encyption of data-at-rest?

sécurité
question

#1

Hello,

According to this article, “…files are encrypted on the hard drive…”, which implies some form of encryption-at-rest on data stored in a Cozy. However, according to this forum entry, “…we chose to not encrypt every data.…”, which implies that the data are not encrypted.

Would it be possible to have further information on how the data is secured on Cozy’s servers? In particular, is Cozy Drive zero-knowledge? If not, what isn’t encrypted and why? What encryption libraries and techniques are being used?

Thank you!


#2

Hello @phrawzty,

Your files are stored on encrypted filesystems. But the files themselves are not encrypted.

There is no such thins as zero knowledge in Cozy for now. Encrypting your data would make it hard to offer features like file sharing.

In the future we plan to allow to encrypt the directories you sync between your computers and your server. But we don’t have a roadmap for now.


#3

Thank you for your reply.