From 284e02bef2e8aa899f4f7dfeab938b1ac6e6c49d Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Tue, 8 Mar 2016 17:13:24 +0100 Subject: [PATCH] More technical information about encryption --- .../configuration_files/encryption_configuration.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/admin_manual/configuration_files/encryption_configuration.rst b/admin_manual/configuration_files/encryption_configuration.rst index 121469da3..b7b0ffaa0 100644 --- a/admin_manual/configuration_files/encryption_configuration.rst +++ b/admin_manual/configuration_files/encryption_configuration.rst @@ -11,6 +11,16 @@ remote storage. This allows you to encrypt remote storage, such as Dropbox and Google, without having to also encrypt your home storage on your ownCloud server. +.. note:: Starting with ownCloud 9.0 we support Authenticated Encryption for all + newly encrypted files. See https://hackerone.com/reports/108082 for more + technical information about the impact. + + For maximum security make sure to configure external storage with "Check for + changes: Never". This will let ownCloud ignore new files not added via ownCloud, + so a malicious external storage administrator could not add new files to the + storage without your knowledge. Of course, this is not wise if your external + storage is subject to legitimate external changes. + ownCloud server-side encryption encrypts files stored on the ownCloud server, and files on remote storage that is connected to your ownCloud server. Encryption and decryption are performed on the ownCloud server. All files sent