Encryption

Server side encryption

bwSync&Share offers server side encryption. With the switch to Nextcloud the storage space is encrypted by default. This increases the security level by protecting against attacks on storage space level.

End-to-end encryption

The integrated end-to-end encryption in the Nextcloud software used does not work together with the activated server-side encryption.
If you absolutely need end-to-end encryption, there is the Cryptomator software.
Since, in our experience, data loss can occur when using Cryptomator in conjunction with server-side encryption, we cannot recommend using Cryptomator.
If you use Cryptomator, you should back up the data elsewhere to be sure that you do not lose any data.

End-to-end encryption generally does not work with the web browser. Therefore you must have installed the PowerFolder client or in future the Nextcloud client to use Cryptomator together with bwSync&Share.

With Cryptomator you create a so-called Vault below the folder to be synchronized. To do this, click on Plus and select "Create New Vault". Now create a folder below the folder to be synchronized, i.e. below bwSyncAndShare (PowerFolder) or Nextcloud in your home directory.

Now enter a password. Please make sure you remember the password. If you do not remember it, no one can help you to access the data again.

The encrypted data is now highly synchronized to the server. They are not readable for anyone, not even for bwSyncandShare administrators. They are therefore only decryptable and therefore readable for the end user (= end-to-end encryption).

You can invite other users to the folder. However, they will also need Cryptomator and the password to decrypt the folder.

Das Entschlüsseln eines Ordners mit Cryptomator funktioniert folgendermaßen: Wenn Sie einen verschlüsselten Ordner haben, können Sie diesen entschlüsseln, indem Sie auf Plus Klicken "Open Existing Vault". Dann wählen Sie  unterhalb des verschlüsselten Ortdners  den Cryptomator Masterkey aus und geben Ihr Passwort ein. Dieses Verfahren funktioniert über verschiedene Geräte hinweg (auch mobil) und auch bei von verschiedenen Nutzern geteilten Daten, sofern das Passwort des Vaults auch geteilt wird.