| Table of Contents |
|---|
User Setup
At first login a wizard will open which guides through the creation of a key pair for encrypting and decrypting files. This pair comes with a private (secret) key and a public (not secret) key.
...
| Description | Usability | Security | |||
|---|---|---|---|---|---|
| Your Computer/Device | The private key is stored in the browser local storage (similar to a cookie) |  |  | ||
| External Key/Smartcard | The private key is available through an external process running on the client machine. Then the browser can only request decryption.
| | | ||
| Manual input for each download | When downloading an E2EE file, the private key has to be copy/pasted into a browser form. The key is never saved in the browser. | | | ||
| Local decryption | The E2EE file is downloaded locally and a secondary tool is required to decrypt (E2EE Reader). The E2EE Reader supports both file and Smart Card decryption (currently Windows only). The key is never saved in the browser. | / | |
Key Storages
External Key/Smartcard Configuration
For the External Key/Smartcard key storage, a key server URL has to be provided. In most cases this will be the default value http://localhost:9080.
...
An additional button Connection Info will show up which either opens the key server's status information or a browser error page, in case the key server did not respond.
All other storages
Except of the variant External Key/Smartcard, where the key is retrieved from the hardware, in any other keys a new key pair will be generated.
...
| Info |
|---|
User can have multiple private keys assigned to their accounts i.e. for multiple devices. Files uploaded into one of their encrypted folders will automatically be encrypted for ALL of their private keys. |
Key Management
The key management is found in your Personal Settings. You may reach this space by clicking on your user name in the upper right corner of your ownCloud. This opens a dropdown menu, choose Settings. The settings for end-to-end encryption are found in the section Security.
Manage Existing Keys
All public keys, which are stored on the server are shown here, including the date and IP address of creation as well as the user agent (usually browser) from which the public key was uploaded.
...
You can delete public keys by clicking the trash bin icon. From then on all files cannot be decrypted with the corresponding private key any longer.
Key Management depending on your Key Storage
Your Computer/Device - Local Key
Download Key
Save the private key which is currently stored on the server/device to a file
...
| Note |
|---|
In case you lost your private key be sure to delete the corresponding public key before (see Manage Existing Keys above) |
Key Storages Manual input for each download and Local decryption
Both storage options require, that your public key is available on the server. It will be used for encrypting files.
...
- you at least once have generated a public key in the Personal Settings
- you at least registered once with the Key Server (file key or Smart Card)
- the administrator added your key on the server (occ command)
Decrypting Files
Your Computer/Device
Files will be decrypted on the fly. No interaction is required.
External Key/Smartcard
The key server pops up a notification that you are about to decrypt a file. You must confirm the decryption.
When re-encrypting a folder you will be asked for a confirmation as well.
Manual input for each download
Every time you want to open an encrypted file the browser opens a modal window where you have to provide your private key.
...
The file is decrypted in the browser only, the private key is never sent to the server.
Local decryption
The raw E2EE file will be downloaded. You need the E2EE Reader to be able to decrypt those files.