Navigation menu

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.



When more than one Key Storage was provided by the administrator, all ownCloud users must select their preferred storage first. This step is neither needed nor available when there is provided only a single storage.


Image RemovedImage Added

Depending on the system settings you can choose how you want the decryption to be performed. This depends on your security requirements and possibilities:

Local StorageYour Computer/DeviceThe private key is stored in the browser local storage (similar to a cookie)(star)(star)(star)(thumbs up)
External Key Server/Smartcard

The private key is available through an external process running on the client machine. Then the browser can only request decryption.
You have to install an extra Key Server on your machine, which is able to both recognize provided key files or Smart Cards (currently Windows only).
The key is never saved in the browser.


The Key Server supports reading the key from a storage location (.pem file) or from a pkcs#11 compatible hardware device.

(star)(star)(thumbs up)(thumbs up)(thumbs up)
AskManual input for each downloadWhen downloading an E2EE file, the private key has to be copy/pasted into a browser form. The key is never saved in the browser.(star)(thumbs up)(thumbs up)
Download onlyLocal decryptionThe E2EE file is downloaded locally and a secondary tool is required to decrypt (E2EE Reader).
The E2EE Reader supports both file and Smart Card decryption (currently Windows only).
The key is never saved in the browser.
(star)/(star)(star)(thumbs up)(thumbs up)(thumbs up)

Private Key Generation

For the Local Storage the Your Computer/Device key storage, ownCloud users must generate their own private key.


Once the private key is generated the public key is uploaded on the fly. From then on, a user can create encrypted folders.

External Key


/Smartcard Configuration

For the the External Key Server/Smartcard key storage, a key server URL has to be provided. In most cases this will be the default value http://localhost:9080.


An additional button Connection Info will show up which either opens the key server's status information or a browser error page, in case the key server did not respond.



Storages Manual input for each download and Local decryption

Both storage options require, that your public key is available on the server. It will be used for encrypting files.


  • you at least once have generated a public key in the Personal Settings
  • you at least registered once with the Key Server (file key or Smart Card)
  • the administrator added your key on the server (occ command)


Manual input for each download

Every time you want to open an encrypted file the browser opens a modal window where you have to provide your private key.


The file is decrypted in the browser only, the private key is never sent to the server.


Local decryption

The raw E2EE file will be downloaded. You need the E2EE Reader to be able to decrypt those files.