File Systems¶
Once enabled, all files within ownCloud are encrypted, with the exceptions mentioned above. This includes files in local storage, as well as files contained within external storage mounts.
The encryption app creates several key files/folders when enabled. ~/data/public-keys contains the public keys for all users, and ~/data/owncloud_private_keys contains system wide private keys utilized for public link shares as well as the recovery key.
The encryption app stores key information in the ~/data/<user>/files_encryption directory.
As mentioned previously, the private key is generated from the user’s password.
Each file that the user owns will have a corresponding keyfile maintained in the keyfiles directory.
In addition a share key will be generated for each file in the event that there is an external storage mount by the admin for multiple users or groups.
When viewing a file directly on the ownCloud data directory, it will show up as encrypted.
However, viewing the same file via the browser, the actual contents of the file are displayed.