Mh… If it can be avoided, I’d rather prefer not to rely on an additional piece of software here, which is also written in Java and pulls in some version of a JRE as a dependency…
However, trying Nextcloud E2E encryption I failed miserably…
I tested it against a test setup, where it seemed to work well. (I don’t understand why you’re forbidden to list the encrypted data in the web frontend, but you’re allowed to download it in a ZIP, but that’s a different issue…)
However when I tried to replicate my results on my production system (which in the process I upgraded to exactly the same version as the test system), it simply did not work at all - but even worse, it looked as if it would.
This means that I could enable encryption for an empty folder in the Desktop sync client and it would show a green padlock there. It would also show a padlock on this folder in the web UI, and the folder was inaccessible there, so all looked fine.
However, data copied to this folder and synced to the server actually showed up in plain text in the server’s file system!!! What gives?!?
After a restart of the desktop sync client, also there the padlock on the folder was gone, while it was still shown in the web UI, and still inaccessible there…
This behaviour was totally reproducible and probably is something like a “worst possible outcome” - make it look like the data is protected / encrypted, but actually upload it without any encryption… Wow.
So, ok, I give up, this stuff does not work at all, I wasted several hours of my life and will now have a closer look at this Cryptomator thingy…
Bottom line: Take the warning serious, this is still alpha stuff unfortunately, and do not “encrypt” any valuable data! If you still want to use it, double check that the data actually ends up in encrypted form in the server’s file store, before you use it for valuable data! And don’t confuse the result of enabled server-side encryption with the result of E2E encryption, so make sure what you’re checking is actually the E2E encryption result, in case you have server-side encryption enable because you’re working with untrusted storage providers…