[Owncloud] Encryption in OC 5

Andrew Warren awarren at synaptics.com
Tue Mar 12 22:22:50 UTC 2013


Adrian Sevcenco wrote:

> what it is supposed to be encrypted and why? (beside https which is
> obvious) Because, with the exception of encrypting files on the
> client (one by one before getting uploaded), i see no point of
> encrypting anything .. so i ask in order to educate myself :)

Adrian:

I am an OwnCloud user, not a developer, so these are only my thoughts.  I am sure the developers have a more complete answer.

It seems to me that encrypting files on the client before uploading would prevent efficient syncing (and deduplication, if that is implemented on the server).

Encrypting files on the server is definitely less secure than client-side encryption in some scenarios (e.g., malicious system administrator -- an issue if OwnCloud is running on a hosted server).  However, it does provide a defense against data disclosure as a result of hardware theft or unsophisticated unauthorized access, and it might even be sufficient to meet the privacy requirements of certain industries (medical records, financial records, etc.).

-Andrew

=== Andrew Warren  - awarren at synaptics.com
=== Synaptics, Inc - Santa Clara, CA



More information about the Owncloud mailing list