After Installation, the owncloud user must generate his own private key. This can be done in the Settings -> Security
After generation you can copy or download the private key to a secure location. To have a backup of the private key is recommended. In case the System crashes or the user will be deleted accidently you can not read the shared files anymore. The private key is NEVER sent to the server.
| Info |
|---|
A user can have multiple private keys assigned to his account i.e. for multiple devices. Files uploaded into one os his encrpyted folders will automatically be encrypted for ALL his private keys. |
| Note |
|---|
The current status does not allow automatic re-encrypting. If files have been uploaded BEFORE a public key is added to the folder, the files will not be re-encrpyted. |
Once the private key is generated and the public key is uploaded, a user can create encrypted folders.
...
All E2ee related user settings are found in the Security section of their Personal Settings.
Key Storage
| Note |
|---|
When more than one Key Storage was provided by the administrator, all ownCloud users must select their preferred storage first. This step is neither needed nor available when there is provided only a single storage. |
Depending on the system settings you can choose how you want the decryption to happenbe performed. This depends on your security requirements and possibilities:
| Description | Usability | |
|---|---|---|
| Local Storage | The private key is stored in the browser local storage (similar to a cookie) |  |
| Key Server | The private key is available thorugh through an external process running on the client machine. The Browser Then the browser can only request decryption. You need have to install an extra Key Server on your machine, but can use which is able to both recognize provided key files or Smart Cards (currently Windows Onlyonly). The key is never saved in the browser. | |
| Ask | When downloading a e2ee an E2EE file, the privat private key has to be copy/pasted into a browser form. The key is not never saved in the browser. | |
| Download only | The e2ee E2EE file is downloaded locally and a second secondary tool is required to decrypt (e2ee readerE2EE Reader). The E2ee E2EE Reader supports both file and Smart Card decryption (Currently currently Windows Onlyonly). The key is never saved in the browser. | / |
Private Key Generation
For the Local Storage key storage, ownCloud users must generate their own private key.
| Note |
|---|
After generation you should copy or download the private key to a secure location. A backup of the private key is strongly recommended. In case the system crashes or a user is deleted by accident you cannot read the shared files anymore. The private key is NEVER sent to the server. The private key can never be recovered. |
| Info |
|---|
A user can have multiple private keys assigned to his account i.e. for multiple devices. Files uploaded into one os his encrpyted folders will automatically be encrypted for ALL his private keys. |
Once the private key is generated the public key is uploaded on the fly. From then on, a user can create encrypted folders.