Per user encryption


#1

Is there a way to set up file encryption so that 'userA’s files are encrypted so only ‘userA’ can see/use them. While ‘userB’ can also do the same with their own stuff. So that one user cant see or manipulate another users stuff?


#2

What do you mean by that? By default only “UserA” can operate with only his/her files and the same with “UserB”, they can not access each other files if files is not shared.
You can turn on Server-side encryption and turn off File Sharing, but as i said be default different users can not access files of each other.


#3

Nextcloud has 3 types of encryption:

  • encryption of all data with a single key (good for 3rd party storage backends). All data is encrypted with a key that is not password protected, accesible to admins only (via ssh)
  • encryption with per-user keys(encrypted with their passwords). Keyys stored on server encrypted with user credentials so if you copy a key you would still need the password. Note that:
  1. keys are inaccesible to all users directly, only server admins can see them if they log in with ssh (in the encrypted form)
  2. malicious admins with higher technical knowledge could retrieve the decrypted keys from memory when a user is logged in or a device syncs (if he logs in via ssh)
  • end-to-end encryption where the keys are stored on the end devices, the server cannot decrypt them, Drawback is that you cannot interact from the web interface with encrypted folders at all.