luckyStorage distinguishes between two types of encryption:
When you encrypt your data, a 256 bit (=32 byte) long, cryptographically strong random number is generated. This is used as the file encryption key. This so-called file key is additionally encrypted with a password. luckycloud first uses the PBKDF2 algorithm (1000 repetitions of SHA256) to derive a key/IV pair from the password. All data in the file is encrypted with AES 256/CBC using the file key. The result is called the encrypted file key. After encryption, the data is uploaded to the server and stored there. If the user wants to access the data, the data can only be decrypted with the appropriate file key.
To ensure maximum security, the plaintext password is never stored on the server, but only on your client side.
All your data is automatically encrypted with TLS. This prevents third parties from spying on your data.
Die Ende-zu-Ende Verschlüsselung können Sie im Seafile Client oder Webinterface bei der Erstellung einer Bibliothek einsetzen.
This is how libraries are encrypted end-to-end. Only people who have the appropriate key can access the library.
This is how libraries are encrypted end-to-end. Only people who have the appropriate key can access the library. If you want to share the library with your users, you must tell them the key.
Note: Files and subfolders cannot be encrypted individually. These are automatically encrypted if they are located in an encrypted library. Subsequent encryption and decryption of libraries is not possible. The encryption of a library is like a fingerprint and therefore irreversible.
To give you full key sovereignty, the keys or library passwords are not stored on our servers. Password recovery is therefore not possible if you lose the key.
You can recognize a real end-to-end encryption by the fact that you choose the key yourself and your key is not stored on the servers (only the matching key pair) and therefore cannot recover the library password. This is the only way to keep the key sovereignty over your data!
Unlike other cloud providers, luckycloud is a Zero Knowledge Cloud from Germany. With us you are a customer - not the product! You only pay with money, not with your data. We scan, analyze or sell your data not. Since we leave your data alone, it is not always sensible to encrypt all data, as end-to-end encryption is associated with some functional limitations.
Note: Currently, encrypted libraries cannot yet be used with the Drive Client. For encrypted libraries it is not possible to create share links, because a luckycloud user account is required to decrypt the library. It is also not possible to share single files or subfolders of an encrypted library with users, because the entire library is decrypted during decryption. Therefore it is all the more important to consider a meaningful folder structure beforehand.
If you are not sure which data you should encrypt or need help with the folder structure, our support team will be happy to advise you.