Local data encryption not working properly #816
Comments
|
I can confirm this issue exists on Android version 2.2.25. When decrypting a library on android seafile (having the decryption mode set to "decrypt data locally"), I then get access to it on the website. This is a major security flaw where a user just assumes that the contents are end to end encrypted (client side encrypted), but in reality they are not. The user wouldn't know about this flaw beforehand, and the official encryption documentation doesn't mention this either. Any updates on when will this be fixed? |
|
I have the same issue both on Android and iOS. The password gets obviously send to the server despite local encryption being enabled. Additionally with local encyption enabled I can see the files in the library but I cannot download them. Remote encyption mode works flawlessly. |
When using local data decryption, if I enter a password for library, this library also unlocks on server. So the app sends password for library to the server.
Also, when I have unlocked library in app, but locked on the server, I can view the files and download them, but I can't upload anything, until I unlock this library on the server.
The text was updated successfully, but these errors were encountered: