Current File : //www/varak.net/nextcloud.varak.net/core/doc/user/files/encrypting_files.html
<!DOCTYPE html>
<html class="writer-html5" lang="en" data-content_root="../">
<head>
<meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Encrypting your Nextcloud files on the server — Nextcloud latest User Manual latest documentation</title>
<link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" />
<link rel="stylesheet" type="text/css" href="../_static/css/theme.css?v=19f00094" />
<link rel="stylesheet" type="text/css" href="../_static/copybutton.css?v=76b2166b" />
<link rel="stylesheet" type="text/css" href="../_static/dark_mode_css/general.css?v=c0a7eb24" />
<link rel="stylesheet" type="text/css" href="../_static/dark_mode_css/dark.css?v=70edf1c7" />
<link rel="stylesheet" href="../_static/custom.css" type="text/css" />
<!--[if lt IE 9]>
<script src="../_static/js/html5shiv.min.js"></script>
<![endif]-->
<script src="../_static/jquery.js?v=5d32c60e"></script>
<script src="../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
<script src="../_static/documentation_options.js?v=91d07486"></script>
<script src="../_static/doctools.js?v=888ff710"></script>
<script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="../_static/clipboard.min.js?v=a7894cd8"></script>
<script src="../_static/copybutton.js?v=f281be69"></script>
<script src="../_static/dark_mode_js/default_light.js?v=c2e647ce"></script>
<script src="../_static/dark_mode_js/theme_switcher.js?v=358d3910"></script>
<script src="../_static/js/theme.js"></script>
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="next" title="File Sharing" href="sharing.html" />
<link rel="prev" title="Desktop and mobile synchronization" href="desktop_mobile_sync.html" />
</head>
<body class="wy-body-for-nav">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search" >
<a href="../contents.html">
<img src="../_static/logo-white.png" class="logo" alt="Logo"/>
</a>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../index.html">Nextcloud latest user manual introduction</a></li>
<li class="toctree-l1"><a class="reference internal" href="../whats_new.html">What’s new for users in Nextcloud latest</a></li>
<li class="toctree-l1"><a class="reference internal" href="../webinterface.html">The Nextcloud Web interface</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">Files & synchronization</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="access_webgui.html">Accessing your files using the Nextcloud Web interface</a></li>
<li class="toctree-l2"><a class="reference internal" href="access_webdav.html">Accessing Nextcloud files using WebDAV</a></li>
<li class="toctree-l2"><a class="reference internal" href="deleted_file_management.html">Managing deleted files</a></li>
<li class="toctree-l2"><a class="reference internal" href="desktop_mobile_sync.html">Desktop and mobile synchronization</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">Encrypting your Nextcloud files on the server</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#encryption-faq">Encryption FAQ</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#how-can-encryption-be-disabled">How can encryption be disabled?</a></li>
<li class="toctree-l4"><a class="reference internal" href="#is-it-possible-to-disable-encryption-with-the-recovery-key">Is it possible to disable encryption with the recovery key?</a></li>
<li class="toctree-l4"><a class="reference internal" href="#can-encryption-be-disabled-without-the-user-s-password">Can encryption be disabled without the user’s password?</a></li>
<li class="toctree-l4"><a class="reference internal" href="#is-it-planned-to-move-this-to-the-next-user-login-or-a-background-job">Is it planned to move this to the next user login or a background job?</a></li>
<li class="toctree-l4"><a class="reference internal" href="#is-group-sharing-possible-with-the-recovery-key">Is group Sharing possible with the recovery key?</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#using-encryption">Using encryption</a></li>
<li class="toctree-l3"><a class="reference internal" href="#sharing-encrypted-files">Sharing encrypted files</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#recovery-key-password">Recovery key password</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#files-not-encrypted">Files not encrypted</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#change-private-key-password">Change private key password</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="sharing.html">File Sharing</a></li>
<li class="toctree-l2"><a class="reference internal" href="sharing.html#federated-shares">Federated Shares</a></li>
<li class="toctree-l2"><a class="reference internal" href="file_drop.html">Making anonymous uploads</a></li>
<li class="toctree-l2"><a class="reference internal" href="large_file_upload.html">Large file uploads</a></li>
<li class="toctree-l2"><a class="reference internal" href="quota.html">Storage quota</a></li>
<li class="toctree-l2"><a class="reference internal" href="version_control.html">Version control</a></li>
<li class="toctree-l2"><a class="reference internal" href="projects.html">Projects</a></li>
<li class="toctree-l2"><a class="reference internal" href="transfer_ownership.html">Transfer Ownership</a></li>
<li class="toctree-l2"><a class="reference internal" href="federated_cloud_sharing.html">Using Federation Shares</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../groupware/index.html">Groupware</a></li>
<li class="toctree-l1"><a class="reference internal" href="../talk/index.html">Talk</a></li>
<li class="toctree-l1"><a class="reference internal" href="../userpreferences.html">Setting your preferences</a></li>
<li class="toctree-l1"><a class="reference internal" href="../universal_access.html">Universal access</a></li>
<li class="toctree-l1"><a class="reference internal" href="../user_2fa.html">Using two-factor authentication</a></li>
<li class="toctree-l1"><a class="reference internal" href="../session_management.html">Manage connected browsers and devices</a></li>
<li class="toctree-l1"><a class="reference internal" href="../external_storage/index.html">External Storage</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" >
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../contents.html">Nextcloud latest User Manual</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content style-external-links">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="../contents.html" class="icon icon-home" aria-label="Home"></a></li>
<li class="breadcrumb-item"><a href="index.html">Files & synchronization</a></li>
<li class="breadcrumb-item active">Encrypting your Nextcloud files on the server</li>
<li class="wy-breadcrumbs-aside">
<a href="https://github.com/nextcloud/documentation/edit/master/user_manual/files/encrypting_files.rst" class="fa fa-github"> Edit on GitHub</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<section id="encrypting-your-nextcloud-files-on-the-server">
<h1>Encrypting your Nextcloud files on the server<a class="headerlink" href="#encrypting-your-nextcloud-files-on-the-server" title="Link to this heading"></a></h1>
<p>Nextcloud includes a server side Encryption app, and when it is enabled by
your Nextcloud administrator all of your Nextcloud data files are automatically
encrypted on the server.
