file name encryption for owncloud [$15]

[JimLoose]

Beside the lack of thumbnail and gallery encryption (which makes the extension useless)

the encryption module currently misses "file name encryption" as well

[ghost]

Hi,

a little bit off-topic but want to notice this anyway:

which makes the extension useless

not really as you can read here: http://doc.owncloud.org/server/7.0/admin_manual/configuration/configuration_encryption.html#files-not-encrypted

"only files that are exposed to third-party storage providers are guaranteed to be encrypted."

The gallery and thumbnail are not exposed to third-party storage providers so they are not encrypted. If you think that this makes the extension/app useless then it seems you have missed the note box here: http://doc.owncloud.org/server/7.0/admin_manual/configuration/configuration_encryption.html#using-server-side-encryption

[JimLoose]

@RealRancor indeed off-topic (sorry) - imho all private files on the server need to be encrypted because owncloud, apache and SSL Heartbleed already had enough bugs and hacks to reveal private files http://www.cvedetails.com/vulnerability-list/vendor_id-11929/Owncloud.htm

back to topic: that's why we need file-encryption as well (if encryption is enabled) (would be great if the developer add more focus to this module, please!)

[ghost]

@JimLoose Not really as the goal of the encryption app is not to protect the private files on the server but the files on the external storage (See the linked documentation). And this is currently the case as the "thumbnail and gallery" files are not stored on the external storage.

But as this issue is about "file name encryption" back to topic. ;-) This could indeed be helpful to not expose the filenames to the external storage provider.

[JimLoose]

✔ :-)

thank you for your explanation + understood (anyway it would be great if the encryption modul could protect the files on the server as well (against hacking, provider backups and so on)) ;)

[ghost]

Hi,

anyway it would be great if the encryption modul could protect the files on the server as well

this needs client-side encryption which was requested here: https://github.com/owncloud/mirall/issues/275 but which won't be implemented in ownCloud.

[LukasReschke]

@schiesbn What do you think?

[JimLoose]

is it possible to place a bounty for that?

:+1:

[ghost]

Yes, see here: https://www.bountysource.com/issues/5576961-file-name-encryption-for-owncloud

[privacytoolsIO]

File name encryption would be really nice.

[idano]

this feature makes or breaks my use case for owncloud as I'm planning to run this on a remote vps. While it's great that the content is encrypted, the filename still gives away a lot of information for example for financial records etc.

[ghost]

@idano Please consider in your use case:

Encryption keys are stored only on the ownCloud server, eliminating exposure of your data to third-party storage providers. The encryption app does not protect your data if your ownCloud server is compromised, and it does not prevent ownCloud administrators from reading user’s files. This would require client-side encryption, which this app does not provide. If your ownCloud server is not connected to any external storage services then it is better to use other encryption tools, such as file-level or whole-disk encryption.

https://doc.owncloud.org/server/8.2/admin_manual/configuration_files/encryption_configuration.html

[idano]

Thanks for clarifying RealRancor.

[lock[bot]]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.