Nextcloud, Server-Side- and End-to-End Encryption

../../../_images/nextcloud-logo.png

In addition to full control over your own data, the biggest advantage of Nextcloud over public cloud offers is that you can control data encryption yourself. In this blog post we go into the different types of encryption in Nextcloud, possible threat scenarios and the implementation at Linuxfabrik.

Deutsche Version

Encryption in Nextcloud

Nextcloud offers several levels of encryption.

Transport encryption (TLS)

Protects against eavesdropping. Doesn’t protect against compromised devices or servers.

Server Side Encryption (SSE) - encrypt data while it is saved

Optional. Before saving, each file is encrypted with a unique key - either server-wide (the standard for functional and performance reasons), or one key per user. SSE only encrypts the content of the files, not their names or folder structure.

Server Side Encryption was originally introduced in order to be able to securely connect External Storage such as Dropbox and the like: Nextcloud then ensures that all data is stored encrypted outside of its own location.

The server-wide key (technically a password to decrypt the files) is encrypted with the help of the secret in the config.php and stored in the Nextcloud data directory (and can be restored in the event of a disaster).

User keys are stored in the data directories of the individual users and are encrypted with their user password. If this is activated, the use of an online office (Collabora, OnlyOffice) is no longer possible.

SSE protects files as long as the file storage is not on the same system as Nextcloud itself - an SSE applied to a local data directory offers little, if any, protection; after all, the key is stored here together with the data.

As of 2021-04, the web interface is still „lying“: if „Server-side encryption“ is activated, your own user profile reports under „Privacy“ „Your files are encrypted with server-side encryption“ - regardless of whether „Encrypt the home storage“ has been activated.

Admin-View:

../../../_images/nextcloud-sse-admin-en.png

User-View:

../../../_images/nextcloud-sse-user-en.png

Conclusion:

  • SSE makes sense if the External Storage app is activated or the data directory is not on the same system as the Nextcloud installation itself.

  • The usage of SSE on a local data directory does not bring any security advantage (deceptive security, which is reinforced by messages under „Data protection“).

  • If file contents are to be hidden from the server operator, end-to-end encryption (E2E) must be used.

End-to-end encryption (E2E, E2EE - client-based encryption)

The ultimate protection of user data is guaranteed by end-to-end encryption. Only here does the server never have access to keys or unencrypted files. The sync client encrypts the data before it is sent within the E2E-capable folder (but not in the folders below).

This does not work without a loss of functionality: the Nextcloud web interface cannot view the encrypted files, so the sync client is mandatory. A public share or sharing to groups is not possible, the search engine does not know file contents, and collaboration via Online Office does not work.

E2E can be activated for one or more folders. The contents of each of these folders are completely hidden from the server, including file names and directory structure. To synchronize the data with other devices, users must use a mnemonic passphrase created by the first device. Once that’s done, end-to-end encrypted folders are seamlessly synced between devices. Nextcloud can also be configured to automatically encrypt all files created by the finance department, for example.

E2E has been productive since 2020-08 (NC19 +); before that E2E was considered „experimental“ for many years.

The end-to-end encryption in Nextcloud protects user data from any attack scenario, even in the event of an undiscovered security leakage or from (untrustworthy) server operators.

The data on the user devices themselves is not protected, and the theft of an unencrypted, unlocked user device would allow an attacker to gain access to private keys.

Conclusion:

  • E2E has a very specific application, the restrictions only make sense for sensitive data.

  • If a user loses his mnemonic passphrase, the data encrypted with it are inevitably lost.

The simultaneous operation of SSE with locally encrypted user directory and E2E is possible, but is not supported - both together will lead to technical problems. And no matter which of the two methods is used: only files are encrypted. Calendar items, To-Do lists and other data are not encrypted because there are no clients in the CalDAV area that support this, for example.

Here are some more details: https://nextcloud.com/blog/encryption-in-nextcloud/.

What of these is activated by Linuxfabrik?

Which instances has SSE or E2E switched on can be found in the blog article: Unsere Nextcloud-Angebote im Vergleich (German).

On Nextcloud for Teams and Nextcloud Enterprise, we leave the decision to the local server administrator.

As for us: E2E is currently not used on any „Nextcloud für Einzelnuter“ instance. The status was considered „experimental“ for too long, the associated technical problems were too big, the support effort too high, and for too long the topic was not further developed externally. The release is only a few months old and needs to be carefully examined by us in relation to NC21.

Also have a look at these issues:

or at the rating of the E2E-app at https://apps.nextcloud.com/apps/end_to_end_encryption

If E2E really works, we are guaranteed to get back to you. :-)