Hi - I just started playing around with Seafile 8.0.5 I’m particularly interested in the client side encryption feature.
I see that the Seadrive and Seadroid clients can perform encryption & decryption client side which is great. (Aside: took me a little while to find and understand the Seadroid setting properly).
However, I see that in Seahub I have to enter a password to view an encrypted library and that password is then sent to the server (and cached for 1 hour) to perform decryption server side.
So my questions are:
Is there a setting I have missed to enable client side (browser) decryption in Seahub?
It does not make much sense for adding client side decryption in the browser side. As you can’t control the javascript code returned by the server, the server manager can easily change the code to bypass client side decryption.
I think my use case / threat model is different to what you are thinking though.
In my case, I’m the server manager running Seafile on a hosted vps for my personal use. I can secure against code tampering. What I’d like to have additional security against is the encryption key leaking via that server at all.
I’m also looking at options like peergos, but seafile provides a great experience in other ways so I’m keen to make it work.
It sounds like my options are to either:
Hack on seahub to implement client side decryption.
Write my own basic web ui.
But your comment does give me pause on whether it is worth doing or if my threat model is flawed
I’m particularly interested in the client side encryption feature.