ownCloud helps organizations keep their data safe. The comprehensive encryption architecture has three levels of encryption: In transit, at rest and end-to-end.
In-transit encryption is active by default and by design using HTTPS connections and the latest TLS protocol. Files can be encrypted either server-wide or on a per-user basis.
At rest, files can be encrypted either by master key or user specific keys. When encrypting with a master key, all files are encrypted using just one key pair. This prevents data to be read from storage. For added security, the keys can be stored in a hardware security module.
When encrypting with user keys, files are encrypted using keys based on the user’s passwords. To share files, they are encrypted with the public keys of the recipient. User key encryption brings a significant amount of safety, but also requires users to trust their ownCloud admins.
Please consider that stronger encryption also brings some inconveniences. Features not available when using strong encryption can, depending on the encryption level, include Collaborative editing, virus scanning, Impersonation, OAuth2, ElasticSearch and Office Integrations.