Open E2E folders with Nextcloud Web App

[ntimo]

Hello,
it would be really cool if it would be possible to open a end to end encrypted folder using the web version of nextcloud, the decryption could be done in the local browser. Or at least the error message when trying to open a E2E encrypted folder could be changed "Operation not permitted" is a bit strange. Maybe "You can't open end to end encryped folder using the web version." would be better.

Best wishes,
Timo

[tobiasKaminsky]

Encrypting/decrypting in web browser would be possible, but from a security point of view this is not meaningful.
The browser needs to download the code for encrypt/decrypt and thus a compromised server could sent a wrong version which e.g. extracts and sends all passwords.

@schiessle regarding error message.

[kwisatz]

Would a browser extension be more trust-worthy?
E.g. similar to what passbolt or perhaps mailvelope are doing?

[paulolieuthier]

Can someone point out how an extension would not guarantee security?

[hex-m]

This feature would be useful, if it would be possible to split the Data-Storage from the Web-GUI. That way users could install the Web-GUI on a more trustworthy server (e.g. selfhosted) and make that one connect to the NC instance that holds the encrypted data. But that would either mean a making the server more modular or creating a new (lightweight) Nextcloud web client.

Another (even more theoretical) idea would be to distribute the relevant crypto-code via a peer to peer, content addressable protocol (dat, ipfs). That would prevent targeted attacks and make the code auditable. But for now a browser extension seems more realistic. ;)

[trymeouteh]

I would like to suggest adding browsing in the desktop client. This will allow users to browser files, delete files, upload files, etc within the client which can allow E2EE.

[georgehrke]

Currently there are no plans to implement such a feature. Thus I will close this ticket for now. This is simply not on our roadmap for the near future. If somebody wants to implement this feature nevertheless we are happy to assist and help out.

[thelittlefireman]

Encrypting/decrypting in web browser would be possible, but from a security point of view this is not meaningful.
The browser needs to download the code for encrypt/decrypt and thus a compromised server could sent a wrong version which e.g. extracts and sends all passwords.

@schiessle regarding error message.

Hi,
Juste to add some informations, all current web browsers (chrome, edge, firefox, etc) now implement the Web Cryptography API by default. (https://www.w3.org/TR/WebCryptoAPI/#subtlecrypto-interface)[https://www.w3.org/TR/WebCryptoAPI/#subtlecrypto-interface].

No need to download We just need a piece of js script which would call this browser api to decrypt/encrypt the files.
That's the way Element-web (ie matrix) does it's e2e chat messaging with its web app. (https://github.com/vector-im/hydrogen-web/blob/6bd5692517bec2da85d9be7444c77bba99cb1ac4/src/platform/web/dom/Crypto.js)[https://github.com/vector-im/hydrogen-web/blob/6bd5692517bec2da85d9be7444c77bba99cb1ac4/src/platform/web/dom/Crypto.js]

further information on the api : (https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto)[https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto]

it could realy be a fun feature on the e2e module :)

[bcutter]

Definitely an interesting input 👍
Anyway, they should first make sure the whole E2EE stuff is basically working, the current situation on the endpoint (desktop client) and server side is a really bad joke (see nextcloud/desktop#2593). iOS & Android are fine and so would web I assume... so really an interesting thing ✔

[walking-octopus]

I think this issue should be reopened because without E2E in web version most apps would not be able to access encrypted folders. This makes E2E an isolated option, rather than the recommendation.

[PackElend]

any chance that e2e will be accessible from the web app/this issue will be reopened.

I'm wondering if 3rd party app would be ever able to access e2e data, e.g. using a different photo manager which shall manage my e2e photos as well.