Hello Everyone,
I’m new to nextcloud and I’m still trying to figure out something.
I’m running NextCloud over Docker in a Linux enviornment with encrypted disks (LUKS).
I would like to know if it’s possible, or simply advised to encrypt the data of NextCloud itself.
Because at the moment I have the “security” that by a physical breach the data are safe, but they aren’t if the breach is a hack - since the data aren’t encrypted.
Also - I would like to use NextCloud with some colleagues, so I’ve setup shared folders through the app “Group Folders” - and I don’t know if it’s possible to use encryption in that case.
But I’m more worried about a remote attack than a physical attack, since my NextCloud is accessible from the web.
If you’re already doing full disk encryption, that’s as good as you’ll get. If you look through the documentation you’ll see that the encryption doesn’t protect against hacking, only physical breach.
The server must have the decryption keys available to process user files, therefore a hacker who has gained access to the running system also has access to those keys.
But the file aren’t needed to be decrypted all the time only when you’re working on it.
So against a remote breach there isn’t a safe way to protect yourself?
As I said, the decryption keys have to be available to the system for it to work on the files, so you may as well assume anyone who breaches the system can also access the keys.
If a hacker breaches your server and steals all your files and all the keys, then that didn’t do anything to prevent the theft.
