Hi,
I got myself a VPS and installed Nextcloud (version 19) on it. I Enabled server side encryption with default encryption module. “Encrypt home storage” is checked as well. I logged out and logged in again. It shows it is encrypted. But, if I ssh to my VPS, I see directories of all the users. Inside any user’s directory, there is a directory named files which has all the stored files. Isn’t it supposed to be encrypted? If I can ssh and access it, the VPS owner can also access all files of all users. Is there no way to host on a VPS without trusting the provider? What does server side encryption actually do if it allows the host to clearly access everything?
My impression is that encryption is not the top priority as Nextcloud is mainly made for experts in mind who host it on their own servers at home and not on a VPS. End to end encryption has been in alpha state for many years. Generally it is advised not to use it as it has been discussed in the forum before many times. Nevertheless the general opinion is that hosting on a VPS is better than using services by Google or Dropbox as the VPS providers generally have no interest in looking at your files. I also use it on a VPS as I do not have enough expertise to operate and secure a home server
The problem is more that the server side encryption was designed for external storage and not to run on shared hosts/servers. Client-side encryption could be a solution, there are existing 3rd-party solutions such as cryptomator since Nextcloud’s own is not ready…
I just tried replicating your experience. (I’m on FreeBSD with server-side encryption enabled.)
While I can see the files in the users directory, I had to switch to root to be able to access the directory. Even as root, the contents of the files are encrypted. I tried copying a jpg out to a samba share, and then chowning it so it could be accessed by the samba user. It couldn’t be opened/viewed as the contents were scrambled/encrypted.
It’s not ideal that the directory structure and file names can be seen by the sysadmin, but ideally you are the sysadmin. I wouldn’t stress too much, your data is still safely encrypted.
Oh, lastly, my understanding is that files are only encrypted if they’re added after you enable encryption. So if your users added lots of data, then you enabled encryption, all that original data will remain unencrypted. Only new data will be encrypted (including old files that get updated). Your users might have to move their data out of your Nextcloud instance and then back in again to benefit from encryption.
Thanks a lot. I did not try to view the contents. As the directory structure was visible, I assumed that the contents are also unencrypted. Now, after checking it with my own account, I see that the files are indeed scrambled. . Though I am not okay with visible directory structure, I am relieved that the files are actually encrypted. I can send an announcement about the same and I hope the users are okay with the visible directory structure and file names.
Looking forward to NextCloud patching this and at least scramble the file names.
I wouldn’t say encryption isn’t a priority. Nextcloud’s server-side encryption is quite robust and works well. It’s not a standalone tool, it works in the context of the modern unix security framework.
That said, I think you’re correct in that the devs have self-hosting in mind. I mean, that’s the target audience. Most large professional or commercial organisations would be paying for a commercial solution, or outsourcing to third-party hosting.
Lastly, I’m personally under-whelmed by Nextcloud’s promotion of “end-to-end encryption”. I mean, I’m not sure I understand what it’s trying to accomplish. All data is encrypted when sitting on my server. Any data being transferred to or from my server is strongly encrypted via TLS1.2. My phone is also encrypted, though my desktop is not.
I don’t understand what this perpetually alpha “end-to-end encryption” is supposed to offer over current encryption. It feels more like marketing and PR over anything actually useful or practical. Everything I read about it is very high-level and unspecific.
There is an end-to-end encryption, or client-side, encryption in alpha status. It means that the data are encrypted and decrypted on the client, so the server never sees the unencrypted version. On the server-side encryption, that you are currently using, the server is doing the encryption but that means that someone in control of the server can get his hands on your data once they are requested at the server (or get the password). Therefore it’s only a good protection on third-party storage which is not under your full control.
It really depends against what you plan to protect yourself. In both versions, there is no protection on the client-side, so if your laptop or something gets stolen, someone can get your files (as long as you don’t protect it otherwise).
There are different type of encryption schemes, even for hard-drive encryption on Linux, some are just on the content others create fully encrypted containers.
. Though I am not okay with visible directory structure, I am relieved that the files are actually encrypted. I can send an announcement about the same and I hope the users are okay with the visible directory structure and file names.
I just realised how bad my wording looked!