Skip to content

E2EE encryption in Nextcloud

End-to-end encryption enables sensitive data to be transferred via the cloud without an administrator or third party being able to view the contents of the files on the server. Encryption and decryption is carried out by a client on the end device (computer, cell phone, tablet). The advantage of Nextcloud end-to-end encryption (E2EE) is that one can also share the encrypted folders without having to share the own key.

Prerequisite: an E2EE app must be activated on the server, original Nextcloud client version 3.17+.

Client configuration

Server address: https://cryptnc.uni-muenster.de

Credentials: standard university login and password.

Check that the option “This account supports end-to-end encryption” is displayed in your client. Click on “Set-up encryption” to generate the encryption mnemonic.

Nextcloud Client Set up Encryption

Please save this phrase as you will need it to decrypt the files on other endpoints or to recover the files if the device is lost.

Mnemonic Phrase

If you have already enabled encryption on the client, you can look up the mnemonic phrase by clicking 'Show mnemonic'.

Creating the ecrypted folder

Notice: Keep a second copy of the files on your computer outside the nextcloud folder, this should also be where you edit the files. Use the encrypted folders to transfer files between different computers.

Try not to edit files inside the encrypted folder, as they may be irreversibly encrypted. There are methods to decrypt the files using the script provided by Nextcloud, but this method has not been tested yet, so we would rather advise you to do everything possible to avoid this risk.

Create the new folder. The folder must be empty to enable encryption. This is to prevent data loss. Any files placed in this folder will automatically be encrypted. The contents of this folder won't be displayed in the web interface. On the server side, only the top level of files would be displayed in encrypted form. This way the admin won't be able to see the data type. So, for example, if you put another folder in the encrypted folder, it would only be shown as a file, without any details about the files in it.

New Folder

Sharing the ecrypted folder via Desktop Client

Activate the Nextcloud client and navigate to the Nextcloud folder on your computer.
Right-click on the folder you want to share. If the Nextcloud client is active, you should see Nextcloud in the menu. Clicking on Nextcloud > Share options will open a window where you can add or remove shares for the chosen file or folder.

  • In order to add a Nextcloud entry, additional packages need to be installed for Linux users. For Ubuntu, the nautilus-nextcloud package; for KDE systems, the dolphin-nextcloud package, and so on.