How to enable end-to-end encryption for the Nextcloud app – TechRepublic

Learn how you can enable the new Nextcloud end-to-end encryption.

Image: Jack Wallen

The developers of the Nextcloud open source on-premise cloud solution have created a really amazing encryption setup between the latest desktop client (version 3.x) and the newest release of their server solution (version 19).

This end-to-end encryption method makes it such that encrypted files are only available to the Nextcloud desktop, and mobile applications and are not accessible via the server. In other words, you encrypt a file that exists on the server from the client app. Once you've encrypted the file, it will no longer be accessible on the server, but it will remain available (all the while encrypted) on any client application you have connected to your account on the server.

The thing about the new end-to-end encryption is that the setup isn't quite intuitive. After some stumbling around, I did manage to put the pieces together, so I can show you how it's done.

The first thing you must do is enable encryption on your Nextcloud instance. To do that, log in to Nextcloud with an admin account and then click your profile icon at the top-right of the window. From the popup menu, click Settings. In the resulting window, click Security from the menu in the left sidebar.

From the Security Settings window, click the checkbox for Enable Server-Side Encryption (Figure A).

Figure A

Enabling server-side encryption in Nextcloud 19.

The next step is to install the end-to-end encryption app. To do that, click the profile icon again and click Apps. In the Apps window, type encryption in the search bar. When the End-to-End Encryption entry appears (Figure B), click Download And Enable.

Figure B

Installing the End-to-End Encryption app in Nextcloud 19.

Next, you need to enable a default encryption module. To do that, go back to Apps and search for encryption a second time. You should see an entry for Default Encryption Module. Click Enable to enable this module.

Okay, this is the tricky part, because it depends on a number of things. First, is this installation WAN- or LAN-facing? Second, do you need true HTTPS, or do you just need to be able to point a browser to a secure HTTP address. For example, in my LAN-facing, non-domain using instance, I don't need to work with an SSL certificate, I only need the client to think it's using HTTPS. If you're accessing your Nextcloud instance via IP address, and don't have a domain for the cloud server, you'll want to use the same method I use.

If, on the other hand, you do use a domain for your Nextcloud instance, and your server is accessible via both WAN and LAN, you'll need to go the full-on, certificate-enabled HTTPS route.

I'm going to show you how to use the "tricky" method, just to get you up and running with end-to-end encryption. If you need to go the true HTTPS route, make sure you have your certificate and that your Apache or NGINX configuration file points to the proper keys.

Otherwise, log in to your Nextcloud server, via SSH, and issue the following commands:

At this point, you should be able to access your Nextcloud instance using https.

Open your Nextcloud client on your desktop. You should now see a new button labeled Enable Encryption (Figure C).

Figure C

Enabling encryption on the Nextcloud client.

Click that button and encryption will then be enabled between the client and the server.

With everything in place, you can now encrypt a folder from within the Nextcloud app by right-clicking a folder and select Encrypt (Figure D).

Figure D

Encrypting a folder in Nextcloud from the client.

At this point, the folder will appear in the Nextcloud web interface with a lock. You can see the folder, but you don't have permission to upload or create files in that encrypted directory. The only way you can do that is via the desktop or mobile app. If you navigate into that folder, the file will be listed as a random string of characters (Figure E).

Figure E

An encrypted file that is no longer accessible from within the server.

Congratulations, you now have end-to-end file encryption enabled between your Nextcloud 19 server and the desktop/mobile application.

You don't want to miss our tips, tutorials, and commentary on the Linux OS and open source applications. Delivered Tuesdays

Read more:
How to enable end-to-end encryption for the Nextcloud app - TechRepublic

Related Posts

Comments are closed.