Encryption

One of the main reason why the encryption feature has been made available in Pydio Cells is to make sure data are still under control when using a storage provided by a third party.

Datasource Encryption

When the encryption option is enabled for a datasource all data that are store in the datasource are encrypted using AES-GCM with a 256 bits master key generated by the admin.

AES GCM is fast and is more secure than traditional traditional AES block mode like CBC and CTR.

File Encryption key

For a given file an unique random AES key of 256 bits is generated and encrypted with the encryption key of the datasource the file belongs to. The datasource encryption keys are generated by the admin and are protected using the default keyring of the system Cells is installed in.

Stream mode

Although fast and secure AES-GCM does not support stream mode. So when encrypting gigabytes sized file or a stream with unknown size, Cells proceed by encrypting the data as a sequence of fixed size block. This way the memory usage stays low as in normal stream mode. Plus in order to keep the same security strength, each block is encrypted with an unique set of parameters (IV, Nonce, Key).

At the end the encrypted file is a concatenation of encrypted blocks and decrypted by block while being read.

Security comes with cost

Put aside the additional CPU usage when using encryption, encrypted file size are superior than the original's. For a file of N blocks the result of the encryption uses at least N*44 additional bytes on the storage.

Enabling the encryption on a datasource

First in DATA MANAGEMENT > Storage section, the admin must generate at least one key that will serve to encrypt datasources. The key content is randomly generated all the information required is the id and the label. Here are the description of the form fields.

Field Description
Identifier a unique string that identifies the key
Label The name of the key as it appears in the key list

We do not encrypt the current data on your datasource, make sure to have an empty datasource before enabling encryption

Once keys are generated encryption option can be enabled. in datasource create/edit form enabled to the encryption option at the bottom.

DISCLAIMER: Keys are stored in the default database and if they ever get lost the encrypted data could not be recovered.

Back to top