Forums Help & support ownCloud query

This topic contains 7 replies, has 2 voices, and was last updated by  Svante 7 years, 2 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #7668 Reply

    Gregory

    I use ownCloud which is a self-hosted open source cloud solution. I’ve not bothered to upgrade to its latest fork, Nextcloud as I’m happy with the current version for the minute.

    The area I live in suffers from frequent brownouts therefore I host my instance in a cheap but reliable VPS. I lose some of the security as the server isn’t under my control and a rogue VPS host administrator could disable the encryption but it’s significantly more private than using Google Drive or a commercial alternative.

    I’m running Windows 10 and want an easy way to encrypt my files so that only I can see my files in the event a rogue administrator disables the cloud encryption. I’ve searched this forum high and low and it appears that AxCrypt might solve this problem for me. I don’t want individual passwords and I want to be able to decrypt and use my files by double clicking which I can in AxCrypt.

    I want to have a directory on my computer which only syncs encrypted AxCrypt files to ownCloud. To do this I think I would need to designate the directories as secure folders?

    • Is there an easy way for AxCrypt to sync with ownCloud?
    • Would I need to use the My Documents as my working directory and then manually drag and drop the files to my ownCloud virtual NAS? I have the option of WebDAV too. I don’t want my files touching the cloud unencrypted.
    • Would I need to automate copying of only axx files to a designated Cloud Sync directory and then sync that designated directory to ownCloud? This would stop the plaintext files touching my cloud.

    From the forums posts I’ve read that AxCrypt transmits my password to the server. I figured I could use the software in offline mode but then I’d lose the benefit of AES-256 and secure folders.

    Can I purchase a licence for my email address without sending you the password and then import the licence into AxCrypt?

    I don’t want to ever transmit my encryption password to anybody not even over TLS. It’s a security risk and its rarely properly implemented. When I looked at the website it isn’t as secure as it could be: there’s no CAA entry – not fully supported everywhere yet, it supports weak RC4 ciphers, has weak key exchange, uses common Diffie-Hellman primes, reuses DH and ECDH parameters and the HSTS policy doesn’t preload nor do you use HPKP.

    It’s too much of a security risk and if I was happy with transmitting my password I’d stick with the ownCloud encryption.

    My only option is to use the software offline but then I lose some important functionality. Can a purchase option be built which creates a license key from only an email address (no password) which I can paste into AxCrypt? You must have most of this infrastructure in place already.

    #7669 Reply

    Franz

    I confess I’m not familiar with ownCloud but its successor uses a very near identical desktop application. Nextcloud only supports partial selective sync and does so by folders, not arbitrary file extensions. There’s an option to specify a list of filetype exclusions but not a list of inclusions; you could manually enter all the filetypes you wished to exclude (.doc, .docx, .rtf, .pdf, .jpg, .jpeg) but that’d be very time consuming and some would slip through the net.

    You could look for some other software because WebDAV offers you the flexibility to choose.

    You can’t only upload certain filetypes (.axx) in the GUI. You can on the command line but that’s not a good fit for Windows 10 unless you get the Ubuntu bash shell – Windows Subsystem for Linux (Beta).

    I think you’d have to create various Secured Folders in AxCrypt to achieve what you want and run a manual sync in ownCloud once you’re satisfied that everything is encrypted.

    AxCrypt don’t allow you to get an offline license file without sending your password. You’d have to connect to the internet, purchase it and copy the file to whatever system you’re using but you’d still have sent the password to AxCrypt. A few people have requested this if you look through the forum. You must submit your password to the server and you must trust that they retain it only in RAM. You could use the always offline mode [-offline] and make an account but you get AES 128. If you want StrongerEncryption you need to obtain the source code and modify it. It’s a very simple thing for them to add but it probably comes down to a lack of resources.

    #7670 Reply

    Gregory

    I’d forgotten about the command line client but having looked into it there’s still no option to selectively sync certain files. There should be a BASH command which would do that do so I’ll do some more research.

    Thanks for confirming the license policy about AxCrypt. I’m not a programmer so I don’t want to change the source code so the free 128-bit will have to be good enough as I can create a free account offline and it’ll mean I’ll save $28.80 by choosing free.

    I’d have preferred to have bought a license but I plainly refuse to transmit my decryption key offline. Backblaze do the same thing, except they have your files as well. It reduces the security of encryption if the provider has access to your key, even if they don’t misuse it.

    “To decrypt your data, you are required to enter your passphrase on our secure website.  When you do so, it is passed over an encrypted connection to our datacenter where it is used to decrypt your private key, which in turn is used to decrypt your data.  Your passphrase is never saved on disk and it is discarded once it is used.”

    #7671 Reply

    Zak

    I can’t answer your other question but I can confirm that AxCrypt requires an internet connection for a premium membership.

    #7672 Reply

    Svante
    Spectator

    Concerning the offline license question, see https://forum.axcrypt.net/forums/topic/premium-on-windows-vista/ .

    #7679 Reply

    Gregory

    I’ve looked at the Windows Vista comment Svante but it’s not applicable. The only reason I want what you call an offline license is because I never want to transmit my password over the internet. Using the method you suggest would transmit my password to AxCrypt.

    Is it possible to obtain those configuration files – subject to payment – via email but without supplying a password?

    #7685 Reply

    Wilberforce

    Reply #7543 says that “In the future you’ll be able to download a license file containing this information directly from the web or from the app, and import it directly to the app.”

    You’ll have to wait until AxCrypt implement this for you. Franz’s method would work but if you’re not comfortable changing the source code then you’re out of luck.

    I fully understand your concerns about sending your password to a blackbox server. I take an educated guess here but I suspect the majority of AxCrypt’s customers never use the Key Sharing feature so there’s little need for the password to be submitted to the server, apart from receiving the private key and even that could be delivered without needing a password.

    You might look at VeraCrypt but that’s a volume encryption product, AxCrypt encrypts individual fiiles. You’d have to upload sparse bundles to your cloud and this is not suitable if you regularly update small, individual files as you’d be wasting much bandwidth.

    Until/if AxCrypt allow you to import a license file using the free AES-128 is better than nothing.

    #7703 Reply

    Svante
    Spectator

    Hello Gregory,

    Yes, you’re right. The link I sent is about a slightly different concern, it’s about how to get a non-networked computer working with Premium. My bad.

    As mentioned, in the future, we’ll implement a purchase system that would enable you to purchase a license without ever entering a password to our server, but right now we can’t do that since the payment is/must be tied to an account.

    Still, as a work-around you could use the method mentioned in the link, and simply use a unique password not used anywhere else for the online part of the operation.

Viewing 8 posts - 1 through 8 (of 8 total)
Reply To: ownCloud query
Your information: