/recoverykey_onboarding.fxml
+++ b/src/main/resources/fxml/recoverykey_onboarding.fxml
@@ -39,19 +39,19 @@
 		</StackPane>
 	</Group>
 	<VBox HBox.hgrow="ALWAYS" spacing="12">
-		<Label fx:id="titleLabel" text="%recoveryKey.recoverVaultConfig.title" styleClass="label-extra-large"/>
+		<Label fx:id="titleLabel" text="%recover.recoverVaultConfig.title" styleClass="label-extra-large"/>
 		<VBox spacing="6">
 			<VBox fx:id="chooseMethodeBox" spacing="6">
-				<Label text="%recoveryKey.recover.onBoarding.chooseMethod"/>
-				<RadioButton fx:id="recoveryKeyRadio" text="%recoveryKey.recover.onBoarding.useRecoveryKey" selected="true">
+				<Label text="%recover.onBoarding.chooseMethod"/>
+				<RadioButton fx:id="recoveryKeyRadio" text="%recover.onBoarding.useRecoveryKey" selected="true">
 					<toggleGroup>
 						<ToggleGroup fx:id="methodToggleGroup"/>
 					</toggleGroup>
 				</RadioButton>
-				<RadioButton fx:id="passwordRadio" text="%recoveryKey.recover.onBoarding.usePassword"/>
+				<RadioButton fx:id="passwordRadio" text="%recover.onBoarding.usePassword"/>
 			</VBox>
 
-			<Label fx:id="messageLabel" text="%recoveryKey.recover.onBoarding.message" wrapText="true"/>
+			<Label fx:id="messageLabel" wrapText="true"/>
 			<GridPane alignment="CENTER_LEFT">
 				<padding>
 					<Insets left="6"/>
@@ -66,11 +66,11 @@
 					<RowConstraints valignment="TOP"/>
 				</rowConstraints>
 				<Label text="1." GridPane.rowIndex="0" GridPane.columnIndex="0"/>
-				<Label text="%recoveryKey.recover.onBoarding.intro1" wrapText="true" GridPane.rowIndex="0" GridPane.columnIndex="1"/>
+				<Label text="%recover.onBoarding.intro.ensure" wrapText="true" GridPane.rowIndex="0" GridPane.columnIndex="1"/>
 				<Label text="2." GridPane.rowIndex="1" GridPane.columnIndex="0"/>
-				<Label fx:id="secondTextDesc" text="%recoveryKey.recover.onBoarding.recoverVaultConfig.intro2.recoveryKey" wrapText="true" GridPane.rowIndex="1" GridPane.columnIndex="1"/>
+				<Label fx:id="secondTextDesc" text="%recover.onBoarding.intro.recoveryKey" wrapText="true" GridPane.rowIndex="1" GridPane.columnIndex="1"/>
 			</GridPane>
-			<CheckBox fx:id="affirmationBox" text="%recoveryKey.recover.onBoarding.affirmation"/>
+			<CheckBox fx:id="affirmationBox" text="%recover.onBoarding.affirmation"/>
 		</VBox>
 
 		<Region VBox.vgrow="ALWAYS"/>
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index eef9d6c14..f4bd588f7 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -110,11 +110,6 @@ removeVault.title=Remove "%s"
 removeVault.message=Remove vault?
 removeVault.description=This will only make Cryptomator forget about this vault. You can add it again. No encrypted files will be deleted from your hard drive.
 
-# Contact Hub Admin
-contactHubAdmin.title=Hub Vault
-contactHubAdmin.message=This vault was created with Cryptomator Hub
-contactHubAdmin.description=Please reach out to the vault owner to restore the missing file. They can download the vault template from Cryptomator Hub.
-
 # Change Password
 changepassword.title=Change Password
 changepassword.enterOldPassword=Enter the current password for "%s"
@@ -530,36 +525,48 @@ recoveryKey.recover.resetVaultConfigSuccess.message=Vault config reset successfu
 recoveryKey.recover.resetMasterkeyFileSuccess.message=Masterkey file reset successful
 recoveryKey.recover.resetMasterkeyFileSuccess.description=You can unlock your vault with your password now.
 
-### Recover Kram
-recoveryKey.recoverExisting.title=Vault Added
-recoveryKey.recoverExisting.message=The vault was added successfully
-recoveryKey.recoverExisting.description=Your vault "%s" has been added to your vault list. No recovery process was started.
+# Recover Vault Config File and/or Masterkey
+##Add Existing Vault without recovery - Dialog
+recover.existing.title=Vault Added
+recover.existing.message=The vault was added successfully
+recover.existing.description=Your vault "%s" has been added to your vault list. No recovery process was started.
 
-recoveryKey.alreadyExists.title=Vault Already Exists
-recoveryKey.alreadyExists.message=This vault has already been added
-recoveryKey.alreadyExists.description=Your vault "%s" is already present in your vault list and was therefore not added again.
+##Vault Already Exists - Dialog
+recover.alreadyExists.title=Vault Already Exists
+recover.alreadyExists.message=This vault has already been added
+recover.alreadyExists.description=Your vault "%s" is already present in your vault list and was therefore not added again.
 
-recoveryKey.noDDirDetected.title=Invalid Selection
-recoveryKey.noDDirDetected.message=Your selection is not a vault
-recoveryKey.noDDirDetected.description=The selected folder must be a valid Cryptomator vault.
+##Invalid Selection - Dialog
+recover.invalidSelection.title=Invalid Selection
+recover.invalidSelection.message=Your selection is not a vault
+recover.invalidSelection.description=The selected folder must be a valid Cryptomator vault.
 
-recoveryKey.recoverVaultConfig.title=Recover Vault Config
-recoveryKey.recoverMasterkey.title=Recover Masterkey
+## Contact Hub Vault Owner - Dialog
+contactHubVaultOwner.title=Hub Vault
+contactHubVaultOwner.message=This vault was created with Cryptomator Hub
+contactHubVaultOwner.description=Please reach out to the vault owner to restore the missing file. They can download the vault template from Cryptomator Hub.
 
-recoveryKey.recover.expertSettings.shorteningThreshold.title=This value must match the one used before recovery to ensure compatibility with previously encrypted data.
+##Dialog Title
+recover.recoverVaultConfig.title=Recover Vault Config
+recover.recoverMasterkey.title=Recover Masterkey
 
-recoveryKey.recover.onBoarding.readThis=Make sure to check the following:
-recoveryKey.recover.onBoarding.message=If your vault is a Hub vault, the vault owner can restore the file for you. Otherwise:
-recoveryKey.recover.onBoarding.intro1=Ensure all files are completely synced.
-recoveryKey.recover.onBoarding.recoverVaultConfig.intro2.recoveryKey=You will need the recovery key, a new vault password and possibly some expert settings.
-recoveryKey.recover.onBoarding.recoverVaultConfig.intro2.password=You will need the vault password and possibly some expert settings.
-recoveryKey.recover.onBoarding.recoverMasterkey.intro2=You will need the vault recovery key.
+## OnBoarding
+recover.onBoarding.chooseMethod=Choose recovery method:
+recover.onBoarding.useRecoveryKey=Use Recovery Key
+recover.onBoarding.usePassword=Use Password
+recover.onBoarding.intro=Make sure to check the following:
+recover.onBoarding.allMissing.intro=If your vault is a Hub vault, the vault owner can restore the file for you. Otherwise:
+recover.onBoarding.intro.ensure=Ensure all files are completely synced.
+recover.onBoarding.affirmation=I have read and understood the above information
 
-recoveryKey.recover.onBoarding.chooseMethod=Choose recovery method:
-recoveryKey.recover.onBoarding.useRecoveryKey=Use Recovery Key
-recoveryKey.recover.onBoarding.usePassword=Use Password
-recoveryKey.recover.onBoarding.affirmation=I have read and understood the above information
+###Vault Config Missing
+recover.onBoarding.intro.recoveryKey=You will need the recovery key, a new vault password and possibly some expert settings.
+recover.onBoarding.intro.password=You will need the vault password and possibly some expert settings.
+###Masterkey Missing
+recover.onBoarding.intro.masterkey.recoveryKey=You will need the vault recovery key.
 
+## Expert Settings
+recover.expertSettings.shorteningThreshold.title=This value must match the one used before recovery to ensure compatibility with previously encrypted data.
 
 # Convert Vault
 convertVault.title=Convert Vault

From 2f4c12a89e17678a45cd78ba772618aaf04739ae Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 4 Sep 2025 08:45:04 +0200
Subject: [PATCH 089/117] remove no more used injections

---
 .../mainwindow/VaultDetailMissingVaultController.java | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
index 30dd88d68..85e71937b 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
@@ -3,10 +3,8 @@ package org.cryptomator.ui.mainwindow;
 import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultListManager;
-import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.dialogs.Dialogs;
-import org.cryptomator.ui.fxapp.FxApplicationWindows;
 import org.cryptomator.ui.keyloading.KeyLoadingStrategy;
 import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 
@@ -27,8 +25,6 @@ import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 @MainWindowScoped
 public class VaultDetailMissingVaultController implements FxController {
 
-	private final FxApplicationWindows appWindows;
-	private final Stage mainWindow;
 	private final ObjectProperty<Vault> vault;
 	private final ObservableList<Vault> vaults;
 	private final ResourceBundle resourceBundle;
@@ -37,17 +33,12 @@ public class VaultDetailMissingVaultController implements FxController {
 	private final Dialogs dialogs;
 
 	@Inject
-	public VaultDetailMissingVaultController(FxApplicationWindows appWindows, //
-											 @MainWindow Stage mainWindow, //
-											 ObjectProperty<Vault> vault, //
+	public VaultDetailMissingVaultController(ObjectProperty<Vault> vault, //
 											 ObservableList<Vault> vaults, //
 											 ResourceBundle resourceBundle, //
 											 @MainWindow Stage window, //
 											 Dialogs dialogs, //
 											 RecoveryKeyComponent.Factory recoveryKeyWindow) {
-
-		this.appWindows = appWindows;
-		this.mainWindow = mainWindow;
 		this.vault = vault;
 		this.vaults = vaults;
 		this.resourceBundle = resourceBundle;

From b9e91115b4d8cff37c1d3fb155c82ae23a698bad Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Fri, 26 Sep 2025 13:38:02 +0200
Subject: [PATCH 090/117] fix windows installer build

---
 .github/workflows/win-exe.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml
index 08e19321e..2bd5670cc 100644
--- a/.github/workflows/win-exe.yml
+++ b/.github/workflows/win-exe.yml
@@ -156,7 +156,7 @@ jobs:
           --java-options "-Dcryptomator.p12Path=\"@{appdata}/Cryptomator/key.p12;@{userhome}/AppData/Roaming/Cryptomator/key.p12\""
           --java-options "-Dcryptomator.ipcSocketPath=\"@{localappdata}/Cryptomator/ipc.socket\""
           --java-options "-Dcryptomator.mountPointsDir=\"@{userhome}/Cryptomator\""
-          --java-options "-Dcryptomator.loopbackAlias=\"${{ env.LOOPBACK_ALIAS }}\""
+          --java-options "-Dcryptomator.loopbackAlias=\"cryptomator-vault\""
           --java-options "-Dcryptomator.showTrayIcon=true"
           --java-options "-Dcryptomator.buildNumber=\"msi-${{ needs.get-version.outputs.revNum }}\""
           --java-options "-Dcryptomator.integrationsWin.autoStartShellLinkName=\"Cryptomator\""

From afda8a4981a9a6b861a315e5562ddf14b4af6538 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Fri, 26 Sep 2025 15:39:05 +0200
Subject: [PATCH 091/117] only create AUR PR if it is a stable release

---
 .github/workflows/appimage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/appimage.yml b/.github/workflows/appimage.yml
index 40ea6638f..d8f2f9aa4 100644
--- a/.github/workflows/appimage.yml
+++ b/.github/workflows/appimage.yml
@@ -199,7 +199,7 @@ jobs:
     name: Create PR for aur-bin repo
     needs: [build, get-version]
     runs-on: ubuntu-latest
-    if: github.event_name == 'release'
+    if: github.event_name == 'release' && needs.get-version.outputs.versionType == 'stable'
     steps:
       - name: Download AppImages
         uses: actions/download-artifact@v5

From 7f9c9a7df648beb4f57d3f9266226b2057509379 Mon Sep 17 00:00:00 2001
From: Tobias Hagemann <tobias.hagemann@skymatic.de>
Date: Wed, 8 Oct 2025 09:57:10 +0200
Subject: [PATCH 092/117] Reinstate original macOS icon shape in macOS 26 Tahoe
 (#3990)

Co-authored-by: Sebastian Stenzel <overheadhunter@users.noreply.github.com>
---
 .github/workflows/mac-dmg-x64.yml             |  14 +
 .github/workflows/mac-dmg.yml                 |  14 +
 dist/mac/.gitignore                           |   1 +
 .../CryptomatorDockTilePlugin.swift           |  19 ++
 .../DockTilePlugin.xcodeproj/project.pbxproj  | 314 ++++++++++++++++++
 .../contents.xcworkspacedata                  |   7 +
 .../xcschemes/DockTilePlugin.xcscheme         |  67 ++++
 dist/mac/dmg/build.sh                         |  13 +
 dist/mac/resources/Info.plist                 |   3 +
 9 files changed, 452 insertions(+)
 create mode 100644 dist/mac/DockTilePlugin/CryptomatorDockTilePlugin.swift
 create mode 100644 dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/project.pbxproj
 create mode 100644 dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/project.xcworkspace/contents.xcworkspacedata
 create mode 100644 dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/xcshareddata/xcschemes/DockTilePlugin.xcscheme

