ownCloud Advanced Security

Comprehensive Encryption

Safeguard data through state-of-the-art cryptographic measures. With its modular and flexible encryption architecture, ownCloud enables custom setups for every threat level and regulatory requirement.

Community Edition
Standard Edition
Enterprise Edition


ownCloud helps organizations keep their data safe. The comprehensive encryption architecture has three levels of encryption: In transit, at rest and end-to-end.

In-transit encryption is active by default and by design using HTTPS connections and the latest TLS protocol. Files can be encrypted server-wide and/or End-to-End.

At rest, files can be encrypted by master key. When encrypting with a master key, all files are encrypted using just one key pair. This prevents data to be read from storage. For added security, the keys can be stored in a hardware security module (HSM).

For the highest level of data secrecy, ownCloud provides an End-to-End-Encryption Plugin as an additional subscription to the Enterprise edition. Users can then encrypt any empty folder. Files are encrypted and decrypted in the browser using a JavaScript Plugin, optionally using a hardware smart key.

Please consider that stronger encryption also brings some inconveniences. Features not available when using strong encryption can, depending on the encryption level, include Collaborative editing, virus scanning, Impersonation, OAuth2, ElasticSearch and Office Integrations.

Illustration of End-to-End-Encryption as part of ownCloud's Comprehensive Encryption

Ready to get started?

Learn more about Comprehensive Encryption