Production ready End-to-End encryption and new user interfaces arrive with new Nextcloud clients

Originally published at:

We’re very excited to announce the availability of version 3.0 of our desktop client and 3.13 for Android! With these releases come big improvements to the user interface, making it easier for users to access the apps in Nextcloud Hub. This releases introduce production-ready end-to-end encryption in our desktop and mobile clients.

Earlier this year, Nextcloud Hub delivered a new generation of collaboration technology to the on-premises cloud market. With the release today, we bring more of this experience to the desktop client while adding the long-anticipated end-to-end encryption feature.

— Frank Karlitschek, CEO of Nextcloud GmbH

Production-ready end-to-end encryption

For most users, Nextcloud acts as a trusted, central repository of their most important data. Calendars, mails, documents, photos, chats and tasks, but also passwords, bookmarks and much more reside on a server you trust.

For a sub-set of extremely sensitive data, things like your social security number, passport and such, Nextcloud now introduces end-to-end encryption. The Nextcloud end-to-end encryption feature is designed such that the server never has access to unencrypted files or keys, nor does server-provided code ever handle unencrypted data which could provide avenues for compromise. You pick one or a few folders and encrypt them locally on the client, thus protecting them from any breach that might occur on the server.

End-to-end encryption in action (video on YouTube)

As these files are no longer available on the server, and thus can not be shared with a public link, accessed in the browser or shared in a chat session, end-to-end encryption is not meant for the majority of data. Instead, it is meant to provide extra protection for your most sensitive information.

This per-folder capability available in the desktop and mobile clients encrypts all files as well as their names and metadata. Files will still be synced between the clients, but are not accessible online. Advanced key handling with Cryptographic Identity Protection in the form of server signed certificates facilitates the easy addition of new devices.

There is no need for user interaction or extra work and key sharing is seamlessly handled by the server, facilitating completely intuitive syncing. Only when adding a new device will you need to enter a passphrase, a mnemonic that your client can show you on demand.

In a future release, the scheme will allow for secure, end-to-end encrypted sharing with other users. Nextcloud supports an optional offline administrator recovery key and allows a complete audit log. The encryption design allows optionally for the deployment of a secure HSM to issue certificates to users in enterprises.

Organizations that demand the utmost security need a true enterprise solution that doesn’t require users to manually exchange encryption keys and long, complex passwords or share large, encrypted volumes. Nextcloud is first to market with an integrated, secure technology to keep a subset of highly sensitive files cryptographically secure even in the worst case of an undetected, full server breach.

— Roeland Douma, Security lead at Nextcloud

You can learn more about encryption in Nextcloud here and about end-to-end encryption here.

note: If you used the end-to-end encryption during our testing phase, in some cases your system has malformed keys installed which can break the syncing. Please follow the cleanup-steps from this forum thread if this happens to you!

A new interface for the Desktop Client

Nextcloud Hub integrated our video chat app Talk, our groupware apps and an online office as standard components of Nextcloud. This release of the desktop client brings a number of important changes that make it easier and faster to access these other apps from the desktop.

The new menu for the desktop client makes Talk and other apps on the Nextcloud server quick to open. A click on the icon in the system tray pops up the new menu, showing a list of events on the server with on top user account information, a link to Files, Talk and a button that brings a list of other apps. From the list of server activity, you can even directly access the sharing settings of a file.

The new menu in action (video on YouTube)

The menu makes it much easier and faster to access your apps, follow conversations or see what is happening with your files.

In the file manager, a right-click on a document now gives the option to edit directly in the online office document editor in Nextcloud. This makes it much quicker and easier to start editing files with others!

Right-click to edit a file (video on YouTube)

We also added the ability to add a note for the recipient of a file share in the share dialog.

Also a new interface for the Android client

With over 300 issues closed and pull requests merged, version 3.13 of the Android Nextcloud brings more than support for end-to-end encryption. This release also brings improvements to dark mode as well as a rewritten interface to fit the new Android design guidelines, adding a floating search bar on top with direct access to the users’ profile and the ability to switch between them. Below that are sort and list/icon view switchers, making the new interface fresh, clean and efficient.

dark mode
dark mode

The Android, iOS and desktop clients are all available via our download page.