diff --git a/.github/workflows/mac-dmg-x64.yml b/.github/workflows/mac-dmg-x64.yml
index 1fd251ac4..6b282583c 100644
--- a/.github/workflows/mac-dmg-x64.yml
+++ b/.github/workflows/mac-dmg-x64.yml
@@ -151,6 +151,20 @@ jobs:
           VERSION_NO: ${{ needs.get-version.outputs.semVerNum }}
           REVISION_NO: ${{ needs.get-version.outputs.revNum }}
           PROVISIONING_PROFILE_BASE64: ${{ secrets.MACOS_PROVISIONING_PROFILE_BASE64 }}
+      - name: Build and install DockTilePlugin
+        env:
+          DERIVED_DATA_PATH: dist/mac/DockTilePlugin/build
+        run: |
+          xcodebuild -project dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj \
+                     -scheme DockTilePlugin \
+                     -configuration Release \
+                     -destination "platform=macOS,arch=x86_64" \
+                     -derivedDataPath ${DERIVED_DATA_PATH} \
+                     -quiet \
+                     clean build
+          mkdir -p Cryptomator.app/Contents/PlugIns
+          cp -R ${DERIVED_DATA_PATH}/Build/Products/Release/Cryptomator.docktileplugin Cryptomator.app/Contents/PlugIns/
+          rm -rf ${DERIVED_DATA_PATH}
       - name: Generate license for dmg
         run: >
           mvn -B -Djavafx.platform=mac license:add-third-party
diff --git a/.github/workflows/mac-dmg.yml b/.github/workflows/mac-dmg.yml
index 953780ae6..1ed1c4b3e 100644
--- a/.github/workflows/mac-dmg.yml
+++ b/.github/workflows/mac-dmg.yml
@@ -150,6 +150,20 @@ jobs:
           VERSION_NO: ${{ needs.get-version.outputs.semVerNum }}
           REVISION_NO: ${{ needs.get-version.outputs.revNum }}
           PROVISIONING_PROFILE_BASE64: ${{ secrets.MACOS_PROVISIONING_PROFILE_BASE64 }}
+      - name: Build and install DockTilePlugin
+        env:
+          DERIVED_DATA_PATH: dist/mac/DockTilePlugin/build
+        run: |
+          xcodebuild -project dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj \
+                     -scheme DockTilePlugin \
+                     -configuration Release \
+                     -destination "platform=macOS,arch=arm64" \
+                     -derivedDataPath ${DERIVED_DATA_PATH} \
+                     -quiet \
+                     clean build
+          mkdir -p Cryptomator.app/Contents/PlugIns
+          cp -R ${DERIVED_DATA_PATH}/Build/Products/Release/Cryptomator.docktileplugin Cryptomator.app/Contents/PlugIns/
+          rm -rf ${DERIVED_DATA_PATH}
       - name: Generate license for dmg
         run: >
           mvn -B -Djavafx.platform=mac license:add-third-party
diff --git a/dist/mac/.gitignore b/dist/mac/.gitignore
index bd6569978..81a0afdc2 100644
--- a/dist/mac/.gitignore
+++ b/dist/mac/.gitignore
@@ -1 +1,2 @@
 embedded.provisionprofile
+xcuserdata/
diff --git a/dist/mac/DockTilePlugin/CryptomatorDockTilePlugin.swift b/dist/mac/DockTilePlugin/CryptomatorDockTilePlugin.swift
new file mode 100644
index 000000000..1b54ea17d
--- /dev/null
+++ b/dist/mac/DockTilePlugin/CryptomatorDockTilePlugin.swift
@@ -0,0 +1,19 @@
+//
+//  CryptomatorDockTilePlugin.swift
+//  Integrations
+//
+//  Created by Tobias Hagemann on 22.09.25.
+//  Copyright © 2025 Cryptomator. All rights reserved.
+//
+
+import AppKit
+
+class CryptomatorDockTilePlugin: NSObject, NSDockTilePlugIn {
+	func setDockTile(_ dockTile: NSDockTile?) {
+		guard let dockTile = dockTile, let image = Bundle(for: Self.self).image(forResource: "Cryptomator") else {
+			return
+		}
+		dockTile.contentView = NSImageView(image: image)
+		dockTile.display()
+	}
+}
diff --git a/dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/project.pbxproj b/dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/project.pbxproj
new file mode 100644
index 000000000..fa7ec5b77
--- /dev/null
+++ b/dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/project.pbxproj
@@ -0,0 +1,314 @@
+// !$*UTF8*$!
+{
+	archiveVersion = 1;
+	classes = {
+	};
+	objectVersion = 77;
+	objects = {
+
+/* Begin PBXBuildFile section */
+		74E08DE12E8584DE007E665C /* CryptomatorDockTilePlugin.swift in Sources */ = {isa = PBXBuildFile; fileRef = 74E08DE02E85847E007E665C /* CryptomatorDockTilePlugin.swift */; };
+		74E08DED2E858532007E665C /* Cryptomator.icns in Resources */ = {isa = PBXBuildFile; fileRef = 74E08DEC2E858532007E665C /* Cryptomator.icns */; };
+/* End PBXBuildFile section */
+
+/* Begin PBXFileReference section */
+		74E08DD92E858467007E665C /* Cryptomator.docktileplugin */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = Cryptomator.docktileplugin; sourceTree = BUILT_PRODUCTS_DIR; };
+		74E08DE02E85847E007E665C /* CryptomatorDockTilePlugin.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CryptomatorDockTilePlugin.swift; sourceTree = "<group>"; };
+		74E08DEC2E858532007E665C /* Cryptomator.icns */ = {isa = PBXFileReference; lastKnownFileType = image.icns; name = Cryptomator.icns; path = ../resources/Cryptomator.icns; sourceTree = SOURCE_ROOT; };
+/* End PBXFileReference section */
+
+/* Begin PBXFrameworksBuildPhase section */
+		74E08DD62E858467007E665C /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXFrameworksBuildPhase section */
+
+/* Begin PBXGroup section */
+		74E08DD02E858467007E665C = {
+			isa = PBXGroup;
+			children = (
+				74E08DE02E85847E007E665C /* CryptomatorDockTilePlugin.swift */,
+				74E08DEC2E858532007E665C /* Cryptomator.icns */,
+				74E08DDA2E858467007E665C /* Products */,
+			);
+			sourceTree = "<group>";
+		};
+		74E08DDA2E858467007E665C /* Products */ = {
+			isa = PBXGroup;
+			children = (
+				74E08DD92E858467007E665C /* Cryptomator.docktileplugin */,
+			);
+			name = Products;
+			sourceTree = "<group>";
+		};
+/* End PBXGroup section */
+
+/* Begin PBXNativeTarget section */
+		74E08DD82E858467007E665C /* DockTilePlugin */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 74E08DDD2E858467007E665C /* Build configuration list for PBXNativeTarget "DockTilePlugin" */;
+			buildPhases = (
+				74E08DD52E858467007E665C /* Sources */,
+				74E08DD62E858467007E665C /* Frameworks */,
+				74E08DD72E858467007E665C /* Resources */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+			);
+			name = DockTilePlugin;
+			packageProductDependencies = (
+			);
+			productName = DockTilePlugin;
+			productReference = 74E08DD92E858467007E665C /* Cryptomator.docktileplugin */;
+			productType = "com.apple.product-type.bundle";
+		};
+/* End PBXNativeTarget section */
+
+/* Begin PBXProject section */
+		74E08DD12E858467007E665C /* Project object */ = {
+			isa = PBXProject;
+			attributes = {
+				BuildIndependentTargetsInParallel = 1;
+				LastUpgradeCheck = 2600;
+				ORGANIZATIONNAME = Cryptomator;
+				TargetAttributes = {
+					74E08DD82E858467007E665C = {
+						CreatedOnToolsVersion = 26.0.1;
+					};
+				};
+			};
+			buildConfigurationList = 74E08DD42E858467007E665C /* Build configuration list for PBXProject "DockTilePlugin" */;
+			developmentRegion = en;
+			hasScannedForEncodings = 0;
+			knownRegions = (
+				en,
+				Base,
+			);
+			mainGroup = 74E08DD02E858467007E665C;
+			minimizedProjectReferenceProxies = 1;
+			preferredProjectObjectVersion = 77;
+			productRefGroup = 74E08DDA2E858467007E665C /* Products */;
+			projectDirPath = "";
+			projectRoot = "";
+			targets = (
+				74E08DD82E858467007E665C /* DockTilePlugin */,
+			);
+		};
+/* End PBXProject section */
+
+/* Begin PBXResourcesBuildPhase section */
+		74E08DD72E858467007E665C /* Resources */ = {
+			isa = PBXResourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				74E08DED2E858532007E665C /* Cryptomator.icns in Resources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXResourcesBuildPhase section */
+
+/* Begin PBXSourcesBuildPhase section */
+		74E08DD52E858467007E665C /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				74E08DE12E8584DE007E665C /* CryptomatorDockTilePlugin.swift in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXSourcesBuildPhase section */
+
+/* Begin XCBuildConfiguration section */
+		74E08DDB2E858467007E665C /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_SEARCH_USER_PATHS = NO;
+				ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES;
+				CLANG_ANALYZER_NONNULL = YES;
+				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
+				CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
+				CLANG_ENABLE_MODULES = YES;
+				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_ENABLE_OBJC_WEAK = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
+				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
+				CLANG_WARN_CONSTANT_CONVERSION = YES;
+				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
+				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
+				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
+				CLANG_WARN_EMPTY_BODY = YES;
+				CLANG_WARN_ENUM_CONVERSION = YES;
+				CLANG_WARN_INFINITE_RECURSION = YES;
+				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
+				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
+				CLANG_WARN_SUSPICIOUS_MOVE = YES;
+				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
+				CLANG_WARN_UNREACHABLE_CODE = YES;
+				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
+				COPY_PHASE_STRIP = NO;
+				DEBUG_INFORMATION_FORMAT = dwarf;
+				DEVELOPMENT_TEAM = YZQJQUHA3L;
+				ENABLE_STRICT_OBJC_MSGSEND = YES;
+				ENABLE_TESTABILITY = YES;
+				ENABLE_USER_SCRIPT_SANDBOXING = YES;
+				GCC_C_LANGUAGE_STANDARD = gnu17;
+				GCC_DYNAMIC_NO_PIC = NO;
+				GCC_NO_COMMON_BLOCKS = YES;
+				GCC_OPTIMIZATION_LEVEL = 0;
+				GCC_PREPROCESSOR_DEFINITIONS = (
+					"DEBUG=1",
+					"$(inherited)",
+				);
+				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
+				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
+				GCC_WARN_UNDECLARED_SELECTOR = YES;
+				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
+				GCC_WARN_UNUSED_FUNCTION = YES;
+				GCC_WARN_UNUSED_VARIABLE = YES;
+				LOCALIZATION_PREFERS_STRING_CATALOGS = YES;
+				MACOSX_DEPLOYMENT_TARGET = 11.5;
+				MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
+				MTL_FAST_MATH = YES;
+				ONLY_ACTIVE_ARCH = YES;
+				SDKROOT = macosx;
+				SWIFT_VERSION = 5.0;
+			};
+			name = Debug;
+		};
+		74E08DDC2E858467007E665C /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_SEARCH_USER_PATHS = NO;
+				ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES;
+				CLANG_ANALYZER_NONNULL = YES;
+				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
+				CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
+				CLANG_ENABLE_MODULES = YES;
+				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_ENABLE_OBJC_WEAK = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
+				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
+				CLANG_WARN_CONSTANT_CONVERSION = YES;
+				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
+				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
+				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
+				CLANG_WARN_EMPTY_BODY = YES;
+				CLANG_WARN_ENUM_CONVERSION = YES;
+				CLANG_WARN_INFINITE_RECURSION = YES;
+				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
+				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
+				CLANG_WARN_SUSPICIOUS_MOVE = YES;
+				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
+				CLANG_WARN_UNREACHABLE_CODE = YES;
+				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
+				COPY_PHASE_STRIP = NO;
+				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
+				DEVELOPMENT_TEAM = YZQJQUHA3L;
+				ENABLE_NS_ASSERTIONS = NO;
+				ENABLE_STRICT_OBJC_MSGSEND = YES;
+				ENABLE_USER_SCRIPT_SANDBOXING = YES;
+				GCC_C_LANGUAGE_STANDARD = gnu17;
+				GCC_NO_COMMON_BLOCKS = YES;
+				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
+				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
+				GCC_WARN_UNDECLARED_SELECTOR = YES;
+				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
+				GCC_WARN_UNUSED_FUNCTION = YES;
+				GCC_WARN_UNUSED_VARIABLE = YES;
+				LOCALIZATION_PREFERS_STRING_CATALOGS = YES;
+				MACOSX_DEPLOYMENT_TARGET = 11.5;
+				MTL_ENABLE_DEBUG_INFO = NO;
+				MTL_FAST_MATH = YES;
+				SDKROOT = macosx;
+				SWIFT_VERSION = 5.0;
+			};
+			name = Release;
+		};
+		74E08DDE2E858467007E665C /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				CODE_SIGN_STYLE = Manual;
+				COMBINE_HIDPI_IMAGES = YES;
+				CURRENT_PROJECT_VERSION = 1;
+				DEVELOPMENT_TEAM = "";
+				GENERATE_INFOPLIST_FILE = YES;
+				INFOPLIST_KEY_NSHumanReadableCopyright = "Copyright © 2025 Cryptomator. All rights reserved.";
+				INFOPLIST_KEY_NSPrincipalClass = CryptomatorDockTilePlugin;
+				INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Bundles";
+				MARKETING_VERSION = 1.0;
+				PRODUCT_BUNDLE_IDENTIFIER = org.cryptomator.DockTilePlugin;
+				PRODUCT_NAME = Cryptomator;
+				PROVISIONING_PROFILE_SPECIFIER = "";
+				SKIP_INSTALL = YES;
+				STRING_CATALOG_GENERATE_SYMBOLS = YES;
+				SWIFT_EMIT_LOC_STRINGS = YES;
+				WRAPPER_EXTENSION = docktileplugin;
+			};
+			name = Debug;
+		};
+		74E08DDF2E858467007E665C /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				CODE_SIGN_STYLE = Manual;
+				COMBINE_HIDPI_IMAGES = YES;
+				CURRENT_PROJECT_VERSION = 1;
+				DEVELOPMENT_TEAM = "";
+				GENERATE_INFOPLIST_FILE = YES;
+				INFOPLIST_KEY_NSHumanReadableCopyright = "Copyright © 2025 Cryptomator. All rights reserved.";
+				INFOPLIST_KEY_NSPrincipalClass = CryptomatorDockTilePlugin;
+				INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Bundles";
+				MARKETING_VERSION = 1.0;
+				PRODUCT_BUNDLE_IDENTIFIER = org.cryptomator.DockTilePlugin;
+				PRODUCT_NAME = Cryptomator;
+				PROVISIONING_PROFILE_SPECIFIER = "";
+				SKIP_INSTALL = YES;
+				STRING_CATALOG_GENERATE_SYMBOLS = YES;
+				SWIFT_EMIT_LOC_STRINGS = YES;
+				WRAPPER_EXTENSION = docktileplugin;
+			};
+			name = Release;
+		};
+/* End XCBuildConfiguration section */
+
+/* Begin XCConfigurationList section */
+		74E08DD42E858467007E665C /* Build configuration list for PBXProject "DockTilePlugin" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				74E08DDB2E858467007E665C /* Debug */,
+				74E08DDC2E858467007E665C /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		74E08DDD2E858467007E665C /* Build configuration list for PBXNativeTarget "DockTilePlugin" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				74E08DDE2E858467007E665C /* Debug */,
+				74E08DDF2E858467007E665C /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+/* End XCConfigurationList section */
+	};
+	rootObject = 74E08DD12E858467007E665C /* Project object */;
+}
diff --git a/dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/project.xcworkspace/contents.xcworkspacedata
new file mode 100644
index 000000000..919434a62
--- /dev/null
+++ b/dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/project.xcworkspace/contents.xcworkspacedata
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Workspace
+   version = "1.0">
+   <FileRef
+      location = "self:">
+   </FileRef>
+</Workspace>
diff --git a/dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/xcshareddata/xcschemes/DockTilePlugin.xcscheme b/dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/xcshareddata/xcschemes/DockTilePlugin.xcscheme
new file mode 100644
index 000000000..7d86bdcc5
--- /dev/null
+++ b/dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/xcshareddata/xcschemes/DockTilePlugin.xcscheme
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+   LastUpgradeVersion = "2600"
+   version = "1.7">
+   <BuildAction
+      parallelizeBuildables = "YES"
+      buildImplicitDependencies = "YES"
+      buildArchitectures = "Automatic">
+      <BuildActionEntries>
+         <BuildActionEntry
+            buildForTesting = "YES"
+            buildForRunning = "YES"
+            buildForProfiling = "YES"
+            buildForArchiving = "YES"
+            buildForAnalyzing = "YES">
+            <BuildableReference
+               BuildableIdentifier = "primary"
+               BlueprintIdentifier = "74E08DD82E858467007E665C"
+               BuildableName = "Cryptomator.docktileplugin"
+               BlueprintName = "DockTilePlugin"
+               ReferencedContainer = "container:DockTilePlugin.xcodeproj">
+            </BuildableReference>
+         </BuildActionEntry>
+      </BuildActionEntries>
+   </BuildAction>
+   <TestAction
+      buildConfiguration = "Debug"
+      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      shouldUseLaunchSchemeArgsEnv = "YES"
+      shouldAutocreateTestPlan = "YES">
+   </TestAction>
+   <LaunchAction
+      buildConfiguration = "Debug"
+      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      launchStyle = "0"
+      useCustomWorkingDirectory = "NO"
+      ignoresPersistentStateOnLaunch = "NO"
+      debugDocumentVersioning = "YES"
+      debugServiceExtension = "internal"
+      allowLocationSimulation = "YES">
+   </LaunchAction>
+   <ProfileAction
+      buildConfiguration = "Release"
+      shouldUseLaunchSchemeArgsEnv = "YES"
+      savedToolIdentifier = ""
+      useCustomWorkingDirectory = "NO"
+      debugDocumentVersioning = "YES">
+      <MacroExpansion>
+         <BuildableReference
+            BuildableIdentifier = "primary"
+            BlueprintIdentifier = "74E08DD82E858467007E665C"
+            BuildableName = "Cryptomator.docktileplugin"
+            BlueprintName = "DockTilePlugin"
+            ReferencedContainer = "container:DockTilePlugin.xcodeproj">
+         </BuildableReference>
+      </MacroExpansion>
+   </ProfileAction>
+   <AnalyzeAction
+      buildConfiguration = "Debug">
+   </AnalyzeAction>
+   <ArchiveAction
+      buildConfiguration = "Release"
+      revealArchiveInOrganizer = "YES">
+   </ArchiveAction>
+</Scheme>
diff --git a/dist/mac/dmg/build.sh b/dist/mac/dmg/build.sh
index bf63505a5..93dadd7f5 100755
--- a/dist/mac/dmg/build.sh
+++ b/dist/mac/dmg/build.sh
@@ -133,6 +133,19 @@ sed -i '' "s|###BUNDLE_SHORT_VERSION_STRING###|${VERSION_NO}|g" ${APP_NAME}.app/
 sed -i '' "s|###BUNDLE_VERSION###|${REVISION_NO}|g" ${APP_NAME}.app/Contents/Info.plist
 cp ../embedded.provisionprofile ${APP_NAME}.app/Contents/
 
+# build and install dock tile plugin
+echo "Building and installing Cryptomator.docktileplugin..."
+DERIVED_DATA_PATH=../DockTilePlugin/build
+xcodebuild -project ../DockTilePlugin/DockTilePlugin.xcodeproj \
+           -scheme DockTilePlugin \
+           -configuration Release \
+           -derivedDataPath ${DERIVED_DATA_PATH} \
+           -quiet \
+           clean build
+mkdir -p ${APP_NAME}.app/Contents/PlugIns
+cp -R ${DERIVED_DATA_PATH}/Build/Products/Release/Cryptomator.docktileplugin ${APP_NAME}.app/Contents/PlugIns/
+rm -rf ${DERIVED_DATA_PATH}
+
 # generate license
 mvn -B -Djavafx.platform=mac -f../../../pom.xml license:add-third-party \
     -Dlicense.thirdPartyFilename=license.rtf \
diff --git a/dist/mac/resources/Info.plist b/dist/mac/resources/Info.plist
index 21641c708..d59c3fe73 100644
--- a/dist/mac/resources/Info.plist
+++ b/dist/mac/resources/Info.plist
@@ -116,5 +116,8 @@
   <!-- allow utilization of integrated GPU, see https://developer.apple.com/library/mac/qa/qa1734/_index.html -->
   <key>NSSupportsAutomaticGraphicsSwitching</key>
   <true/>
+  <!-- register dock tile plugin -->
+  <key>NSDockTilePlugIn</key>
+  <string>Cryptomator.docktileplugin</string>
 </dict>
 </plist>

From 6533ba7367d183c81bdecafdeb5df24e5cd92992 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Wed, 8 Oct 2025 10:36:29 +0200
Subject: [PATCH 093/117] use more env context in CI

---
 .github/workflows/aur.yml          | 6 ++++--
 .github/workflows/av-whitelist.yml | 8 +++++---
 .github/workflows/debian.yml       | 6 ++++--
 .github/workflows/flathub.yml      | 9 +++------
 .github/workflows/get-version.yml  | 6 ++++--
 5 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/aur.yml b/.github/workflows/aur.yml
index f4f68f63f..29ccb2ea7 100644
--- a/.github/workflows/aur.yml
+++ b/.github/workflows/aur.yml
@@ -19,6 +19,8 @@ jobs:
     runs-on: ubuntu-latest
     needs: [get-version]
     if:  github.event_name == 'workflow_dispatch' || needs.get-version.outputs.versionType == 'stable'
+    env:
+      INPUT_TAG: ${{ inputs.tag }}
     outputs:
       url: ${{ steps.url.outputs.url}}
       sha256: ${{ steps.sha256.outputs.sha256}}
@@ -27,8 +29,8 @@ jobs:
         id: url
         run: |
           URL="";
-          if [[ -n "${{ inputs.tag }}"  ]]; then
-            URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${{ inputs.tag }}.tar.gz"
+          if [[ -n "${INPUT_TAG}"  ]]; then
+            URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${INPUT_TAG}.tar.gz"
           else
             URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${{ github.event.release.tag_name }}.tar.gz"
           fi
diff --git a/.github/workflows/av-whitelist.yml b/.github/workflows/av-whitelist.yml
index edd5dad30..1feffd719 100644
--- a/.github/workflows/av-whitelist.yml
+++ b/.github/workflows/av-whitelist.yml
@@ -30,14 +30,16 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       fileName: ${{ steps.extractName.outputs.fileName}}
+    env:
+      INPUT_URL: ${{ inputs.url }}
     steps:
       - name: Extract file name
         id: extractName
         run: |
-          url="${{ inputs.url }}"
+          url="${INPUT_URL}"
           echo "fileName=${url##*/}" >> $GITHUB_OUTPUT
       - name: Download file
-        run: curl --remote-name ${{ inputs.url }} -L -o ${{steps.extractName.outputs.fileName}}
+        run: curl --remote-name ${INPUT_URL} -L -o ${{steps.extractName.outputs.fileName}}
       - name: Upload artifact
         uses: actions/upload-artifact@v4
         with:
@@ -75,7 +77,7 @@ jobs:
         with:
           name: ${{ needs.download-file.outputs.fileName }}
           path: upload
-      - name: Upload to Avast 
+      - name: Upload to Avast
         uses: wlixcc/SFTP-Deploy-Action@v1.2.6
         with:
           server: whitelisting.avast.com
diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml
index 6ea0d7442..47f589c89 100644
--- a/.github/workflows/debian.yml
+++ b/.github/workflows/debian.yml
@@ -41,13 +41,15 @@ jobs:
     name: Build Debian Package
     runs-on: ubuntu-22.04
     needs: [get-version]
+    env:
+      INPUT_PPAVER: ${inputs.ppaver}
     steps:
       - uses: actions/checkout@v5
       - id: deb-version
         name: Determine deb-version
         run: |
-          if [ -n "${{inputs.ppaver}}" ]; then
-            echo "debVersion=${{inputs.ppaver }}" >> "$GITHUB_OUTPUT"
+          if [ -n "${INPUT_PPAVER}" ]; then
+            echo "debVersion=${INPUT_PPAVER}" >> "$GITHUB_OUTPUT"
           else
             echo "debVersion=${{needs.get-version.outputs.semVerStr}}" >> "$GITHUB_OUTPUT"
           fi
diff --git a/.github/workflows/flathub.yml b/.github/workflows/flathub.yml
index 2dbfff0f5..52236cc9b 100644
--- a/.github/workflows/flathub.yml
+++ b/.github/workflows/flathub.yml
@@ -26,13 +26,10 @@ jobs:
       - name: Determine tarball url
         id: url
         run: |
-          URL="";
-          if [[ -n "${{ inputs.tag }}"  ]]; then
-            URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${{ inputs.tag }}.tar.gz"
-          else
-            URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${{ github.event.release.tag_name }}.tar.gz"
-          fi
+          URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${TAG}.tar.gz"
           echo "url=${URL}" >> "$GITHUB_OUTPUT"
+        env:
+          TAG: ${{ inputs.tag || github.event.release.tag_name}}
       - name: Download source tarball and compute checksum
         id: sha512
         run: |
diff --git a/.github/workflows/get-version.yml b/.github/workflows/get-version.yml
index d24b5692c..a9e8cb33b 100644
--- a/.github/workflows/get-version.yml
+++ b/.github/workflows/get-version.yml
@@ -49,8 +49,8 @@ jobs:
         run: |
           if [[ $GITHUB_REF =~ refs/tags/[0-9]+\.[0-9]+\.[0-9]+.* ]]; then
             SEM_VER_STR=${GITHUB_REF##*/}
-          elif [[ "${{ inputs.version }}" =~ [0-9]+\.[0-9]+\.[0-9]+.* ]]; then
-            SEM_VER_STR="${{ inputs.version }}"
+          elif [[ "${VERSION_STRING}" =~ [0-9]+\.[0-9]+\.[0-9]+.* ]]; then
+            SEM_VER_STR="${VERSION_STRING}"
           else
             SEM_VER_STR=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout`
           fi
@@ -70,6 +70,8 @@ jobs:
           echo "semVerNum=${SEM_VER_NUM}" >> $GITHUB_OUTPUT
           echo "revNum=${REVCOUNT}" >> $GITHUB_OUTPUT
           echo "type=${TYPE}" >> $GITHUB_OUTPUT
+        env:
+          VERSION_STRING: ${{ inputs.version }}
       - name: Validate Version
         uses: skymatic/semver-validation-action@v3
         with:

From 4b36a1219f1244e39f8327d3178cbc3811c29cb3 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Wed, 8 Oct 2025 14:11:57 +0200
Subject: [PATCH 094/117] [skip ci] bump dependency-check-workflow to version 3

---
 .github/workflows/dependency-check.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index b44604490..b59fa8573 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -7,12 +7,13 @@ on:
 
 jobs:
   check-dependencies:
-    uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@v1
+    uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@v3
     with:
       runner-os: 'ubuntu-latest'
       java-distribution: 'temurin'
       java-version: 24
-      check-command: 'mvn -B validate -Pdependency-check -Djavafx.platform=linux'
     secrets:
       nvd-api-key: ${{ secrets.NVD_API_KEY }}
+      ossindex-username: ${{ secrets.OSSINDEX_USERNAME }}
+      ossindex-token: ${{ secrets.OSSINDEX_API_TOKEN }}
       slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}

From 349349e057ef739a4da72b3dacfb00605fc072e2 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Fri, 10 Oct 2025 11:04:37 +0200
Subject: [PATCH 095/117] Add share option in context menu (#4008)

---
 .../ui/mainwindow/VaultListContextMenuController.java       | 6 ++++++
 src/main/resources/fxml/vault_list_contextmenu.fxml         | 1 +
 src/main/resources/i18n/strings.properties                  | 1 +
 3 files changed, 8 insertions(+)

diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java
index 97c03194f..5e1fb8c35 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java
@@ -102,6 +102,12 @@ public class VaultListContextMenuController implements FxController {
 		vaultService.reveal(vault);
 	}
 
+	@FXML
+	public void didClickShareVault() {
+		var vault = Objects.requireNonNull(selectedVault.get());
+		appWindows.showShareVaultWindow(vault);
+	}
+
 	// Getter and Setter
 
 	public ObservableValue<Boolean> selectedVaultUnlockableProperty() {
diff --git a/src/main/resources/fxml/vault_list_contextmenu.fxml b/src/main/resources/fxml/vault_list_contextmenu.fxml
index bd8f19204..492905290 100644
--- a/src/main/resources/fxml/vault_list_contextmenu.fxml
+++ b/src/main/resources/fxml/vault_list_contextmenu.fxml
@@ -10,6 +10,7 @@
 		<MenuItem fx:id="lockEntry" text="%main.vaultlist.contextMenu.lock" onAction="#didClickLockVault" visible="${controller.selectedVaultLockable}"/>
 		<MenuItem fx:id="unlockEntry" text="%main.vaultlist.contextMenu.unlock" onAction="#didClickUnlockVault" visible="${controller.selectedVaultUnlockable &amp;&amp; !controller.selectedVaultPassphraseStored}"/>
 		<MenuItem fx:id="unlockNowEntry" text="%main.vaultlist.contextMenu.unlockNow" onAction="#didClickUnlockVault" visible="${controller.selectedVaultUnlockable &amp;&amp; controller.selectedVaultPassphraseStored}"/>
+		<MenuItem fx:id="shareEntry" text="%main.vaultlist.contextMenu.share" onAction="#didClickShareVault" visible="${controller.selectedVaultUnlockable || controller.selectedVaultLockable}"/>
 		<MenuItem fx:id="optionsEntry" text="%main.vaultlist.contextMenu.vaultoptions" onAction="#didClickShowVaultOptions" disable="${!controller.selectedVaultUnlockable}"/>
 		<MenuItem fx:id="removeEntry" text="%main.vaultlist.contextMenu.remove" onAction="#didClickRemoveVault" disable="${!controller.selectedVaultRemovable}"/>
 	</items>
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index 5f7024849..6e8dc388a 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -394,6 +394,7 @@ main.vaultlist.contextMenu.unlock=Unlock…
 main.vaultlist.contextMenu.unlockNow=Unlock Now
 main.vaultlist.contextMenu.vaultoptions=Show Vault Options
 main.vaultlist.contextMenu.reveal=Reveal Drive
+main.vaultlist.contextMenu.share=Share…
 main.vaultlist.addVaultBtn.menuItemNew=Create New Vault...
 main.vaultlist.addVaultBtn.menuItemExisting=Open Existing Vault...
 main.vaultlist.showEventsButton.tooltip=Open event view

From e50c949b62f093620a73f26f2ca465675d4526cb Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Mon, 13 Oct 2025 11:50:54 +0200
Subject: [PATCH 096/117] Bump `com.nimbusds:nimbus-jose-jwt` from version
 9.37.3 to version 10.5

