...
Users can only have one public key assigned to them by default. This is a security feature. If you want users to have multiple keys (i.e. one for each of their device or for backup purposes) you may enable this option.
Server-Side Encryption
For those cases where it is necessary that users can upload files via ownCloud client to an e2ee encrypted share, there is an option to permit uploads of unencrypted files.
In that case any files dropped into a local folder will be sent unencrypted to the server. When https is enabled for the site the upload will be still encrypted via Transport Layer Security. The file on the ownCloud server is encrypted immediately and the original contents is replaced. The original upload is unencrypted on the ownCloud server for a very short time however. This is a convenience feature an administrator has to weigh up based on business requirements.
To enable this feature check the box Permit upload of unencrypted files.
Simple Share
To simplify the end-to-end-encryption workflow, a private key can be created when sharing with a new user. This private key will be stored AES encrypted in the database and new users will receive an email with the password.
...
| Info |
|---|
When a user did not receive or lost the password for the initial private key it cannot be resent. To have the user receive a password again, remove all shares with this user and recreate them. Then a new initial private key will be generated and the new password will be sent to the user. |
To enable this functionality feature check the button box Enable Simple Share:
Wizard Visibility
By default, after login, all users are shown the key generation wizard unless they generated their encryption keys.
There is an option to only show this wizard to certain group members. Define one or more groups in Show key generation wizard, then only for those group members the wizard will pop up.
All other users still can generate their keys in Personal Settings -> Security.
Status Report
You can generate a status report of your E2EE installation by clicking the button in the Summary section: The report will be mailed to the logged in administrator's email address. It includes the current license information such as the number of enabled users.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
sudo -u www-data php occ e2eeshare:add-key <user> <path><local-path-to-public-key> |
e2eeshare:delete-key
Delete a public key from provided user
| Code Block | ||||
|---|---|---|---|---|
| ||||
sudo -u www-data php occ e2eeshare:delete-key <user> <key id> |
e2eeshare:encrypt-folder
Convert an unencrypted folder to an e2ee encrypted folder.
| Code Block |
|---|
sudo -u www-data php occ e2eeshare:encrypt-folder <user> <path> |
where path is absolute from a user's root directory, e.g. /Documents