On Wed, 16 Jul 2014 17:35:34 +0400 Emre Erenoglu wrote: > On Wed, Jul 16, 2014 at 5:04 PM, Olivier Goffart > <[email protected]> wrote: > > > > A good read: http://matasano.com/articles/javascript-cryptography/ > > > > In summary, if you can't trust the server that it does the > > encryption, then you also can't trust that it does not serve you > > bad javascript that sends to > > the server the encryption keys. > > > > > I agree, that's why we would ultimately need to have a client > software that can be compiled from source on your own machine :)
Ideally this client software would be the ownCloud sync client and the mobile clients. The server side encryption was implemented with the idea in mind to extend it with client side encryption later on. On the server-side we would just need to add some OCS calls to read/write the keys, get a list of recipients etc. If someone wants to work on the client part I would happily assist you on the server side. cheers, Björn -- Björn Schießle <[email protected]> Software Developer ownCloud GmbH - www.owncloud.com Your Data, Your Cloud, Your Way! ownCloud GmbH, GF: Markus Rex, Holger Dyroff, Frank Karlitschek Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)
signature.asc
Description: PGP signature
_______________________________________________ User mailing list [email protected] http://mailman.owncloud.org/mailman/listinfo/user