Addresses shaded vulnerability in CVE-2025-53864 (OSSINDEX)
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index d53108857..0042aa485 100644
--- a/pom.xml
+++ b/pom.xml
@@ -48,7 +48,7 @@
 		<jackson.version>2.20.0</jackson.version>
 		<javafx.version>24.0.1</javafx.version>
 		<jwt.version>4.5.0</jwt.version>
-		<nimbus-jose.version>9.37.3</nimbus-jose.version>
+		<nimbus-jose.version>10.5</nimbus-jose.version>
 		<logback.version>1.5.18</logback.version>
 		<slf4j.version>2.0.17</slf4j.version>
 		<tinyoauth2.version>0.8.1</tinyoauth2.version>

From fc6f7d184cdcf6064af79b52d2b4ff59b0625762 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Tue, 14 Oct 2025 07:42:24 +0200
Subject: [PATCH 097/117] skip unsafe states and check config file before
 reload

---
 .../cryptomator/common/vaults/VaultListManager.java  | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index 7e17f52e8..cdcded046 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -156,8 +156,18 @@ public class VaultListManager {
 			case VAULT_CONFIG_MISSING ->  {
 				//Nothing to do here, since there is no config to read
 			}
+			case MISSING, ALL_MISSING, ERROR, PROCESSING -> {
+				// no config available or not safe to load
+			}
 			default -> {
-				vaultSettings.lastKnownKeyLoader.set(wrapper.get().getKeyId().getScheme());
+				if (Files.exists(vaultSettings.path.get().resolve(VAULTCONFIG_FILENAME))) {
+					try {
+						wrapper.reloadConfig();
+						vaultSettings.lastKnownKeyLoader.set(wrapper.get().getKeyId().getScheme());
+					} catch (IOException e) {
+						LOG.debug("Unable to load config for {}", vaultSettings.path.get(), e);
+					}
+				}
 			}
 		}
 	}

From daa4f3a5688c3ffdf5265d496ed2e2d0d63ef604 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Tue, 14 Oct 2025 08:02:17 +0200
Subject: [PATCH 098/117] recheck directory structure after restoring backup

---
 .../java/org/cryptomator/common/vaults/VaultListManager.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index cdcded046..e73075d0d 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -227,7 +227,7 @@ public class VaultListManager {
 			return VAULT_CONFIG_MISSING;
 		}
 
-		return structureResult;
+		return checkDirStructure(pathToVault);
 	}
 
 	private static VaultState.Value checkDirStructure(Path pathToVault) throws IOException {

From 0fa041da85293c640edff415db65d727f7747d87 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Tue, 14 Oct 2025 08:15:37 +0200
Subject: [PATCH 099/117] remove the unconditional constructor title

---
 .../ui/recoverykey/RecoveryKeyOnboardingController.java         | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
index f098a2d03..697810f3b 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
@@ -68,8 +68,6 @@ public class RecoveryKeyOnboardingController implements FxController {
 										   ResourceBundle resourceBundle) {
 		this.window = window;
 		this.vault = vault;
-		window.setTitle(resourceBundle.getString("recover.recoverVaultConfig.title"));
-
 		this.recoverykeyRecoverScene = recoverykeyRecoverScene;
 		this.recoverykeyExpertSettingsScene = recoverykeyExpertSettingsScene;
 		this.recoverType = recoverType;

From 94518ede99013fc9402c41b2b0354d2892f9b088 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Tue, 14 Oct 2025 10:04:14 +0200
Subject: [PATCH 100/117] set the messageLabel directly

---
 .../ui/recoverykey/RecoveryKeyOnboardingController.java  | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
index 697810f3b..235e530b8 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
@@ -97,10 +97,11 @@ public class RecoveryKeyOnboardingController implements FxController {
 			default -> window.setTitle("");
 		}
 
-		messageLabel.textProperty().bind(Bindings.createStringBinding(() ->
-				vault.getState() == VaultState.Value.ALL_MISSING
-				? resourceBundle.getString("recover.onBoarding.allMissing.intro")
-				: resourceBundle.getString("recover.onBoarding.intro")));
+		if (vault.getState() == VaultState.Value.ALL_MISSING) {
+			messageLabel.setText(resourceBundle.getString("recover.onBoarding.allMissing.intro"));
+		} else {
+			messageLabel.setText(resourceBundle.getString("recover.onBoarding.intro"));
+		}
 
 		titleLabel.textProperty().bind(Bindings.createStringBinding(() ->
 				recoverType.get() == RecoveryActionType.RESTORE_MASTERKEY

From f3461f7da48bab247430659623e2b9b593ccc3b1 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Tue, 14 Oct 2025 13:06:52 +0200
Subject: [PATCH 101/117] fix failing CI

---
 .github/workflows/debian.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml
index 47f589c89..3dee0f23c 100644
--- a/.github/workflows/debian.yml
+++ b/.github/workflows/debian.yml
@@ -42,7 +42,7 @@ jobs:
     runs-on: ubuntu-22.04
     needs: [get-version]
     env:
-      INPUT_PPAVER: ${inputs.ppaver}
+      INPUT_PPAVER: ${{ inputs.ppaver }}
     steps:
       - uses: actions/checkout@v5
       - id: deb-version

From e3f6b5f812b271df94c8f4b279f7cf9d5bc1e3bf Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Tue, 14 Oct 2025 13:15:49 +0200
Subject: [PATCH 102/117] Feature: JFX 25 (#4013)

Closes #3902. References https://github.com/cryptomator/cryptomator/issues/3453 and references https://github.com/cryptomator/cryptomator/pull/3825
---
 .github/workflows/appimage.yml      | 11 ++++----
 .github/workflows/build.yml         |  2 +-
 .github/workflows/debian.yml        | 10 ++++----
 .github/workflows/mac-dmg-x64.yml   |  9 +++----
 .github/workflows/mac-dmg.yml       |  9 +++----
 .github/workflows/pullrequest.yml   |  2 +-
 .github/workflows/release-check.yml |  2 +-
 .github/workflows/win-exe.yml       | 40 ++++-------------------------
 .idea/misc.xml                      |  2 +-
 dist/linux/appimage/build.sh        |  8 +++---
 dist/linux/debian/control           |  4 +--
 dist/linux/debian/rules             |  1 -
 dist/mac/dmg/build.sh               | 10 ++++----
 dist/win/build.ps1                  | 12 ++++-----
 pom.xml                             |  2 +-
 15 files changed, 45 insertions(+), 79 deletions(-)

diff --git a/.github/workflows/appimage.yml b/.github/workflows/appimage.yml
index d8f2f9aa4..877ef7e5d 100644
--- a/.github/workflows/appimage.yml
+++ b/.github/workflows/appimage.yml
@@ -37,12 +37,12 @@ jobs:
         include:
           - os: ubuntu-latest
             appimage-suffix: x86_64
-            openjfx-url: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_linux-x64_bin-jmods.zip'
-            openjfx-sha: '425fac742b9fbd095b2ce868cff82d1024620f747c94a7144d0a4879e756146c'
+            openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_linux-x64_bin-jmods.zip'
+            openjfx-sha: '96e520f48610d8ffb94ca30face1f11ffe8a977ddc1c4ff80b1a9e9f048bd94e'
           - os: ubuntu-24.04-arm
             appimage-suffix: aarch64
-            openjfx-url: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_linux-aarch64_bin-jmods.zip'
-            openjfx-sha: '7e02edd0f4ee5527a27c94b0bbba66fcaaff41009119e45d0eca0f96ddfb6e7b'
+            openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_linux-aarch64_bin-jmods.zip'
+            openjfx-sha: '951c52481af0ec5885b06f1ebaa8a10da7e8ea23c5e1ef3e2f6f11fa1b3a7ce1'
     steps:
       - uses: actions/checkout@v5
       - name: Setup Java
@@ -75,7 +75,7 @@ jobs:
       - name: Set version
         run : mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }}
       - name: Run maven
-        run: mvn -B clean package -Plinux -DskipTests -Djavafx.platform=linux
+        run: mvn -B clean package -Plinux -DskipTests
       - name: Patch target dir
         run: |
           cp LICENSE.txt target
@@ -117,7 +117,6 @@ jobs:
           --app-version "${{  needs.get-version.outputs.semVerNum }}.${{  needs.get-version.outputs.revNum }}"
           --java-options "--enable-preview"
           --java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator"
-          --java-options "--sun-misc-unsafe-memory-access=allow"
           --java-options "-Xss5m"
           --java-options "-Xmx256m"
           --java-options "-Dcryptomator.appVersion=\"${{  needs.get-version.outputs.semVerStr }}\""
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0b5a1f6c9..8ba4becf6 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -37,7 +37,7 @@ jobs:
       - name: Build and Test
         run: >
           xvfb-run
-          mvn -B verify -Djavafx.platform=linux
+          mvn -B verify
           jacoco:report
           org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
           -Pcoverage
diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml
index 3dee0f23c..94d995c49 100644
--- a/.github/workflows/debian.yml
+++ b/.github/workflows/debian.yml
@@ -26,10 +26,10 @@ env:
   JAVA_VERSION: '24.0.1+9'
   COFFEELIBS_JDK: 24
   COFFEELIBS_JDK_VERSION: '24.0.1+9-0ppa3'
-  OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_linux-x64_bin-jmods.zip'
-  OPENJFX_JMODS_AMD64_HASH: '425fac742b9fbd095b2ce868cff82d1024620f747c94a7144d0a4879e756146c'
-  OPENJFX_JMODS_AARCH64: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_linux-aarch64_bin-jmods.zip'
-  OPENJFX_JMODS_AARCH64_HASH: '7e02edd0f4ee5527a27c94b0bbba66fcaaff41009119e45d0eca0f96ddfb6e7b'
+  OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_linux-x64_bin-jmods.zip'
+  OPENJFX_JMODS_AMD64_HASH: '96e520f48610d8ffb94ca30face1f11ffe8a977ddc1c4ff80b1a9e9f048bd94e'
+  OPENJFX_JMODS_AARCH64: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_linux-aarch64_bin-jmods.zip'
+  OPENJFX_JMODS_AARCH64_HASH: '951c52481af0ec5885b06f1ebaa8a10da7e8ea23c5e1ef3e2f6f11fa1b3a7ce1'
 
 jobs:
   get-version:
@@ -66,7 +66,7 @@ jobs:
           check-latest: true
           cache: 'maven'
       - name: Run maven
-        run: mvn -B clean package -Plinux -Djavafx.platform=linux -DskipTests
+        run: mvn -B clean package -Plinux -DskipTests
       - name: Download OpenJFX jmods
         id: download-jmods
         run: |
diff --git a/.github/workflows/mac-dmg-x64.yml b/.github/workflows/mac-dmg-x64.yml
index 6b282583c..1dec73c37 100644
--- a/.github/workflows/mac-dmg-x64.yml
+++ b/.github/workflows/mac-dmg-x64.yml
@@ -44,8 +44,8 @@ jobs:
           architecture: x64
           output-suffix: x64
           fuse-lib: macFUSE
-          openjfx-url: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_osx-x64_bin-jmods.zip'
-          openjfx-sha: '6e62a426d43c168a488521f904a523f3dd6ee2cf103e08136f2fd465c828a105'
+          openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_osx-x64_bin-jmods.zip'
+          openjfx-sha: '0eba73fb28a24c845175d16fa2f8c081c936ce6de1be9b79eb6119fa32e53d52'
     steps:
       - uses: actions/checkout@v5
       - name: Setup Java
@@ -79,7 +79,7 @@ jobs:
       - name: Set version
         run : mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }}
       - name: Run maven
-        run: mvn -B -Djavafx.platform=mac clean package -Pmac -DskipTests
+        run: mvn -B clean package -Pmac -DskipTests
       - name: Patch target dir
         run: |
           cp LICENSE.txt target
@@ -121,7 +121,6 @@ jobs:
           --app-version "${{ needs.get-version.outputs.semVerNum }}"
           --java-options "--enable-preview"
           --java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.mac"
-          --java-options "--sun-misc-unsafe-memory-access=allow"
           --java-options "-Xss5m"
           --java-options "-Xmx256m"
           --java-options "-Dfile.encoding=\"utf-8\""
@@ -167,7 +166,7 @@ jobs:
           rm -rf ${DERIVED_DATA_PATH}
       - name: Generate license for dmg
         run: >
-          mvn -B -Djavafx.platform=mac license:add-third-party
+          mvn -B license:add-third-party
           -Dlicense.thirdPartyFilename=license.rtf
           -Dlicense.outputDirectory=dist/mac/dmg/resources
           -Dlicense.fileTemplate=dist/mac/dmg/resources/licenseTemplate.ftl
diff --git a/.github/workflows/mac-dmg.yml b/.github/workflows/mac-dmg.yml
index 1ed1c4b3e..ef42897c5 100644
--- a/.github/workflows/mac-dmg.yml
+++ b/.github/workflows/mac-dmg.yml
@@ -42,8 +42,8 @@ jobs:
           architecture: aarch64
           output-suffix: arm64
           fuse-lib: FUSE-T
-          openjfx-url: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_osx-aarch64_bin-jmods.zip'
-          openjfx-sha: 'b5a94a13077507003fa852512bfa33f4fb680bc8076d8002e4227a84c85171d4'
+          openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_osx-aarch64_bin-jmods.zip'
+          openjfx-sha: '13f8c0513c40c95881479fbcf0465a29a60217393fb0656f5e4eab78a9442fba'
     steps:
       - uses: actions/checkout@v5
       - name: Setup Java
@@ -77,7 +77,7 @@ jobs:
       - name: Set version
         run : mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }}
       - name: Run maven
-        run: mvn -B -Djavafx.platform=mac clean package -Pmac -DskipTests
+        run: mvn -B clean package -Pmac -DskipTests
       - name: Patch target dir
         run: |
           cp LICENSE.txt target
@@ -119,7 +119,6 @@ jobs:
           --app-version "${{ needs.get-version.outputs.semVerNum }}"
           --java-options "--enable-preview"
           --java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.mac"
-          --java-options "--sun-misc-unsafe-memory-access=allow"
           --java-options "-Xss5m"
           --java-options "-Xmx256m"
           --java-options "-Dfile.encoding=\"utf-8\""
@@ -166,7 +165,7 @@ jobs:
           rm -rf ${DERIVED_DATA_PATH}
       - name: Generate license for dmg
         run: >
-          mvn -B -Djavafx.platform=mac license:add-third-party
+          mvn -B license:add-third-party
           -Dlicense.thirdPartyFilename=license.rtf
           -Dlicense.outputDirectory=dist/mac/dmg/resources
           -Dlicense.fileTemplate=dist/mac/dmg/resources/licenseTemplate.ftl
diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml
index 98da25f91..f18a5db65 100644
--- a/.github/workflows/pullrequest.yml
+++ b/.github/workflows/pullrequest.yml
@@ -23,4 +23,4 @@ jobs:
           java-version: ${{ env.JAVA_VERSION }}
           cache: 'maven'
       - name: Build and Test
-        run: xvfb-run mvn -B clean install jacoco:report -Pcoverage -Djavafx.platform=linux
\ No newline at end of file
+        run: xvfb-run mvn -B clean install jacoco:report -Pcoverage
\ No newline at end of file
diff --git a/.github/workflows/release-check.yml b/.github/workflows/release-check.yml
index 3c3643a64..2d8ba91d6 100644
--- a/.github/workflows/release-check.yml
+++ b/.github/workflows/release-check.yml
@@ -60,6 +60,6 @@ jobs:
       - name: Run org.owasp:dependency-check plugin
         id: dependency-check
         continue-on-error: true
-        run: mvn -B verify -Pdependency-check -DskipTests -Djavafx.platform=linux
+        run: mvn -B verify -Pdependency-check -DskipTests
         env:
           NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
\ No newline at end of file
diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml
index 2bd5670cc..197674874 100644
--- a/.github/workflows/win-exe.yml
+++ b/.github/workflows/win-exe.yml
@@ -26,8 +26,8 @@ on:
 
 
 env:
-  OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_windows-x64_bin-jmods.zip'
-  OPENJFX_JMODS_AMD64_HASH: 'f13d17c7caf88654fc835f1b4e75a9b0f34a888eb8abef381796c0002e63b03f'
+  OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_windows-x64_bin-jmods.zip'
+  OPENJFX_JMODS_AMD64_HASH: 'c8eb9fd039b00e0020cf6c3db8ed7876bf3ee4d27860aa697a247b83b8296ae7'
   WINFSP_MSI: 'https://github.com/winfsp/winfsp/releases/download/v2.1/winfsp-2.1.25156.msi'
   WINFSP_MSI_HASH: '073a70e00f77423e34bed98b86e600def93393ba5822204fac57a29324db9f7a'
   WINFSP_UNINSTALLER: 'https://github.com/cryptomator/winfsp-uninstaller/releases/latest/download/winfsp-uninstaller.exe'
@@ -54,11 +54,6 @@ jobs:
             java-dist: 'zulu'
             java-version: '24.0.1+9'
             java-package: 'jdk'
-          - arch: arm64
-            os: windows-11-arm
-            java-dist: 'liberica'
-            java-version: '24.0.1+11'
-            java-package: 'jdk+fx' #This is needed, as liberica contains JFX 24 Jmods for Windows ARM64
     steps:
       - uses: actions/checkout@v5
       - name: Setup Java
@@ -102,7 +97,7 @@ jobs:
       - name: Set version
         run: mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }}
       - name: Run maven
-        run: mvn -B clean package -Pwin -DskipTests -Djavafx.platform=win
+        run: mvn -B clean package -Pwin -DskipTests
       - name: Patch target dir
         run: |
           cp LICENSE.txt target
@@ -144,7 +139,6 @@ jobs:
           --app-version "${{ needs.get-version.outputs.semVerNum }}.${{ needs.get-version.outputs.revNum }}"
           --java-options "--enable-preview"
           --java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.win,org.cryptomator.integrations.win"
-          --java-options "--sun-misc-unsafe-memory-access=allow"
           --java-options "-Xss5m"
           --java-options "-Xmx256m"
           --java-options "-Dcryptomator.appVersion=\"${{ needs.get-version.outputs.semVerStr }}\""
@@ -225,7 +219,7 @@ jobs:
           }
       - name: Generate license for MSI
         run: >
-          mvn -B license:add-third-party "-Djavafx.platform=win"
+          mvn -B license:add-third-party
           "-Dlicense.thirdPartyFilename=license.rtf"
           "-Dlicense.outputDirectory=dist/win/resources"
           "-Dlicense.fileTemplate=dist/win/resources/licenseTemplate.ftl"
@@ -298,12 +292,6 @@ jobs:
             java-dist: 'zulu'
             java-version: '24.0.1+9'
             java-package: 'jdk'
-          - arch: arm64
-            os: windows-11-arm
-            executable-suffix: arm64
-            java-dist: 'liberica'
-            java-version: '24.0.1+11'
-            java-package: 'jdk+fx' #This is needed, as liberica contains JFX 24 Jmods for Windows ARM64
     steps:
       - uses: actions/checkout@v5
       - name: Install wix and extensions
@@ -328,7 +316,7 @@ jobs:
           cache: 'maven'
       - name: Generate license for exe
         run: >
-          mvn -B license:add-third-party "-Djavafx.platform=win"
+          mvn -B license:add-third-party
           "-Dlicense.thirdPartyFilename=license.rtf"
           "-Dlicense.fileTemplate=dist/win/bundle/resources/licenseTemplate.ftl"
           "-Dlicense.outputDirectory=dist/win/bundle/resources"
@@ -417,9 +405,7 @@ jobs:
     needs: [ build-msi, build-exe ]
     outputs:
       download-url-msi-x64: ${{ fromJSON(steps.publish.outputs.assets)[0].browser_download_url }}
-      download-url-msi-arm64: ${{ fromJSON(steps.publish.outputs.assets)[1].browser_download_url }}
       download-url-exe-x64: ${{ fromJSON(steps.publish.outputs.assets)[2].browser_download_url }}
-      download-url-exe-arm64: ${{ fromJSON(steps.publish.outputs.assets)[3].browser_download_url }}
     steps:
       - name: Download installers
         uses: actions/download-artifact@v5
@@ -434,9 +420,7 @@ jobs:
           # do not change ordering of filelist, required for correct job output
           files: |
             *x64.msi
-            *arm64.msi
             *x64.exe
-            *arm64.exe
             *.asc
 
   allowlist-msi-x64:
@@ -446,13 +430,6 @@ jobs:
       url: ${{ needs.publish.outputs.download-url-msi-x64 }}
     secrets: inherit
 
-  allowlist-msi-arm64:
-    uses: ./.github/workflows/av-whitelist.yml
-    needs: [ publish ]
-    with:
-      url: ${{ needs.publish.outputs.download-url-msi-arm64 }}
-    secrets: inherit
-
   allowlist-exe-x64:
     uses: ./.github/workflows/av-whitelist.yml
     needs: [ publish, allowlist-msi-x64 ]
@@ -460,13 +437,6 @@ jobs:
       url: ${{ needs.publish.outputs.download-url-exe-x64 }}
     secrets: inherit
 
-  allowlist-exe-arm64:
-    uses: ./.github/workflows/av-whitelist.yml
-    needs: [ publish, allowlist-msi-arm64 ]
-    with:
-      url: ${{ needs.publish.outputs.download-url-exe-arm64 }}
-    secrets: inherit
-
   notify-winget:
     name: Notify for winget-release
     if: needs.get-version.outputs.versionType == 'stable'
diff --git a/.idea/misc.xml b/.idea/misc.xml
index cbe05c79b..cc61ae273 100644
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -8,7 +8,7 @@
       </list>
     </option>
   </component>
-  <component name="ProjectRootManager" version="2" languageLevel="JDK_24" project-jdk-name="24" project-jdk-type="JavaSDK">
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_24" project-jdk-name="25" project-jdk-type="JavaSDK">
     <output url="file://$PROJECT_DIR$/out" />
   </component>
 </project>
\ No newline at end of file
diff --git a/dist/linux/appimage/build.sh b/dist/linux/appimage/build.sh
index f5edd2df5..9b4b536b0 100755
--- a/dist/linux/appimage/build.sh
+++ b/dist/linux/appimage/build.sh
@@ -19,16 +19,16 @@ if [[ ! "${CPU_ARCH}" =~ x86_64|aarch64 ]]; then echo "Platform ${CPU_ARCH} not
 mvn -f ../../../pom.xml versions:set -DnewVersion=${SEMVER_STR}
 
 # compile
-mvn -B -f ../../../pom.xml clean package -Plinux -DskipTests -Djavafx.platform=linux
+mvn -B -f ../../../pom.xml clean package -Plinux -DskipTests
 cp ../../../LICENSE.txt ../../../target
 cp ../../../target/cryptomator-*.jar ../../../target/mods
 
