luckyStorage distinguishes between two types of encryption:
When you encrypt your data, a 256 bit (=32 byte) long, cryptographically strong random number is generated. This is used as the file encryption key. This so-called file key is additionally encrypted with a password. luckycloud first uses the PBKDF2 algorithm (1000 repetitions of SHA256) to derive a key/IV pair from the password. All data in the file is encrypted with AES 256/CBC using the file key. The result is called the encrypted file key. After encryption, the data is uploaded to the server and stored there. If the user wants to access the data, the data can only be decrypted with the appropriate file key.
To ensure maximum security, the plaintext password is never stored on the server, but only on your client side.
All your data is automatically encrypted with TLS. This prevents third parties from spying on your data.
You can activate end-to-end encryption in the luckycloud client or in the Webinterface when creating a directory
This is how directories are encrypted end-to-end. Only people who have the appropriate key can access the directory.
This is how directories are encrypted end-to-end. Only people who have the appropriate key can access the directory. If you want to share the directory with your users, you must tell them the key.
Note: Files and subfolders cannot be encrypted individually. These are automatically encrypted if they are located in an encrypted directory. Subsequent encryption and decryption of directories is not possible. The encryption of a directory is like a fingerprint and therefore irreversible.
To give you full key sovereignty, the keys or directory passwords are not stored on our servers. Password recovery is therefore not possible if you lose the key.
You can recognize a real end-to-end encryption by the fact that you choose the key yourself and your key is not stored on the servers (only the matching key pair) and therefore cannot recover the directory password. This is the only way to keep the key sovereignty over your data!
Unlike other cloud providers, luckycloud is a Zero Knowledge Cloud from Germany. With us you are a customer - not the product! You only pay with money, not with your data. We scan, analyze or sell your data not. Since we leave your data alone, it is not always sensible to encrypt all data, as end-to-end encryption is associated with some functional limitations.
Note: For encrypted directories it is not possible to create share links, because a luckycloud user account is required to decrypt the directory. It is also not possible to share single files or subfolders of an encrypted directory with users, because the entire directory is decrypted during decryption. Therefore it is all the more important to consider a meaningful folder structure beforehand.
If you are not sure which data you should encrypt or need help with the folder structure, our support team will be happy to advise you.