Cloud encryption

Hi,
I’ve a little question : on the cloud page, it’s stated that :
“all your data that is stored on our Nextcloud instance is encrypted! This means that no one is able to see the content of your files if not explicitly allowed by you. Not even the system administrators.”

I have my own nextcloud instance and I tried to do the same (prevent the admin to read user data). However in the nextcloud official documentation (https://docs.nextcloud.com/server/13/admin_manual/configuration_files/encryption_configuration.html) it’s said that “The encryption app […] does not prevent Nextcloud administrators from reading user’s files”.

Could you explain me how do you achieve the disroot’s client encryption ? (I guess it’s with the user password but how ?)
thanks :slight_smile:

Hi,

Thank you for raising this question. The text on the website has been written long time ago and needs to be updated to reflect a more accurate and truer picture.

We use the same encryption as the one mentioned in the documentation you linked to.

The data is encrypted with the user’s password but the keys are stored on the server so it is indeed possible for the admins to intercept the password and decrypt the data but it is not so easy and requires some prior work (and mallicious intentions).

It is not possible for admins to read the content of the files stored on the cloud just by browsing through them or querying the database. Obviously we value privacy very highly and will never consider digging into anyone’s data.

That said, I agree the text on our website is misleading and will adjust it to explain better how the encryption works and the dangers of not having End to End Encryption.

1 Like

Thank you for your response :slight_smile:

I was afraid (for my own nextcloud server) that admin could read user data merely by querying the database.

No thats not possible. The files themsels are encrypted with key generated from a password. Which means admin would have to do man in the middle attack to sniff the password, and then use it to decrypt the content.

What admin can see though is filename, its size, and extension so basic metadata you see on a file. For the rest its just gibberish.

So yeah of ocurse its not 100% safe solution, but prevents snooping eyes from access to the files.

note
everything else then files (contacts, tasks, activities, calendars etc) are stored plain text in database.

Damn! Didn’t know that. Are there plans, in a proximate future, to improve this?

I havent dig into this matter much, but I think that the caldav/carddav protocol would have to support encryption in the first place.
I guess it could be that nextcloud could encrypt such data before reaching database and then decrypt it when querried, but i think this possed a headacke in of itself, and it could not be done with end 2 end encryption unless providing special nextcloud app for it for all the platforms and operating systems.
I think the better option is to have the entire protocol enabling encryption by default, but of course this means a lot of work. Hopefully one day someone determined will come around and submit a pull request that will make caldav encrypted by default for everyone.

here is a discussion on the topic:

Seems that the future is not very promising in regard to this matter. :confused: Thanks for the info anyway.