Client side encryption for clients local storage

Hi there.
I’m looking for a way to have sensitive data encrypted on clients local storage.
I’ve found so fare the E2EE, but this keeps files encrypted only on the server side, which is not what I need.
The purpose is to have data security if a device gets lost, as I’m sure someone could get the data from the drives.
If this could be implemented in the Windows, Android, Linux, iOS apps would be great, and the web and file sharing options would still work.

You could maybe use cryptomator for this…

That is not how E2E encryption works. You can still use web and file sharing, but encrypted files will still be encrypted. The server will no be able to identify the files and folders only accessible unencrypted from client devices.

The only independent, open source answer for all these client devices is Cryptomator. Good luck!

I’m using Boxcryptor for one private folder,
but when it comes to share with other users
and access the files via web, this won’t work,
as the files are stored with encryption on the server.

Cryptomator works like Boxcryptor afaik, so this is not what I’m looking for.

@AndyPi As @just already pointed out, what you are looking for doesn’t exist.

So now I officially got confirmed what i discovered.
I opened this thread as a feature request/idea,
or am I in the wrong place? :slight_smile:

In my mind, a self hosted cloud storage is a quite safe place for the data,
while the mobile devices, which move around and may get lost or stolen,
may not be as safe, especially if the data isn’t encrypted on the local storage.

You can use the e2e nextcloud app on your devices, which is tied to your server. Or, the third party app Cryptomator for use directly on client devices. They cover the use cases.

Sorry, but I think @szaimen is right, the solution for my problem does not yet exist.
The only way would be to use a drive encryption on the client, but that’s a bit too much overhead to just have a single folder encrypted.

I see. What are talking about is not end 2 end encryption. It is simply encrypted data that is inaccessible from the other client in case of theft.

Full disk encryption will encrypt your data at rest. It is available on iOS for backups only iirc and here is info for Android. That is way outside of scope for Nextcloud, which only deals with the file transfer process itself. :+1:

Someone could call it just end encryption …
I’m a bit afraid of the performance impact of the system,
but it may really be a bit too difficult to implement in NC clients.
Thanks for the discussion.

1 Like