End-To-End Encryption for ownCloud Enterprise

ownCloud GmbH announces the second generation of End-To-End Encryption (E2EE) for ownCloud Enterprise.

The plug-in enables encryption and decryption by generating a ‘key pair’ including a private key and public key, which takes place directly with the sender and recipient in the web browser. This version also provides the option of using hardware keys on which a private key is stored and never leaves the token, such as smart cards or USB tokens. This eliminates the risk of attackers accessing the key and increases security.

E2EE for ownCloud Enterprise is a way to exchange encrypted files between two or more people regardless of the internal security infrastructure available in a company. This means that neither the sender nor the recipient of a file is bound to a specific environment. Unauthorized third parties and even administrators do not have access to the encrypted files, which cannot be decrypted even if the hardware token is stolen.

Click to enlarge

The decryption of a sent file takes place directly in the user’s web browser. In order to guarantee that the private key cannot be accessed, the decryption of the file keys can be outsourced to an external key service, which also supports communication with external hardware tokens. Afterwards this decrypted file key is used by the browser for the actual decryption of the file.

The file exchange can be made via the company’s Outlook plug-in, as well as with any web browser. Since the file exchange takes place within ownCloud, there are no restrictions on file types and sizes.

Hardware key support for enhanced security
The ability to use hardware tokens is particularly relevant where legislation demands the encryption of certain files. It is important that the file can only be opened by the authorized recipient. This is made possible by the use of certain hardware keys such as smart cards or USB tokens, which only work in combination with a certain device on which the Key Service is installed.

The usage of the E2EE plug-in is useful wherever there are high compliance requirements for file exchange. In addition to the public sector, this also includes companies that process sensitive personal data (e.g. customer, insurance or medical data).

Secure encryption when sending emails with Outlook
The E2EE plug-in makes it easier to send encrypted files by email. All users have the option of sharing a file within the company’s solution user interface or by sending an email directly via the firm’s Outlook plug-in. Additional encryption is no longer necessary. After registration, an individual key pair is created for the recipient consisting of a public key on the ownCloud server and a private key on the user’s local computer (2,048 bit RSA).

The Outlook plug-in offers a further advantage. In many companies, sending emails via Microsoft Outlook is still standard. However, there are significant restrictions on the file size when sending emails. With the plug-in, this limitation is no longer an issue, as attachments are no longer sent, but only retrieved by the recipient on the ownCloud server. The share settings can also be changed at any time.

The plug-in is also an attractive option for companies that already use encryption but would like a simpler solution. Applications are often used that compress files and provide them with a password, which in turn has to be transmitted to the recipient in a cumbersome manner (e.g. by telephone). The E2EE plug-in helps to simplify this process by replacing all of the different encryption and decryption steps with one central solution.

Transparent overview of all recipients
By combining the company’s Public-Share function with E2EE, every user can create a secure and encrypted file drop by sending a link to an encrypted download area (e.g. by email) to the respective recipient. The file is thus secured and can only be opened by those ownCloud users who are transparently displayed on the upload website for all others. Anyone who uploads a file and encrypts it can see exactly who has access to it.

The second generation of E2EE is available in addition to each ownCloud Enterprise subscription from €20 per user per year and starting with 50 users. The encryption software is also a component of ownCloud.Online, the hosted cloud offering for businesses.

The administrators can start by enabling a 30-day trial version via the Marketplace.

The plug-in is also included in the 30-day trial.

As with all ownCloud Enterprise features, the source code for E2EE is available to customers on request to be able to verify the encryption independently.