Data encryption

How is my data encrypted at luckycloud?

luckyStorage distinguishes between two types of encryption:

a) https encryption: TLS transport encryption is used automatically during data transfer and prevents data from being tapped by third parties during transmission ("Man in the Middle").

b) End-to-end encryption: Through the zero knowledge cloud principle and true end-to-end encryption, we give our users complete control over their data. Only by using OpenSource software can we offer plausible data protection and guarantee that not even luckycloud employees can view your data.

When you encrypt your data, a 256 bit (=32 byte) long, cryptographically strong random number is generated. This is used as the file encryption key. This so-called file key is additionally encrypted with a password. luckycloud first uses the PBKDF2 algorithm (1000 repetitions of SHA256) to derive a key/IV pair from the password. All data in the file is encrypted with AES 256/CBC using the file key. The result is called the encrypted file key. After encryption, the data is uploaded to the server and stored there. If the user wants to access the data, the data can only be decrypted with the appropriate file key.

To ensure maximum security, the plaintext password is never stored on the server, but only on your client side.

When is end-to-end encryption useful?

Unlike other cloud providers, luckycloud is one of the few Zero Knowledge Clouds from Germany. With us you are a customer - not the product! With luckycloud you only pay with money - not with your data. We do not scan, analyze or sell your data.

Since we leave your data alone, it is not always sensible to encrypt all data, as end-to-end encryption is associated with some functional limitations:

Encrypted libraries cannot be used with the Drive Client yet.

For encrypted libraries, it is not possible to create share links because a luckycloud user account is required to decrypt the library.

Encrypted libraries can only be shared completely, but not individual files or folders within the library. Therefore, it is important to consider a meaningful folder structure beforehand.

If you are not sure which data you should encrypt or need help with the folder structure, our support team will be happy to help you.

How do I encrypt my data end-to-end?

When creating a new library you have the option to check "encrypt " in the Webinterface or "encrypt " in the Sync client. Now you will be asked to assign a password for the library and confirm it. Once you have decrypted the library with your password, it remains decrypted until you log out again.