Yeah !
I can’t wait to see if version 3.0 will replace version 2.3.3 on my clients that sync huge amounts of files.
I cross fingers and will test after my holidays.

well it would first have to be on the downloads page…

I really appreciate the work nextcloud is doing but this happens a lot – PR statement seem rushed but the background work is not complete, sorry to be a bit negative as I really appreciate all the work and the community

all PPA still at v 2.6etc appimage is v2.6.5


The website give me the v3.0.0 when going in the desktop client

I guess this video link isn’t correct :sweat_smile:

It was the first woman who wanted to self host her documents in a private cloud.


He. Fixed that :wink:

1 Like

Hi guys,

I really rejoiced when I saw today’s blog post - E2E finally becoming “Production-ready”, after such a long time of probably gruelling development. But, and I don’t want to spoil the party here, what about the server side of things? The E2E app is still being offered as being in “alpha state”, regardless of whether it’s targeting NC 19 (1.5.2) or NC 20 (1.6.1).

Can someone please shed some light on this? What’s the actual state of E2E, across all components involved?



Any ETA when the PPA archive gets to see the new client?

1 Like

With all do respect, what genius came with that idea of using 12 dictionary (!!!) words for encryption? It is like invitation for dictionary-based attack…


Actually not… dont worry, passphrase is very known and more secure than passwords for E2E
You can read this for more information :wink:


I dismissed e2ee notification and didn’t enable it. Now I can not find a way to enable it from client. Is it possible at all now to set a passphrase and enable e2ee?

edit: Ok, I just found out it appears again after client restart. It would be nice if there is option in the setting also/instead

Thank you for supporting E2EE. This is the final step for Nextcloud to become officially the best cloud service ever :smiley:

1 Like

passphrase is very known and more secure than passwords

True, but only if you pick those 12 words trully randomly from ~170k words of the Oxford Dictionary, and compare it with password of 8 chars from 23 letters of alphabet. That’s theory.

In reality average native speaker is using ~10k words (non-native maybe 1000) and for passphrase picks words so that they are logically connected (significantly reducing randomness) and thus easy to remember. Compare it then with 25-char password selected from ~80 small/big letters, numbers and special chars!

BTW, passphrase is intended to be easier to remember, but not to be more secure than passwords.

Ok… I have read all the wiki, so i understand your concerns but I read this also :

“But passwords are typically not safe to use as keys for standalone security systems (e.g., encryption systems) that expose data to enable offline password guessing by an attacker. Passphrases are theoretically stronger, and so should make a better choice in these cases. First, they usually are (and always should be) much longer—20 to 30 characters or more is typical—making some kinds of brute force attacks entirely impractical. Second, if well chosen, they will not be found in any phrase or quote dictionary, so such dictionary attacks will be almost impossible.”

And its not necessary to take wordsI in the oxford dictionary. The article says that you have to take non common words. So you can take the larousse French dictionary, the dictionary of the computer lexical…

Use keepassXC To generate strong passphrase (linux, windows, mac)

With every password scheme, there are ways to reduce complexity. S€cr3tP@ssw0rd is long, has special characters, numbers, … but does it look very random? With the words, it is easier to remember, you can even remember words with no or little logical connection, mix with other languages, use typos, …
Except with password managers, the password remains a weak point since we can’t memorize an often changing very complex password. For that reason, Nextcloud pushed 2FA, could be an idea for E2E encryption to add a second factor (U2F device) as well, especially if a device is lost.

You are entirely correct, IF the passphrase was chosen by the user. But it is not, our client picks for you. The only reason we use a passphrase is to make it easier to type in another client - it is much easier to type a string of words than a long string of random characters. You can read more in the whitepaper covering the design of our E2E solution, where we also calculate the entropy of this solution.

Note, also, that we don’t expect users to remember the passphrase, you only need it when adding another device so you don’t use it often enough to remember anyway. It is GOOD to write it down, as you will lose access to your data if you lose the passphrase, but we each of your devices can show the passphrase at any time so that should generally keep it quite safe.


Yeah, we know about the issue, it will be resolved in 3.1 :wink:

Yeah, the dev forgot to update the description. The latest version of the app is the production-ready version and as soon as he does another update it should also say so in the description as i updated it. Sadly we can’t update the description without updating the app (they are tied together in the app store).

Ok, that’s great news! I presume latest version includes 1.5.2 for NC 19? Or do you mean 1.6.1 only (which would require NC 20)?


1 Like

I’d love to see an exact list of what does and does not work between the e2e server, desktop and mobile apps. Anyone know?

Here is the relevant XKCD for using dictionary words as a secure password:

1 Like