Implement end-to-end encryption on Nextcloud

2021-06-14 TLDR Edit: End-to-end encryption is (completely?) non-functional and buggy. It is odd that Nextcloud promotes and documents this feature so actively yet it is so non-functional, with closed, yet unresolved, bugs.

Hi, I would like to implement end-to-end encryption on my Nextcloud instance. Can you help me with this?

The deliverable is a working example of end-to-end encryption.

Edit: I would like to pay for professional support. I am not interested in writing here everything I tried and what all the issues are.

2 Likes

What did you try? what is the problem?

the is an e2e app. This is not without drawbacks but it’s possible works in general…

I tried implementing e2e encryption. Too many problems to list. Are you available for hire?

Just setup Cryptomator. It is fully documented online and then you’ll have fully open e2e. Good luck.

Yeah, I was thinking about that. I’ll try it out, but with its Alexa ranking of 700K+ I do not hold out too much hope.

It is an excellent, active project. Nothing to be afraid of. Nextcloud has actually promoted the project on their blog: Q&A: Tobias Hagemann talks about storing sensitive files in Nextcloud

I have to admit after I tried the app one can only ask why!?!? it is there? it’s nothing more then encrypted personal storage… no sharing… no integration, mnemonics reset needs direct edits on SQL DB…

2 Likes

Hi,
i have worked with end to end encryption in connection with Nextcloud and it has worked out very well. (Not using the e2e from Nextcloud itself so). We can achieve a group based file encryption solution, access from Windows, MAC, Linux as well as Android and iOS.
Please feel free to contact me, I am sure we can find a working solution.
Best,
Christian

Would you please provide the results here I am also interested in E2E encryption and sharing a group folder.

Thank you.

I may be able to cobble something together with all the software that exists out there, but that’s not what I am interested in. It’s difficult enough maintaining a decent installation of Nextcloud alone.

But to answer your question, there are no results per se. CPichler says, “we looked finally at these two”:
Sophos Safeguard / Sophos Mobile
Boxcryptor (Secomba GmbH from Germany)
, which are both proprietary.

The open source competitor of Boxcryptor, Cryptomator, does not offer multi-user features. So if you are looking for that combination of features, like I am, you are out of luck.

1 Like

If I might chime in here. I think it is an OK solution to use a combination of tools to achieve the desired result.
You will end up with more work in terms of configuration for different tools but you can also look at it from a positive perspective as you can use the end to end encryption outside of the Nextclod environment as well (local disks, USB, other hosted sharing solutions, shared network drives, etc.)
Obviously it would be great to have a “free” product that can do absolutely everything but I believe that might never be the case.
I found this setup to work quite well across many companies.
Best,
Christian

Wanting only FLOSS myself, I set something up with cppcryptsetup/gocryptfs and VeraCrypt, but it has quite some limitations:

  • I had to write some scripts for decrypting the folders, and scripts mixed with Windows scheduled tasks and Linux systemd units for unmounting.
  • I had to deploy the systemd unit and Windows scheduled task on the clients manually through TeamViewer (fortunately I only have around 10 users).
  • Users cannot share an encrypted folder themselves. I am the only one, as Nextcloud admin, who sets which folder is shared between whom and whom,

I was really hoping that Nextcloud Desktop 3.x would make things easier, but alas…