Which features/apps work with server-side encryption?

I have been using nextcloud on and off since its inception. Sadly, most of the features don’t even work, or not well, or they get discontinued, or they only have community support.

My setup is server-side encryption with per-user keys. I pray to all gods that this feature will not be discontinued. However, I do not know which apps support server-side encryption. Any recommendations?

Apps that work with server-side encryption

  • The notes app (file names/note titles still visible)
  • The external storage app (file names unencrypted)
  • The activity app stores all activity, including file names, which are not encrypted by SSE anyway. However, to prevent the file names of all files that ever existed from remaining on the server indefinitely, I would use the “activity_expire_days” setting in the config.
  • File sharing
  • Text
  • PDF Viewer
  • Talk/Spreed seems to encrypt the files that are saved from the chat. I don’t know where the file is stored before you save it from the chat, but it can be deleted. The conversations are stored in plain text in oc_comments. Although they can be deleted (careful not to delete the conversation, if you want to keep it open, only delete the chat log). The calls probably aren’t saved. Chats about shared files can be disabled in the admin settings. So I’d say this app is fairly usable, as long as you only make calls and don’t chat much, perhaps share files (unsure).
  • viewer (the app that opens when you click a photo) loads the full image, no unencrypted preview/thumbnail required
  • clamav antivirus might work when uploading file (obviously not the background scan). I haven’t tried it.

Apps that can be “made encrypted”

  • calendar and contacts are encryptable with a third party app (e.g. etesync), or use decsync on android, which uses files to store contacts, then sync them with the nextcloud app

Apps that don’t work with server-side encryption

  • the email app seems to scramble the imap password in oc_mail_accounts, but it does not encrypt the password with the user key, does it? The emails are stored in plain text in oc_mail_messages.
  • the photos app requires previews/thumbnails to be useful, but they are stored unencrypted in /data/appdata_33333/preview/. Disable them with ‘enable_previews’ => false, .Then there also won’t be any thumbnails in the file browser (including grid view).

Known “problems” with apps

  • The external storage app does not perform super well when syncing with clients (backblaze b2, idrive e2, koofr webdav) It is more of a file storage solution for uploading/storing files once, and not good for syncing to clients. Otherwise, you will run into timeout errors, decryption errors, and duplicate file errors, because the server gets confused. (any experiences? with setups that work?)
1 Like

That is very unspecific, try to check with the community if these functions are broken and that the problems are reported to the developers. In some cases, configuration issues can cause issues and make some things stop from working properly.

That is the principal purpose of the server-side encryption app!
See Encryption configuration — Nextcloud latest Administration Manual latest documentation

The way you present things, it seems that you try to prevent admins to have as little as possible of a user’s data. However, it was never designed that way and does not work like that (see documentation above).

I am the admin. I just don’t want my OVH dedi to have my stuff on its HDDs when I return it. I encrypt my own hard drive, too (had to enter a password at boot to write this comment). My email server is encrypted, too. And so is the external storage that I added to my nextcloud.

Besides, it’s obviously ridiculous to add server-side, per-user encryption to a software, just to have the built-in (!) previews/thumbnails stored unencrypted. Yes, I am aware that they changed their minds on that one (that they prefer only basic server-wide (not user based) encryption to protect external mounts) and that they are probably keeping it in because of the (minimal) demand.

But it’s in the software, and I want to use it that way. I am aware of the limitations, and I am trying to be more aware about how every single app works and stores my data. As you can see, quite a few apps actually work the way I want to use nextcloud.

I would even pay to have an option to have thumbnails generated encrypted on a per-user basis at time of first access (not with a cron). Perhaps stored in a database to avoid latency. I’d pay to have contacts and calendar encrypted with the per-user or server-wide key. That’s what it’s about right? Making open software and creating value to sustain the whole operation. Although I am afraid this would cost more than I can afford. :frowning: The paid plans are already well beyond my means. I am just one person. Which is why I am here. :slight_smile: to exchange knowledge for free.

################

I am sure you have come across an issue or two yourself. For example, I remember the external user authentication app was changed significantly one time, and I had no idea how to change my config. Right now I cannot install it because it is still stuck on Nextcloud 29. I am quite sure that there was also a bug back then, where a certain authentication method just didn’t work. It’s a community-based app and probably taken care of by a single person who should get paid for it, but doesn’t. It could be discontinued at any moment. I don’t have time to “check with the community” for every app.

The external storage app is an official app, but it just doesn’t work well. I am using it right now, but syncing 500 files to b2/e2 storage causes chaos, which I think is not how it is supposed to work. If I opened an issue, they would probably say it’s not meant to be used with per-user encryption and nothing would be done about it, as it’s not a priority feature.

That’s why I am here. I am trying to use the apps that are low maintenance.

Then the hard drive encryption should be enough, no?

And if you want to protect data from someone who potentially has access to your server, you’d need a client side encryption. Like this, the code you run on your machine is more complex without real benefits (you do already hard disk encryption).

If you don’t use this encryption and you want to have a fast and responsive interface, this is the way to go. And companies using Nextcloud, they move away from large external hosters, and if they do it on their own, they can trust the environment.

What is the real benefit here? If someone controls your server, since the encryption and decryption runs on the server, there are ways to intercept the information once it is decrypted.

You can check before running major upgrades, if the new version is still supported. And if not, you can help testing on the new version. Ideally, there are larger communities around popular apps but sometimes it depends on single maintainers.