All E2ee related user settings are found in the Security section of their Personal Settings.
Key Storage
When more than one Key Storage was provided by the administrator, all ownCloud users must select their preferred storage first. This step is neither needed nor available when there is provided only a single storage.
Depending on the system settings you can choose how you want the decryption to be performed. This depends on your security requirements and possibilities:
| Description | Usability | |
|---|---|---|
| Local Storage | The private key is stored in the browser local storage (similar to a cookie) |  |
| Key Server | The private key is available through an external process running on the client machine. Then the browser can only request decryption. You have to install an extra Key Server on your machine, which is able to both recognize provided key files or Smart Cards (currently Windows only). The key is never saved in the browser. | |
| Ask | When downloading an E2EE file, the private key has to be copy/pasted into a browser form. The key is never saved in the browser. | |
| Download only | The E2EE file is downloaded locally and a secondary tool is required to decrypt (E2EE Reader). The E2EE Reader supports both file and Smart Card decryption (currently Windows only). The key is never saved in the browser. | / |
Private Key Generation
For the Local Storage key storage, ownCloud users must generate their own private key.
After generation you should copy or download the private key to a secure location. A backup of the private key is strongly recommended. In case the system crashes or a user is deleted by accident you cannot read the shared files anymore. The private key is NEVER sent to the server. The private key can never be recovered.
A user can have multiple private keys assigned to his account i.e. for multiple devices. Files uploaded into one os his encrpyted folders will automatically be encrypted for ALL his private keys.
Once the private key is generated the public key is uploaded on the fly. From then on, a user can create encrypted folders.
Key Server Configuration
For the Key Server key storage, a key server URL has to be provided. In most cases this will be the default value http://localhost:9080.
By clicking the Test Connection button you will receive a message whether the key server was found or not.
An additional button Connection Info will show up which either opens the key server's status information or a browser error page, in case the key server did not respond.