Unclear on the use case for encrypting nextcloud files

Reading through https://docs.nextcloud.com/server/19/user_manual/files/encrypting_files.html and I am a bit confused on the bolded part

Its main purpose is to encrypt files on remote storage services that are connected to your Nextcloud serve. This is an easy and seamless way to protect your files on remote storage. You can share your remote files through Nextcloud in the usual way, however you cannot share your encrypted files directly from the remote service you are using, because the encryption keys are stored on your Nextcloud server, and are never exposed to outside service providers.

I am not sure what it means for a file to be on “remote storage services”. is that different from files that I access through the /apps/files/files url?

You can connect different locations to your cloud some can be external you can share these by user or group and this will appear as a folder in the root of the user. Files you store in this folder will actually be stored external.

This would mean if you connect a external cloud storage, for example google cloud to your cloud and point it to GDrive and give permission to userA

userA will get a folder GDrive everything stored there will be available trough your nextcloud instance only if you share this document through google drive it will be unreadable because on google drive the file is encrypted.

So you cannot use Google drive on your phone to edit files there that you have uploaded through nextcloud folder GDrive you should use nextcloud app for that anyways :slight_smile:

you can use /apps/files/files/

Hope it’s clear


The Admin Manual chapter on the topic may be insightful: Encryption configuration — Nextcloud latest Administration Manual latest documentation

Mostly used with External Storage: Configuring External Storage (GUI) — Nextcloud latest Administration Manual latest documentation

P.S. You linked to the v19 User Manual which, in addition to being quite old (we’re currently on v28/v29), tends to focus on things from only from an end-user perspective. The Admin Manual tends to more the spot to go for a deeper dive and, obviously, also from an admin perspective. :slight_smile:

1 Like

Well I guess this brings me to my next question., in the next paragraph, it says

If your Nextcloud server is not connected to any remote storage services, then it is better to use some other form of encryption such as file-level or whole disk encryption. Because the keys are kept on your Nextcloud server, it is possible for your Nextcloud admin to snoop in your files, and if the server is compromised the intruder may get access to your files. (Read Encryption in Nextcloud to learn more.)

If I understand that section correctly, it says that if you are storing your files on the same server as the nextcloud instance [which I kinda am, the file stored on an NFS mount], then I should be performing some sort of linux level encryption than trying to encrypt it from the Nextcloud level?

Short answer: Maybe.

Longer answer: It depends. :slight_smile:

Better answer than either of the above: None of us can tell you for certain.

For example, if I were in your shoes, I might sit down and ask myself a few questions such as:

  • which threats am I concerned about?
  • how will I be hosting this deployment?
  • will I be the admin? will I be the only admin?
  • what else am I self-hosting and how will I be protecting those things? Are there any commonalities?
  • What are my own personal preferences?
  • (numerous other things)

Without knowing your use case, etc. it’s challenging to answer. That guide is meant as a “hey consider these things, but we can’t tell you what you should do”.

Many people would say there are tremendous differences (in terms of threats) between hosting on your own physical infrastructure versus in some far away untrusted data center (or public cloud environment), as just one example. But even whether that’s true depends on things like: how paranoid am I?

As with anything involving security, there are often trade-offs in terms of complexity (either up front or in terms of, say, recovery) or performance (among other things). Everybody has different needs and realities.

1 Like

When your done with the excellent post above and considered the options.
Yes you should encrypt the nfs disk on the server side that is hosting the nfs in the first place.
If securing your data is not to your needs skip this post.

If I break in to your home and take your server I have all your data to see and all your other members data. your root account is not gonne stop me. I will probably find a few passwords and personal information.

For this reason imo you should encrypt your disks.
If your familiar with virtual(box) machine you can try and learn about it using LUKS Linux Unified Key Setup - Wikipedia
instructions https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/
or use a preconfigured installation from openbox-addons/preseed at main · vincentstans/openbox-addons · GitHub there you find tang-server.cfg and NDBE_client.cfg setup 2 virtualmachines adjust the 2 files where needed.
you can use a tang server GitHub - latchset/tang: Tang binding daemon to decrypt your disk automatic on boot without interaction.

The decryption can be done using multiple tang servers so if they steal your local network including your local tang server you can disable the external tang server and the disk can’t be unlocked. You would then have to restore everything on new hardware and restore data from your encrypted backup disks.

This is all way outside nextcloud but I like to point out options.

another option eCryptfs - Wikipedia But this is more file/folder encryption although is can do full disk encryption.

1 Like