Encryption chapter(s) revision(s)

[joshtrichards]

The Encryption chapter needs some love.

Note: WIP (expect this list to change/get updated as changes are made/PRs are merged/etc)

TODO:

(Mostly being addressed via PR #13754)

• [x] Add: Mention E2EE != the encryption documented in the Admin Manual Encryption chapter
• [ ] Add: Warning that E2EE not to be used with default encryption
• [x] Fix: Old remarks about "Encrypting files increases their size by roughly 35%" isn't accurate since the base64 -> binary change
• [x] Add context in the overview (or wherever it ends up making sense) of different ways of encrypting day / comparisons (without getting too down in the weeds) so that reader can make informed decision regarding server-side, client-side, disk encryption, etc.
• [x] Streamline and re-organize (and expand where appropriate) the general setup process
• [ ] Get some feedback from various other relevant folks
• [ ] (probably some other things which will get added here)

After:

• [ ] Review open server-side encryption related issues here in docs
• [ ] Identify additional documentation related changes / add TODO items (or create additional follow-up Issues where deemed out of scope or not practical just yet)
• [ ] Review open server-side encryption related issues in the server repo (since many are either doc matters or a mixture of docs+implementation adjustments)

Then (will probably move the below to their own issue and revise the list after the above is completed):

• [ ] Better document legacy stuff
• [ ] Add basic info about recovery tools stuff
• [ ] Review open client-side encryption related issues here in docs
• [ ] Identify additional documentation related changes / add TODO items (or create additional follow-up Issues where deemed out of scope or not practical just yet)
• [ ] Review open client-side encryption related issues in the server repo (since many are either doc matters or a mixture of docs+implementation adjustments)
• [ ] Consider establishing an E2EE chapter/section
• [ ] See if anything from nextcloud/end_to_end_encryption#538 should be incorporated

Out of scope but related:

• [ ] Add a setup check or warning if both encryption and end_to_end_encryption apps are enabled together (not a supported configuration)
• [ ] Encryption details section could use some love
• [ ] Consider/assess downsides (if any) to changing encryption app name from Default encryption module to Server-side encryption module to greater clarity

---

Thanks for helping improve our documentation!

• There is always room for improvement!
• All contributions (changes and change ideas) - from the largest to the tiniest - help make Nextcloud better and easier to use!

---

Notes

• Please be patient: this is a large open source project that is overseen by a mixture of volunteers and non-volunteers which are all ultimately busy.
• If your suggestion is a troubleshooting scenario or one you're not 100% certain about, please post for feedback on the Nextcloud Help Forum first.
  • Then return here to bring back your experience to help improve the documentation for clarity, etc. (and link back to the forum discussion in your report!)

Protip: If you want to help move things along (or just help out in other ways too) here are some suggestions:

• Look for areas where you can assist - even seemingly unrelated areas - because doing so frees up resources for your favorite topics and ideas.
• Submit a proposed change - that attempts to addresses your issue - as a pull request.
• Participate in a discussion on some other unresolved submitted idea ("issues") to help move it along.
• Post a comment or review on someone else's proposed change ("pull request") to help move it along.

[thibaultmol]

Was about to say. The documentation seems to be stuck in 2018 or something when it comes to this topic. Felt really weird considering there are so many blog posts about the E2E features.

[weizenspreu]

As the original author, I could have a look at updating the Server-side encryption details page in December, when I've got some free time.