Zero-Knowledge Encryption

I know the forum has been bombed with new feature requests in the last week, but I’d like to add a request for zero-knowledge encryption. I want my users’ files (and, ideally, even file and directory names) to be private, to the point where I couldn’t read them even if I wanted to. This is something that seems consistent with the privacy aspect of hosting your own cloud, rather than using Dropbox or one of the other commercial services. It should, of course, work with shared files as well, and be compatible with the desktop and mobile apps.

3 Likes

There is already a discussion: https://github.com/owncloud/core/issues/106 And some work on it has started: https://github.com/owncloud/client/issues/4327.

2 Likes

Just like @tflidd said.

If you have questions/remarks/ideas on what you would like to see for this feature, feel free to discuss it here or on github : https://github.com/owncloud/client/issues/4327

I shared what I plan to do in this document but feedback is always welcome.

I hadn’t been aware of those GitHub issues, or that issues against owncloud “count” for nextcloud as well, so I’ve already learned something. I’m not entirely sure that they’re exactly what I’m thinking of, but I may not have thought through what I’m looking for as completely as I should.

From what I understand from those issues (haven’t yet read the document), the goal is that the server would never see the cleartext data. That would certainly accomplish my goal that the admin (me) can’t see other users’ data, but it might complicate other matters. As far as I’ve thought it through, I’d like to see this:

  • Data (preferably, but not necessarily, including filenames) at rest on the server is not stored in cleartext
  • I can access my data with a desktop or mobile app on any device, or through the browser interface
  • I can share data with other users at any time, and can freely revoke sharing as well
  • 50+ GB of existing data can be secured without having to start over (delete the data and have the user re-upload it)
  • I’d just as soon this be something that’s enabled and disabled at the server level, rather than being optional on a per-file or per-directory basis for users

For now NC and OC are very similar. Anything developed for one should work with the other. I began working on ownCrypt with OC, before NC was announced.
In any case ownCrypt is designed as a library that can be used by different clients. It shouldn’t be too much of a problem even if NC and OC clients starts diverging.

This is how ownCrypt fills your requirements :

yes

yes, except for web browser access. It’s not possible without trusting the server, which is the whole point of using client-side encryption (CSE). Support will come first for the desktop client.

Same as above, this would mean we trust the server with encrypting the files, so not possible with CSE.