Feature Request: End to End encryption


while the server encryption is a nice feature, the key sits on the same server and therefore does not offer any benefit.

I wonder if, at a later stage, you guys would consider implementing true end to end encryption. ?
Don’t know if this would even be possible, but I would love to see it.


One end is the nextclod-server. But what is the other end? It could be any device, any browser, any location. So I don’t think that’s possible. Making your server access via https only with a valid certificate is the most secure option you have, I think.

I think you are right, but I don’t like my files on the server not being encrypted.
Didn’t say it is easy to do :slight_smile:

owncloud ticket has been open for ages and afaik someone is working on it however i doubt that it will ever see the light (anytime soon).

I’d go for the pragmatic approach: Encrypt everything beforehand (or dont even upload anything) that could be potentially devasting as in passwords or secret business documents or whatever else you can think of.

Stuff like your vacation photos or your music collection dont need to be encrypted. Worst case: someone can download and distribute them, the worlds not going to end :slight_smile:

PS: I had users asking to encrypt their RSS feeds which is a terrible idea IMHO (unless you are reading NSA feeds xD)


Well, I’m a fish I cant read sarcasm

Anyway… there is no reason not to encrypt everything (you can). It might take longer for some to realize (it seams especially for Generation Facebook), but there is a good reason for it… it’s called Privacy.

Anyway (again :smiley:), I understand that this won’t be easily integrated, I just would love to see this feature.


As @BernhardPosselt said, I began working on client-side encryption for ownCloud, and there shouldn’t be any reason it won’t work with NextCloud.
That said, progress has been slow in the last few months thanks to my dayjob being very, very busy.
The ownCloud desktop team is also being slow merging my first pull requests, which doesn’t help.

The high workload at my dayjob should get better after the summer though, and I’m still set on delivering the feature.
The goal is to have a beta out at the end of the year.

You can follow progress here : https://github.com/owncloud/client/issues/4327

1 Like

There is a free open source client which does client-side encryption for different cloud applications:

I don’t know if it is worth to have a look at it and perhaps integrate it into the NC client or some other way to bundle them.

The issue with these agnostic CSE tools is that they usually don’t support sharing of the protected files ; it’s also yet another layer that needs to be setup, and usually too complex for casual users. But it’s true that the latter two could be resolved with some integration work.

1 Like

Yeah, please implement this. You can find many FLOSS libraries/apps out there right now, where you can see how one can do it or so. Of course it’s important to also encrypt the file names e.g.

Anyway you even have the possibility to do it right now as NextCloud’s password manager passman can also be used to store files. Maybe the passman devs want to work on this feature here too?

/cc @brantje

Maintaining passman next to a 40 hour job is more than enough.
Unless Nextcloud pay’s us, then it becomes a different story.

I don’t think a password manager should encrypt files :smiley:

SSL certs for example?

1 Like

Hmm, maybe Passman can get an official NextCloud app? And it could be integrated, so that all files can be e2e encrypted…

I’ve mentioned this before, but it’s worth bearing in mind that you really can’t trust encryption to anything that runs through the web client. A malicious admin would only have to tamper with the code of the app to capture your passwords. It would be a trivial attack.

Only by using an independent piece of software locally, like Cryptomator, can you have reasonable confidence in the encryption. But that reduces Nextcloud to a fileserver.

But that reduces Nextcloud to a fileserver.

@Ripper yep, that’s the consequence of client side encryption. You have to kill the web interface in order to allow client side encryption because you can’t trust anything from the server

+1 for this

Crypto Cloud System on the mobile version should be implemented to the desktop clients et voilĂ .

It actually seems to be ongoing work done on that, but I can’t find much info about it for now … it’s just offered in the iOS app.

I don’t see the reason to kill the web interface. Can’t you just decrypt it with a browser plug-in?


Client side encryption looks like a duplicate of this issue, but it contains bounty information, which I mentioned should be moved here.