ownCloud 8.2 Encryption App

Ask all your questions regarding OC 8.2 Please read the Support Forum Rules
Forum rules
The forums were migrated over to https://central.owncloud.org which is based on the forum software Discourse. The forums here is put into read-only mode starting from today.

More background information about this move and the reasoning behind it is available in this blogpost:

https://daniel.molkentin.net/2016/07/20 ... d-central/
b1ggjoe
Helpful Elf
Posts: 123
Joined: Sun Sep 14, 2014 5:30 pm
ownCloud version: 8.1.0
Webserver: Apache
Database: MySQL
OS: Linux
PHP version: 5.5.27

ownCloud 8.2 Encryption App

Postby b1ggjoe » Fri Oct 23, 2015 12:14 am

Gents,

Just to be totally sure...if I enable the Encryption App on the ownCloud Server...what functions will it break?

BJ

tflidd
Forum Moderator
Posts: 7159
Joined: Sat Dec 07, 2013 7:27 pm
ownCloud version: 8.2.3
Webserver: Apache
Database: MySQL
OS: Linux

Re: ownCloud 8.2 Encryption App

Postby tflidd » Fri Oct 23, 2015 12:42 am

Do you use external storage? On a purely local setup, it doesn't provide a high level of security.

b1ggjoe
Helpful Elf
Posts: 123
Joined: Sun Sep 14, 2014 5:30 pm
ownCloud version: 8.1.0
Webserver: Apache
Database: MySQL
OS: Linux
PHP version: 5.5.27

Re: ownCloud 8.2 Encryption App

Postby b1ggjoe » Fri Oct 23, 2015 3:10 am

Someone had said that if we enable the Server-side Encryption App, that it breaks the ability to Share via the WebUI. Is this true?

What other functions or features might be limited or may be broken due to the Encryption App?

Thanks,

BJ

RealRancor
ownCloud master
Posts: 17381
Joined: Sat May 26, 2012 3:00 pm
ownCloud version: 9.0.2
Webserver: nginx
Database: MySQL
OS: Linux
PHP version: 7.0.x

Re: ownCloud 8.2 Encryption App

Postby RealRancor » Fri Oct 23, 2015 6:38 am

Did you had a look at the documentation of the app itself?

https://doc.owncloud.org/server/8.2/adm ... ation.html
*gone*

b1ggjoe
Helpful Elf
Posts: 123
Joined: Sun Sep 14, 2014 5:30 pm
ownCloud version: 8.1.0
Webserver: Apache
Database: MySQL
OS: Linux
PHP version: 5.5.27

Re: ownCloud 8.2 Encryption App

Postby b1ggjoe » Sun Oct 25, 2015 1:44 pm

RealRancor & Tflidd,

So I was reading through the Encryption documentation as well as viewing the 8.2 Intro video. I think I'm understanding things a little more now...I think.

Here are some of my thoughts and questions that I still have, that I would like to run by you, to make sure I'm understanding correctly:

- My understanding is that once Encryption is enabled, it can never be disabled? Is this still true?

- Can Encryption be enabled or disabled per user account?

- I understand that the big advantage of the Encryption App, is for external storage. What about local server storage on the ownCloud Server? That does get encrypted too correct?

- What happens if I enable encryption, but I upload/add files to my ownCloud datastore, from outside of the ownCloud confines, but from the back-end with like FTP and so on?

Thanks,

BJ

RealRancor
ownCloud master
Posts: 17381
Joined: Sat May 26, 2012 3:00 pm
ownCloud version: 9.0.2
Webserver: nginx
Database: MySQL
OS: Linux
PHP version: 7.0.x

Re: ownCloud 8.2 Encryption App

Postby RealRancor » Sun Oct 25, 2015 2:07 pm

Hi,

b1ggjoe wrote:My understanding is that once Encryption is enabled, it can never be disabled? Is this still true?


According to https://owncloud.org/eight-two/#admin this now can be disabled again in oC 8.2. If unsure setup a new test instance and test it.

b1ggjoe wrote:Can Encryption be enabled or disabled per user account?


No, thats not possible.

b1ggjoe wrote:What about local server storage on the ownCloud Server? That does get encrypted too correct?


Yes, it is also encrypted. But thats not the problem here. You only should use the encryption app on external storages because of this:

Encryption keys are stored only on the ownCloud server, eliminating exposure of your data to third-party storage providers. The encryption app does not protect your data if your ownCloud server is compromised, and it does not prevent ownCloud administrators from reading user’s files. This would require client-side encryption, which this app does not provide. If your ownCloud server is not connected to any external storage services then it is better to use other encryption tools, such as file-level or whole-disk encryption.


from https://doc.owncloud.org/server/8.2/adm ... ation.html

b1ggjoe wrote:What happens if I enable encryption, but I upload/add files to my ownCloud datastore, from outside of the ownCloud confines, but from the back-end with like FTP and so on?


This is generally not supported:

The data directory on the server is exclusive to ownCloud and must not be modified manually.


from:

https://doc.owncloud.org/desktop/2.0/tr ... her-issues
https://doc.owncloud.org/server/8.2/adm ... ync-issues
*gone*

b1ggjoe
Helpful Elf
Posts: 123
Joined: Sun Sep 14, 2014 5:30 pm
ownCloud version: 8.1.0
Webserver: Apache
Database: MySQL
OS: Linux
PHP version: 5.5.27

Re: ownCloud 8.2 Encryption App

Postby b1ggjoe » Sun Oct 25, 2015 2:48 pm

Thank you Sir!! As far as encrypting the local files/folders on the local ownCloud Server storage, is there 1 or two common methods that are being implemented by the ownCloud community?

