Difference between revisions of "Encryption"

From DLNET.ORG Cloud Documentation
Jump to: navigation, search
(Client-side storage encryption)
Line 16: Line 16:
 
=== Client-side storage encryption ===
 
=== Client-side storage encryption ===
 
Client-side encryption of stored emails (as notably offered by [[Wikipedia:protonmail|ProtonMail]]) is not currently supported. However, the benefits of such encryption are largely illusive. A malicious entity with access to the server could change the internals of the server to store a non-encrypted copy of all emails elsewhere. The only way to avoid this is with true end-to-end encryption (see PGP above).
 
Client-side encryption of stored emails (as notably offered by [[Wikipedia:protonmail|ProtonMail]]) is not currently supported. However, the benefits of such encryption are largely illusive. A malicious entity with access to the server could change the internals of the server to store a non-encrypted copy of all emails elsewhere. The only way to avoid this is with true end-to-end encryption (see PGP above).
  +
  +
== File encryption ==
  +
[[ownCloud]] does not currently support client-side encryption. However, you can encrypt your own files locally on your PC. An easy way to do this is with [https://cryptomator.org/ Cryptomator]. Cryptomator allows you to encrypt a folder before it is uploaded to the cloud. A downside is that you won't be able to access your encrypted files in the ownCloud app for mobile devices. You can, however, use the Cryptomator app and configure it with Webdav to connect to ownCloud.

Revision as of 17:37, 6 December 2020

Encryption is the future of data security. It can be used to store your data in a way that it can only be read by yourself (or those having the private key), and not by others that have access to the data. And it allows to communicate with others in a way that only the conversation partners can read what is said, not the servers that forwards the communication.

Encryption is also used by servers to securely communicate with clients (such as your phone and PC) and other servers, using the SSL protocol (when combined with HTTP, widely known as HTTPS). This form of encryption effectively prevents eavesdropping, but it does not provide security against hackers, governments and malicious internet service providers.

This page discusses ways in which you can implement client-side encryption and end-to-end encryption, which is superior to the aforementioned server-side encryption.

Email encryption

The best way to implement end-to-end encryption for email is using Pretty Good Privacy (PGP). PGP works only if both you and your email partner have installed the required software and you have shared your public keys. There are various plugins for email applications that implement PGP. In Thunderbird, you can use the plugin Enigmail. For Outlook, you can use Gpg4win.

PGP is also supported by the webmail client. For this to work you first need to install the browser plugin Mailvelope, and import your PGP keys (or create new keys) into Mailvelope. See this page for some configuration instructions.

To read encrypted mail, you may need to change a setting in Roundcube. Go to Settings -> Preferences -> Encryption. Then turn on "Enable message decryption".

Roundcube also has a builtin PGP system, but I recommend against using it because it runs on the server, and hence is not true end-to-end encryption. However, the benefit of the builtin system is that you don't need to install the Mailvelope plugin to use PGP features.

Client-side storage encryption

Client-side encryption of stored emails (as notably offered by ProtonMail) is not currently supported. However, the benefits of such encryption are largely illusive. A malicious entity with access to the server could change the internals of the server to store a non-encrypted copy of all emails elsewhere. The only way to avoid this is with true end-to-end encryption (see PGP above).

File encryption

ownCloud does not currently support client-side encryption. However, you can encrypt your own files locally on your PC. An easy way to do this is with Cryptomator. Cryptomator allows you to encrypt a folder before it is uploaded to the cloud. A downside is that you won't be able to access your encrypted files in the ownCloud app for mobile devices. You can, however, use the Cryptomator app and configure it with Webdav to connect to ownCloud.