Android client encryption in action
Today we release a proof of concept with a working Android client and server-side key handling code as well as work-in-progress code for the desktop and iOS clients. We invite the wider security community to have a look at our design and implementation, provide feedback and help us fine-tune the design and code to provide the optimal balance between ease of use and protecting data. End-to-end encryption will be final as a feature of the upcoming Nextcloud 13.
End-to-end encryption with file sync and share right now it is a game of compromises. Web interfaces are either unavailable or security-compromised with browser-side decryption done with untrusted code coming from the server; or users have share a large, encrypted volume with each other that gets up and downloaded each time a change is made to authorization or files. Other solutions require users to simply share a password to enable sharing (without any way to manage and especially revoke user access rights) or rely on third-party tools which require re-encrypting and re-uploading files all the time.
Nextcloud is the first vendor to introduce an enterprise-grade, seamlessly integrated solution for end-to-end encryption in a file sync and share product.
The Nextcloud solution works on a per-folder level and features an easy to use, server-assisted but fully secure key management with Cryptographic Identity Protection, our method of securely signing and handling user certificates. Users can easily access their data on any of their devices using the clients and share with other users knowing their data can not be compromised by the server. The Nextcloud End-to-end Encryption design is unique in delivering on enterprise demands like a complete audit log, an optional offline administrator recovery key and support for a secure Hardware Security Module to be able to issue new identities to users.
Nextcloud End-to-end Encryption offers the ultimate protection for data, making it suitable for your most private information. Use it to protect a copy of your passport, passwords, driver’s license or bank account information.
For enterprises, the Nextcloud End-to-end Encryption feature provides a crucial expansion of their arsenal of security tools. For those who have to deal with sensitive user data in Europe, end-to-end encryption can help remedy the fact that the vast majority of cloud services is still not GDPR ready. Also important business data like financial statements or strategic plans can benefit from an extra layer of protection, keeping it from potential malicious actors or even compromised system administrators. Enterprises could require their employees to keep a subset of the most confidential information client side encrypted. Research, customer information or investor reports can be guaranteed to be kept strictly confidential.
Every user gets a unique public/private key combination upon first use of the end-to-end encryption. The public key is sent to the server and signed into a certificate. This is checked by the users’ other clients and used by other users to share encrypted files with the first user. Some interesting properties of the Cryptographic Identity Protection:
We’ve set up a page on our website covering this feature as well!
We currently release a proof of concept, a first, preliminary implementation. Right now, we have the server component as well as a working Android app, with the desktop and iOS client coming soon. The server component users have to install requires the latest Nextcloud 12.0.3. We strongly recommend users to test this on a system of which they have a recent backup or with mock data. Newer versions of our solution might not be able to decrypt the data encrypted with the preview due to changes!
We publish this following the “release early, release often” rule of open source to get feedback on both the design and implementation. Security being as hard as it is, we expect some harsh criticism but we look forward to the constructive feedback which will enable us to improve and fine tune our design and implementation.
Our github repository contains the full design documentation needed for client developers to implement the Nextcloud End-to-end Encryption. It is currently in draft state, pending review from encryption professionals as well as anyone interested in giving their feedback!
The server app can be found here, feedback and review is very much welcome! Note that testing requires Nextcloud 12.0.3. You will need to install it manually as we feel that putting it already in our app store might lure unsuspecting users in trying it out, with potentially bad results.
Android users who want to test out the feature have to register here for our testing program (which gives access to our Beta clients) and then join this G+ community (the link is an invitation link) to get access to the alpha. Note that the end-to-end encryption requires at least Android 4.4 (KitKat), users with older versions will get a warning.
The android sourcecode can be found in this pull request. For the Android library the pull request is here.
The Android app has all as-of-yet non-working features disabled for encrypted folders but we still recommend to not use it on live data: newer versions might not be able to decrypt the data encrypted with the current release.
The desktop client team is finalizing the code for the first preview, but help juggling OpenSSL code is certainly welcome! You can find the code in our client repository as the very first pull request.
The iOS app is also a work in progress, find the code in this branch. You can track and discuss development in this issue.
“Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat […]
Read More
“When we have welcoming communities of contributors, open source software gets better and more useful to everyone.” Limor Fried, Electrical Engineer, Inventor and Founder of open-source hardware company Adafruit We believe in this ideal and love to work with our community. We are always looking to involve more people in Nextcloud, bringing in their ideas, […]
Read More
Do you want to learn more about the leading Content Collaboration Platform? Nextcloud is an on-premises, integrated collaboration platform that can work for your organization or business in all sectors from Government, education, healthcare, and many other. Meet Nextcloud at exciting upcoming trade shows from Zukunftskongress and DMEA in Berlin to EdTech Congress Barcelona in […]
Read More
Over the last years Nextcloud Talk has developed in a fantastic productivity tool, enabling teams across the globe to communicate and collaborate in chat rooms, video meetings and webinars.
Read More
Hot on the heels of Nextcloud Hub 4, our desktop client now enables users who are running the latest Nextcloud to take advantage of its improved End-to-end encryption features!
Read More
After a complaint filed by Nextcloud on behalf of a coalition of dozens of European cloud tech providers in November 2021, the German Bundeskartellamt (federal antitrust authorities) has now begun an official investigation into Microsoft to assess if the company has a dominant position in the market.
Read More
Nextcloud users know the importance of integrating different systems and tools to create a seamless workflow. Nextcloud Enterprise allows you to integrate with Microsoft environments for file storage, user directory, Outlook, Sharepoint, Windows Desktop, MS Office online server, and Teams. And now, we are excited to announce a new addition to our lineup: the Nextcloud […]
Read More“Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat […]
Read More
To aid government and business organizations migrating away from Microsoft 365, the Nextcloud Office team is looking for participants for UX studies. In particular, heavy users of Microsoft Office are encouraged to participate and provide their input so the team can identify and address the key blockers for migration. Aim of the study Nextcloud is […]
Read More