-JAVAFX_VERSION=24.0.1
+JAVAFX_VERSION=25
 JAVAFX_ARCH="x64"
-JAVAFX_JMODS_SHA256='425fac742b9fbd095b2ce868cff82d1024620f747c94a7144d0a4879e756146c'
+JAVAFX_JMODS_SHA256='96e520f48610d8ffb94ca30face1f11ffe8a977ddc1c4ff80b1a9e9f048bd94e'
 if [ "${CPU_ARCH}" = "aarch64" ]; then
     JAVAFX_ARCH="aarch64"
-    JAVAFX_JMODS_SHA256='7e02edd0f4ee5527a27c94b0bbba66fcaaff41009119e45d0eca0f96ddfb6e7b'
+    JAVAFX_JMODS_SHA256='951c52481af0ec5885b06f1ebaa8a10da7e8ea23c5e1ef3e2f6f11fa1b3a7ce1'
 fi
 
 # download javaFX jmods
diff --git a/dist/linux/debian/control b/dist/linux/debian/control
index b0c2c6725..95c8c6871 100644
--- a/dist/linux/debian/control
+++ b/dist/linux/debian/control
@@ -2,7 +2,7 @@ Source: cryptomator
 Maintainer: Cryptobot <releases@cryptomator.org>
 Section: utils
 Priority: optional
-Build-Depends: debhelper (>=10), coffeelibs-jdk-24 (>= 24.0.1+9-0ppa3), libgtk-3-0,  libxxf86vm1, libgl1
+Build-Depends: debhelper (>=10), coffeelibs-jdk-24 (>= 24.0.1+9-0ppa3), libgtk-3-0 (>= 3.20.0), libxxf86vm1, libgl1
 Standards-Version: 4.5.0
 Homepage: https://cryptomator.org
 Vcs-Git: https://github.com/cryptomator/cryptomator.git
@@ -12,7 +12,7 @@ Package: cryptomator
 Architecture: any
 Section: utils
 Priority: optional
-Depends: ${shlibs:Depends}, ${misc:Depends}, fuse3
+Depends: ${shlibs:Depends}, ${misc:Depends}, fuse3, libgtk-3-0 (>= 3.20.0)
 Recommends: gvfs-backends, gvfs-fuse, gnome-keyring
 XB-AppName: Cryptomator
 XB-Category: Utility;Security;FileTools;
diff --git a/dist/linux/debian/rules b/dist/linux/debian/rules
index f69f4a789..73bb62e3c 100755
--- a/dist/linux/debian/rules
+++ b/dist/linux/debian/rules
@@ -45,7 +45,6 @@ override_dh_auto_build:
 		--vendor "Skymatic GmbH" \
 		--java-options "--enable-preview" \
 		--java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator" \
-		--java-options "--sun-misc-unsafe-memory-access=allow" \
 		--copyright "(C) 2016 - 2025 Skymatic GmbH" \
 		--java-options "-Xss5m" \
 		--java-options "-Xmx256m" \
diff --git a/dist/mac/dmg/build.sh b/dist/mac/dmg/build.sh
index 93dadd7f5..1e052ad16 100755
--- a/dist/mac/dmg/build.sh
+++ b/dist/mac/dmg/build.sh
@@ -32,15 +32,15 @@ REVISION_NO=`git rev-list --count HEAD`
 VERSION_NO=`mvn -f../../../pom.xml help:evaluate -Dexpression=project.version -q -DforceStdout | sed -rn 's/.*([0-9]+\.[0-9]+\.[0-9]+).*/\1/p'`
 FUSE_LIB="FUSE-T"
 
-JAVAFX_VERSION=24.0.1
+JAVAFX_VERSION=25
 JAVAFX_ARCH="undefined"
 JAVAFX_JMODS_SHA256="undefined"
 if [ "$(machine)" = "arm64e" ]; then
     JAVAFX_ARCH="aarch64"
-    JAVAFX_JMODS_SHA256="b5a94a13077507003fa852512bfa33f4fb680bc8076d8002e4227a84c85171d4"
+    JAVAFX_JMODS_SHA256="13f8c0513c40c95881479fbcf0465a29a60217393fb0656f5e4eab78a9442fba"
 else
     JAVAFX_ARCH="x64"
-    JAVAFX_JMODS_SHA256="6e62a426d43c168a488521f904a523f3dd6ee2cf103e08136f2fd465c828a105"
+    JAVAFX_JMODS_SHA256="0eba73fb28a24c845175d16fa2f8c081c936ce6de1be9b79eb6119fa32e53d52"
 fi
 JAVAFX_JMODS_URL="https://download2.gluonhq.com/openjfx/${JAVAFX_VERSION}/openjfx-${JAVAFX_VERSION}_osx-${JAVAFX_ARCH}_bin-jmods.zip"
 
@@ -71,7 +71,7 @@ if [ "${POM_JFX_VERSION}" -ne "${JMOD_VERSION}" ]; then
 fi
 
 # compile
-mvn -B -Djavafx.platform=mac -f../../../pom.xml clean package -DskipTests -Pmac
+mvn -B -f../../../pom.xml clean package -DskipTests -Pmac
 cp ../../../LICENSE.txt ../../../target
 cp ../../../target/${MAIN_JAR_GLOB} ../../../target/mods
 
@@ -147,7 +147,7 @@ cp -R ${DERIVED_DATA_PATH}/Build/Products/Release/Cryptomator.docktileplugin ${A
 rm -rf ${DERIVED_DATA_PATH}
 
 # generate license
-mvn -B -Djavafx.platform=mac -f../../../pom.xml license:add-third-party \
+mvn -B -f../../../pom.xml license:add-third-party \
     -Dlicense.thirdPartyFilename=license.rtf \
     -Dlicense.outputDirectory=dist/mac/dmg/resources \
     -Dlicense.fileTemplate=resources/licenseTemplate.ftl \
diff --git a/dist/win/build.ps1 b/dist/win/build.ps1
index 841c1b2b6..30ef1e26d 100644
--- a/dist/win/build.ps1
+++ b/dist/win/build.ps1
@@ -65,7 +65,7 @@ Write-Host "`$Env:JAVA_HOME=$Env:JAVA_HOME"
 $copyright = "(C) $CopyrightStartYear - $((Get-Date).Year) $Vendor"
 
 # compile
-&mvn -B -f $buildDir/../../pom.xml clean package -DskipTests -Pwin "-Djavafx.platform=win"
+&mvn -B -f $buildDir/../../pom.xml clean package -DskipTests -Pwin
 Copy-Item "$buildDir\..\..\target\$MainJarGlob.jar" -Destination "$buildDir\..\..\target\mods"
 
 # add runtime
@@ -86,16 +86,16 @@ switch ($archName) {
     'ARM64' {
 		$javafxBaseJmod = Join-Path $Env:JAVA_HOME "jmods\javafx.base.jmod"
 		if (!(Test-Path $javafxBaseJmod)) {
-			Write-Error "JavaFX module not found in JDK. Please ensure full JDK (including jmods) is installed."
+			Write-Error "JavaFX module not found in JDK. Please ensure a JDK with JavaFX (including jmods) is installed."
 			exit 1
 		}
 
         $jmodPaths = "$Env:JAVA_HOME/jmods"
     }
     'x64' {
-		$javaFxVersion='24.0.1'
+		$javaFxVersion='25'
 		$javaFxJmodsUrl = "https://download2.gluonhq.com/openjfx/${javaFxVersion}/openjfx-${javaFxVersion}_windows-x64_bin-jmods.zip"
-		$javaFxJmodsSHA256 = 'f13d17c7caf88654fc835f1b4e75a9b0f34a888eb8abef381796c0002e63b03f'
+		$javaFxJmodsSHA256 = 'c8eb9fd039b00e0020cf6c3db8ed7876bf3ee4d27860aa697a247b83b8296ae7'
 		$javaFxJmods = '.\resources\jfxJmods.zip'
 
 		if( !(Test-Path -Path $javaFxJmods) ) {
@@ -194,7 +194,7 @@ if ($LASTEXITCODE -ne 0) {
 }
 
 #Create RTF license for msi
-&mvn -B -f $buildDir/../../pom.xml license:add-third-party "-Djavafx.platform=win" `
+&mvn -B -f $buildDir/../../pom.xml license:add-third-party `
  "-Dlicense.thirdPartyFilename=license.rtf" `
  "-Dlicense.fileTemplate=$buildDir\resources\licenseTemplate.ftl" `
  "-Dlicense.outputDirectory=$buildDir\resources\" `
@@ -237,7 +237,7 @@ if ($LASTEXITCODE -ne 0) {
 }
 
 #Create RTF license for bundle
-&mvn -B -f $buildDir/../../pom.xml license:add-third-party "-Djavafx.platform=win" `
+&mvn -B -f $buildDir/../../pom.xml license:add-third-party `
  "-Dlicense.thirdPartyFilename=license.rtf" `
  "-Dlicense.fileTemplate=$buildDir\bundle\resources\licenseTemplate.ftl" `
  "-Dlicense.outputDirectory=$buildDir\bundle\resources\" `
diff --git a/pom.xml b/pom.xml
index 0042aa485..ef271528a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -46,7 +46,7 @@
 		<dagger.version>2.57.1</dagger.version>
 		<easybind.version>2.2</easybind.version>
 		<jackson.version>2.20.0</jackson.version>
-		<javafx.version>24.0.1</javafx.version>
+		<javafx.version>25</javafx.version>
 		<jwt.version>4.5.0</jwt.version>
 		<nimbus-jose.version>10.5</nimbus-jose.version>
 		<logback.version>1.5.18</logback.version>

From e6e04078fae05eed02875886dcd32fd0370045f6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 14 Oct 2025 11:16:41 +0000
Subject: [PATCH 103/117] Bump the java-production-dependencies group across 1
 directory with 5 updates (#4007)

---
 pom.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index ef271528a..f3533f405 100644
--- a/pom.xml
+++ b/pom.xml
@@ -42,14 +42,14 @@
 		<cryptomator.webdav.version>3.0.0</cryptomator.webdav.version>
 
 		<!-- 3rd party dependencies -->
-		<commons-lang3.version>3.18.0</commons-lang3.version>
-		<dagger.version>2.57.1</dagger.version>
+		<commons-lang3.version>3.19.0</commons-lang3.version>
+		<dagger.version>2.57.2</dagger.version>
 		<easybind.version>2.2</easybind.version>
 		<jackson.version>2.20.0</jackson.version>
 		<javafx.version>25</javafx.version>
 		<jwt.version>4.5.0</jwt.version>
 		<nimbus-jose.version>10.5</nimbus-jose.version>
-		<logback.version>1.5.18</logback.version>
+		<logback.version>1.5.19</logback.version>
 		<slf4j.version>2.0.17</slf4j.version>
 		<tinyoauth2.version>0.8.1</tinyoauth2.version>
 		<zxcvbn.version>1.9.0</zxcvbn.version>

From 7f3af0c7f691c78904b4639e14bf2a1a3fa84321 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Tue, 14 Oct 2025 13:41:15 +0200
Subject: [PATCH 104/117] add defaults to switches to solve sonar cloud issues

---
 .../org/cryptomator/ui/mainwindow/VaultListController.java     | 1 +
 .../ui/recoverykey/RecoveryKeyOnboardingController.java        | 1 +
 .../ui/recoverykey/RecoveryKeyResetPasswordController.java     | 3 +++
 3 files changed, 5 insertions(+)

diff --git a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
index 3333db498..f25528498 100644
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
@@ -282,6 +282,7 @@ public class VaultListController implements FxController {
 				vaultListManager.addVault(preparedVault);
 				dialogs.prepareRecoveryVaultAdded(mainWindow, preparedVault.getDisplayName()).setOkAction(Stage::close).build().showAndWait();
 			}
+			default -> LOG.warn("Unhandled vault state during recovery: {}", preparedVault.getState());
 		}
 
 	}
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
index 235e530b8..db39ba97a 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
@@ -153,6 +153,7 @@ public class RecoveryKeyOnboardingController implements FxController {
 				}
 			}
 			case RESTORE_MASTERKEY -> window.setScene(recoverykeyRecoverScene.get());
+			default -> window.setScene(recoverykeyRecoverScene.get()); // Fallback
 		}
 		window.centerOnScreen();
 	}
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index b5b448239..7d2b72fb0 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -101,6 +101,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 		switch (recoverType.get()) {
 			case RESTORE_MASTERKEY, RESTORE_ALL -> nextButton.setText(resourceBundle.getString("recoveryKey.recover.recoverBtn"));
 			case RESET_PASSWORD -> nextButton.setText(resourceBundle.getString("recoveryKey.recover.resetBtn"));
+			default -> nextButton.setText(resourceBundle.getString("recoveryKey.recover.recoverBtn")); // Fallback
 		}
 	}
 
@@ -118,6 +119,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 		switch (recoverType.get()) {
 			case RESTORE_ALL -> restorePassword();
 			case RESTORE_MASTERKEY, RESET_PASSWORD -> resetPassword();
+			default -> resetPassword(); // Fallback
 		}
 	}
 
@@ -163,6 +165,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 			switch (recoverType.get()){
 				case RESET_PASSWORD -> dialogs.prepareRecoverPasswordSuccess(window).build().showAndWait();
 				case RESTORE_MASTERKEY -> dialogs.prepareRecoverPasswordSuccess(window).setTitleKey("recover.recoverMasterkey.title").setMessageKey("recoveryKey.recover.resetMasterkeyFileSuccess.message").build().showAndWait();
+				default -> dialogs.prepareRecoverPasswordSuccess(window).build().showAndWait(); // Fallback
 			}
 		});
 

From 4a7d2907c8f7b26f40a21db321a7de3095d36ab1 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Tue, 14 Oct 2025 14:28:53 +0200
Subject: [PATCH 105/117] use ellipsis

---
 src/main/resources/i18n/strings.properties | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index f4bd588f7..f718e14a7 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -396,9 +396,9 @@ main.vaultlist.contextMenu.unlock=Unlock…
 main.vaultlist.contextMenu.unlockNow=Unlock Now
 main.vaultlist.contextMenu.vaultoptions=Show Vault Options
 main.vaultlist.contextMenu.reveal=Reveal Drive
-main.vaultlist.addVaultBtn.menuItemNew=Create New Vault...
-main.vaultlist.addVaultBtn.menuItemExisting=Open Existing Vault...
-main.vaultlist.addVaultBtn.menuItemRecover=Recover Existing Vault...
+main.vaultlist.addVaultBtn.menuItemNew=Create New Vault…
+main.vaultlist.addVaultBtn.menuItemExisting=Open Existing Vault…
+main.vaultlist.addVaultBtn.menuItemRecover=Recover Existing Vault…
 main.vaultlist.showEventsButton.tooltip=Open event view
 ##Notificaition
 main.notification.updateAvailable=Update is available.

From 25dea8ebe6a6f34dd2f821e82ed8fa3515f4c7a9 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Tue, 14 Oct 2025 14:51:12 +0200
Subject: [PATCH 106/117] infeo suggested wordings

---
 src/main/resources/i18n/strings.properties | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index f718e14a7..5b4b2123b 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -438,7 +438,7 @@ main.vaultDetail.missing.remove=Remove from Vault List…
 main.vaultDetail.missing.changeLocation=Change Vault Location…
 ### Missing Vault Config
 main.vaultDetail.missingVaultConfig.info=VaultConfig is missing.
-main.vaultDetail.missingVaultConfig.restore=Restore VaultConfig
+main.vaultDetail.missingVaultConfig.restore=Restore vault config
 ### Needs Migration
 main.vaultDetail.migrateButton=Upgrade Vault
 main.vaultDetail.migratePrompt=Your vault needs to be upgraded to a new format, before you can access it
@@ -529,7 +529,7 @@ recoveryKey.recover.resetMasterkeyFileSuccess.description=You can unlock your va
 ##Add Existing Vault without recovery - Dialog
 recover.existing.title=Vault Added
 recover.existing.message=The vault was added successfully
-recover.existing.description=Your vault "%s" has been added to your vault list. No recovery process was started.
+recover.existing.description=Your vault "%s" has been added to your vault list. No recovery process was necessary.
 
 ##Vault Already Exists - Dialog
 recover.alreadyExists.title=Vault Already Exists

From 90537caee7f69f92927f2d46e141f12786d01d60 Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 15 Oct 2025 07:34:17 +0200
Subject: [PATCH 107/117] change wording

---
 src/main/resources/i18n/strings.properties | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index 5b4b2123b..0e8e5413e 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -437,7 +437,7 @@ main.vaultDetail.missing.recheck=Recheck
 main.vaultDetail.missing.remove=Remove from Vault List…
 main.vaultDetail.missing.changeLocation=Change Vault Location…
 ### Missing Vault Config
-main.vaultDetail.missingVaultConfig.info=VaultConfig is missing.
+main.vaultDetail.missingVaultConfig.info=Vault config is missing.
 main.vaultDetail.missingVaultConfig.restore=Restore vault config
 ### Needs Migration
 main.vaultDetail.migrateButton=Upgrade Vault
@@ -529,7 +529,7 @@ recoveryKey.recover.resetMasterkeyFileSuccess.description=You can unlock your va
 ##Add Existing Vault without recovery - Dialog
 recover.existing.title=Vault Added
 recover.existing.message=The vault was added successfully
-recover.existing.description=Your vault "%s" has been added to your vault list. No recovery process was necessary.
+recover.existing.description=Your vault "%s" has been added to the vault list. No recovery process was necessary.
 
 ##Vault Already Exists - Dialog
 recover.alreadyExists.title=Vault Already Exists

From 446caff901132d2f5938a4400e56c21748e807b8 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Wed, 15 Oct 2025 12:31:38 +0200
Subject: [PATCH 108/117] Pin exact version of external ci actions

---
 .github/workflows/appimage.yml          | 4 ++--
 .github/workflows/aur.yml               | 2 +-
 .github/workflows/av-whitelist.yml      | 4 ++--
 .github/workflows/build.yml             | 2 +-
 .github/workflows/check-jdk-updates.yml | 2 +-
 .github/workflows/dependency-check.yml  | 2 +-
 .github/workflows/dl-stats.yml          | 2 +-
 .github/workflows/error-db.yml          | 4 ++--
 .github/workflows/flathub.yml           | 2 +-
 .github/workflows/get-version.yml       | 2 +-
 .github/workflows/mac-dmg-x64.yml       | 4 ++--
 .github/workflows/mac-dmg.yml           | 4 ++--
 .github/workflows/post-publish.yml      | 4 ++--
 .github/workflows/win-exe.yml           | 4 ++--
 .github/workflows/winget.yml            | 2 +-
 15 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/appimage.yml b/.github/workflows/appimage.yml
index 877ef7e5d..afaf96459 100644
--- a/.github/workflows/appimage.yml
+++ b/.github/workflows/appimage.yml
@@ -185,7 +185,7 @@ jobs:
           if-no-files-found: error
       - name: Publish AppImage on GitHub Releases
         if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090
         with:
           fail_on_unmatched_files: true
           token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
@@ -247,7 +247,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
       - name: Slack Notification
-        uses: rtCamp/action-slack-notify@v2
+        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_USERNAME: 'Cryptobot'
diff --git a/.github/workflows/aur.yml b/.github/workflows/aur.yml
index 29ccb2ea7..e1f5a45f0 100644
--- a/.github/workflows/aur.yml
+++ b/.github/workflows/aur.yml
@@ -81,7 +81,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
       - name: Slack Notification
-        uses: rtCamp/action-slack-notify@v2
+        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661
         if: github.event_name == 'release'
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.github/workflows/av-whitelist.yml b/.github/workflows/av-whitelist.yml
index 1feffd719..2803a7eb8 100644
--- a/.github/workflows/av-whitelist.yml
+++ b/.github/workflows/av-whitelist.yml
@@ -58,7 +58,7 @@ jobs:
           name: ${{ needs.download-file.outputs.fileName }}
           path: upload
       - name: Upload to Kaspersky
-        uses: SamKirkland/FTP-Deploy-Action@v4.3.6
+        uses: SamKirkland/FTP-Deploy-Action@a51268f67f6605236975928ae28b0f7e9971d50a
         with:
           protocol: ftps
           server: allowlist.kaspersky-labs.com
@@ -78,7 +78,7 @@ jobs:
           name: ${{ needs.download-file.outputs.fileName }}
           path: upload
       - name: Upload to Avast
-        uses: wlixcc/SFTP-Deploy-Action@v1.2.6
+        uses: wlixcc/SFTP-Deploy-Action@a5ccb9c6211a94cc59404f0fdb2a9936a6dfee64
         with:
           server: whitelisting.avast.com
           port: 22
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8ba4becf6..e794f594c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -49,7 +49,7 @@ jobs:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       - name: Draft a release
         if: startsWith(github.ref, 'refs/tags/')
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090
         with:
           draft: true
           discussion_category_name: releases
diff --git a/.github/workflows/check-jdk-updates.yml b/.github/workflows/check-jdk-updates.yml
index 8d40a6892..c6eacb20c 100644
--- a/.github/workflows/check-jdk-updates.yml
+++ b/.github/workflows/check-jdk-updates.yml
@@ -70,7 +70,7 @@ jobs:
           }
       - name: Notify
         if: steps.determine.outputs.UPDATE_AVAILABLE == 'true'
-        uses: rtCamp/action-slack-notify@v2
+        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_USERNAME: 'Cryptobot'
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index b59fa8573..2636263d6 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -7,7 +7,7 @@ on:
 
