Server-side (almost-)Zero-knowledge encryption possible?

I just recently got my Odroid HC1 and I set up Nextcloudpi on it. It works like a charm and setting it up has been a piece of cake up to now.
Thank you a lot for this excellent software!

I’m using the server to provide Cloudservices to some friends. While I consider myself trustworthy, I think that IT users should never have to trust anyone with their data. So I’d like to automatically encrypt all user data on the server with the user password. In the result only the user should have access to the data, but not me as the admin. I understand that client-side end-to-end encryption achieves this very well, but it comes with some limitations (i.e. no access from the browser).

Is there a way in NC15 to have all files on the server encrypted with the user password without a master key to retrieve the data?

I activated server-side encryption using the default encryption app, but I can’t seem to get rid of the master key. For previous versions of Nextcloud I found documentation that says that the user can disable the “recover”-function, but I couldn’t find this on my instance with Nextcloud 15.0.2.

Thanks for any hints!

1 Like

Anyone here who knows about encryption?

Here is my question in short: Can I enable server-side encryption in such a way that the admin can NOT decrypt the user files?