Encryption is server-wide, so when it is enabled you cannot choose to keep your
files unencrypted. You don’t have to do anything special, as it uses your
Nextcloud login as the password for your unique private encryption key. Just log
out and in and manage and share your files as you normally do, and you can
still change your password whenever you want.</p>
<p>Its main purpose is to encrypt files on remote storage services that are
connected to your Nextcloud server. This is an
easy and seamless way to protect your files on remote storage. You can share
your remote files through Nextcloud in the usual way, however you cannot share
your encrypted files directly from the remote service you are using, because
the encryption keys are stored on your Nextcloud server, and are never exposed
to outside service providers.</p>
<p>If your Nextcloud server is not connected to any remote storage services, then
it is better to use some other form of encryption such as file-level or whole
disk encryption. Because the keys are kept on your Nextcloud server, it is
possible for your Nextcloud administrator to snoop in your files, and if the server is
compromised the intruder may get access to your files. (Read
<a class="reference external" href="https://nextcloud.com/blog/encryption-in-nextcloud/">Encryption in Nextcloud</a>
to learn more.)</p>
<section id="encryption-faq">
<h2>Encryption FAQ<a class="headerlink" href="#encryption-faq" title="Link to this heading"></a></h2>
<section id="how-can-encryption-be-disabled">
<h3>How can encryption be disabled?<a class="headerlink" href="#how-can-encryption-be-disabled" title="Link to this heading"></a></h3>
<p>The only way to disable encryption is to run the <a class="reference external" href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#encryption-label">“decrypt all”</a>
script, which decrypts all files and disables encryption.</p>
</section>
<section id="is-it-possible-to-disable-encryption-with-the-recovery-key">
<h3>Is it possible to disable encryption with the recovery key?<a class="headerlink" href="#is-it-possible-to-disable-encryption-with-the-recovery-key" title="Link to this heading"></a></h3>
<p>Yes, <em>if</em> every user uses the <a class="reference external" href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#enabling-users-file-recovery-keys">file recovery key</a>, <a class="reference external" href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#encryption-label">“decrypt all”</a> will use it to decrypt all files.</p>
</section>
<section id="can-encryption-be-disabled-without-the-user-s-password">
<h3>Can encryption be disabled without the user’s password?<a class="headerlink" href="#can-encryption-be-disabled-without-the-user-s-password" title="Link to this heading"></a></h3>
<p>If you don’t have the users password or <a class="reference external" href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#enabling-users-file-recovery-keys">file recovery key</a>,
then there is no way to decrypt all files. What’s more, running it on login
would be dangerous, because you would most likely run into timeouts.</p>
</section>
<section id="is-it-planned-to-move-this-to-the-next-user-login-or-a-background-job">
<h3>Is it planned to move this to the next user login or a background job?<a class="headerlink" href="#is-it-planned-to-move-this-to-the-next-user-login-or-a-background-job" title="Link to this heading"></a></h3>
<p>If we did that, then we would need to store your login password in the database.
This could be seen as a security issue, so nothing like that is planned.</p>
</section>
<section id="is-group-sharing-possible-with-the-recovery-key">
<h3>Is group Sharing possible with the recovery key?<a class="headerlink" href="#is-group-sharing-possible-with-the-recovery-key" title="Link to this heading"></a></h3>
<p>If you mean adding users to groups and make it magically work? No. This only
works with the master key.</p>
</section>
</section>
<section id="using-encryption">
<h2>Using encryption<a class="headerlink" href="#using-encryption" title="Link to this heading"></a></h2>
<p>Nextcloud encryption is pretty much set it and forget it, but you have a few
options you can use.</p>
<p>When your Nextcloud administrator enables encryption for the first time, you must log
out and then log back in to create your encryption keys and encrypt your files.