 jobs:
   check-dependencies:
-    uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@v3
+    uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@1074588008ae3326a2221ea451783280518f0366
     with:
       runner-os: 'ubuntu-latest'
       java-distribution: 'temurin'
diff --git a/.github/workflows/dl-stats.yml b/.github/workflows/dl-stats.yml
index 44dd95d4f..92b18ba81 100644
--- a/.github/workflows/dl-stats.yml
+++ b/.github/workflows/dl-stats.yml
@@ -53,7 +53,7 @@ jobs:
           INTERVAL: 900
           JSON_DATA: ${{ steps.get-stats.outputs.result }}
       - name: Upload Results
-        uses: fjogeleit/http-request-action@v1
+        uses: fjogeleit/http-request-action@1297c6fc63a79b147d1676540a3fd9d2e37817c5
         with:
           url: 'https://graphite-us-central1.grafana.net/metrics'
           method: 'POST'
diff --git a/.github/workflows/error-db.yml b/.github/workflows/error-db.yml
index fd4022a73..6df929b3e 100644
--- a/.github/workflows/error-db.yml
+++ b/.github/workflows/error-db.yml
@@ -42,7 +42,7 @@ jobs:
             return await github.graphql(query, variables)
       - name: Get Gist
         id: get-gist
-        uses: andymckay/get-gist-action@master
+        uses: andymckay/get-gist-action@cf3bc8164af24126f7e5979eb6d3dc0c12309bd1
         with:
           gistURL: https://gist.github.com/cryptobot/accba9fb9555e7192271b85606f97230
       - name: Merge Error Code Data
@@ -58,7 +58,7 @@ jobs:
         env:
           DISCUSSION: ${{ steps.query-data.outputs.result }}
       - name: Patch Gist
-        uses: exuanbo/actions-deploy-gist@v1
+        uses: exuanbo/actions-deploy-gist@47697fceaeea2006a90594ee24eb9cd0a1121ef8
         with:
           token: ${{ secrets.CRYPTOBOT_GIST_TOKEN }}
           gist_id: accba9fb9555e7192271b85606f97230
diff --git a/.github/workflows/flathub.yml b/.github/workflows/flathub.yml
index 52236cc9b..e4977954a 100644
--- a/.github/workflows/flathub.yml
+++ b/.github/workflows/flathub.yml
@@ -71,7 +71,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
       - name: Slack Notification
-        uses: rtCamp/action-slack-notify@v2
+        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661
         if: github.event_name == 'release'
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.github/workflows/get-version.yml b/.github/workflows/get-version.yml
index a9e8cb33b..163132eac 100644
--- a/.github/workflows/get-version.yml
+++ b/.github/workflows/get-version.yml
@@ -73,6 +73,6 @@ jobs:
         env:
           VERSION_STRING: ${{ inputs.version }}
       - name: Validate Version
-        uses: skymatic/semver-validation-action@v3
+        uses: skymatic/semver-validation-action@7a6ae1c9e121540d11c9c7e4e667c83d583aa153
         with:
           version: ${{ steps.versions.outputs.semVerStr }}
\ No newline at end of file
diff --git a/.github/workflows/mac-dmg-x64.yml b/.github/workflows/mac-dmg-x64.yml
index 1dec73c37..f71ad57a6 100644
--- a/.github/workflows/mac-dmg-x64.yml
+++ b/.github/workflows/mac-dmg-x64.yml
@@ -261,7 +261,7 @@ jobs:
           CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }}
       - name: Notarize .dmg
         if: startsWith(github.ref, 'refs/tags/') || inputs.notarize
-        uses: cocoalibs/xcode-notarization-action@v1
+        uses: cocoalibs/xcode-notarization-action@5cf433d494b6fa26504b574c591f4dd120388846
         with:
           app-path: 'Cryptomator-*.dmg'
           apple-id: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}
@@ -291,7 +291,7 @@ jobs:
           if-no-files-found: error
       - name: Publish dmg on GitHub Releases
         if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090
         with:
           fail_on_unmatched_files: true
           token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
diff --git a/.github/workflows/mac-dmg.yml b/.github/workflows/mac-dmg.yml
index ef42897c5..f56e5a308 100644
--- a/.github/workflows/mac-dmg.yml
+++ b/.github/workflows/mac-dmg.yml
@@ -260,7 +260,7 @@ jobs:
           CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }}
       - name: Notarize .dmg
         if: startsWith(github.ref, 'refs/tags/') || inputs.notarize
-        uses: cocoalibs/xcode-notarization-action@v1
+        uses: cocoalibs/xcode-notarization-action@5cf433d494b6fa26504b574c591f4dd120388846
         with:
           app-path: 'Cryptomator-*.dmg'
           apple-id: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}
@@ -290,7 +290,7 @@ jobs:
           if-no-files-found: error
       - name: Publish dmg on GitHub Releases
         if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090
         with:
           fail_on_unmatched_files: true
           token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
diff --git a/.github/workflows/post-publish.yml b/.github/workflows/post-publish.yml
index eaa6fb3f4..40eee58fe 100644
--- a/.github/workflows/post-publish.yml
+++ b/.github/workflows/post-publish.yml
@@ -19,14 +19,14 @@ jobs:
           GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
           GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
       - name: Publish asc on GitHub Releases
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090
         with:
           fail_on_unmatched_files: true
           token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
           files: |
             cryptomator-*.tar.gz.asc
       - name: Slack Notification
-        uses: rtCamp/action-slack-notify@v2
+        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_USERNAME: 'Cryptobot'
diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml
index 197674874..e450aa465 100644
--- a/.github/workflows/win-exe.yml
+++ b/.github/workflows/win-exe.yml
@@ -413,7 +413,7 @@ jobs:
           merge-multiple: true
       - name: Publish installers on GitHub Releases
         id: publish
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090
         with:
           fail_on_unmatched_files: true
           token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
@@ -444,7 +444,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Slack Notification
-        uses: rtCamp/action-slack-notify@v2
+        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_USERNAME: 'Cryptobot'
diff --git a/.github/workflows/winget.yml b/.github/workflows/winget.yml
index 0beb75544..d9e7db86f 100644
--- a/.github/workflows/winget.yml
+++ b/.github/workflows/winget.yml
@@ -18,7 +18,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
       - name: Submit package
-        uses: vedantmgoyal2009/winget-releaser@main
+        uses: vedantmgoyal2009/winget-releaser@19e706d4c9121098010096f9c495a70a7518b30f
         with:
           identifier: Cryptomator.Cryptomator
           version: ${{ inputs.tag }}

From 83d2c390802fb5afaef906dcaab0c61940be46cd Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Wed, 15 Oct 2025 12:48:49 +0200
Subject: [PATCH 109/117] also pin official github actions

---
 .github/workflows/appimage.yml          | 10 +++++-----
 .github/workflows/aur.yml               |  2 +-
 .github/workflows/av-whitelist.yml      |  6 +++---
 .github/workflows/build.yml             |  6 +++---
 .github/workflows/check-jdk-updates.yml |  2 +-
 .github/workflows/debian.yml            |  6 +++---
 .github/workflows/dl-stats.yml          |  2 +-
 .github/workflows/error-db.yml          |  2 +-
 .github/workflows/flathub.yml           |  2 +-
 .github/workflows/get-version.yml       |  4 ++--
 .github/workflows/mac-dmg-x64.yml       |  6 +++---
 .github/workflows/mac-dmg.yml           |  6 +++---
 .github/workflows/no-response.yml       |  2 +-
 .github/workflows/pullrequest.yml       |  4 ++--
 .github/workflows/release-check.yml     |  6 +++---
 .github/workflows/stale.yml             |  2 +-
 .github/workflows/win-exe.yml           | 16 ++++++++--------
 17 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/.github/workflows/appimage.yml b/.github/workflows/appimage.yml
index afaf96459..6bcb09ba2 100644
--- a/.github/workflows/appimage.yml
+++ b/.github/workflows/appimage.yml
@@ -44,9 +44,9 @@ jobs:
             openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_linux-aarch64_bin-jmods.zip'
             openjfx-sha: '951c52481af0ec5885b06f1ebaa8a10da7e8ea23c5e1ef3e2f6f11fa1b3a7ce1'
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
       - name: Setup Java
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
@@ -175,7 +175,7 @@ jobs:
           gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.AppImage
           gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.AppImage.zsync
       - name: Upload artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         with:
           name: appimage-${{ matrix.appimage-suffix }}
           path: |
@@ -201,7 +201,7 @@ jobs:
     if: github.event_name == 'release' && needs.get-version.outputs.versionType == 'stable'
     steps:
       - name: Download AppImages
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
         with:
           path: downloads/
           merge-multiple: true
@@ -212,7 +212,7 @@ jobs:
           echo "x64-sha256sum=${X64_SHA256}" >> "$GITHUB_OUTPUT"
           AARCH64_SHA256=$(sha256sum downloads/cryptomator-*-aarch64.AppImage | cut -d ' ' -f1)
           echo "aarch64-sha256sum=${AARCH64_SHA256}" >> "$GITHUB_OUTPUT"
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
         with:
           repository: 'cryptomator/aur-bin'
           token: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
diff --git a/.github/workflows/aur.yml b/.github/workflows/aur.yml
index e1f5a45f0..4ed17afd5 100644
--- a/.github/workflows/aur.yml
+++ b/.github/workflows/aur.yml
@@ -48,7 +48,7 @@ jobs:
     env:
       AUR_PR_URL: tbd
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
         with:
           repository: 'cryptomator/aur'
           token: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
diff --git a/.github/workflows/av-whitelist.yml b/.github/workflows/av-whitelist.yml
index 2803a7eb8..9fac8729d 100644
--- a/.github/workflows/av-whitelist.yml
+++ b/.github/workflows/av-whitelist.yml
@@ -41,7 +41,7 @@ jobs:
       - name: Download file
         run: curl --remote-name ${INPUT_URL} -L -o ${{steps.extractName.outputs.fileName}}
       - name: Upload artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         with:
           name: ${{ steps.extractName.outputs.fileName }}
           path: ${{ steps.extractName.outputs.fileName }}
@@ -53,7 +53,7 @@ jobs:
     if: github.event_name == 'workflow_call' || inputs.kaspersky
     steps:
       - name: Download artifact
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
         with:
           name: ${{ needs.download-file.outputs.fileName }}
           path: upload
@@ -73,7 +73,7 @@ jobs:
     if: github.event_name == 'workflow_call'  || inputs.avast
     steps:
       - name: Download artifact
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
         with:
           name: ${{ needs.download-file.outputs.fileName }}
           path: upload
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e794f594c..30336d8fa 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -22,14 +22,14 @@ jobs:
     name: Compile and Test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
-      - uses: actions/setup-java@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+      - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
           cache: 'maven'
       - name: Cache SonarCloud packages
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
diff --git a/.github/workflows/check-jdk-updates.yml b/.github/workflows/check-jdk-updates.yml
index c6eacb20c..0ada84896 100644
--- a/.github/workflows/check-jdk-updates.yml
+++ b/.github/workflows/check-jdk-updates.yml
@@ -26,7 +26,7 @@ jobs:
         run: echo 'JDK_MAJOR_VERSION=${{ env.JDK_VERSION }}'.substring(0,20) >> "$env:GITHUB_ENV"
         shell: pwsh
       - name: Checkout latest JDK ${{ env.JDK_MAJOR_VERSION }}
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
         with:
           java-version: ${{ env.JDK_MAJOR_VERSION}}
           distribution: ${{ env.JDK_VENDOR }}
diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml
index 94d995c49..8ec0d8561 100644
--- a/.github/workflows/debian.yml
+++ b/.github/workflows/debian.yml
@@ -44,7 +44,7 @@ jobs:
     env:
       INPUT_PPAVER: ${{ inputs.ppaver }}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
       - id: deb-version
         name: Determine deb-version
         run: |
@@ -59,7 +59,7 @@ jobs:
           sudo apt-get update
           sudo apt-get install debhelper devscripts dput coffeelibs-jdk-${{ env.COFFEELIBS_JDK }}=${{ env.COFFEELIBS_JDK_VERSION }}
       - name: Setup Java
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
@@ -142,7 +142,7 @@ jobs:
         run: |
           gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator_*_amd64.deb
       - name: Upload artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         with:
           name: linux-deb-package
           path: |
diff --git a/.github/workflows/dl-stats.yml b/.github/workflows/dl-stats.yml
index 92b18ba81..258a02da5 100644
--- a/.github/workflows/dl-stats.yml
+++ b/.github/workflows/dl-stats.yml
@@ -10,7 +10,7 @@ jobs:
     steps:
       - name: Get download count of latest releases
         id: get-stats
-        uses: actions/github-script@v8
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
         with:
           script: |
             const query = `query($owner:String!, $name:String!) {
diff --git a/.github/workflows/error-db.yml b/.github/workflows/error-db.yml
index 6df929b3e..d42242f0b 100644
--- a/.github/workflows/error-db.yml
+++ b/.github/workflows/error-db.yml
@@ -14,7 +14,7 @@ jobs:
       - name: Query Discussion Data
         if: github.event_name == 'discussion_comment' || github.event_name == 'discussion' && github.event.action != 'deleted'
         id: query-data
-        uses: actions/github-script@v8
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
         with:
           script: |
             const query = `query ($owner: String!, $name: String!, $discussionNumber: Int!) {
diff --git a/.github/workflows/flathub.yml b/.github/workflows/flathub.yml
index e4977954a..d409f72c3 100644
--- a/.github/workflows/flathub.yml
+++ b/.github/workflows/flathub.yml
@@ -43,7 +43,7 @@ jobs:
     env:
       FLATHUB_PR_URL: tbd
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
         with:
           repository: 'flathub/org.cryptomator.Cryptomator'
           token: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
diff --git a/.github/workflows/get-version.yml b/.github/workflows/get-version.yml
index 163132eac..0b0582d63 100644
--- a/.github/workflows/get-version.yml
+++ b/.github/workflows/get-version.yml
@@ -35,11 +35,11 @@ jobs:
       revNum: ${{ steps.versions.outputs.revNum }}
       type: ${{ steps.versions.outputs.type}}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
         with:
           fetch-depth: 0
       - name: Setup Java
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
diff --git a/.github/workflows/mac-dmg-x64.yml b/.github/workflows/mac-dmg-x64.yml
index f71ad57a6..2d3a6a7d4 100644
--- a/.github/workflows/mac-dmg-x64.yml
+++ b/.github/workflows/mac-dmg-x64.yml
@@ -47,9 +47,9 @@ jobs:
           openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_osx-x64_bin-jmods.zip'
           openjfx-sha: '0eba73fb28a24c845175d16fa2f8c081c936ce6de1be9b79eb6119fa32e53d52'
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
       - name: Setup Java
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
@@ -282,7 +282,7 @@ jobs:
         run: security delete-keychain $RUNNER_TEMP/codesign.keychain-db
         continue-on-error: true
       - name: Upload artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         with:
           name: dmg-${{ matrix.output-suffix }}
           path: |
diff --git a/.github/workflows/mac-dmg.yml b/.github/workflows/mac-dmg.yml
index f56e5a308..d7455c7f8 100644
--- a/.github/workflows/mac-dmg.yml
+++ b/.github/workflows/mac-dmg.yml
@@ -45,9 +45,9 @@ jobs:
           openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_osx-aarch64_bin-jmods.zip'
           openjfx-sha: '13f8c0513c40c95881479fbcf0465a29a60217393fb0656f5e4eab78a9442fba'
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
       - name: Setup Java
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
@@ -281,7 +281,7 @@ jobs:
         run: security delete-keychain $RUNNER_TEMP/codesign.keychain-db
         continue-on-error: true
       - name: Upload artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         with:
           name: dmg-${{ matrix.output-suffix }}
           path: |
diff --git a/.github/workflows/no-response.yml b/.github/workflows/no-response.yml
index f35101148..d4f659e5e 100644
--- a/.github/workflows/no-response.yml
+++ b/.github/workflows/no-response.yml
@@ -12,7 +12,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/stale@v10
+      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008
         with:
           days-before-stale: 14
           days-before-close: 0
diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml
index f18a5db65..d90f33f4a 100644
--- a/.github/workflows/pullrequest.yml
+++ b/.github/workflows/pullrequest.yml
@@ -16,8 +16,8 @@ jobs:
     name: Compile and Test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
-      - uses: actions/setup-java@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+      - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
diff --git a/.github/workflows/release-check.yml b/.github/workflows/release-check.yml
index 2d8ba91d6..bacec536d 100644
--- a/.github/workflows/release-check.yml
+++ b/.github/workflows/release-check.yml
@@ -19,9 +19,9 @@ jobs:
     name: Validate commits pushed to release/hotfix branch to fulfill release requirements
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
       - name: Setup Java
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
@@ -49,7 +49,7 @@ jobs:
             exit 1
           fi
       - name: Cache NVD DB
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830
         with:
           path: ~/.m2/repository/org/owasp/dependency-check-data/
           key: dependency-check-${{ github.run_id }}
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index b261d293e..a63ef1c8b 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -12,7 +12,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/stale@v10
+      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008
         with:
           days-before-stale: 365
           days-before-close: 90
diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml
index e450aa465..d427280cf 100644
--- a/.github/workflows/win-exe.yml
+++ b/.github/workflows/win-exe.yml
@@ -55,9 +55,9 @@ jobs:
             java-version: '24.0.1+9'
             java-package: 'jdk'
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
       - name: Setup Java
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
         with:
           distribution: ${{ matrix.java-dist }}
           java-version: ${{ matrix.java-version }}
@@ -271,7 +271,7 @@ jobs:
           GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
           GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
       - name: Upload artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         with:
           name: msi-${{ matrix.arch }}
           path: |
@@ -293,21 +293,21 @@ jobs:
             java-version: '24.0.1+9'
             java-package: 'jdk'
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
       - name: Install wix and extensions
         run: |
           dotnet tool install --global wix --version 6.0.0
           wix.exe extension add WixToolset.BootstrapperApplications.wixext/6.0.0 --global
           wix.exe extension add WixToolset.Util.wixext/6.0.0 --global
       - name: Download .msi
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
         with:
           name: msi-${{ matrix.arch }}
           path: dist/win/bundle/resources
       - name: Strip version info from msi file name
         run: mv dist/win/bundle/resources/Cryptomator*.msi dist/win/bundle/resources/Cryptomator.msi
       - name: Setup Java
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
         with:
           distribution: ${{ matrix.java-dist }}
           java-version: ${{ matrix.java-version }}
@@ -390,7 +390,7 @@ jobs:
           GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
           GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
       - name: Upload artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         with:
           name: exe-${{ matrix.executable-suffix }}
           path: |
@@ -408,7 +408,7 @@ jobs:
       download-url-exe-x64: ${{ fromJSON(steps.publish.outputs.assets)[2].browser_download_url }}
     steps:
       - name: Download installers
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
         with:
           merge-multiple: true
       - name: Publish installers on GitHub Releases

From 1104c1067aba22bb79635e32024d1e4b990486aa Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 15 Oct 2025 14:06:00 +0200
Subject: [PATCH 110/117] wording changes

---
 .../RecoveryKeyOnboardingController.java      | 27 ++++++++++++++-----
 .../fxml/recoverykey_onboarding.fxml          |  1 +
 src/main/resources/i18n/strings.properties    | 14 +++++-----
 3 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
index db39ba97a..dd15413d8 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyOnboardingController.java
@@ -42,6 +42,7 @@ public class RecoveryKeyOnboardingController implements FxController {
 
 	public Label titleLabel;
 	public Label messageLabel;
+	public Label pleaseConfirm;
 	public Label secondTextDesc;
 
 	@FXML
@@ -90,10 +91,24 @@ public class RecoveryKeyOnboardingController implements FxController {
 		);
 
 		switch (recoverType.get()) {
-			case RESTORE_MASTERKEY ->
-					window.setTitle(resourceBundle.getString("recover.recoverMasterkey.title"));
-			case RESTORE_ALL, RESTORE_VAULT_CONFIG ->
-					window.setTitle(resourceBundle.getString("recover.recoverVaultConfig.title"));
+			case RESTORE_MASTERKEY -> {
+				window.setTitle(resourceBundle.getString("recover.recoverMasterkey.title"));
+				messageLabel.setVisible(false);
+				messageLabel.setManaged(false);
+				pleaseConfirm.setText(resourceBundle.getString("recover.onBoarding.pleaseConfirm"));
+			}
+			case RESTORE_ALL -> {
+				window.setTitle(resourceBundle.getString("recover.recoverVaultConfig.title"));
+				messageLabel.setVisible(true);
+				messageLabel.setManaged(true);
+				pleaseConfirm.setText(resourceBundle.getString("recover.onBoarding.otherwisePleaseConfirm"));
+			}
+			case RESTORE_VAULT_CONFIG -> {
+				window.setTitle(resourceBundle.getString("recover.recoverVaultConfig.title"));
+				messageLabel.setVisible(false);
+				messageLabel.setManaged(false);
+				pleaseConfirm.setText(resourceBundle.getString("recover.onBoarding.pleaseConfirm"));
+			}
 			default -> window.setTitle("");
 		}
 
@@ -108,9 +123,9 @@ public class RecoveryKeyOnboardingController implements FxController {
 						? resourceBundle.getString("recover.recoverMasterkey.title")
 						: resourceBundle.getString("recover.recoverVaultConfig.title"), recoverType));
 
-		BooleanBinding isMaster = Bindings.createBooleanBinding(
+		BooleanBinding isRestoreMasterkey = Bindings.createBooleanBinding(
 				() -> recoverType.get() == RecoveryActionType.RESTORE_MASTERKEY, recoverType);
-		hBox.minHeightProperty().bind(Bindings.when(isMaster).then(206.0).otherwise(Region.USE_COMPUTED_SIZE));
+		hBox.minHeightProperty().bind(Bindings.when(isRestoreMasterkey).then(206.0).otherwise(Region.USE_COMPUTED_SIZE));
 
 		secondTextDesc.textProperty().bind(Bindings.createStringBinding(() -> {
 			RecoveryActionType type = recoverType.get();
diff --git a/src/main/resources/fxml/recoverykey_onboarding.fxml b/src/main/resources/fxml/recoverykey_onboarding.fxml
index da8248599..b1c701a9d 100644
--- a/src/main/resources/fxml/recoverykey_onboarding.fxml
+++ b/src/main/resources/fxml/recoverykey_onboarding.fxml
@@ -52,6 +52,7 @@
 			</VBox>
 
 			<Label fx:id="messageLabel" wrapText="true"/>
+			<Label fx:id="pleaseConfirm" wrapText="true"/>
 			<GridPane alignment="CENTER_LEFT">
 				<padding>
 					<Insets left="6"/>
diff --git a/src/main/resources/i18n/strings.properties b/src/main/resources/i18n/strings.properties
index 0e8e5413e..36498f4bb 100644
--- a/src/main/resources/i18n/strings.properties
+++ b/src/main/resources/i18n/strings.properties
@@ -555,15 +555,17 @@ recover.onBoarding.chooseMethod=Choose recovery method:
 recover.onBoarding.useRecoveryKey=Use Recovery Key
 recover.onBoarding.usePassword=Use Password
 recover.onBoarding.intro=Make sure to check the following:
-recover.onBoarding.allMissing.intro=If your vault is a Hub vault, the vault owner can restore the file for you. Otherwise:
-recover.onBoarding.intro.ensure=Ensure all files are completely synced.
-recover.onBoarding.affirmation=I have read and understood the above information
+recover.onBoarding.pleaseConfirm=Before proceeding, please confirm that:
+recover.onBoarding.otherwisePleaseConfirm=Otherwise, please confirm that:
+recover.onBoarding.allMissing.intro=If this vault is managed by Cryptomator Hub, the vault owner must restore it for you.
+recover.onBoarding.intro.ensure=All files are fully synced.
+recover.onBoarding.affirmation=I have read and understood these requirements
 
 ###Vault Config Missing
-recover.onBoarding.intro.recoveryKey=You will need the recovery key, a new vault password and possibly some expert settings.
-recover.onBoarding.intro.password=You will need the vault password and possibly some expert settings.
+recover.onBoarding.intro.recoveryKey=You have the recovery key and know if expert settings were used.
+recover.onBoarding.intro.password=You have the vault password and know if expert settings were used.
 ###Masterkey Missing
-recover.onBoarding.intro.masterkey.recoveryKey=You will need the vault recovery key.
+recover.onBoarding.intro.masterkey.recoveryKey=You have the vault recovery key.
 
