Data encryption

What types of encryption are there at luckycloud?

luckyStorage distinguishes between two types of encryption:

  1. https encryption: TLS transport encryption is used automatically during data transfer and prevents data from being tapped by third parties during transmission ("man in the middle").

  2. End-to-end encryption: Through the zero knowledge cloud principle and true end-to-end encryption, we give our users back the sovereignty over their data. Only by using OpenSource software can we offer plausible data protection and guarantee that not even luckycloud employees can view your data.

When you encrypt your data, a 256 bit (=32 byte) long, cryptographically strong random number is generated. This is used as the file encryption key. This so-called file key is additionally encrypted with a password. luckycloud first uses the PBKDF2 algorithm (1000 repetitions of SHA256) to derive a key/IV pair from the password. All data in the file is encrypted with AES 256/CBC using the file key. The result is called the encrypted file key. After encryption, the data is uploaded to the server and stored there. If the user wants to access the data, the data can only be decrypted with the appropriate file key.

To ensure maximum security, the plaintext password is never stored on the server, but only on your client side.

How do I encrypt my data?

All your data is automatically encrypted with TLS. This prevents third parties from spying on your data.

You can activate end-to-end encryption in the luckycloud client or in the Webinterface when creating a directory

Encryption with the Sync Client

  1. Open the Sync Client.
  2. take the folder you want to upload and drop it in the bottom field of the Sync Client.
  3. A dialog window will appear. Set a check mark at "encrypt" and enter a password for the directory. You will then need this password when decrypting the directory.
  4. Finish the process with "Ok".

This is how directories are encrypted end-to-end. Only people who have the appropriate key can access the directory.

Encryption in the web interface

  1. log in to the web interface.
  2. go to New directory and then set a tick to Encrypt. Select a password or key for your directory and enter it in the corresponding field.
  3. finish the process with "Ok".

This is how directories are encrypted end-to-end. Only people who have the appropriate key can access the directory. If you want to share the directory with your users, you must tell them the key.

Note: Files and subfolders cannot be encrypted individually. These are automatically encrypted if they are located in an encrypted directory. Subsequent encryption and decryption of directories is not possible. The encryption of a directory is like a fingerprint and therefore irreversible.

To give you full key sovereignty, the keys or directory passwords are not stored on our servers. Password recovery is therefore not possible if you lose the key.

How do I recognize a real end-to-end encryption?

You can recognize a real end-to-end encryption by the fact that you choose the key yourself and your key is not stored on the servers (only the matching key pair) and therefore cannot recover the directory password. This is the only way to keep the key sovereignty over your data!

When is it useful to encrypt?

Unlike other cloud providers, luckycloud is a Zero Knowledge Cloud from Germany. With us you are a customer - not the product! You only pay with money, not with your data. We scan, analyze or sell your data not. Since we leave your data alone, it is not always sensible to encrypt all data, as end-to-end encryption is associated with some functional limitations.

Note: For encrypted directories it is not possible to create share links, because a luckycloud user account is required to decrypt the directory. It is also not possible to share single files or subfolders of an encrypted directory with users, because the entire directory is decrypted during decryption. Therefore it is all the more important to consider a meaningful folder structure beforehand.

If you are not sure which data you should encrypt or need help with the folder structure, our support team will be happy to advise you.