Hi. we are thinking of turning on the encryption app to encrypt the date. I have a few questions I cant work out by reading the docs or googeling. .
Firstly does it use a lot of CPU, twice as mutch, four times?...
Secondly if we turn on the encryption app on does it encrypt new date only or everything existing. If it only encrypts new data is there a way to encrypt existing date.
Thirdly am I correct if thinking the forgot password feature/reminder does not work as I read if the user looses there password they cant access there date?
Lastly reeding between the lines it seems the encription app needs enabeling on a per user basis, is this correct. Is it set to disables by default.
Some general thoughts: When you consider encryption I recommend that you start with thinking why you want it. From which attack vector do you want to protect yourself? There is the user based encryption with password as key, there is the global encryption key and if you want you could also use an already existing encryption key mechanism which you have in your organization. Alternatives are file system level encryption - or various end-to-end encryption tools which can be used for selected data and come with their own challenges. In any case the disadvantage of handling forgotten passwords (with enabled master key, otherwise only with an additional retention backup) needs to be balanced with the risk of the attack vector for your data.
Always like to learn about the attack vectors people see and like to use encryption for, so if you post that - I would welcome it.
We are a small voluntary organisation. We are trying to work out if we need to by a new server. We just trying to get a general idea as too how mutch extra CPU encryption would take, just a very rough idea. If we were a large company we would get a second machine and spend time doing exhaustive performance tests but we are not. Buying a second computer just to get a rough answer to the question is not really an option. I had to fight to get thew budget for the one we have.
Btw. before enabling encryption or planning to enable encryption please read AND understand the following:
Encryption keys are stored only on the ownCloud server, eliminating exposure of your data to third-party storage providers. The encryption app does not protect your data if your ownCloud server is compromised, and it does not prevent ownCloud administrators from reading user’s files. This would require client-side encryption, which this app does not provide. If your ownCloud server is not connected to any external storage services then it is better to use other encryption tools, such as file-level or whole-disk encryption. https://doc.owncloud.org/server/9.1/admin_manual/configuration_files/encryption_configuration.html
If you don't use external storages like Dropbox or Google Drive you even don't need to think about enabling encyrption.
this is again explained at the linked documentation:
The primary purpose of the ownCloud server-side encryption is to protect users’ files on remote storage, such as Dropbox and Google Drive, and to do it easily and seamlessly from within ownCloud.
To sum-up:
The encryption app is protecting your files if you're using external storages from the external storage provider but won't protect it from a local administrator.
i'm actually runinng OC 8.2.5 on ubuntu server needs to deny administrator to look into user data (/var/www/html/owncloud/data) from server.So any suggestions??