Aurora Files documentation

Enabling Paranoid Encryption

The feature allows users to utilize purely browser-based AES-256 encryption for files they keep in the their storage. While AES keys are stored on the server in encrypted fashion, OpenPGP keys used for encryption are only stored only locally on the client device, the files' contents is encrypted/decrypted directly in the browser. This way even the server itself has no access to unencrypted content of the protected files. Users can now keep their private files without needing to trust the server or the channel between them and the server.

By default, Paranoid Encryption is disabled on the installation level. To enable this functionality, edit data/settings/modules/CoreParanoidEncryptionWebclientPlugin.config.json file:

{
    "Disabled": [
        true,
        "bool",
        null,
        "Setting to true disables the module"
    ],
...

Replace true with false there. Also, make sure OpenPgpFilesWebclient and OpenPgpWebclient modules are enabled in exactly that same way. After that, users will be able to activate the feature from their account settings.

See how to use Paranoid Encryption at PGP encryption in Files.