When encryption has been enabled on your Nextcloud server you will see a yellow
banner on your Files page warning you to log out and then log back in:</p>
<figure class="align-default">
<img alt="../_images/encryption1.png" src="../_images/encryption1.png" />
</figure>
<p>When you log back in it takes a few minutes to work, depending on how many
files you have, and then you are returned to your default Nextcloud page.</p>
<figure class="align-default">
<img alt="../_images/encryption2.png" src="../_images/encryption2.png" />
</figure>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>You must never lose your Nextcloud password, because you will lose
access to your files. Though there is an optional recovery option that your
Nextcloud administrator may enable; see the Recovery Key Password section
(below) to learn about this.</p>
</div>
</section>
<section id="sharing-encrypted-files">
<h2>Sharing encrypted files<a class="headerlink" href="#sharing-encrypted-files" title="Link to this heading"></a></h2>
<p>Only users who have private encryption keys have access to shared encrypted
files and folders. Users who have not yet created their private encryption keys
will not have access to encrypted shared files; they will see folders and
filenames, but will not be able to open or download the files. They will see a
yellow warning banner that says “Encryption App is enabled but your keys are not
initialized, please log-out and log-in again.”</p>
<p>Share owners may need to re-share files after encryption is enabled; users
trying to access the share will see a message advising them to ask the share
owner to re-share the file with them. For individual shares, un-share and
re-share the file. For group shares, share with any individuals who can’t access
the share. This updates the encryption, and then the share owner can remove the
individual shares.</p>
<section id="recovery-key-password">
<h3>Recovery key password<a class="headerlink" href="#recovery-key-password" title="Link to this heading"></a></h3>
<p>If your Nextcloud administrator has enabled the recovery key feature, you can
choose to use this feature for your account. If you enable “Password recovery”
the administrator can read your data with a special password. This feature
enables the administrator to recover your files in the event you lose your
Nextcloud password. If the recovery key is not enabled, then there is no way to
restore your files if you lose your login password.</p>
<figure class="align-default">
<img alt="../_images/encryption3.png" src="../_images/encryption3.png" />
</figure>
</section>
</section>
<section id="files-not-encrypted">
<h2>Files not encrypted<a class="headerlink" href="#files-not-encrypted" title="Link to this heading"></a></h2>
<p>Only the data in your files is encrypted, and not the filenames or folder
structures. These files are never encrypted:</p>
<ul class="simple">
<li><p>Old files in the trash bin.</p></li>
<li><p>Image thumbnails from the Gallery app.</p></li>
<li><p>Previews from the Files app.</p></li>
<li><p>The search index from the full text search app.</p></li>
<li><p>Third-party app data</p></li>
</ul>
<p>Only those files that are shared with third-party storage providers can
be encrypted, the rest of the files may not be encrypted.</p>
<section id="change-private-key-password">
<h3>Change private key password<a class="headerlink" href="#change-private-key-password" title="Link to this heading"></a></h3>
<p>This option is only available if the encryption password has not been changed by
the administrator, but only the log-in password. This can occur if your Nextcloud
provider uses an external user back-end (for example, LDAP) and changed your
login password using that back-end configuration. In this case, you can set
your encryption password to your new login password by providing your old and
new login password. The Encryption app works only if your login password and
your encryption password are identical.</p>
</section>
</section>
</section>
</div>
</div>
<footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
<a href="desktop_mobile_sync.html" class="btn btn-neutral float-left" title="Desktop and mobile synchronization" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
<a href="sharing.html" class="btn btn-neutral float-right" title="File Sharing" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
</div>
<hr/>
<div role="contentinfo">
<p>© Copyright 2024 Nextcloud GmbH.</p>
</div>
</footer>
</div>
</div>
</section>
</div>
<div class="rst-versions" data-toggle="rst-versions" role="note" aria-label="versions">
<span class="rst-current-version" data-toggle="rst-current-version">
<span class="fa fa-book"> Read the Docs</span>
v: latest
<span class="fa fa-caret-down"></span>
</span>
<div class="rst-other-versions">
<dl>
<dt>Languages</dt>
<!--Here goes the Langs-->
</dl>
</div>
<div class="rst-other-versions">
<dl>
<dt>Versions</dt>
<dd><a href="https://docs.nextcloud.com/server/28/user_manual">28</a></dd>
<dd><a href="https://docs.nextcloud.com/server/29/user_manual">29</a></dd>
<dd><a href="https://docs.nextcloud.com/server/stable/user_manual">stable</a></dd>
<dd><a href="https://docs.nextcloud.com/server/latest/user_manual">latest</a></dd>
</dl>
<dl>
<dt>Downloads</dt>
</dl>
<dl>
<dt>On Read the Docs</dt>
<dd>
<a href="///projects//?fromdocs=">Project Home</a>
</dd>
<dd>
<a href="///builds//?fromdocs=">Builds</a>
</dd>
</dl>
</div>
</div>
<script>
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>
Mini Shell