Data Encryption

How are my data encrypted at luckycloud?

In luckycloud Storage, two types of encryption are distinguished:

a) HTTPS Encryption: The TLS transport encryption is automatically used during data transfer and prevents data interception by third parties on the transmission path ("Man in the Middle").

b) End-to-End Encryption: Through the Zero-Knowledge-Cloud principle and true end-to-end encryption, we give our users complete control over their data. Only by using open-source software can we offer and guarantee plausible data protection, ensuring that not even luckycloud employees can view the data.

When you encrypt your data, a 256-bit (= 32-byte) cryptographically strong random number is generated. This is used as the file encryption key. This so-called file key is additionally secured with a password. luckycloud initially uses the PBKDF2 algorithm (1000 iterations of SHA256) to derive a key/IV pair from the password. All data of the file is encrypted with the file key using AES 256/CBC. The result is referred to as the encrypted file key. Subsequently, the data is uploaded to the server and stored there. When the user wants to access the data, it can only be decrypted with the appropriate file key.

To ensure maximum security, the plaintext password is never stored on the server, but only on your client-side.

When is end-to-end encryption sensible?

Unlike other cloud providers, luckycloud is one of the few Zero-Knowledge-Clouds from Germany. With us, YOU are the customer – not the product! At luckycloud, you only pay with money – not with your data. We do not scan, analyze, or sell your data.

Since we leave your data untouched, it is not always sensible to encrypt all data, as end-to-end encryption comes with some functional limitations:

  • It is not possible to create share links for encrypted directories, as a luckycloud user account is required to decrypt the directory.
  • Encrypted directories can only be shared entirely, not individual files or folders within the directory. Therefore, it is important to consider a sensible folder structure beforehand.

If you are unsure which data you should encrypt or if you need help with the folder structure, our support team is happy to assist you.

How do I encrypt my data end-to-end?

When creating a new directory, you have the option to check the "Encrypt" box in the web interface or "encrypted" in the sync client. You will then be prompted to set and confirm a password for the directory. Once you have decrypted the directory with your password, it will remain decrypted until you log out again.

One/Teams: sync.luckycloud.de
Business: storage.luckycloud.de