 ## Expert Settings
 recover.expertSettings.shorteningThreshold.title=This value must match the one used before recovery to ensure compatibility with previously encrypted data.

From ccf2e603901df8d5ca2adf342887dae62f33f076 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Wed, 15 Oct 2025 14:55:39 +0200
Subject: [PATCH 111/117] add version info in a comment

---
 .github/workflows/appimage.yml          | 14 ++++++-------
 .github/workflows/aur.yml               |  4 ++--
 .github/workflows/av-whitelist.yml      | 10 ++++-----
 .github/workflows/build.yml             |  8 +++----
 .github/workflows/check-jdk-updates.yml |  4 ++--
 .github/workflows/debian.yml            |  6 +++---
 .github/workflows/dependency-check.yml  |  2 +-
 .github/workflows/dl-stats.yml          |  4 ++--
 .github/workflows/error-db.yml          |  6 +++---
 .github/workflows/flathub.yml           |  4 ++--
 .github/workflows/get-version.yml       |  6 +++---
 .github/workflows/mac-dmg-x64.yml       | 10 ++++-----
 .github/workflows/mac-dmg.yml           | 10 ++++-----
 .github/workflows/no-response.yml       |  2 +-
 .github/workflows/post-publish.yml      |  4 ++--
 .github/workflows/pullrequest.yml       |  4 ++--
 .github/workflows/release-check.yml     |  6 +++---
 .github/workflows/stale.yml             |  2 +-
 .github/workflows/win-exe.yml           | 28 ++++++++++++-------------
 .github/workflows/winget.yml            |  2 +-
 20 files changed, 68 insertions(+), 68 deletions(-)

diff --git a/.github/workflows/appimage.yml b/.github/workflows/appimage.yml
index 6bcb09ba2..143746c53 100644
--- a/.github/workflows/appimage.yml
+++ b/.github/workflows/appimage.yml
@@ -44,9 +44,9 @@ jobs:
             openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_linux-aarch64_bin-jmods.zip'
             openjfx-sha: '951c52481af0ec5885b06f1ebaa8a10da7e8ea23c5e1ef3e2f6f11fa1b3a7ce1'
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: Setup Java
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
@@ -175,7 +175,7 @@ jobs:
           gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.AppImage
           gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.AppImage.zsync
       - name: Upload artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: appimage-${{ matrix.appimage-suffix }}
           path: |
@@ -185,7 +185,7 @@ jobs:
           if-no-files-found: error
       - name: Publish AppImage on GitHub Releases
         if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
-        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090
+        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
         with:
           fail_on_unmatched_files: true
           token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
@@ -201,7 +201,7 @@ jobs:
     if: github.event_name == 'release' && needs.get-version.outputs.versionType == 'stable'
     steps:
       - name: Download AppImages
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
         with:
           path: downloads/
           merge-multiple: true
@@ -212,7 +212,7 @@ jobs:
           echo "x64-sha256sum=${X64_SHA256}" >> "$GITHUB_OUTPUT"
           AARCH64_SHA256=$(sha256sum downloads/cryptomator-*-aarch64.AppImage | cut -d ' ' -f1)
           echo "aarch64-sha256sum=${AARCH64_SHA256}" >> "$GITHUB_OUTPUT"
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           repository: 'cryptomator/aur-bin'
           token: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
@@ -247,7 +247,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
       - name: Slack Notification
-        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661
+        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_USERNAME: 'Cryptobot'
diff --git a/.github/workflows/aur.yml b/.github/workflows/aur.yml
index 4ed17afd5..b028273a4 100644
--- a/.github/workflows/aur.yml
+++ b/.github/workflows/aur.yml
@@ -48,7 +48,7 @@ jobs:
     env:
       AUR_PR_URL: tbd
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           repository: 'cryptomator/aur'
           token: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
@@ -81,8 +81,8 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
       - name: Slack Notification
-        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661
         if: github.event_name == 'release'
+        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_USERNAME: 'Cryptobot'
diff --git a/.github/workflows/av-whitelist.yml b/.github/workflows/av-whitelist.yml
index 9fac8729d..ca74a3281 100644
--- a/.github/workflows/av-whitelist.yml
+++ b/.github/workflows/av-whitelist.yml
@@ -41,7 +41,7 @@ jobs:
       - name: Download file
         run: curl --remote-name ${INPUT_URL} -L -o ${{steps.extractName.outputs.fileName}}
       - name: Upload artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: ${{ steps.extractName.outputs.fileName }}
           path: ${{ steps.extractName.outputs.fileName }}
@@ -53,12 +53,12 @@ jobs:
     if: github.event_name == 'workflow_call' || inputs.kaspersky
     steps:
       - name: Download artifact
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
         with:
           name: ${{ needs.download-file.outputs.fileName }}
           path: upload
       - name: Upload to Kaspersky
-        uses: SamKirkland/FTP-Deploy-Action@a51268f67f6605236975928ae28b0f7e9971d50a
+        uses: SamKirkland/FTP-Deploy-Action@a51268f67f6605236975928ae28b0f7e9971d50a # v4.6.3
         with:
           protocol: ftps
           server: allowlist.kaspersky-labs.com
@@ -73,12 +73,12 @@ jobs:
     if: github.event_name == 'workflow_call'  || inputs.avast
     steps:
       - name: Download artifact
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
         with:
           name: ${{ needs.download-file.outputs.fileName }}
           path: upload
       - name: Upload to Avast
-        uses: wlixcc/SFTP-Deploy-Action@a5ccb9c6211a94cc59404f0fdb2a9936a6dfee64
+        uses: wlixcc/SFTP-Deploy-Action@a5ccb9c6211a94cc59404f0fdb2a9936a6dfee64 # v1.2.6
         with:
           server: whitelisting.avast.com
           port: 22
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 30336d8fa..b528cfb49 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -22,14 +22,14 @@ jobs:
     name: Compile and Test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-      - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
           cache: 'maven'
       - name: Cache SonarCloud packages
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
@@ -49,7 +49,7 @@ jobs:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       - name: Draft a release
         if: startsWith(github.ref, 'refs/tags/')
-        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090
+        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
         with:
           draft: true
           discussion_category_name: releases
diff --git a/.github/workflows/check-jdk-updates.yml b/.github/workflows/check-jdk-updates.yml
index 0ada84896..432cf16b7 100644
--- a/.github/workflows/check-jdk-updates.yml
+++ b/.github/workflows/check-jdk-updates.yml
@@ -26,7 +26,7 @@ jobs:
         run: echo 'JDK_MAJOR_VERSION=${{ env.JDK_VERSION }}'.substring(0,20) >> "$env:GITHUB_ENV"
         shell: pwsh
       - name: Checkout latest JDK ${{ env.JDK_MAJOR_VERSION }}
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
         with:
           java-version: ${{ env.JDK_MAJOR_VERSION}}
           distribution: ${{ env.JDK_VENDOR }}
@@ -70,7 +70,7 @@ jobs:
           }
       - name: Notify
         if: steps.determine.outputs.UPDATE_AVAILABLE == 'true'
-        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661
+        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_USERNAME: 'Cryptobot'
diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml
index 8ec0d8561..715fde74d 100644
--- a/.github/workflows/debian.yml
+++ b/.github/workflows/debian.yml
@@ -44,7 +44,7 @@ jobs:
     env:
       INPUT_PPAVER: ${{ inputs.ppaver }}
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - id: deb-version
         name: Determine deb-version
         run: |
@@ -59,7 +59,7 @@ jobs:
           sudo apt-get update
           sudo apt-get install debhelper devscripts dput coffeelibs-jdk-${{ env.COFFEELIBS_JDK }}=${{ env.COFFEELIBS_JDK_VERSION }}
       - name: Setup Java
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
@@ -142,7 +142,7 @@ jobs:
         run: |
           gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator_*_amd64.deb
       - name: Upload artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: linux-deb-package
           path: |
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index 2636263d6..ddce37384 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -7,7 +7,7 @@ on:
 
 jobs:
   check-dependencies:
-    uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@1074588008ae3326a2221ea451783280518f0366
+    uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@1074588008ae3326a2221ea451783280518f0366 # v3.0.1
     with:
       runner-os: 'ubuntu-latest'
       java-distribution: 'temurin'
diff --git a/.github/workflows/dl-stats.yml b/.github/workflows/dl-stats.yml
index 258a02da5..401fa010a 100644
--- a/.github/workflows/dl-stats.yml
+++ b/.github/workflows/dl-stats.yml
@@ -10,7 +10,7 @@ jobs:
     steps:
       - name: Get download count of latest releases
         id: get-stats
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           script: |
             const query = `query($owner:String!, $name:String!) {
@@ -53,7 +53,7 @@ jobs:
           INTERVAL: 900
           JSON_DATA: ${{ steps.get-stats.outputs.result }}
       - name: Upload Results
-        uses: fjogeleit/http-request-action@1297c6fc63a79b147d1676540a3fd9d2e37817c5
+        uses: fjogeleit/http-request-action@1297c6fc63a79b147d1676540a3fd9d2e37817c5 # v1.16.5
         with:
           url: 'https://graphite-us-central1.grafana.net/metrics'
           method: 'POST'
diff --git a/.github/workflows/error-db.yml b/.github/workflows/error-db.yml
index d42242f0b..5c2ffebe8 100644
--- a/.github/workflows/error-db.yml
+++ b/.github/workflows/error-db.yml
@@ -14,7 +14,7 @@ jobs:
       - name: Query Discussion Data
         if: github.event_name == 'discussion_comment' || github.event_name == 'discussion' && github.event.action != 'deleted'
         id: query-data
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           script: |
             const query = `query ($owner: String!, $name: String!, $discussionNumber: Int!) {
@@ -42,7 +42,7 @@ jobs:
             return await github.graphql(query, variables)
       - name: Get Gist
         id: get-gist
-        uses: andymckay/get-gist-action@cf3bc8164af24126f7e5979eb6d3dc0c12309bd1
+        uses: andymckay/get-gist-action@cf3bc8164af24126f7e5979eb6d3dc0c12309bd1 # not_tagged
         with:
           gistURL: https://gist.github.com/cryptobot/accba9fb9555e7192271b85606f97230
       - name: Merge Error Code Data
@@ -58,7 +58,7 @@ jobs:
         env:
           DISCUSSION: ${{ steps.query-data.outputs.result }}
       - name: Patch Gist
-        uses: exuanbo/actions-deploy-gist@47697fceaeea2006a90594ee24eb9cd0a1121ef8
+        uses: exuanbo/actions-deploy-gist@47697fceaeea2006a90594ee24eb9cd0a1121ef8 # v1.1.4
         with:
           token: ${{ secrets.CRYPTOBOT_GIST_TOKEN }}
           gist_id: accba9fb9555e7192271b85606f97230
diff --git a/.github/workflows/flathub.yml b/.github/workflows/flathub.yml
index d409f72c3..d233a747b 100644
--- a/.github/workflows/flathub.yml
+++ b/.github/workflows/flathub.yml
@@ -43,7 +43,7 @@ jobs:
     env:
       FLATHUB_PR_URL: tbd
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           repository: 'flathub/org.cryptomator.Cryptomator'
           token: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
@@ -71,7 +71,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
       - name: Slack Notification
-        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661
+        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3
         if: github.event_name == 'release'
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.github/workflows/get-version.yml b/.github/workflows/get-version.yml
index 0b0582d63..5585d7ac5 100644
--- a/.github/workflows/get-version.yml
+++ b/.github/workflows/get-version.yml
@@ -35,11 +35,11 @@ jobs:
       revNum: ${{ steps.versions.outputs.revNum }}
       type: ${{ steps.versions.outputs.type}}
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
       - name: Setup Java
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
@@ -73,6 +73,6 @@ jobs:
         env:
           VERSION_STRING: ${{ inputs.version }}
       - name: Validate Version
-        uses: skymatic/semver-validation-action@7a6ae1c9e121540d11c9c7e4e667c83d583aa153
+        uses: skymatic/semver-validation-action@7a6ae1c9e121540d11c9c7e4e667c83d583aa153 # v3.0.0
         with:
           version: ${{ steps.versions.outputs.semVerStr }}
\ No newline at end of file
diff --git a/.github/workflows/mac-dmg-x64.yml b/.github/workflows/mac-dmg-x64.yml
index 2d3a6a7d4..59772c5eb 100644
--- a/.github/workflows/mac-dmg-x64.yml
+++ b/.github/workflows/mac-dmg-x64.yml
@@ -47,9 +47,9 @@ jobs:
           openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_osx-x64_bin-jmods.zip'
           openjfx-sha: '0eba73fb28a24c845175d16fa2f8c081c936ce6de1be9b79eb6119fa32e53d52'
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: Setup Java
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
@@ -261,7 +261,7 @@ jobs:
           CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }}
       - name: Notarize .dmg
         if: startsWith(github.ref, 'refs/tags/') || inputs.notarize
-        uses: cocoalibs/xcode-notarization-action@5cf433d494b6fa26504b574c591f4dd120388846
+        uses: cocoalibs/xcode-notarization-action@5cf433d494b6fa26504b574c591f4dd120388846 # v1.0.3
         with:
           app-path: 'Cryptomator-*.dmg'
           apple-id: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}
@@ -282,7 +282,7 @@ jobs:
         run: security delete-keychain $RUNNER_TEMP/codesign.keychain-db
         continue-on-error: true
       - name: Upload artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: dmg-${{ matrix.output-suffix }}
           path: |
@@ -291,7 +291,7 @@ jobs:
           if-no-files-found: error
       - name: Publish dmg on GitHub Releases
         if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
-        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090
+        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
         with:
           fail_on_unmatched_files: true
           token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
diff --git a/.github/workflows/mac-dmg.yml b/.github/workflows/mac-dmg.yml
index d7455c7f8..59dffc296 100644
--- a/.github/workflows/mac-dmg.yml
+++ b/.github/workflows/mac-dmg.yml
@@ -45,9 +45,9 @@ jobs:
           openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_osx-aarch64_bin-jmods.zip'
           openjfx-sha: '13f8c0513c40c95881479fbcf0465a29a60217393fb0656f5e4eab78a9442fba'
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: Setup Java
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
@@ -260,7 +260,7 @@ jobs:
           CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }}
       - name: Notarize .dmg
         if: startsWith(github.ref, 'refs/tags/') || inputs.notarize
-        uses: cocoalibs/xcode-notarization-action@5cf433d494b6fa26504b574c591f4dd120388846
+        uses: cocoalibs/xcode-notarization-action@5cf433d494b6fa26504b574c591f4dd120388846 # v1.0.3
         with:
           app-path: 'Cryptomator-*.dmg'
           apple-id: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}
@@ -281,7 +281,7 @@ jobs:
         run: security delete-keychain $RUNNER_TEMP/codesign.keychain-db
         continue-on-error: true
       - name: Upload artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: dmg-${{ matrix.output-suffix }}
           path: |
@@ -290,7 +290,7 @@ jobs:
           if-no-files-found: error
       - name: Publish dmg on GitHub Releases
         if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
-        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090
+        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
         with:
           fail_on_unmatched_files: true
           token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
diff --git a/.github/workflows/no-response.yml b/.github/workflows/no-response.yml
index d4f659e5e..9da0bfbc6 100644
--- a/.github/workflows/no-response.yml
+++ b/.github/workflows/no-response.yml
@@ -12,7 +12,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008
+      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
         with:
           days-before-stale: 14
           days-before-close: 0
diff --git a/.github/workflows/post-publish.yml b/.github/workflows/post-publish.yml
index 40eee58fe..14b115f02 100644
--- a/.github/workflows/post-publish.yml
+++ b/.github/workflows/post-publish.yml
@@ -19,14 +19,14 @@ jobs:
           GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
           GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
       - name: Publish asc on GitHub Releases
-        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090
+        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
         with:
           fail_on_unmatched_files: true
           token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
           files: |
             cryptomator-*.tar.gz.asc
       - name: Slack Notification
-        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661
+        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_USERNAME: 'Cryptobot'
diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml
index d90f33f4a..8bfddf2d4 100644
--- a/.github/workflows/pullrequest.yml
+++ b/.github/workflows/pullrequest.yml
@@ -16,8 +16,8 @@ jobs:
     name: Compile and Test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
-      - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
diff --git a/.github/workflows/release-check.yml b/.github/workflows/release-check.yml
index bacec536d..e1739326e 100644
--- a/.github/workflows/release-check.yml
+++ b/.github/workflows/release-check.yml
@@ -19,9 +19,9 @@ jobs:
     name: Validate commits pushed to release/hotfix branch to fulfill release requirements
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: Setup Java
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
         with:
           distribution: ${{ env.JAVA_DIST }}
           java-version: ${{ env.JAVA_VERSION }}
@@ -49,7 +49,7 @@ jobs:
             exit 1
           fi
       - name: Cache NVD DB
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: ~/.m2/repository/org/owasp/dependency-check-data/
           key: dependency-check-${{ github.run_id }}
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index a63ef1c8b..1a2dd28af 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -12,7 +12,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008
+      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
         with:
           days-before-stale: 365
           days-before-close: 90
diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml
index d427280cf..74862d233 100644
--- a/.github/workflows/win-exe.yml
+++ b/.github/workflows/win-exe.yml
@@ -55,9 +55,9 @@ jobs:
             java-version: '24.0.1+9'
             java-package: 'jdk'
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: Setup Java
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
         with:
           distribution: ${{ matrix.java-dist }}
           java-version: ${{ matrix.java-version }}
@@ -194,7 +194,7 @@ jobs:
           Get-ChildItem -Recurse -Path "jpackage-jmod" -File wixhelper.dll | Select-Object -Last 1 | Copy-Item -Destination "appdir"
       - name: Sign DLLs with Actalis CodeSigner
         if: inputs.sign || github.event_name == 'release'
-        uses: skymatic/workflows/.github/actions/win-sign-action@450e322ff2214d0be0b079b63343c894f3ef735f
+        uses: skymatic/workflows/.github/actions/win-sign-action@450e322ff2214d0be0b079b63343c894f3ef735f # no specific version
         with:
           base-dir: 'appdir'
           file-extensions: 'dll,exe,ps1'
@@ -253,7 +253,7 @@ jobs:
           JP_WIXHELPER_DIR: ${{ github.workspace }}\appdir
       - name: Sign msi with Actalis CodeSigner
         if: inputs.sign || github.event_name == 'release'
-        uses: skymatic/workflows/.github/actions/win-sign-action@450e322ff2214d0be0b079b63343c894f3ef735f
+        uses: skymatic/workflows/.github/actions/win-sign-action@450e322ff2214d0be0b079b63343c894f3ef735f # no specific version
         with:
           base-dir: 'installer'
           file-extensions: 'msi'
@@ -271,7 +271,7 @@ jobs:
           GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
           GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
       - name: Upload artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: msi-${{ matrix.arch }}
           path: |
@@ -293,21 +293,21 @@ jobs:
             java-version: '24.0.1+9'
             java-package: 'jdk'
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: Install wix and extensions
         run: |
           dotnet tool install --global wix --version 6.0.0
           wix.exe extension add WixToolset.BootstrapperApplications.wixext/6.0.0 --global
           wix.exe extension add WixToolset.Util.wixext/6.0.0 --global
       - name: Download .msi
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
         with:
           name: msi-${{ matrix.arch }}
           path: dist/win/bundle/resources
       - name: Strip version info from msi file name
         run: mv dist/win/bundle/resources/Cryptomator*.msi dist/win/bundle/resources/Cryptomator.msi
       - name: Setup Java
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
         with:
           distribution: ${{ matrix.java-dist }}
           java-version: ${{ matrix.java-version }}
@@ -359,7 +359,7 @@ jobs:
           wix burn detach installer/unsigned/Cryptomator-Installer.exe -engine tmp/engine.exe
       - name: Sign burn engine with Actalis CodeSigner
         if: inputs.sign || github.event_name == 'release'
-        uses: skymatic/workflows/.github/actions/win-sign-action@450e322ff2214d0be0b079b63343c894f3ef735f
+        uses: skymatic/workflows/.github/actions/win-sign-action@450e322ff2214d0be0b079b63343c894f3ef735f # no specific version
         with:
           base-dir: 'tmp'
           file-extensions: 'exe'
@@ -372,7 +372,7 @@ jobs:
           wix burn reattach installer/unsigned/Cryptomator-Installer.exe -engine tmp/engine.exe -o installer/Cryptomator-Installer.exe
       - name: Sign installer with Actalis CodeSigner
         if: inputs.sign || github.event_name == 'release'
-        uses: skymatic/workflows/.github/actions/win-sign-action@450e322ff2214d0be0b079b63343c894f3ef735f
+        uses: skymatic/workflows/.github/actions/win-sign-action@450e322ff2214d0be0b079b63343c894f3ef735f # no specific version
         with:
           base-dir: 'installer'
           file-extensions: 'exe'
@@ -390,7 +390,7 @@ jobs:
           GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
           GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
       - name: Upload artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: exe-${{ matrix.executable-suffix }}
           path: |
@@ -408,12 +408,12 @@ jobs:
       download-url-exe-x64: ${{ fromJSON(steps.publish.outputs.assets)[2].browser_download_url }}
     steps:
       - name: Download installers
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
         with:
           merge-multiple: true
       - name: Publish installers on GitHub Releases
         id: publish
-        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090
+        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
         with:
           fail_on_unmatched_files: true
           token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
@@ -444,7 +444,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Slack Notification
-        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661
+        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_USERNAME: 'Cryptobot'
diff --git a/.github/workflows/winget.yml b/.github/workflows/winget.yml
index d9e7db86f..5ab150229 100644
--- a/.github/workflows/winget.yml
+++ b/.github/workflows/winget.yml
@@ -18,7 +18,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
       - name: Submit package
-        uses: vedantmgoyal2009/winget-releaser@19e706d4c9121098010096f9c495a70a7518b30f
+        uses: vedantmgoyal2009/winget-releaser@19e706d4c9121098010096f9c495a70a7518b30f # no_specific_version
         with:
           identifier: Cryptomator.Cryptomator
           version: ${{ inputs.tag }}

