[Owncloud] Client Side encryption with OwnCloud

Bjoern Schiessle schiessle at owncloud.com
Mon Oct 28 15:40:22 UTC 2013

Hi Paul,

On Fri, 25 Oct 2013 15:11:54 +0200 Paul Greindl wrote:
> For now I just wanted to know if you have any thoughts on how to best 
> implement such a feature or if there are any plans on doing this in 
> ownCloud/mirall? If so, how can we contribute?

While implementing server-side encryption we thought about how it could
be extended to client-side encryption.

Let me explain the idea:

At the moment every user has a private and a public key. Additional
there are file-keys and share-keys. See [1] for some more details.

For server side encryption the public-key password is the same as the
users log-in password. The basic idea for client-side encryption was
that we change the private-key password to something else than the
log-in password. The client can upload/download the keys and than
encrypt/decrypt the files on the client side. This would also make it
possible to switch easily between client and server side encryption.
The only difference would be a flag in the db which tells owncloud
which encryption mode is used and the private key password.

On the server side we would need to implement the OCS API to get/set
the keys and the interface to switch between server and client

[1] http://blog.schiessle.org/2013/05/28/introduction-to-the-new-owncloud-encryption-app/


Björn Schießle <schiessle at owncloud.com>
Software Developer
ownCloud GmbH - www.owncloud.com

Your Data, Your Cloud, Your Way!

ownCloud GmbH, GF: Markus Rex, Holger Dyroff
Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)

More information about the Owncloud mailing list