Aurora Files documentation

PGP encryption in Files

Starting from v8.5, Aurora Files lets users encrypt their files with strong AES-256 encryption using their existing PGP keys (a new key can be created as well). The process of encryption/decryption occurs right in the browser (or on the mobile device in case of our iOS/Android clients) so the server is never involved in this process. The server never has access to the private keys (they are stored on client devices only) and unencrypted data (that's what we call Paranoid Encryption).

Technically, each file is encrypted with a unique AES-256 key and that key is encrypted with the user's PGP key.

The user can also send links to their encrypted files to external contacts, provided that the PGP public key of that contact is already known to the system. This means the file's unique AES-256 key is encrypted with multiple PGP keys (the file's owner and the recipients'). Again, the process fully takes place on client's devices. This allows for secure storage and exchange of encrypted files which never involves server part.

To start using Paranoid Encryption, make sure the user has "Paranoid Encryption" enabled in the Settings. Also, in OpenPGP tab the user must import an existing or generate a new PGP private key.

To add PGP public keys to a contact, select the contact, Edit Contact, Show additional fields, and then copy/paste its contents in Public PGP key field.

Note: in case if you're migrating from an earlier version and already made use of encrypted files, please check https://afterlogic.com/docs/aurora-files/security/pgp-encryption-changes-v85