2021-06-14 TLDR Edit: End-to-end encryption is (completely?) non-functional and buggy. It is odd that Nextcloud promotes and documents this feature so actively yet it is so non-functional, with closed, yet unresolved, bugs.
Hi, I would like to implement end-to-end encryption on my Nextcloud instance. Can you help me with this?
The deliverable is a working example of end-to-end encryption.
Edit: I would like to pay for professional support. I am not interested in writing here everything I tried and what all the issues are.
I have to admit after I tried the app one can only ask why!?!? it is there? it’s nothing more then encrypted personal storage… no sharing… no integration, mnemonics reset needs direct edits on SQL DB…
Hi,
i have worked with end to end encryption in connection with Nextcloud and it has worked out very well. (Not using the e2e from Nextcloud itself so). We can achieve a group based file encryption solution, access from Windows, MAC, Linux as well as Android and iOS.
Please feel free to contact me, I am sure we can find a working solution.
Best,
Christian
I may be able to cobble something together with all the software that exists out there, but that’s not what I am interested in. It’s difficult enough maintaining a decent installation of Nextcloud alone.
But to answer your question, there are no results per se. CPichler says, “we looked finally at these two”:
Sophos Safeguard / Sophos Mobile
Boxcryptor (Secomba GmbH from Germany)
, which are both proprietary.
The open source competitor of Boxcryptor, Cryptomator, does not offer multi-user features. So if you are looking for that combination of features, like I am, you are out of luck.
If I might chime in here. I think it is an OK solution to use a combination of tools to achieve the desired result.
You will end up with more work in terms of configuration for different tools but you can also look at it from a positive perspective as you can use the end to end encryption outside of the Nextclod environment as well (local disks, USB, other hosted sharing solutions, shared network drives, etc.)
Obviously it would be great to have a “free” product that can do absolutely everything but I believe that might never be the case.
I found this setup to work quite well across many companies.
Best,
Christian
Example: Two users have installed the desktop client of NC. Is it possible to give my mnemonic passphrase to another user thus the is able to decrypt the files? Or is the user name part of the decryption and not only the mnemonic passphrase?
According to the architecture diagram, the Nextcloud encrypted file space isn’t available via the web interface anyway. So, there’s not much point in worrying about fully integrated e2e. It’s probably better to manage encrypted files/directories with an external utility such as securefs or similar application rather than rely on or wait for Nextcloud to “enable e2e”
Multi-user encrypted filesystems are extremely resource intensive. The diagrammed Nextcloud architecture attempts to reduce the needed resources by encrypting the actual encryption keys using everyone’s own public keys. However, the metadata file will need to be decrypted and re-encrypted with each newly added public key. That decryption will need to occur on everyone’s client and then synced properly across all clients before the newly added client will function correctly.
If there’s a sensitive particular file that needs to be shared, it’s probably better just to use gpg.
In all depends on the use case, and number of clients… There are enterprise level applications and tools for larger businesses to deal with these issues. For small groups, enterprise solutions will most likely be either too expensive or too complex.