From 8bb18095697313b05cd61a2bdf7e70d295ea7d50 Mon Sep 17 00:00:00 2001 From: Matthew Setter Date: Thu, 5 Jan 2017 14:55:34 +0100 Subject: [PATCH] Add a short encryption FAQ to the docs This is being added as part of satisfying #2402. There's more to come, but is waiting on further feedback. --- .../encryption_configuration.rst | 2 ++ user_manual/files/encrypting_files.rst | 36 +++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/admin_manual/configuration_files/encryption_configuration.rst b/admin_manual/configuration_files/encryption_configuration.rst index 47ce0edf4..c0cbd00dc 100644 --- a/admin_manual/configuration_files/encryption_configuration.rst +++ b/admin_manual/configuration_files/encryption_configuration.rst @@ -143,6 +143,8 @@ Encryption settings can be configured in the mount options for an external storage mount, see :ref:`external_storage_mount_options_label` (:doc:`external_storage_configuration_gui`) +.. _enable-file-recovery-key: + Enabling Users File Recovery Keys ---------------------------------- diff --git a/user_manual/files/encrypting_files.rst b/user_manual/files/encrypting_files.rst index b5f79c801..c246804c4 100644 --- a/user_manual/files/encrypting_files.rst +++ b/user_manual/files/encrypting_files.rst @@ -27,6 +27,42 @@ compromised the intruder may get access to your files. (Read `_ to learn more.) +Encryption FAQ +-------------- + +How Can Encryption Be Disabled? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The only way to disable encryption is to run the :ref:`"decrypt all" ` +script, which decrypts all files and disables encryption. + +Is It Possible To Disable Encryption With The Recovery Key? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Yes, *if* every user uses the :ref:`file recovery key +`, :ref:`"decrypt all" ` will use it +to decrypt all files. + +Can Encryption Be Disabled Without The User’s Password? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +If you don't have the users password or :ref:`file recovery key +` then there is no way to decrypt all files. What's +more, running it on login would be dangerous, because you would most likely run +into timeouts. + +Is It Planned To Move This To The Next User Login Or A Background Job? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +If we did that, then we would need to store your login password in the database. +This could be seen as a security issue, so nothing like that is planned. + +Is Group Sharing Possible With The Recovery Key? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +If you mean adding users to groups and make it magically work? No. This only +works with the master key. + Using Encryption ----------------