Encryption switch for external storages

[PVince81]

Discussed this with @Xenopathic today.

Adding the switch shouldn't be too complicated as there is already internal code to disable encryption for specific storages.

The main issue is mostly about where to put it in the already overloaded Admin page UI.

One idea proposed by @Xenopathic was to have a cog icon in every one that shows a dropdown (like the share dropdown) with advanced options like "Disable encryption" and possibly others.

CC @owncloud/designers for the UI topic

[jancborchardt]

Yup, the proposal by @Xenopathic sounds good.

[karolherbst]

👍 Is this for #8460 ?

[karolherbst]

But I guess is a switch like encrypting the entire external storage or nothing. Still a nice feature

[xdmx]

This would work for me, I'd create two dropbox accounts, one (encrypted) to use as storage, and one (not encrypted) for sharing folders

I hope you'll be able to add this option to 7.0.3 or 7.0.4

[RobinMcCorkell]

@xdmx Unfortunately this would involve a lot of code structure changes, so it might only come out in OC 7.1.0 (if we do such releases?) if not OC 8

[PVince81]

No. For some reason we never seem to increase the minor version...
So it will be OC 8 as it's a new feature.
Only bugfixes are backported to OC 7.

[PVince81]

Oops.

[MikWells]

Having an option for encrypting an external storage is a good first step. However, I'd prefer an option where you can choose to encrypt on a folder-by-folder basis. This would be much more useful for me as I wouldn't have to create and manage multiple dropbox accounts.

[schiessle]

I have some sympathy for the idea of a general per-folder setting, but we need to think about it carefully.

Possible problems:

1. we would generate a lot of additional meta-data about which folder is encrypted and which not and we would need to have a way to recover the information in case the user loses (part of) his database.
2. This would invite people to "randomly" enable and disable encryption for folders. Already today we have problems with timeouts during initial encryption. This problem could become worse if people activate/deactivate encryption at any given time (for large folders).
3. what happens if people move files from a encrypted folder to a unencrypted and back. This move would result in quite some overhead because we don't have to only move the folder/file but also encrypt/decrypt it. Don't want to think about if people move folder with large or many files
4. Same if people decide to restore files from the trash bin. If the file/folder was copied from a encrypted location but now gets restored to a unencrypted location or the other way around
5. Versions need to be considered too.

So maybe it would make more sense to make it only configurable as a per mount point setting in the external storage app. This would at least eliminate some but not all problems mentioned above, remaining problems 3, 4, 5. Still we have to think about the remaining issues first.

[karlitschek]

I think we need an option to enable/disable it based on mountpoints.

[nlaplante]

Also encryption totally kills SMB shares. Unusable outside OC. I'm in for per-folder or per-mount-point encryption switch.

[etiess]

100% agree with you @schiesbn , It would be great to have a per-folder setting. Then I think #5679 can be closed.
[EDIT]: and maybe this one too would be solved: #9967

[aaschmid]

It would also be nice if the external mount encryption could be separated from the users password to be able to use the "remember" feature :-)

[l3iggs]

+1 for a per-external-storage encryption switch

[ZacharyDuBois]

:( I was hoping to see all these encryption and external mount bugs fixed in 8.0.

[PVince81]

@ZacharyDuBois well... time and resources are limited. I was hoping too.

What bugs are you thinking of ?
The encryption bug with WebDAV/ownCloud mounts should be fixed already as per #5952

[ZacharyDuBois]

@PVince81 Just in general as it seems that the encryption plugin itself needs a major overhaul since it has so many issues with other plugins.

[PVince81]

@icewind1991 are you still working on this ? (if yes please assign to yourself)

[karlitschek]

yes. this is actual important

[icewind1991]

Should be fixed with #15338

[PVince81]

Ah cool, I see the switch.
Will do some testing and raise separate tickets for bugs I find.

[PVince81]

So far it seems to work well.
Moving files between encrypted and non-encrypted don't work properly, but this is due to #15619

The option properly disappears when encryption is disabled. Neat 😄

[Croydon]

Desperately needed, thanks!