After Installation, the owncloud user must generate his own private key. This can be done in the Settings -> Security
After generation you can copy or download the private key to a secure location. To have a backup of the private key is recommended. In case the System crashes or the user will be deleted accidently you can not read the shared files anymore. The private key is NEVER sent to the server.
A user can have multiple private keys assigned to his account i.e. for multiple devices. Files uploaded into one os his encrpyted folders will automatically be encrypted for ALL his private keys.
The current status does not allow automatic re-encrypting. If files have been uploaded BEFORE a public key is added to the folder, the files will not be re-encrpyted.
Once the private key is generated and the public key is uploaded, a user can create encrypted folders.
Key Storage
Depending on the system settings you can choose how you want the decryption to happen. This depends on your security requirements and possibilities:
| Description | Usability | |
|---|---|---|
| Local Storage | The private key is stored in the browser local storage (similar to a cookie) |  |
| Key Server | The private key is available thorugh an external process running on the client machine. The Browser can only request decryption. You need to install an extra Key Server on your machine, but can use Smart Cards (currently Windows Only) | |
| Ask | When downloading a e2ee file, the privat key has to be copy/pasted into a browser form. The key is not saved. | |
| Download only | The e2ee file is downloaded locally and a second tool is required to decrypt (e2ee reader). The E2ee Reader supports Smart Card decryption (Currently Windows Only). | |