Nextcloud App: Encryption Key


I`ve installed nextcloud on a webserver, so our leisure organisation (Scouts) can acces the neccesary files any time they need.
The members use the apps (android & ios) too, mostly for uploading photos.

Now my questions:

  1. In Nextcloud iOS app: PIN for encryption key? ist described, that the “encryption key” or in german “PIN für den Verschlüsselungsschlüssel” is used to encrypt local files. But if i`m right, document and photos stay in the cloud and only get displayed if you access them. So why do you need a local encryption?

  2. In addition, if your phone get stolen, why should a key protect your data from getting stolen? They can simply open the app and access the files.

  3. If i want to encrypt the traffic between the server and the Client, should i just enable the “serversided encryption” or do i need this client-sided pin/key too?

Thank you for answering, and forgive my bad language. Thank you:)

Hello @barmiextreme01

try to answer your questions:

  1. encryption in iOS app works only in iOS. Encrypted files can only be viewed on any iOS device using the same PIN. Not useful in multi device environment (desktop, browser, app) IMHO. Can be useful when travelling to critical countries with sensitive data.

  2. You cannot simply open the app and access files. You have to enter your PIN. Without PIN nobody can decrypt files

  3. To encrypt traffic you need to use SSL or VPN. Server side encryption is useful to use at hosted installation. If active your hoster cannot read your data.

Thanks for your effort, @rakekniven

Now this is all clearer. We have SSL as an encryption protocol, and a severside encryption is not neccesary because the hoster ist trustworthy, from switzerland and we dont have valuable data.

Questions: As said, all our users are accessing the same data.

  1. So if there are some users with iOS-devices with encryption enabled, is this bad? (They could encrypt data witch should be available for other users)

As i understand this situation, only the downloaded files (favourites) are getting encrypted - Besides they`re only accessable for this one user.

  1. The data in the favourites, are they synched with the custom user file storage on the server? (accessed from a Computer, they can`t be viewed, as you said. In Addition they would be storaged twice on the server)

Greetings from Switzerland

Yes, it is bad. Different users are using different PINs. If someone (A) is uploading one encrypted file nobody can decrypt it. Only if person A is sharing his secret key. And only on iOS devices

My idea for you would be. Just use the app and play a little with it.