[Nextant] Regarding encrypted files

Since 0.10.0, Nextant is able to index your encrypted files under few conditions. One of them is to have Master Key enabled.

Why ?

When you enable the Default Encryption Module, encryption will use the password of each account of your cloud to encrypt+decrypt each user’s files. so that only a logged user can access/decrypt his own files. Even the cloud’s administrator can’t decrypt those files. While this mean that if loose your password, you loose your files, it also means that Nextant can’t index your encrypted files.

How !?

In order for Nextant to access your encrypted files, and index them, you will need to enable a Master Key:

 ./occ encryption:enable-master-key

However, if you already have encrypted file without the Master Key, those are still encrypted by the user’s password, and Nextant won’t be able to decrypt/index them. This command should be executed on a fresh install:

  • Enable Default Encryption Module,
  • run the ./occ encryption:enable-master-key in a shell,
  • Enable server-side encryption in the Admin Interface.

This way, every file uploaded to your cloud will be encrypted using the Master Key, Nextant will have access to the key and will be able to index those files. The administrator can decrypt any file and loosing your password won’t affect your files.

When ?

Nextant can index your files encrypted with a master key, Unfortunately, the current stable version of Nextcloud (10.0.1) is using Default Encryption Module v1.4.1 and this version does not initiate the Master Key from a 3rd party addon (like Nextant).

but don’t worry, @bjoern is working on it: https://github.com/nextcloud/server/pull/2240