[Owncloud] Server and client side encryption status vs Wuala

André Schild a.schild at aarboard.ch
Mon Jun 17 16:19:17 UTC 2013 

Am 17.06.2013 16:16, schrieb Christoph Schäfer:
> Hi all,
>
> I'm curious about the status of the encryption app. I found several discussions on this on the web regarding server vs client side encryption, especially starting in the last year. Is there a roadmap or a wiki page on the current status? I'm very curious on the progress with implementation of client side encryption.
>
> Further, what are the main differences to Wuala? They promote their solution by claiming that the user's password never leaves the local client. Will OwnCloud feature comparable client side encryption in the future as well?

I know the wuala system since a long time.

The work very differently from the ownCloud server based encryption system.

Each user has a unique encryption key which is used to encrypt the files 
on disk, before sending them over the wire to the server.
When a file is shared with other members of the wuala cloud, the key of 
this additional user is somehow also added to the list of keys which are 
able to decrypt the content of the file.

There also exist keys for the user groups in wuala and also for public 
and "shared by url" links.
This way the decryption can NOT be done on serverside, or only when one 
of the keys which are allowed to decrypt the content would be present on 
the server.

The users keys are not stored on the servers, so there is no way to 
access the private content on server side.



For real life this has the following advantages and disadvantages when 
it comes to security
and security related effects
(I don't list the other dis/advantages, since they are different for 
every user)

Pro Wuala:
- Technically very secure system
- No way a server admin or hacked server would compromise your data

Contra Wuala:
- Closed source (No way to check if there are backdors in them, just the 
same as with all other non-OS software)
- You need to use the Wuala servers and trust them
- No way to access unshared content from a webfrontend
- No free choice of client, since it uses a proprietary communication to 
the servers

André


The technical details about the encryption tree can be found here: 
http://dcg.ethz.ch/publications/srds06.pdf

More information about the Owncloud mailing list