What is the state of the end-to-end encryption feature?

I don’t understand what the state of the end-to-end encryption is. The website presents the feature as production ready but I can’t find any option in my Nextcloud 18 test installation to activate it. I could also find nothing concrete about it in the documentation. I didn’t find anything in the Android or iOS app.

Does the end-to-end encryption feature exist and if so, how do I use it?

My understanding is, as long as your NC server is properly SSL’d, all communication - audio, video, data transfer - is end-to-end encrypted…

If this is wrong, I’d also like to know how to “enable” it…

Edit by 2020.08.18: The disclaimer is gone now; it’s officially production ready after all!

Original message (2020.04.11):

“Enterprise grade” maybe, but it’s certainly not production-ready, and I’m disappointed it was ever presented as such, let alone still. Anyway, it could previously be enabled by installing the app from within Nextcloud, but I don’t see that option now either. If you really want to use it despite the warnings, you should still be able to download it from github into your nextcloud/apps folder, and then enable it from inside Nextcloud.

The key feature here is that end-user’s devices are the only ones with the ability to decrypt the data - it’s encrypted on one end, sent to the server (which never gets the keys for it), then decrypted by the user’s device on the other end.
With TLS/SSL you have encryption from the device to the server, then from the server to the other device, but the server still has access to the data in the middle.

No, of course I don’t want to use an app in alpha state for non-volatile data. I agree, that it is disappointing that a feature in this state is advertised prominently on Nextcloud’s webpage. To me this is lying about features and destroys the trust in the whole project. I would be curious to know who approved this.

1 Like

AFAICS Github says that it was @jospoortvliet. Could you clear this up?

If there is a reverse proxy in between with a de-/encrypt function (like a lot of companies have) it is a man-in-the-middle attack and the whole traffic is decrypted, analysed and recrypted with a new (hopefully) valid certificate. To avoid this, you have to encrypt the traffic data itself with a different kind of encryption (like ssh or something like that) which gives an alert when using the “wrong” key.