From 227b322b8ad79057a64c8e53ab9d99772dccf55c Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Wed, 15 Oct 2025 15:55:29 +0200
Subject: [PATCH 112/117] revert cleanup that introduced a bug

---
 src/main/resources/fxml/convertvault_hubtopassword_convert.fxml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/resources/fxml/convertvault_hubtopassword_convert.fxml b/src/main/resources/fxml/convertvault_hubtopassword_convert.fxml
index a248c347b..7797b41b2 100644
--- a/src/main/resources/fxml/convertvault_hubtopassword_convert.fxml
+++ b/src/main/resources/fxml/convertvault_hubtopassword_convert.fxml
@@ -32,7 +32,7 @@
 		</StackPane>
 	</Group>
 	<VBox spacing="12" HBox.hgrow="ALWAYS" alignment="TOP_CENTER">
-		<fx:include source="new_password.fxml"/>
+		<fx:include fx:id="newPassword" source="new_password.fxml"/>
 
 		<Region VBox.vgrow="ALWAYS"/>
 

From 4ed4a3e3e53567f339d6f902020d1bd12d63fe0b Mon Sep 17 00:00:00 2001
From: Cryptobot <cryptobot@users.noreply.github.com>
Date: Thu, 16 Oct 2025 10:19:44 +0200
Subject: [PATCH 113/117] New Crowdin updates (#4009)

New translations strings.properties

Arabic; Catalan; Chinese Simplified; Chinese Traditional; Chinese Traditional, Hong Kong; Czech; Danish; Dutch; Filipino; Finnish; French; German; Greek; Hungarian; Indonesian; Italian; Japanese; Korean; Latvian; Norwegian Bokmal; Polish; Portuguese; Portuguese, Brazilian; Punjabi; Romanian; Russian; Slovak; Slovenian; Spanish; Swedish; Thai; Turkish; Ukrainian; Uyghur; Vietnamese;

[ci skip]
---
 src/main/resources/i18n/strings_ar.properties    | 1 +
 src/main/resources/i18n/strings_ca.properties    | 1 +
 src/main/resources/i18n/strings_cs.properties    | 1 +
 src/main/resources/i18n/strings_da.properties    | 1 +
 src/main/resources/i18n/strings_de.properties    | 1 +
 src/main/resources/i18n/strings_el.properties    | 1 +
 src/main/resources/i18n/strings_es.properties    | 1 +
 src/main/resources/i18n/strings_fi.properties    | 1 +
 src/main/resources/i18n/strings_fil.properties   | 1 +
 src/main/resources/i18n/strings_fr.properties    | 5 +++--
 src/main/resources/i18n/strings_hu.properties    | 1 +
 src/main/resources/i18n/strings_id.properties    | 1 +
 src/main/resources/i18n/strings_it.properties    | 1 +
 src/main/resources/i18n/strings_ja.properties    | 1 +
 src/main/resources/i18n/strings_ko.properties    | 1 +
 src/main/resources/i18n/strings_lv.properties    | 1 +
 src/main/resources/i18n/strings_nb.properties    | 1 +
 src/main/resources/i18n/strings_nl.properties    | 1 +
 src/main/resources/i18n/strings_pa.properties    | 1 +
 src/main/resources/i18n/strings_pl.properties    | 1 +
 src/main/resources/i18n/strings_pt.properties    | 1 +
 src/main/resources/i18n/strings_pt_BR.properties | 1 +
 src/main/resources/i18n/strings_ro.properties    | 1 +
 src/main/resources/i18n/strings_ru.properties    | 1 +
 src/main/resources/i18n/strings_sk.properties    | 1 +
 src/main/resources/i18n/strings_sl.properties    | 1 +
 src/main/resources/i18n/strings_sv.properties    | 1 +
 src/main/resources/i18n/strings_th.properties    | 1 +
 src/main/resources/i18n/strings_tr.properties    | 1 +
 src/main/resources/i18n/strings_ug.properties    | 1 +
 src/main/resources/i18n/strings_uk.properties    | 1 +
 src/main/resources/i18n/strings_vi.properties    | 1 +
 src/main/resources/i18n/strings_zh.properties    | 1 +
 src/main/resources/i18n/strings_zh_HK.properties | 1 +
 src/main/resources/i18n/strings_zh_TW.properties | 1 +
 35 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/src/main/resources/i18n/strings_ar.properties b/src/main/resources/i18n/strings_ar.properties
index f69f4b67c..ecf480be6 100644
--- a/src/main/resources/i18n/strings_ar.properties
+++ b/src/main/resources/i18n/strings_ar.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=فتح…
 main.vaultlist.contextMenu.unlockNow=افتح الان
 main.vaultlist.contextMenu.vaultoptions=إظهار خيارات المخزن
 main.vaultlist.contextMenu.reveal=اظهار القرص
+main.vaultlist.contextMenu.share=مشاركة…
 main.vaultlist.addVaultBtn.menuItemNew=إنشاء مخزن جديد...
 main.vaultlist.addVaultBtn.menuItemExisting=افتح مخزن موجود...
 main.vaultlist.showEventsButton.tooltip=عرض الإشعارات
diff --git a/src/main/resources/i18n/strings_ca.properties b/src/main/resources/i18n/strings_ca.properties
index 64978397e..1a0ccbc57 100644
--- a/src/main/resources/i18n/strings_ca.properties
+++ b/src/main/resources/i18n/strings_ca.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Desbloca…
 main.vaultlist.contextMenu.unlockNow=Desbloqueja ara
 main.vaultlist.contextMenu.vaultoptions=Opcions de la caixa forta
 main.vaultlist.contextMenu.reveal=Mostra la unitat
+main.vaultlist.contextMenu.share=Compateix…
 main.vaultlist.addVaultBtn.menuItemNew=Crea una nova caixa forta…
 main.vaultlist.addVaultBtn.menuItemExisting=Obri una caixa forta existent...
 ##Notificaition
diff --git a/src/main/resources/i18n/strings_cs.properties b/src/main/resources/i18n/strings_cs.properties
index 248e1a529..0fd46640a 100644
--- a/src/main/resources/i18n/strings_cs.properties
+++ b/src/main/resources/i18n/strings_cs.properties
@@ -364,6 +364,7 @@ main.vaultlist.contextMenu.unlock=Odemknout…
 main.vaultlist.contextMenu.unlockNow=Odemknout nyní
 main.vaultlist.contextMenu.vaultoptions=Zobrazit možnosti trezoru
 main.vaultlist.contextMenu.reveal=Zobrazit jednotku
+main.vaultlist.contextMenu.share=Sdílet…
 ##Notificaition
 ## Vault Detail
 ### Welcome
diff --git a/src/main/resources/i18n/strings_da.properties b/src/main/resources/i18n/strings_da.properties
index dc6c7d63f..0490cdfef 100644
--- a/src/main/resources/i18n/strings_da.properties
+++ b/src/main/resources/i18n/strings_da.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Lås op…
 main.vaultlist.contextMenu.unlockNow=Lås op nu
 main.vaultlist.contextMenu.vaultoptions=Vis boksindstillinger
 main.vaultlist.contextMenu.reveal=Vis drev
+main.vaultlist.contextMenu.share=Del…
 main.vaultlist.addVaultBtn.menuItemNew=Opret ny boks...
 main.vaultlist.addVaultBtn.menuItemExisting=Åbn eksisterende boks...
 main.vaultlist.showEventsButton.tooltip=Åbn begivenhedsvisning
diff --git a/src/main/resources/i18n/strings_de.properties b/src/main/resources/i18n/strings_de.properties
index 1d0dcda87..a7bc6bb3d 100644
--- a/src/main/resources/i18n/strings_de.properties
+++ b/src/main/resources/i18n/strings_de.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Entsperren …
 main.vaultlist.contextMenu.unlockNow=Jetzt entsperren
 main.vaultlist.contextMenu.vaultoptions=Tresoroptionen anzeigen
 main.vaultlist.contextMenu.reveal=Laufwerk anzeigen
+main.vaultlist.contextMenu.share=Teilen …
 main.vaultlist.addVaultBtn.menuItemNew=Neuen Tresor erstellen...
 main.vaultlist.addVaultBtn.menuItemExisting=Bestehenden Tresor öffnen...
 main.vaultlist.showEventsButton.tooltip=Ereignis-Ansicht öffnen
diff --git a/src/main/resources/i18n/strings_el.properties b/src/main/resources/i18n/strings_el.properties
index 4a076d371..1001d3912 100644
--- a/src/main/resources/i18n/strings_el.properties
+++ b/src/main/resources/i18n/strings_el.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Ξεκλείδωμα…
 main.vaultlist.contextMenu.unlockNow=Ξεκλείδωμα τώρα
 main.vaultlist.contextMenu.vaultoptions=Εμφάνιση επιλογών Vault
 main.vaultlist.contextMenu.reveal=Αποκάλυψη εικονικού δίσκου
+main.vaultlist.contextMenu.share=Κοινοποίηση…
 main.vaultlist.addVaultBtn.menuItemNew=Δημιουργία Νέας Κρύπτης...
 main.vaultlist.addVaultBtn.menuItemExisting=Άνοιγμα Υπάρχοντος Κρύπτης...
 main.vaultlist.showEventsButton.tooltip=Άνοιγμα προβολής συμβάντων
diff --git a/src/main/resources/i18n/strings_es.properties b/src/main/resources/i18n/strings_es.properties
index 65ee6501b..ba47d0131 100644
--- a/src/main/resources/i18n/strings_es.properties
+++ b/src/main/resources/i18n/strings_es.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Desbloquear…
 main.vaultlist.contextMenu.unlockNow=Desbloquear ahora
 main.vaultlist.contextMenu.vaultoptions=Mostrar opciones de la bóveda
 main.vaultlist.contextMenu.reveal=Revelar unidad
+main.vaultlist.contextMenu.share=Compartir…
 main.vaultlist.addVaultBtn.menuItemNew=Crear Bóveda Nueva...
 main.vaultlist.addVaultBtn.menuItemExisting=Abrir Bóveda Existente...
 main.vaultlist.showEventsButton.tooltip=Abrir vista de evento
diff --git a/src/main/resources/i18n/strings_fi.properties b/src/main/resources/i18n/strings_fi.properties
index 3ab91964b..e6ec743e5 100644
--- a/src/main/resources/i18n/strings_fi.properties
+++ b/src/main/resources/i18n/strings_fi.properties
@@ -392,6 +392,7 @@ main.vaultlist.contextMenu.unlock=Avaa…
 main.vaultlist.contextMenu.unlockNow=Avaa Nyt
 main.vaultlist.contextMenu.vaultoptions=Näytä holvin asetukset
 main.vaultlist.contextMenu.reveal=Paljasta Asema
+main.vaultlist.contextMenu.share=Jaa…
 main.vaultlist.addVaultBtn.menuItemNew=Luo uusi holvi...
 main.vaultlist.addVaultBtn.menuItemExisting=Avaa olemassa oleva holvi...
 main.vaultlist.showEventsButton.tooltip=Avaa tapahtumanäkymä
diff --git a/src/main/resources/i18n/strings_fil.properties b/src/main/resources/i18n/strings_fil.properties
index 5067ee7db..b094e4943 100644
--- a/src/main/resources/i18n/strings_fil.properties
+++ b/src/main/resources/i18n/strings_fil.properties
@@ -384,6 +384,7 @@ main.vaultlist.contextMenu.unlock=I-unlock…
 main.vaultlist.contextMenu.unlockNow=I-unlock Ngayon
 main.vaultlist.contextMenu.vaultoptions=Ipakita ang Mga Opsyon sa Vault
 main.vaultlist.contextMenu.reveal=Ibunyag ang Drive
+main.vaultlist.contextMenu.share=Ibahagi…
 ##Notificaition
 ## Vault Detail
 ### Welcome
diff --git a/src/main/resources/i18n/strings_fr.properties b/src/main/resources/i18n/strings_fr.properties
index 84867010f..081e79a45 100644
--- a/src/main/resources/i18n/strings_fr.properties
+++ b/src/main/resources/i18n/strings_fr.properties
@@ -361,7 +361,7 @@ stats.read.total.data.kib=Lecture des données : %.1f kio
 stats.read.total.data.mib=Lecture des données : %.1f MiO
 stats.read.total.data.gib=Lecture des données : %.1f GiO
 stats.decr.total.data.none=Données déchiffrées: -
-stats.decr.total.data.kib=Données déchiffrées: %.1f kio
+stats.decr.total.data.kib=Données déchiffrées: %.1f Kio
 stats.decr.total.data.mib=Données déchiffrées: %.1f MiO
 stats.decr.total.data.gib=Données déchiffrées: %.1f GiO
 stats.read.accessCount=Total des lectures: %d
@@ -374,7 +374,7 @@ stats.write.total.data.kib=Données écrites : %.1f kio
 stats.write.total.data.mib=Données écrites : %.1f MiO
 stats.write.total.data.gib=Données écrites : %.1f GiO
 stats.encr.total.data.none=Données chiffrées : -
-stats.encr.total.data.kib=Données chiffrées: %.1f kio
+stats.encr.total.data.kib=Données chiffrées: %.1f Kio
 stats.encr.total.data.mib=Données chiffrées: %.1f MiO
 stats.encr.total.data.gib=Données chiffrées: %.1f GiO
 stats.write.accessCount=Total des écritures: %d
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Déverrouiller…
 main.vaultlist.contextMenu.unlockNow=Déverrouiller maintenant
 main.vaultlist.contextMenu.vaultoptions=Afficher les options du volume chiffré
 main.vaultlist.contextMenu.reveal=Afficher le lecteur
+main.vaultlist.contextMenu.share=Partager…
 main.vaultlist.addVaultBtn.menuItemNew=Créer un nouveau coffre...
 main.vaultlist.addVaultBtn.menuItemExisting=Ouvrir un coffre existant...
 main.vaultlist.showEventsButton.tooltip=Ouvrir la vue Événements
diff --git a/src/main/resources/i18n/strings_hu.properties b/src/main/resources/i18n/strings_hu.properties
index 375261975..982e36fbd 100644
--- a/src/main/resources/i18n/strings_hu.properties
+++ b/src/main/resources/i18n/strings_hu.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Feloldás…
 main.vaultlist.contextMenu.unlockNow=Azonnali feloldás
 main.vaultlist.contextMenu.vaultoptions=Széf beállítások
 main.vaultlist.contextMenu.reveal=Széf megjelenítése
+main.vaultlist.contextMenu.share=Megosztás…
 main.vaultlist.addVaultBtn.menuItemNew=Új széf létrehozása...
 main.vaultlist.addVaultBtn.menuItemExisting=Meglévő széf megnyitása...
 ##Notificaition
diff --git a/src/main/resources/i18n/strings_id.properties b/src/main/resources/i18n/strings_id.properties
index 57fa4ecb5..bfaa7afdb 100644
--- a/src/main/resources/i18n/strings_id.properties
+++ b/src/main/resources/i18n/strings_id.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Buka Kunci…
 main.vaultlist.contextMenu.unlockNow=Buka Kunci Sekarang
 main.vaultlist.contextMenu.vaultoptions=Tampilkan Opsi Vault
 main.vaultlist.contextMenu.reveal=Buka Drive
+main.vaultlist.contextMenu.share=Bagikan…
 main.vaultlist.addVaultBtn.menuItemNew=Buat Vault Baru...
 main.vaultlist.addVaultBtn.menuItemExisting=Buka Vault yang Tersedia...
 ##Notificaition
diff --git a/src/main/resources/i18n/strings_it.properties b/src/main/resources/i18n/strings_it.properties
index a23ad1dad..7584e9bf1 100644
--- a/src/main/resources/i18n/strings_it.properties
+++ b/src/main/resources/i18n/strings_it.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Sblocca…
 main.vaultlist.contextMenu.unlockNow=Sblocca Ora
 main.vaultlist.contextMenu.vaultoptions=Mostra le Opzioni della Cassaforte
 main.vaultlist.contextMenu.reveal=Rivela Unità
+main.vaultlist.contextMenu.share=Condividi…
 main.vaultlist.addVaultBtn.menuItemNew=Crea una nuova cassaforte...
 main.vaultlist.addVaultBtn.menuItemExisting=Apri una cassaforte esistente...
 main.vaultlist.showEventsButton.tooltip=Apri vista eventi
diff --git a/src/main/resources/i18n/strings_ja.properties b/src/main/resources/i18n/strings_ja.properties
index b1559d5e4..8f636c3b4 100644
--- a/src/main/resources/i18n/strings_ja.properties
+++ b/src/main/resources/i18n/strings_ja.properties
@@ -390,6 +390,7 @@ main.vaultlist.contextMenu.unlock=解錠...
 main.vaultlist.contextMenu.unlockNow=今すぐ解錠
 main.vaultlist.contextMenu.vaultoptions=金庫のオプションを表示
 main.vaultlist.contextMenu.reveal=ドライブを表示
+main.vaultlist.contextMenu.share=共有…
 main.vaultlist.addVaultBtn.menuItemNew=新しい金庫を作成…
 main.vaultlist.addVaultBtn.menuItemExisting=既存の金庫を開く…
 ##Notificaition
diff --git a/src/main/resources/i18n/strings_ko.properties b/src/main/resources/i18n/strings_ko.properties
index 2720c8ef7..f1d558447 100644
--- a/src/main/resources/i18n/strings_ko.properties
+++ b/src/main/resources/i18n/strings_ko.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=잠금 해제...
 main.vaultlist.contextMenu.unlockNow=지금 잠금 해제
 main.vaultlist.contextMenu.vaultoptions=Vault 옵션 보기
 main.vaultlist.contextMenu.reveal=드라이브 표시
+main.vaultlist.contextMenu.share=공유하기…
 main.vaultlist.addVaultBtn.menuItemNew=새 Vault 생성...
 main.vaultlist.addVaultBtn.menuItemExisting=기존 Vault 열기...
 main.vaultlist.showEventsButton.tooltip=이벤트 뷰어 열기
diff --git a/src/main/resources/i18n/strings_lv.properties b/src/main/resources/i18n/strings_lv.properties
index 46ed07b31..55657f1ef 100644
--- a/src/main/resources/i18n/strings_lv.properties
+++ b/src/main/resources/i18n/strings_lv.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Atslēgt…
 main.vaultlist.contextMenu.unlockNow=Atslēgt tagad
 main.vaultlist.contextMenu.vaultoptions=Rādīt glabātavas iespējas
 main.vaultlist.contextMenu.reveal=Atklāt disku
+main.vaultlist.contextMenu.share=Kopīgot…
 main.vaultlist.addVaultBtn.menuItemNew=Izveidot jaunu glabātavu...
 main.vaultlist.addVaultBtn.menuItemExisting=Atvērt esošu glabātavu...
 main.vaultlist.showEventsButton.tooltip=Atvērt notikumu skatu
diff --git a/src/main/resources/i18n/strings_nb.properties b/src/main/resources/i18n/strings_nb.properties
index b13a55c7d..31e302d87 100644
--- a/src/main/resources/i18n/strings_nb.properties
+++ b/src/main/resources/i18n/strings_nb.properties
@@ -386,6 +386,7 @@ main.vaultlist.contextMenu.unlock=Lås opp…
 main.vaultlist.contextMenu.unlockNow=Lås opp nå
 main.vaultlist.contextMenu.vaultoptions=Alternativer for hvelvet
 main.vaultlist.contextMenu.reveal=Vis enheten
+main.vaultlist.contextMenu.share=Del…
 ##Notificaition
 main.notification.support=Støtt Cryptomator.
 ## Vault Detail
diff --git a/src/main/resources/i18n/strings_nl.properties b/src/main/resources/i18n/strings_nl.properties
index 9875f5ef2..4b6f4ad82 100644
--- a/src/main/resources/i18n/strings_nl.properties
+++ b/src/main/resources/i18n/strings_nl.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Ontgrendelen…
 main.vaultlist.contextMenu.unlockNow=Nu Ontgrendelen
 main.vaultlist.contextMenu.vaultoptions=Laat kluisinstellingen zien
 main.vaultlist.contextMenu.reveal=Toon Schijf
+main.vaultlist.contextMenu.share=Delen…
 main.vaultlist.addVaultBtn.menuItemNew=Nieuwe Kluis Aanmaken...
 main.vaultlist.addVaultBtn.menuItemExisting=Open Bestaande Kluis...
 main.vaultlist.showEventsButton.tooltip=Afspraakweergave openen
diff --git a/src/main/resources/i18n/strings_pa.properties b/src/main/resources/i18n/strings_pa.properties
index bf7dfa025..c0a714bda 100644
--- a/src/main/resources/i18n/strings_pa.properties
+++ b/src/main/resources/i18n/strings_pa.properties
@@ -328,6 +328,7 @@ main.vaultlist.contextMenu.unlock=ਅਣ-ਲਾਕ ਕਰੋ…
 main.vaultlist.contextMenu.unlockNow=ਹੁਣੇ ਅਣ-ਲਾਕ ਕਰੋ
 main.vaultlist.contextMenu.vaultoptions=ਵਾਲਟ ਚੋਣਾਂ ਨੂੰ ਵੇਖਾਓ
 main.vaultlist.contextMenu.reveal=ਡਰਾਇਵ ਦਿਖਾਓ
+main.vaultlist.contextMenu.share=…ਸਾਂਝਾ ਕਰੋ
 main.vaultlist.addVaultBtn.menuItemNew=...ਨਵਾਂ ਵਾਲਟ ਬਣਾਓ
 main.vaultlist.addVaultBtn.menuItemExisting=...ਮੌਜੂਦਾ ਵਾਲਟ ਨੂੰ ਖੋਲ੍ਹੋ
 ##Notificaition
diff --git a/src/main/resources/i18n/strings_pl.properties b/src/main/resources/i18n/strings_pl.properties
index f9b38910d..db7342d0e 100644
--- a/src/main/resources/i18n/strings_pl.properties
+++ b/src/main/resources/i18n/strings_pl.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Odblokuj…
 main.vaultlist.contextMenu.unlockNow=Odblokuj teraz
 main.vaultlist.contextMenu.vaultoptions=Pokaż opcje sejfu
 main.vaultlist.contextMenu.reveal=Otwórz lokalizację
+main.vaultlist.contextMenu.share=Udostępnij…
 main.vaultlist.addVaultBtn.menuItemNew=Utwórz Nowy Sejf...
 main.vaultlist.addVaultBtn.menuItemExisting=Otwórz Istniejący Sejf...
 main.vaultlist.showEventsButton.tooltip=Otwórz widok wydarzeń
diff --git a/src/main/resources/i18n/strings_pt.properties b/src/main/resources/i18n/strings_pt.properties
index bb048b2cf..fec088e48 100644
--- a/src/main/resources/i18n/strings_pt.properties
+++ b/src/main/resources/i18n/strings_pt.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Desbloquear…
 main.vaultlist.contextMenu.unlockNow=Desbloquear agora
 main.vaultlist.contextMenu.vaultoptions=Mostrar opções do Cofre
 main.vaultlist.contextMenu.reveal=Revelar unidade
+main.vaultlist.contextMenu.share=Partilhar…
 main.vaultlist.addVaultBtn.menuItemNew=Criar novo cofre...
 main.vaultlist.addVaultBtn.menuItemExisting=Abrir cofre existente...
 main.vaultlist.showEventsButton.tooltip=Abrir visualização do evento
diff --git a/src/main/resources/i18n/strings_pt_BR.properties b/src/main/resources/i18n/strings_pt_BR.properties
index 58f31d575..2dea3c44c 100644
--- a/src/main/resources/i18n/strings_pt_BR.properties
+++ b/src/main/resources/i18n/strings_pt_BR.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Desbloquear…
 main.vaultlist.contextMenu.unlockNow=Desbloquear Agora
 main.vaultlist.contextMenu.vaultoptions=Exibir Opções de Cofre
 main.vaultlist.contextMenu.reveal=Revelar Volume
+main.vaultlist.contextMenu.share=Compartilhar…
 main.vaultlist.addVaultBtn.menuItemNew=Novo Cofre...
 main.vaultlist.addVaultBtn.menuItemExisting=Abrir Cofre Existente...
 main.vaultlist.showEventsButton.tooltip=Abrir visualização de evento
diff --git a/src/main/resources/i18n/strings_ro.properties b/src/main/resources/i18n/strings_ro.properties
index e5812a6ec..308e09290 100644
--- a/src/main/resources/i18n/strings_ro.properties
+++ b/src/main/resources/i18n/strings_ro.properties
@@ -389,6 +389,7 @@ main.vaultlist.contextMenu.unlock=Deblochează…
 main.vaultlist.contextMenu.unlockNow=Deblochează acum
 main.vaultlist.contextMenu.vaultoptions=Arată opțiunile seifului
 main.vaultlist.contextMenu.reveal=Dezvăluie unitatea
+main.vaultlist.contextMenu.share=Distribuie…
 main.vaultlist.addVaultBtn.menuItemNew=Creare seif nou...
 main.vaultlist.addVaultBtn.menuItemExisting=Deschide un seif existent...
 ##Notificaition
diff --git a/src/main/resources/i18n/strings_ru.properties b/src/main/resources/i18n/strings_ru.properties
index c0f3da76a..0ff9ea63a 100644
--- a/src/main/resources/i18n/strings_ru.properties
+++ b/src/main/resources/i18n/strings_ru.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Разблокировать…
 main.vaultlist.contextMenu.unlockNow=Разблокировать
 main.vaultlist.contextMenu.vaultoptions=Параметры хранилища
 main.vaultlist.contextMenu.reveal=Показать диск
+main.vaultlist.contextMenu.share=Поделиться…
 main.vaultlist.addVaultBtn.menuItemNew=Создать хранилище...
 main.vaultlist.addVaultBtn.menuItemExisting=Открыть имеющееся хранилище...
 main.vaultlist.showEventsButton.tooltip=Открыть просмотр события
diff --git a/src/main/resources/i18n/strings_sk.properties b/src/main/resources/i18n/strings_sk.properties
index b1b985b7a..ac8a91505 100644
--- a/src/main/resources/i18n/strings_sk.properties
+++ b/src/main/resources/i18n/strings_sk.properties
@@ -386,6 +386,7 @@ main.vaultlist.contextMenu.unlock=Odomknúť…
 main.vaultlist.contextMenu.unlockNow=Odomknúť teraz
 main.vaultlist.contextMenu.vaultoptions=Ukáž možnosti trezora
 main.vaultlist.contextMenu.reveal=Odkry disk
+main.vaultlist.contextMenu.share=Zdieľať…
 main.vaultlist.addVaultBtn.menuItemNew=Vytvoriť Nový trezor…
 main.vaultlist.addVaultBtn.menuItemExisting=Otvoriť Existujúci trezor...
 main.vaultlist.showEventsButton.tooltip=Otvoriť zobrazenie udalosti
diff --git a/src/main/resources/i18n/strings_sl.properties b/src/main/resources/i18n/strings_sl.properties
index bc19194d4..d62415d50 100644
--- a/src/main/resources/i18n/strings_sl.properties
+++ b/src/main/resources/i18n/strings_sl.properties
@@ -132,6 +132,7 @@ preferences.updates.lastUpdateCheck.daysAgo=%s dni nazaj
 ## Vault List
 main.vaultlist.contextMenu.lock=Zakleni
 main.vaultlist.contextMenu.unlockNow=Odkleni zdaj
+main.vaultlist.contextMenu.share=Deli…
 ##Notificaition
 ## Vault Detail
 ### Welcome
diff --git a/src/main/resources/i18n/strings_sv.properties b/src/main/resources/i18n/strings_sv.properties
index d84be6af4..6b38e0d7c 100644
--- a/src/main/resources/i18n/strings_sv.properties
+++ b/src/main/resources/i18n/strings_sv.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Lås upp…
 main.vaultlist.contextMenu.unlockNow=Lås upp nu
 main.vaultlist.contextMenu.vaultoptions=Visa inställningar för valv
 main.vaultlist.contextMenu.reveal=Visa enhet
+main.vaultlist.contextMenu.share=Dela…
 main.vaultlist.addVaultBtn.menuItemNew=Skapa nytt valv...
 main.vaultlist.addVaultBtn.menuItemExisting=Öppna befintligt valv...
 main.vaultlist.showEventsButton.tooltip=Öppna händelsevy
diff --git a/src/main/resources/i18n/strings_th.properties b/src/main/resources/i18n/strings_th.properties
index 22f981768..d8c82a09d 100644
--- a/src/main/resources/i18n/strings_th.properties
+++ b/src/main/resources/i18n/strings_th.properties
@@ -335,6 +335,7 @@ main.vaultlist.contextMenu.unlock=ปลดล็อก...
 main.vaultlist.contextMenu.unlockNow=ปลดล็อกตอนนี้
 main.vaultlist.contextMenu.vaultoptions=แสดงตัวเลือก Vault
 main.vaultlist.contextMenu.reveal=เปิดไดรฟ์
+main.vaultlist.contextMenu.share=แชร์...
 ##Notificaition
 ## Vault Detail
 ### Welcome
diff --git a/src/main/resources/i18n/strings_tr.properties b/src/main/resources/i18n/strings_tr.properties
index e77dfd64c..69d097492 100644
--- a/src/main/resources/i18n/strings_tr.properties
+++ b/src/main/resources/i18n/strings_tr.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Kilidi aç…
 main.vaultlist.contextMenu.unlockNow=Kilidi Şimdi Aç
 main.vaultlist.contextMenu.vaultoptions=Kasa Ayarlarını Göster
 main.vaultlist.contextMenu.reveal=Sürücüyü Göster
+main.vaultlist.contextMenu.share=Paylaş…
 main.vaultlist.addVaultBtn.menuItemNew=Yeni Kasa Oluştur...
 main.vaultlist.addVaultBtn.menuItemExisting=Var Olan Kasayı Aç...
 ##Notificaition
diff --git a/src/main/resources/i18n/strings_ug.properties b/src/main/resources/i18n/strings_ug.properties
index 427c30f62..50624bf22 100644
--- a/src/main/resources/i18n/strings_ug.properties
+++ b/src/main/resources/i18n/strings_ug.properties
@@ -383,6 +383,7 @@ main.vaultlist.contextMenu.unlock=قۇلۇپسىزلا…
 main.vaultlist.contextMenu.unlockNow=ھازىر قۇلۇپسىزلا
 main.vaultlist.contextMenu.vaultoptions=ئامبار تاللانمىلىرىنى كۆرسەت
 main.vaultlist.contextMenu.reveal=دىسكىنى كۆرسەت
+main.vaultlist.contextMenu.share=ھەمبەھىرلە…
 ##Notificaition
 ## Vault Detail
 ### Welcome
diff --git a/src/main/resources/i18n/strings_uk.properties b/src/main/resources/i18n/strings_uk.properties
index 6d9390577..2b120b967 100644
--- a/src/main/resources/i18n/strings_uk.properties
+++ b/src/main/resources/i18n/strings_uk.properties
@@ -394,6 +394,7 @@ main.vaultlist.contextMenu.unlock=Розблокувати…
 main.vaultlist.contextMenu.unlockNow=Розблокувати
 main.vaultlist.contextMenu.vaultoptions=Показати параметри сховища
 main.vaultlist.contextMenu.reveal=Відкрити диск
+main.vaultlist.contextMenu.share=Поділитися…
 main.vaultlist.addVaultBtn.menuItemNew=Створити нове сховище...
 main.vaultlist.addVaultBtn.menuItemExisting=Відкрити наявне сховище...
 main.vaultlist.showEventsButton.tooltip=Відкрити журнал подій
diff --git a/src/main/resources/i18n/strings_vi.properties b/src/main/resources/i18n/strings_vi.properties
index 9f217b11a..f0806b21a 100644
--- a/src/main/resources/i18n/strings_vi.properties
+++ b/src/main/resources/i18n/strings_vi.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=Mở khoá…
 main.vaultlist.contextMenu.unlockNow=Mở khóa bây giờ
 main.vaultlist.contextMenu.vaultoptions=Hiện tùy chọn vault
 main.vaultlist.contextMenu.reveal=Hiển thị Ổ đĩa
+main.vaultlist.contextMenu.share=Chia sẻ…
 main.vaultlist.addVaultBtn.menuItemNew=Tạo Vault Mới...
 main.vaultlist.addVaultBtn.menuItemExisting=Mở Vault Hiện Có...
 main.vaultlist.showEventsButton.tooltip=Mở xem sự kiện
diff --git a/src/main/resources/i18n/strings_zh.properties b/src/main/resources/i18n/strings_zh.properties
index 3e97a80de..caa74221c 100644
--- a/src/main/resources/i18n/strings_zh.properties
+++ b/src/main/resources/i18n/strings_zh.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=解锁…
 main.vaultlist.contextMenu.unlockNow=立即解锁
 main.vaultlist.contextMenu.vaultoptions=显示保险库选项
 main.vaultlist.contextMenu.reveal=显示驱动器
+main.vaultlist.contextMenu.share=共享…
 main.vaultlist.addVaultBtn.menuItemNew=新建保险库...
 main.vaultlist.addVaultBtn.menuItemExisting=打开现有的保险库...
 ##Notificaition
diff --git a/src/main/resources/i18n/strings_zh_HK.properties b/src/main/resources/i18n/strings_zh_HK.properties
index 7ee362b37..984fbf1f6 100644
--- a/src/main/resources/i18n/strings_zh_HK.properties
+++ b/src/main/resources/i18n/strings_zh_HK.properties
@@ -391,6 +391,7 @@ main.vaultlist.contextMenu.unlock=解鎖…
 main.vaultlist.contextMenu.unlockNow=立即解鎖
 main.vaultlist.contextMenu.vaultoptions=顯示加密庫選項
 main.vaultlist.contextMenu.reveal=展示磁碟
+main.vaultlist.contextMenu.share=分享…
 main.vaultlist.addVaultBtn.menuItemNew=新建加密檔案庫...
 main.vaultlist.addVaultBtn.menuItemExisting=開啟現有的加密檔案庫...
 ##Notificaition
diff --git a/src/main/resources/i18n/strings_zh_TW.properties b/src/main/resources/i18n/strings_zh_TW.properties
index a401e439b..9d03cfa49 100644
--- a/src/main/resources/i18n/strings_zh_TW.properties
+++ b/src/main/resources/i18n/strings_zh_TW.properties
@@ -393,6 +393,7 @@ main.vaultlist.contextMenu.unlock=解鎖…
 main.vaultlist.contextMenu.unlockNow=立即解鎖
 main.vaultlist.contextMenu.vaultoptions=顯示加密檔案庫選項
 main.vaultlist.contextMenu.reveal=顯示磁碟
+main.vaultlist.contextMenu.share=分享…
 main.vaultlist.addVaultBtn.menuItemNew=新建加密檔案庫...
 main.vaultlist.addVaultBtn.menuItemExisting=開啟現有的加密檔案庫...
 main.vaultlist.showEventsButton.tooltip=打開事件檢視

