Database encryption (e.g. for contacts and calendar)


I am recalling a topic that has been discussed serval times, but I am still very unsatisfied.
Regardless of e2e capability of nextcloud, I see a big risk of dataleak, when the database (mysql or sqlite) is copied - especially for stored contacts, calendar and notes.

It has been mentioned here

and here

that it depends on CalDAV/CardDAV and that encryption of mysql-database would be to complex, but I don’t agree with that.

Nextcloud team says that it it is GDPR compliant, but I’m not sure about that point because of the way the data mentioned above is stored in unencrypted manner.
When someone sucessfully steals the database, this is a heavy breach regarding GDPR and it concerns personal information for sure.

How do here others think about that?


Don’t hold back if you know the solution :wink:

Then probably all the public cloud provider would violate GDPR, or is there any provider with client-side encryption of calendar or contact data?

Well, unfortunately I’am not a coder “just” a admin :wink: but doing a litte research brought me for example to this sites:

So, as I understand things the encryption of the database itself seems not so complicated.


Two points:

  • for single entries, that looks quite good but to sort a larger output of data is a bit complicated and the performance is probably not very good (perhaps you can cache temporarily an unencrypted version, via the table-level encryption but how does it scale with thousands of users?)
  • where do you get the encryption key from, it shouldn’t be in the database or anywhere else in the server (if not an attacker could decrypt it as well). It must be independent from the client, so it could be derived from the user’s password. However if it is changed, then you have to re-encrypt everything. In that case, how do you handle app passwords?
  • Is this compatible with all of the supported databases?

I think this would be a good way to encrypt the data in mysql.

There could be a random encryption key for the data which should be protected with the users password. When you change the password you only have to decrypt the key and protect it again with the new password. As the data will be encrypted with the key (and not with the password) you won’t have to decrypt and reencrypt all the data.

1 Like

So unfortunately nothing new regarding this topic?

Even SQLite is able to encrypt the database with this extension:

I still think exposing contacts & calendar entries into an unencrypted database is not very secure an GDPR compliant.

This looks like server-side solutions. Encryption at rest is very efficient for backups, on running sync solutions, the database is not often at rest (mobile devices synced all the time) and someone with control over the server can still manage to sniff passwords. If you want to have an efficient solution for the user, you need end-to-end encryption.
On top of that, these solutions are not easy to implement. You probably need to separate the database structure for each user, these solutions must work in all environments (all supported databases).

Ideally, you run Nextcloud on your own hardware, so you don’t have to trust any 3rd-party.

For these reasons, I wouldn’t expect anything soon. But we already had request waiting for some time and someone just came along and quickly implemented it. That’s the cool thing with open software.

I am also very interested in this because we use deck with sensible data. Has anybody found how? Thanks a lot :slight_smile:

I think database enryption e.g. for deck has got the same problem like server side file encryption. If the files (here database) are on the same server like the key, the security advantage is small or (for hacker) even non-existent. Nextcloud server side file encrytion is - in my eyes - only useful for data on external storages e.g. S3 on other server at other hoster. Then and only then the external S3-hoster has no access to the key but only to the encrypted data.

I think an encryption of the database (here deck data) is only useful if the database is at another hoster. But that is usually not the case.

Encryption of the database on the same server is merely a great marketing measure. It has little or nothing to do with security. It seems more important to me that you basically trust your provider (for the data and the database (here deck)). You cannot protect the contents of the database from your provider (and the hacker of your provider).

Thanks a lot for your fast answer. Any tutorial on how to have the database on another server? or the key in NextCloud? Thanks

You can just enter the database in the config file. However for performance that won’t be very good. And then you want to do some caching and stuff, such content would be decrypted for longer time as well.

The only secure way if you don’t want to trust the server would be some client-side encryption. But that means on the browser interface and all the apps, this needs to be implemented. For such business cases, you should perhaps reach out for a enterprise subscription and see if they can help you with that (or if you have resources yourself).

It is probably easier to set up your own server that you can trust (at a hoster or at your location).