ownCloud announces the second generation of End-To-End Encryption (E2EE) for ownCloud Enterprise. The plugin enables encryption and decryption by generating a “key pair” including a private key and public key, which takes place directly with the sender and recipient in the web browser. The new Version also provides the option of using hardware keys on which a private key is stored and never leaves the token, such as smart cards or USB tokens. This eliminates the risk of attackers accessing the key and significantly increases security.
E2EE for ownCloud Enterprise is the safest and easiest way to exchange encrypted files between two or more people regardless of the internal security infrastructure available in a company. This means that neither the sender nor the recipient of a file is bound to a specific environment. Unauthorized third parties and even administrators do not have access to the encrypted files, which cannot be decrypted even if the hardware token is stolen.
The decryption of a sent file takes place directly in the user’s web browser. In order to guarantee that the private key cannot be accessed, the decryption of the file keys can be outsourced to an external key service, which also supports communication with external hardware tokens. Afterwards this decrypted file key is used by the browser for the actual decryption of the file.
The file exchange can be made via the ownCloud Outlook plug-in, as well as with any web browser. Since the file exchange takes place within ownCloud, there are no restrictions on file types and sizes.
Hardware Key Support for Enhanced Security
The ability to use hardware tokens is particularly relevant where legislation demands the encryption of certain files. It is extremely important that the file can only be opened by the authorized recipient. This is made possible by the use of certain hardware keys such as smart cards or USB tokens, which only work in combination with a certain device on which the Key Service is installed.
The usage of the E2EE plugin is particularly useful wherever there are high compliance requirements for file exchange. In addition to the public sector, this also includes companies that process sensitive personal data (e.g. customer, insurance or medical data).
Secure Encryption when Sending Emails with Outlook
The E2EE plugin makes it much easier to send encrypted files by email. All users have the option of sharing a file within the ownCloud user interface or by sending an email directly via the ownCloud Outlook plugin. Additional encryption is no longer necessary. After registration, an individual key pair is created for the recipient consisting of a public key on the ownCloud server and a private key on the user’s local computer (2048 bit RSA).
The Outlook plug-in offers a further advantage. In many companies, sending emails via Microsoft Outlook is still standard. However, there are significant restrictions on the file size when sending emails. With the plugin, this limitation is no longer an issue, as attachments are no longer sent, but only retrieved by the recipient on the ownCloud server. The share settings can also be changed at any time.
The plugin is, therefore, also an attractive option for companies that already use encryption but would like a simpler solution. Applications are often used that compress files and provide them with a password, which in turn has to be transmitted to the recipient in a cumbersome manner (e.g. by telephone). The E2EE plug-in from ownCloud helps to radically simplify this process by replacing all of the different encryption and decryption steps with one central solution.
Transparent Overview of all Recipients
By combining the ownCloud Public-Share function with E2EE, every user can now create a secure and encrypted file drop by sending a link to an encrypted download area (e.g. by email) to the respective recipient. The file is, thus, completely secured and can only be opened by those ownCloud users who are transparently displayed on the upload website for all others. Anyone who uploads a file and encrypts it can see exactly who has access to it.
The second generation of E2EE is available in addition to each ownCloud Enterprise Subscription from 20 EUR per user per year and starting with 50 users. The encryption software is also a key component of ownCloud.Online, the hosted cloud offering for businesses.
As with all ownCloud Enterprise features, the source code for E2EE is available to customers on request to be able to verify the encryption independently.
ownCloud is the largest Open Source Filesharing solution in the world with 200.000 installations and more than 25 million users. The Open Platform for Secure Enterprise Filesharing combines consumer-grade usability with enterprise-grade security. It enables users to access data no matter where it is stored or which device is used. By giving organizations the visibility and control required to manage sensitive data while offering users the modern collaboration experience they demand, productivity and security are increased at the same time. For more information, visit: http://www.owncloud.com.
To join the conversation, please visit https://owncloud.com/newsroom/ or follow us on Twitter @ownCloud.