Server-Side Encryption with Client-Managed Keys

markh · November 25, 2023, 5:03pm

Hi!

I’m very happily using TagSpaces Web with minio, both self-hosted on a single NAS. I’m now looking for a way to encrypt the TagSpaces data at rest on the NAS.

MinIO SSE-C supports client-driven encryption of objects before writing the object to the drive, i.e. by using a key provided by the client. It is functionally compatible with Amazon Server-Side Encryption with Customer-Provided Keys and seems ideal for securing a typical TagSpaces Web installation?

https://min.io/docs/minio/kubernetes/gke/administration/server-side-encryption/server-side-encryption-sse-c.html#

Could this be implemented in Tag Spaces? The key could be supplied by the user, stored with the Tag Spaces Location and then used in every request to the server?

Thanks for considering.

ilian · November 26, 2023, 8:03pm

This is a very good idea, thanks for suggesting it! Since TagSpaces is an open source project we are accepting pull requests, in case someone is willing to contribute this feature…

markh · November 28, 2023, 8:57am

Thanks. I can’t offer coding at the moment. But I’d be very willing to help with testing if anyone can provide the code …

Topic		Replies	Views
Web app to tag local files General	2	103	November 6, 2023
TagSpaces with WebDAV Feature requests	1	115	November 5, 2023
Deployment Issues with TagSpaces Web - Seeking Assistance General	18	105	December 8, 2023
How this app would work on Chrome OS? General	2	124	July 17, 2023
Pro Version bereits gekauft. Neudownload nur mit Neukauf von TAG SPACES der ProVersion? Help	1	32	April 13, 2024

Server-Side Encryption with Client-Managed Keys

Related Topics