[Owncloud] Client Side encryption with OwnCloud

Michael Grosser owncloud at seetheprogress.net
Fri Oct 25 16:20:32 UTC 2013


The simplest solution in my opinion is to add one functionality to the
sync client. Having one encrypted/secure folder, which gets synced
additionally to the usual folders a user wants. All files in the
encrypted/secured folder will be encrypted/decrypted before the sync
client uses them. So compatibility won't change really.

secure/* -> encryption -> owncloud/secure/*-encrypted (your layer of
de-/encrypting)
owncloud/* -> sync-client -> server (usual sync-client functionality)

This way you don't interfere with the sync functionality or the
webinterface behaviour.

For the actual encryption I would prefer gpg/pgp like asynchronous
libs (do not try to reinvent encryption).

Cheers
Michael (scalbility-junk)

On Fri, Oct 25, 2013 at 5:00 PM, Paul Greindl <paul.greindl at riseup.net> wrote:
> Hi Klaas!
>
> We would try make client side encryption available for each individual file,
> making it possible to encrypt the files you want while preserving ownClouds
> web functionality. Then we of course need to be clear about how to use it
> and what the encryption feature encrypts. But I think it's the best solution
> for owncloud and leaves the freedom to decide to the user. I don't think
> that the lack of web interface support for those encrypted files would be a
> problem for those seeking maximum security, at least if we are clear about
> it from the beginning.
>
> Thanks for your input!
>
> Paul
>
>
>
> On 2013-10-25 16:41, Klaas Freitag wrote:
>>
>> On 25.10.2013 16:16, Paul Greindl wrote:
>>>
>>> Hi!
>>>
>>> That was what I was talking about, we are going to implement it.
>>> Regarding the value, in our project it actually was a quite often
>>> requested feature and I personally find it important, too! As I
>>> mentioned, not all users have the possibility to host their own server.
>>> That's why we decided to focus on encryption. It's all about security!
>>>
>>> What we need is the opinion of the ownCloud and sync app developers as I
>>> guess they have been thinking about how they would like such a feature
>>> to be implemented. Also we could check how seafile implemented their
>>> client side encryption.
>>
>> Well, you would encrypt every file before you upload it with a local key.
>> Sounds simple, is probably doable for small files, becomes tricky for larger
>> files. You must permit uploads through the web interface and webdav.
>>
>> I think it does not make too much sense because you loose almost all
>> features of the ownCloud web interface, such as viewing files, music etc.
>>
>> Klaas
>>
>>>
>>>
>>> On 2013-10-25 15:47, Bernhard Posselt wrote:
>>>>
>>>> Iirc The general opinion was that we focus more on bug fixing than on
>>>> features that are very likely to come with tons of bugs, are hard and
>>>> time intensive to implement and add little value to the overall user
>>>> experience
>>>>
>>>> Chris <fisch.666 at gmx.de> schrieb:
>>>>
>>>>> Hi,
>>>>>
>>>>> there are some discussion about client-side encryption available at the
>>>>> bugtrackers:
>>>>>
>>>>> https://github.com/owncloud/core/issues/106
>>>>> https://github.com/owncloud/mirall/issues/275
>>>>>
>>>>> but i don't know if there are any real plans for client-side
>>>>> encryption at
>>>>> the moment.
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>>
>>>>> http://owncloud.10557.n7.nabble.com/Client-Side-encryption-with-OwnCloud-tp11109p11110.html
>>>>>
>>>>> Sent from the ownCloud mailing list archive at Nabble.com.
>>>>> _______________________________________________
>>>>> Owncloud mailing list
>>>>> Owncloud at kde.org
>>>>> https://mail.kde.org/mailman/listinfo/owncloud
>>>>
>>>> _______________________________________________
>>>> Owncloud mailing list
>>>> Owncloud at kde.org
>>>> https://mail.kde.org/mailman/listinfo/owncloud
>>>
>>>
>>> _______________________________________________
>>> Owncloud mailing list
>>> Owncloud at kde.org
>>> https://mail.kde.org/mailman/listinfo/owncloud
>>
>>
>> _______________________________________________
>> Owncloud mailing list
>> Owncloud at kde.org
>> https://mail.kde.org/mailman/listinfo/owncloud
>
>
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud



More information about the Owncloud mailing list