Data encryption

What types of encryption are there at luckycloud?

luckyStorage distinguishes between two types of encryption:

  1. https encryption: TLS transport encryption is used automatically during data transfer and prevents data from being tapped by third parties during transmission ("man in the middle").

  2. End-to-end encryption: Through the zero knowledge cloud principle and true end-to-end encryption, we give our users back the sovereignty over their data. Only by using OpenSource software can we offer plausible data protection and guarantee that not even luckycloud employees can view your data.

When you encrypt your data, a 256 bit (=32 byte) long, cryptographically strong random number is generated. This is used as the file encryption key. This so-called file key is additionally encrypted with a password. luckycloud first uses the PBKDF2 algorithm (1000 repetitions of SHA256) to derive a key/IV pair from the password. All data in the file is encrypted with AES 256/CBC using the file key. The result is called the encrypted file key. After encryption, the data is uploaded to the server and stored there. If the user wants to access the data, the data can only be decrypted with the appropriate file key.

To ensure maximum security, the plaintext password is never stored on the server, but only on your client side.

How do I encrypt my data?

All your data is automatically encrypted with TLS. This prevents third parties from spying on your data.

Die Ende-zu-Ende Verschlüsselung können Sie im Seafile Client oder Webinterface bei der Erstellung einer Bibliothek einsetzen.

Encryption with the Sync Client

  1. Open the Sync Client.
  2. take the folder you want to upload and drop it in the bottom field of the Sync Client.
  3. A dialog window will appear. Set a check mark at "encrypt" and enter a password for the library. You will then need this password when decrypting the library.
  4. Finish the process with "Ok".

This is how libraries are encrypted end-to-end. Only people who have the appropriate key can access the library.

Video tutorial: Encrypting library in sync client

Encryption in the web interface

  1. log in to the web interface.
  2. go to New library and then set a tick to Encrypt. Select a password or key for your library and enter it in the corresponding field.
  3. finish the process with "Ok".

This is how libraries are encrypted end-to-end. Only people who have the appropriate key can access the library. If you want to share the library with your users, you must tell them the key.

Note: Files and subfolders cannot be encrypted individually. These are automatically encrypted if they are located in an encrypted library. Subsequent encryption and decryption of libraries is not possible. The encryption of a library is like a fingerprint and therefore irreversible.

To give you full key sovereignty, the keys or library passwords are not stored on our servers. Password recovery is therefore not possible if you lose the key.

Video tutorial: Encrypt library in web interface

How do I recognize a real end-to-end encryption?

You can recognize a real end-to-end encryption by the fact that you choose the key yourself and your key is not stored on the servers (only the matching key pair) and therefore cannot recover the library password. This is the only way to keep the key sovereignty over your data!

When is it useful to encrypt?

Unlike other cloud providers, luckycloud is a Zero Knowledge Cloud from Germany. With us you are a customer - not the product! You only pay with money, not with your data. We scan, analyze or sell your data not. Since we leave your data alone, it is not always sensible to encrypt all data, as end-to-end encryption is associated with some functional limitations.

Note: Currently, encrypted libraries cannot yet be used with the Drive Client. For encrypted libraries it is not possible to create share links, because a luckycloud user account is required to decrypt the library. It is also not possible to share single files or subfolders of an encrypted library with users, because the entire library is decrypted during decryption. Therefore it is all the more important to consider a meaningful folder structure beforehand.

If you are not sure which data you should encrypt or need help with the folder structure, our support team will be happy to advise you.