Noob to NextCloud encryption

Hello all,

i hope everyone is doing well.

im fairly new to NextCloud and i came accross a topic that im still not sure how it works even after reading on the internet several times.

My setup is as follow at my house and only family members will have access to it.
Raspberry P3 using Raspian.
External USB Hard drive for the data folders

My questions are what is the option of Server-Side encryption, Default Encryption module and home folder encryption?

i’ve seen/read that the encryption works for external mounts (dropbox/gdrive and such) which those will not be available in the Server.

i just want to be able to view the photos/videos the other family members upload to their users so if needed i can run a maximizing software to decrease the size on the pics and recover some hard drive space.

Can you please enlighten my with your knowledge?


UPDATE: if i enable the server-side encryption and enable home storate encryption, will it affect the data on the USB external drive?

will i be able to unmount it and plug it on my ubuntu machine to check the files normally?

There is little to no benefit of the server-side encryption on local storage, files will also increase in size about 30%. I’d rather use full disk encryption of your operating system if you want to encrypt your data on your local storage and use encryption containers (VeraCrypt) for sensitive data (client-side encryption).

1 Like

so, if i understand correctly, Server-side and home encryption is more focused to the enterprise rather than home user?

It makes more sens if the data storage is on a different server that you don’t control. You could use Dropbox/GDrive/… as external storage and store files only encrypted that their admins can’t read the files. So it can be useful for home users as well.

makes more sense now… thanks… :slight_smile:

It makes sens for blocking admins for access to users files at local storage either :slight_smile:

But how can you do that? As admin/ root you will always have full access on the system. And also with server-side encryption on, as root you still have access to the crypt keys to decrypt the files anyway.
The only secure option is, that users encrypt their files on their computer (client-side) and store the file encrypted on the server.
I guess this is what tflidd is meaning, when writing there is only little to no benefit.

I thought that user password is a part of a decrypt key.

Hi @Therion7777 ,

Yes, that is true. However root also has access to the user passwords (saved hashed and salted on the hard disc (in the DB)) and I guess these hashed and salted passwords are used for the encryption.
At least the NC documentation states:


Encryption keys are stored only on the Nextcloud server, eliminating exposure of your data to third-party storage providers. The encryption app does not protect your data if your Nextcloud server is compromised, and it does not prevent Nextcloud administrators from reading user’s files. This would require client-side encryption, which this app does not provide. If your Nextcloud server is not connected to any external storage services then it is better to use other encryption tools, such as file-level or whole-disk encryption.

This was what kept me from using the encryption app.


Ok, so I understood it correctly at first reading months ago :slight_smile:

So to conclude: the server-side encryption won’t help you a bit if you fear that your entire machine can be compromized or if you do not trust the operator of your vServer.

I must admit that I misunderstood the protection offered. I thought each file is encrypted using a random key which in turn is wrapped (encrypted) with the users password. I also thought the wrapping and unwrapping happens in memory. So when the user is logged off, I thought there is no way how the wrapped encryption key can be decrypted except when the attacker would be able to brute force the salted password hash of the user stored in the database.

I am not so happy with this now :-/

I wasn’t happy about this as well. Well, I’m not a developer and I have no insights into the code to understand how it works exactly and I’m also not sure if the documentation is up-to-date regarding NC11.
But even if the encryption keys are wrapped encrypted by the user’s PW and the encryption keys are stored in the RAM while the session is active, there would be ways.

I understand security and data privacy like this:
if someone can become root on a server, your data will never be safe, as long as they are not encrypted elsewhere (on client side for example).
For every server the most important thing to make sure, that no-one can become admin/ root. And this can only be ensured if you can make sure no-one can access the server physically - then there is always a way to become admin.

I’m not a hacker, but reading news and so on, this thinking of mine should be pretty accurate.
Concluding: if you don’t trust the server admin, the best way is to set up your own box which stands at your home. Or you really store all your data client-side encrypted on the server.

I’m providing a server for my family and I explained them, that they just have to trust me. And they trust me more than Google, MS, DropBox and Co. :wink: That’s enough :smiley:

1 Like

That’s true, when the user is logged off you must break his password or the encryption (unless there are errors in the encryption implementation). However, encryption and decryption is done by the server, you control the server, so you could just add some code that stores an unencrypted copy somewhere else or you sniff the password. There is no way for a user to find out about such modifications.

Users have to trust you or they need to use client-side encryption to prevent you from seeing their files.

1 Like

Thanks for this clarification. So to conclude (once more ^^):

The protection offered will prevent that a honest but curious admin snoops around data.

But an attacker can – of cause – introduce (with some modest effort) ways to break the encryption. For instance he might exploit the login procedure but also the encryption/decryption code (Before a new file is encrypted it is plaintext resp. before an encrypted file it is sent to a client it is decrypted and plaintext again.