conference logo
35C3: Open Infrastructure Orbit

Playlist "End-to-end encryption for secure, zero-knowledge file sync & share"

End-to-end encryption for secure, zero-knowledge file sync & share

Jos Poortvliet

In this talk I'll detail the Nextcloud End-to-end Encryption design, going through the steps of creating the private/public key pair, encrypting and syncing it, encrypting files and uploading them, adding devices to the trusted circle and so on.

Nextcloud's E2EE is designed to protect user data from the server. The goal was to let users sync and share folders (and their contents) as easily as possible without the server ever having the ability to access the data. That rules out a web interface and has other limitations, but that's the price for knowing your server can't spy on you. It isn't and was never meant for ALL your data, as you should use a solution purely focused on E2EE instead! The nice features of Nextcloud, from online document editing to public sharing, will work on all your files except those you put in E2EE folders.

The talk is reasonably technical - it doesn't delve in to code or algorithms but sticks to the general design and flow of data: how do we create and share public keys, how do we get the private key on another device without the server being able to access it, how do we encrypt files and share them and so on.