File Encyption, webdav, client encryption

This is something I always get with owncloud, (more at the bottom)

Exception: {“Message”:“HTTP/1.1 401 No ‘Authorization: Basic’ header found. Either the client didn’t send one, or the server is mis-configured, No ‘Authorization: Basic’ header found. Either the client didn’t send one, or the server is mis-configured”,“Exception”:“Sabre\DAV\Exception\NotAuthenticated”,“Code”:0,“Trace”:"#0 [internal function]: Sabre\DAV\Auth\Plugin->beforeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))\n#1 /var/www/owncloud/3rdparty/sabre/event/lib/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\n#2 /var/www/owncloud/3rdparty/sabre/dav/lib/DAV/Server.php(446): Sabre\Event\EventEmitter->emit(‘beforeMethod’, Array)\n#3 /var/www/owncloud/3rdparty/sabre/dav/lib/DAV/Server.php(248): Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))\n#4 /var/www/owncloud/apps/dav/lib/server.php(144): Sabre\DAV\Server->exec()\n#5 /var/www/owncloud/apps/dav/appinfo/v2/remote.php(29): OCA\DAV\Server->exec()\n#6 /var/www/owncloud/remote.php(138): require_once(’/var/www/ownclo…’)\n#7 {main}",“File”:"/var/www/owncloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php",“Line”:188,“User”:false}

This computer has one user. It is a 6 core with 8 gigs of ram. Owncloud is the slowest things on this computer.

File transfer takes for ever. it would be nice to have it send little by little. If for some reason it has to stop. Then it doesn’t have to start all over again. it will pick up where it left off. If it just scanned the directory for new changes. Does it have to scan every file and directory 20 seconds later.

Client side would be nice for windows, linux and apple/android phone. Everyone in the world doesn’t need to see everything we are transferring to our cloud.

The web interface is very slow with owncloud. I have made it faster with caching. But still not make land speed records.

FYI, I began working on this several months ago :

Perhaps I’ve not understood it correctly, but if you have your ownCloud server set up with an SSL/TLS certificate and connect to it with https instead of plain old http, isn’t the connection encrypted?

Yes the connection is. With client-side encryption, all files on the server would be encrypted and the server admin can’t read them.

Surely client-side is the user’s computer or mobile device, not the server? And file encryption on the server is taken care of by ownCloud’s encryption module if you enable it. This is my understanding of protecting your data with encryption in various places (correct me if I’m wrong!):

Client side encryption (i.e. files on your computer or mobile device): Handled locally by your OS. On your laptop, for example, you might encrypt your hard drive using whatever tools your OS has for that.

Encryption in transit (i.e. as files move between your local device and your ownCloud server): Provided by using an SSL or TLS certificate on the domain, and always using https to connect to your ownCloud server.

Server side encryption (i.e. files sitting on your ownCloud server): Using ownCloud’s encryption module, files stored on your ownCloud server are not readable by a server admin because they’re not decrypted until your username and password are supplied.

@mikebabb not quite

This is usually called disk encryption. Bitlocker, TrueCrypt and so on are such tools. This can’t really be called client-side encryption because those tools do not require any server component ; so there is no “client” per se as long as those tools are concerned. As you said, everything is local.

Client-side encryption (CSE) is when files are synchronized with a server, but they are encrypted on the client, using keys only known to the client. Unlike encryption in transit and server-side encryption, the server can’t decrypt the file if you use CSE.

The underlined part is false. The server can decrypt the files even without your username and password. The server has the keys.
Server-side encryption (SSE) protects you against unauthorized access to the storage where your files are stored by the server. For instance, if your server is hosted in a cloud, the cloud provider can access your data whenever they want ; SSE makes sure they only see encrypted stuff. Same thing with external storage, SSE hides the content of your files from the external storage provider.
SSE does not protects you against a malicious server admin ; or a hacker which gained access to the server. That’s what CSE does, and what I’m currently working on with ownCrypt.

1 Like

Encrypt in transit. From what I was reading the HTTPS on the clients are
not encrypted in transit.


Ryan (KB8PMY)
KD8TUZ Hamilton Wireless Radio Club

Thank you for the corrections, that’s quite helpful!