From db9bd49dd9edd4d9e69958a5e611a76b98609ac0 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Thu, 16 Oct 2025 10:38:01 +0200
Subject: [PATCH 114/117] add jdk modules jdk.crypto.ec and jdk.crypto.cryptoki
 requrired by nimbus-jose-jwt dependency

references e50c949b62f093620a73f26f2ca465675d4526cb
---
 .github/workflows/appimage.yml    | 2 +-
 .github/workflows/mac-dmg-x64.yml | 2 +-
 .github/workflows/mac-dmg.yml     | 2 +-
 .github/workflows/win-exe.yml     | 2 +-
 dist/linux/appimage/build.sh      | 2 +-
 dist/linux/debian/rules           | 2 +-
 dist/mac/dmg/build.sh             | 2 +-
 dist/win/build.ps1                | 4 +++-
 8 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/appimage.yml b/.github/workflows/appimage.yml
index 143746c53..11206ca54 100644
--- a/.github/workflows/appimage.yml
+++ b/.github/workflows/appimage.yml
@@ -95,7 +95,7 @@ jobs:
           --verbose
           --output runtime
           --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}"
-          --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler
+          --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler
           --strip-native-commands
           --no-header-files
           --no-man-pages
diff --git a/.github/workflows/mac-dmg-x64.yml b/.github/workflows/mac-dmg-x64.yml
index 59772c5eb..9e6f48a7c 100644
--- a/.github/workflows/mac-dmg-x64.yml
+++ b/.github/workflows/mac-dmg-x64.yml
@@ -99,7 +99,7 @@ jobs:
           --verbose
           --output runtime
           --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}"
-          --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
+          --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
           --strip-native-commands
           --no-header-files
           --no-man-pages
diff --git a/.github/workflows/mac-dmg.yml b/.github/workflows/mac-dmg.yml
index 59dffc296..c47b4309a 100644
--- a/.github/workflows/mac-dmg.yml
+++ b/.github/workflows/mac-dmg.yml
@@ -97,7 +97,7 @@ jobs:
           --verbose
           --output runtime
           --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}"
-          --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
+          --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
           --strip-native-commands
           --no-header-files
           --no-man-pages
diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml
index 74862d233..bf2e5cce7 100644
--- a/.github/workflows/win-exe.yml
+++ b/.github/workflows/win-exe.yml
@@ -117,7 +117,7 @@ jobs:
           --verbose
           --output runtime
           --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}"
-          --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.mscapi,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
+          --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.crypto.mscapi,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
           --strip-native-commands
           --no-header-files
           --no-man-pages
diff --git a/dist/linux/appimage/build.sh b/dist/linux/appimage/build.sh
index 9b4b536b0..947fe56c4 100755
--- a/dist/linux/appimage/build.sh
+++ b/dist/linux/appimage/build.sh
@@ -62,7 +62,7 @@ ${JAVA_HOME}/bin/jlink \
     --verbose \
     --output runtime \
     --module-path "${JMOD_PATHS}" \
-    --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler \
+    --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler \
     --strip-native-commands \
     --no-header-files \
     --no-man-pages \
diff --git a/dist/linux/debian/rules b/dist/linux/debian/rules
index 73bb62e3c..c6e697283 100755
--- a/dist/linux/debian/rules
+++ b/dist/linux/debian/rules
@@ -28,7 +28,7 @@ override_dh_auto_build:
 	$(JAVA_HOME)/bin/jlink \
 		--output runtime \
 		--module-path "${JMODS_PATH}" \
-		--add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler \
+		--add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler \
 		--strip-native-commands \
 		--no-header-files \
 		--no-man-pages \
diff --git a/dist/mac/dmg/build.sh b/dist/mac/dmg/build.sh
index 1e052ad16..26673589b 100755
--- a/dist/mac/dmg/build.sh
+++ b/dist/mac/dmg/build.sh
@@ -85,7 +85,7 @@ fi
 ${JAVA_HOME}/bin/jlink \
     --output runtime \
     --module-path "${JMOD_PATHS}" \
-    --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,java.compiler \
+    --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,java.compiler \
     --strip-native-commands \
     --no-header-files \
     --no-man-pages \
diff --git a/dist/win/build.ps1 b/dist/win/build.ps1
index 30ef1e26d..f80ff227c 100644
--- a/dist/win/build.ps1
+++ b/dist/win/build.ps1
@@ -133,7 +133,7 @@ if ((& "$Env:JAVA_HOME\bin\jlink" --help | Select-String -Pattern "Linking from
 	--verbose `
 	--output runtime `
 	--module-path $jmodPaths `
-	--add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,jdk.unsupported,jdk.accessibility,jdk.management.jfr,jdk.crypto.mscapi,java.compiler,javafx.base,javafx.graphics,javafx.controls,javafx.fxml `
+	--add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,jdk.unsupported,jdk.accessibility,jdk.management.jfr,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.crypto.mscapi,java.compiler,javafx.base,javafx.graphics,javafx.controls,javafx.fxml `
 	--strip-native-commands `
 	--no-header-files `
 	--no-man-pages `
@@ -208,6 +208,8 @@ Copy-Item "contrib\*" -Destination "$AppName"
 attrib -r "$AppName\$AppName.exe"
 attrib -r "$AppName\${AppName} (Debug).exe"
 
+return 0;
+
 # create .msi
 $Env:JP_WIXWIZARD_RESOURCES = "$buildDir\resources"
 $Env:JP_WIXHELPER_DIR = "."

From 64466df6b8653195c84bad2f0eacc678c2d7a9f7 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Thu, 16 Oct 2025 10:40:35 +0200
Subject: [PATCH 115/117] [skip ci] revert powershell build early stop (was
 intended for testing purpose only)

---
 dist/win/build.ps1 | 2 --
 1 file changed, 2 deletions(-)

diff --git a/dist/win/build.ps1 b/dist/win/build.ps1
index f80ff227c..6fdee1c9a 100644
--- a/dist/win/build.ps1
+++ b/dist/win/build.ps1
@@ -208,8 +208,6 @@ Copy-Item "contrib\*" -Destination "$AppName"
 attrib -r "$AppName\$AppName.exe"
 attrib -r "$AppName\${AppName} (Debug).exe"
 
-return 0;
-
 # create .msi
 $Env:JP_WIXWIZARD_RESOURCES = "$buildDir\resources"
 $Env:JP_WIXHELPER_DIR = "."

From 4bcf01270aa88fbf1780b692ef5e5e424261eb5e Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 16 Oct 2025 15:12:22 +0200
Subject: [PATCH 116/117] fix owner

---
 .../ui/recoverykey/RecoveryKeyCreationController.java       | 2 +-
 .../ui/recoverykey/RecoveryKeyResetPasswordController.java  | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
index 900172189..7dafdf4c6 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
@@ -157,7 +157,7 @@ public class RecoveryKeyCreationController implements FxController {
 				vaultListManager.add(vault.getPath());
 			}
 			window.close();
-			dialogs.prepareRecoverPasswordSuccess(window) //
+			dialogs.prepareRecoverPasswordSuccess((Stage)window.getOwner()) //
 					.setTitleKey("recover.recoverVaultConfig.title") //
 					.setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message") //
 					.setDescriptionKey("recoveryKey.recover.resetMasterkeyFileSuccess.description")
diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index 7d2b72fb0..0c06ba9b2 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -140,7 +140,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 				vaultListManager.add(vault.getPath());
 			}
 			window.close();
-			dialogs.prepareRecoverPasswordSuccess(window) //
+			dialogs.prepareRecoverPasswordSuccess((Stage)window.getOwner()) //
 					.setTitleKey("recover.recoverVaultConfig.title") //
 					.setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message") //
 					.build().showAndWait();
@@ -163,8 +163,8 @@ public class RecoveryKeyResetPasswordController implements FxController {
 			LOG.debug("Used recovery key to reset password for {}.", vault.getDisplayablePath());
 			window.close();
 			switch (recoverType.get()){
-				case RESET_PASSWORD -> dialogs.prepareRecoverPasswordSuccess(window).build().showAndWait();
-				case RESTORE_MASTERKEY -> dialogs.prepareRecoverPasswordSuccess(window).setTitleKey("recover.recoverMasterkey.title").setMessageKey("recoveryKey.recover.resetMasterkeyFileSuccess.message").build().showAndWait();
+				case RESET_PASSWORD -> dialogs.prepareRecoverPasswordSuccess((Stage)window.getOwner()).build().showAndWait();
+				case RESTORE_MASTERKEY -> dialogs.prepareRecoverPasswordSuccess((Stage)window.getOwner()).setTitleKey("recover.recoverMasterkey.title").setMessageKey("recoveryKey.recover.resetMasterkeyFileSuccess.message").build().showAndWait();
 				default -> dialogs.prepareRecoverPasswordSuccess(window).build().showAndWait(); // Fallback
 			}
 		});

From ed45182b6c8dba9391662a29dea1c3b2e6ffcfdb Mon Sep 17 00:00:00 2001
From: Jan-Peter Klein <jan-peter.klein@skymatic.de>
Date: Thu, 16 Oct 2025 15:37:47 +0200
Subject: [PATCH 117/117] add IllegalStateException to the catch clause

---
 .../ui/recoverykey/RecoveryKeyCreationController.java           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
index 7dafdf4c6..456de11f4 100644
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
@@ -166,7 +166,7 @@ public class RecoveryKeyCreationController implements FxController {
 		} catch (InvalidPassphraseException e) {
 			LOG.info("Password invalid", e);
 			Animations.createShakeWindowAnimation(window).play();
-		} catch (IOException | CryptoException e) {
+		} catch (IOException | CryptoException | IllegalStateException e) {
 			LOG.error("Recovery process failed", e);
 			appWindows.showErrorWindow(e, window, null);
 		}