Understanding how e2e has to be set-up

sven1234 · June 6, 2021, 4:46am

I just wanted to test e2ee and fail to understand why it does not work. My aim is to have one folder which is e2e encrypted. NC 20.0.10.

What I did is to enable the e2ee app 1.6.3 I did not enable the server server side encryption since I only want that one folder to be encrypted. Since I did not get any error messages I figured that this is fine?

Then I created a subfolder within a shared folder, shared with another nextcloud user on the same instance. With the android client I set the new folder to encrypted and wrote down the 12 word passphrase. The folder is shown as encrypted in the Android client, i.e. its folder icon shows the lock.

Then I started the Windows client which asked for the 12 word passphrase. After that I tried to move a file to the encrypted folder which fails as soon as the client tries to sync with the server. The error message states that MOVE is not allowed. Why not? And if not, why does the nextcloud client allow the moving in the first place and only fails at syncing? Virtual file system is enabled in case that makes a difference.

So I copied the file into the encrypted folder. The client syncs fine. However, the file is not encrypted, i.e. Incan still View it via the web browser or clients which do not have the 12 word passphrase.

Is this because “only new files are encrypted”? I thought that would only apply to server side encryption.

Is it because the folder is a sub-folder of a shared folder?

Is it because server side encryption has to be enabled for e2e encryption of single folders to work?

ryu · February 20, 2022, 7:47am

Late response, but I’m putting here for others who may be struggling.

You have not set it up correctly. You must first enable server-side encryption. Then add the e2ee app. Then create empty folder inside your Nextcloud sync dir. Then right click empty folder in Desktop Nextcloud app (or mobile) and select “encrypt”. Now, whatever you add into that empty folder on your device, wiil be automatically encrypted and synced with the server. Unfortunately, many features are not possible with encryption as the server cannot see anything. Sharing is one of those features, though we are expecting a solution very soon.

sven1234 · September 13, 2023, 7:22pm

Even later reply

How does

fit to

E2EE is currently not compatible to be used together with server-side encryption

from here?

https://github.com/nextcloud/end_to_end_encryption/#limitation

just · September 13, 2023, 11:47pm

Sharing e2e folders was not supported at all until about a month ago. That is why it failed. Also not sure if it has been formally released in the app yet.

sven1234 · September 14, 2023, 4:29am

What difference does it make for the sharing user? The shared folder is a normal, “local” folder for that user. The users I share the folder with would only see encrypted files, that’s expected.