Database encryption (e.g. for contacts and calendar)

Hello,

I am recalling a topic that has been discussed serval times, but I am still very unsatisfied.
Regardless of e2e capability of nextcloud, I see a big risk of dataleak, when the database (mysql or sqlite) is copied - especially for stored contacts, calendar and notes.

It has been mentioned here



and here

that it depends on CalDAV/CardDAV and that encryption of mysql-database would be to complex, but I don’t agree with that.

Nextcloud team says that it it is GDPR compliant, but I’m not sure about that point because of the way the data mentioned above is stored in unencrypted manner.
When someone sucessfully steals the database, this is a heavy breach regarding GDPR and it concerns personal information for sure.

How do here others think about that?

Regards

Don’t hold back if you know the solution :wink:

Then probably all the public cloud provider would violate GDPR, or is there any provider with client-side encryption of calendar or contact data?

Well, unfortunately I’am not a coder “just” a admin :wink: but doing a litte research brought me for example to this sites:

So, as I understand things the encryption of the database itself seems not so complicated.

Regards

Two points:

  • for single entries, that looks quite good but to sort a larger output of data is a bit complicated and the performance is probably not very good (perhaps you can cache temporarily an unencrypted version, via the table-level encryption but how does it scale with thousands of users?)
  • where do you get the encryption key from, it shouldn’t be in the database or anywhere else in the server (if not an attacker could decrypt it as well). It must be independent from the client, so it could be derived from the user’s password. However if it is changed, then you have to re-encrypt everything. In that case, how do you handle app passwords?
  • Is this compatible with all of the supported databases?
    https://docs.nextcloud.com/server/stable/admin_manual/installation/system_requirements.html
2 Likes

I think this https://dev.mysql.com/doc/refman/5.7/en/innodb-tablespace-encryption.html would be a good way to encrypt the data in mysql.

There could be a random encryption key for the data which should be protected with the users password. When you change the password you only have to decrypt the key and protect it again with the new password. As the data will be encrypted with the key (and not with the password) you won’t have to decrypt and reencrypt all the data.

1 Like

So unfortunately nothing new regarding this topic?

Even SQLite is able to encrypt the database with this extension:

https://www.zetetic.net/sqlcipher/

I still think exposing contacts & calendar entries into an unencrypted database is not very secure an GDPR compliant.

This looks like server-side solutions. Encryption at rest is very efficient for backups, on running sync solutions, the database is not often at rest (mobile devices synced all the time) and someone with control over the server can still manage to sniff passwords. If you want to have an efficient solution for the user, you need end-to-end encryption.
On top of that, these solutions are not easy to implement. You probably need to separate the database structure for each user, these solutions must work in all environments (all supported databases).

Ideally, you run Nextcloud on your own hardware, so you don’t have to trust any 3rd-party.

For these reasons, I wouldn’t expect anything soon. But we already had request waiting for some time and someone just came along and quickly implemented it. That’s the cool thing with open software.