while the server encryption is a nice feature, the key sits on the same server and therefore does not offer any benefit.
I wonder if, at a later stage, you guys would consider implementing true end to end encryption. ?
Don’t know if this would even be possible, but I would love to see it.
One end is the nextclod-server. But what is the other end? It could be any device, any browser, any location. So I don’t think that’s possible. Making your server access via https only with a valid certificate is the most secure option you have, I think.
owncloud ticket has been open for ages and afaik someone is working on it however i doubt that it will ever see the light (anytime soon).
I’d go for the pragmatic approach: Encrypt everything beforehand (or dont even upload anything) that could be potentially devasting as in passwords or secret business documents or whatever else you can think of.
Stuff like your vacation photos or your music collection dont need to be encrypted. Worst case: someone can download and distribute them, the worlds not going to end
Anyway… there is no reason not to encrypt everything (you can). It might take longer for some to realize (it seams especially for Generation Facebook), but there is a good reason for it… it’s called Privacy.
Anyway (again ), I understand that this won’t be easily integrated, I just would love to see this feature.
As @BernhardPosselt said, I began working on client-side encryption for ownCloud, and there shouldn’t be any reason it won’t work with NextCloud.
That said, progress has been slow in the last few months thanks to my dayjob being very, very busy.
The ownCloud desktop team is also being slow merging my first pull requests, which doesn’t help.
The high workload at my dayjob should get better after the summer though, and I’m still set on delivering the feature.
The goal is to have a beta out at the end of the year.
The issue with these agnostic CSE tools is that they usually don’t support sharing of the protected files ; it’s also yet another layer that needs to be setup, and usually too complex for casual users. But it’s true that the latter two could be resolved with some integration work.
Yeah, please implement this. You can find many FLOSS libraries/apps out there right now, where you can see how one can do it or so. Of course it’s important to also encrypt the file names e.g.
Anyway you even have the possibility to do it right now as NextCloud’s password manager passman can also be used to store files. Maybe the passman devs want to work on this feature here too?
I’ve mentioned this before, but it’s worth bearing in mind that you really can’t trust encryption to anything that runs through the web client. A malicious admin would only have to tamper with the code of the app to capture your passwords. It would be a trivial attack.
Only by using an independent piece of software locally, like Cryptomator, can you have reasonable confidence in the encryption. But that reduces Nextcloud to a fileserver.
@Ripper yep, that’s the consequence of client side encryption. You have to kill the web interface in order to allow client side encryption because you can’t trust anything from the server