khanh.pndc/nextcloud-docs
1
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2026-01-03 02:09:45 +07:00
Code Issues Packages Projects Releases Wiki Activity

Add a short encryption FAQ to the docs

Browse Source 
This is being added as part of satisfying #2402. There's more to come,
but is waiting on further feedback.
This commit is contained in:
Matthew Setter
2017-01-05 14:55:34 +01:00
committed by Bjoern Schiessle
parent 3c8c335cea
commit 8bb1809569
2 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
admin_manual/configuration_files/encryption_configuration.rst
View File

@@ -143,6 +143,8 @@ Encryption settings can be configured in the mount options for an external
storage mount, see :ref:`external_storage_mount_options_label`
(:doc:`external_storage_configuration_gui`)
.. _enable-file-recovery-key:
Enabling Users File Recovery Keys
----------------------------------

36
user_manual/files/encrypting_files.rst
View File

@@ -27,6 +27,42 @@ compromised the intruder may get access to your files. (Read
<https://owncloud.org/blog/how-owncloud-uses-encryption-to-protect-your-data/>`_
to learn more.)
Encryption FAQ
--------------
How Can Encryption Be Disabled?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The only way to disable encryption is to run the :ref:`"decrypt all" <encryption_label>`
script, which decrypts all files and disables encryption.
Is It Possible To Disable Encryption With The Recovery Key?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Yes, *if* every user uses the :ref:`file recovery key
<enable-file-recovery-key>`, :ref:`"decrypt all" <encryption_label>` will use it
to decrypt all files.
Can Encryption Be Disabled Without The Users Password?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you don't have the users password or :ref:`file recovery key
<enable-file-recovery-key>` then there is no way to decrypt all files. What's
more, running it on login would be dangerous, because you would most likely run
into timeouts.
Is It Planned To Move This To The Next User Login Or A Background Job?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If we did that, then we would need to store your login password in the database.
This could be seen as a security issue, so nothing like that is planned.
Is Group Sharing Possible With The Recovery Key?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you mean adding users to groups and make it magically work? No. This only
works with the master key.
Using Encryption
----------------