The connection to the Collaboration Cloud Storage environment always happens in an encrypted form, regardless of the chosen access path. This means that nobody between your end device and the CCS server environment can have an insight into your saved data or used passwords. However, the files within the CCS server environment are being saved on the data mediums without encryption. This result is authorised administrators of the CCS server environment having access to your files. If you want to ensure that nobody besides people you authorised to do so has access to your data, you must encrypt your data from the client-side in advance(!) of the storing into the CCS environment (so-called end to end encryption (E2E)).
The Cryptomator software is a suitable product for client-side encryption for all platforms (Report on golem.de). In the Cryptomator download area you can download and install the software for your operating system. Your files are organised here in so-called safes.
- Click on the „+“ symbol and create a new vault.
- When in the file system, select a place within your synchronised Nextcloud-area (e.g. Nextcloud\Cryptomator) and select a significant name (e.g. JADE-HS - Vault).
- Assign a safe password for your vault, then select the button “Tresor erstellen” (ENG: “Create Vault”).
- Click the button “Weitere Optionen” (ENG: “Further Options”).
- Save Password: Comfortably saves your used password, but reduces safety
- Connect Drive: Connects the vault in the file-browser
- Drive Name: Indicated name in the file-browser (should remain as it is)
- Show Drive: Opens a new file-browser window after unlocking
- Drive Letter: Possibility to assign a drive letter (e.g. V:) (only Microsoft Windows)
- At the end, you can unlock your vault by typing in your password. You can then see the vault in your file-browser.