I'm aware of three decent alternatives with client-side encryption:

https://www.syncany.org/

https://www.boxcryptor.com/en

http://cryptocloud.twsweb.it/

What are your thoughts on these?

BJ

tflidd
Forum Moderator
Posts: 7159
Joined: Sat Dec 07, 2013 7:27 pm
ownCloud version: 8.2.3
Webserver: Apache
Database: MySQL
OS: Linux

Re: ownCloud 8.2 Encryption App

Postby tflidd » Sun Oct 25, 2015 3:22 pm

You could use a file system encryption (dm-crypt/LUKS) which is completely transparent for owncloud.

If you don't need all files to be encrypted, containers could be a solution (TrueCrypt/VeraCrypt).

To give recommendations for encryption software is difficult, check what experts tell, don't use brand-new software, use software with a larger and active community. OpenSource?

b1ggjoe
Helpful Elf
Posts: 123
Joined: Sun Sep 14, 2014 5:30 pm
ownCloud version: 8.1.0
Webserver: Apache
Database: MySQL
OS: Linux
PHP version: 5.5.27

Re: ownCloud 8.2 Encryption App

Postby b1ggjoe » Sun Oct 25, 2015 3:43 pm

RealRancor & Tflidd,

Thank you for the awesome recommendations. I just read through tons of info on the VeraCrypt website.

So, I get the whole concept of saving/copying/moving files/folders to a VeryCrypt container and them being encrypted on the fly...pretty slick.

Questions for you:

- When you mentioned file system encryption like: dm-crypt/LUKS ... I'm assuming you are referring to any of the traditional types of whole-system encryption methods for say, a Linux OS? If so, you state that it is completely transparent to ownCloud? So does that mean, ownCloud wouldn't know any better, and would act just as if it's not encrypted? Lastly, if this is the case...then this would be to protect your data in case the Server was hacked...rather than from malicious internal Administrators?

- How would I connect this to ownCloud? Would I just use the official ownCloud Desktop client, and then add the VeraCrypt container to it?

- Once connected to ownCloud, I assume that the VeraCrypt container itself and the encrypted files/folders that are contained inside of the VeraCrypt container, are only accessible and able to be open/viewed/edited via your Desktop? Meaning, as far as the ownCloud Web UI, they are basically unusable?

- What are your personal thoughts and opinions of client-side encryption via mobile devices, such as the links I included above?

- Is it possible to ONLY encrypt the external storage, instead of the local storage?

- Also if we do encrypt external storage such as an FTP Server or DropBox or Google Drive, what impact does that have of accessing those data stores from outside the confines of ownCloud? Like if I login to DropBox through the Web UI and try to share something or SFTP accessing my FTP Server and etc?

Thanks,

BJ

tflidd
Forum Moderator
Posts: 7159
Joined: Sat Dec 07, 2013 7:27 pm
ownCloud version: 8.2.3
Webserver: Apache
Database: MySQL
OS: Linux

Re: ownCloud 8.2 Encryption App

Postby tflidd » Sun Oct 25, 2015 11:21 pm

b1ggjoe wrote:- When you mentioned file system encryption like: dm-crypt/LUKS ... I'm assuming you are referring to any of the traditional types of whole-system encryption methods for say, a Linux OS? If so, you state that it is completely transparent to ownCloud? So does that mean, ownCloud wouldn't know any better, and would act just as if it's not encrypted? Lastly, if this is the case...then this would be to protect your data in case the Server was hacked...rather than from malicious internal Administrators?

Exactly, owncloud doesn't see the encryption. But when your system is running, your files are accessible. It only protects you if someone gets his hand on your unmounted disk (after disk replacement at the provider, theft). Problem of all server-side encryption is that it must be decrypted on your server. Only protection against malicious admin is client-side encryption.
b1ggjoe wrote:- How would I connect this to ownCloud? Would I just use the official ownCloud Desktop client, and then add the VeraCrypt container to it?

You put your VeraCrypt container into your sync-folder. You can't access this data from the web-interface.
b1ggjoe wrote:- Once connected to ownCloud, I assume that the VeraCrypt container itself and the encrypted files/folders that are contained inside of the VeraCrypt container, are only accessible and able to be open/viewed/edited via your Desktop? Meaning, as far as the ownCloud Web UI, they are basically unusable?

That's right. Your can mount the container as an virtual drive on your client. It's like an iso-image, only encrypted.
b1ggjoe wrote:- What are your personal thoughts and opinions of client-side encryption via mobile devices, such as the links I included above?

I only know the classic version of boxcryptor which is actually compatible to EncFS. I don't know the others. Problem in general is that you are not root on your mobile phone. You never know what is running on your mobile phone. A mobile device can be easily lost, long and secure pass-phrases are not very user-friendly.
b1ggjoe wrote:- Is it possible to ONLY encrypt the external storage, instead of the local storage?

That really makes sense. It's planned OC 9.0: https://github.com/owncloud/core/pull/19894
b1ggjoe wrote:- Also if we do encrypt external storage such as an FTP Server or DropBox or Google Drive, what impact does that have of accessing those data stores from outside the confines of ownCloud? Like if I login to DropBox through the Web UI and try to share something or SFTP accessing my FTP Server and etc?

I think encryption in configurable for external storages. But if you use it, you will only be able to read this data through owncloud-interface/owncloud-client/webdav. But that means the data from your external storage (SFTP/gDrive/..) is unusable without the encryptions keys stored in owncloud. The point is that these storage providers don't see your data (they know the size and filename).


  • Similar Topics
    Replies
    Views
    Last post

Return to “ownCloud Server 8.2”

Who is online

Users browsing this forum: No registered users and 0 guests