How Do I Enable Datto Drive Encryption?



How do I enable the Datto Drive Encryption app from the Datto Drive interface?


  • Datto Drive



The goal of the Encryption app is to protect data on external storage. All files sent there will be encrypted by the Datto Drive server and, upon retrieval, decrypted before serving them to you (or those you shared them with). The key to decrypt the data resides on, and never leaves, the Datto Drive server. This allows the Datto Drive Encryption app to benefit from cloud storage offered by services like Dropbox or Google Drive, while ensuring the security and privacy of your data.

Master Key Encryption
Master Key Encryption creates a single master encryption key, instead of individual keys for each user. Enabling Master Key Encryption in addition to Datto Drive Encryption is highly recommended, and should be done before enabling the Datto Drive Encryption app, as it may not be possible to do so afterward. To enable Master Key Encryption, contact Datto Drive Technical Support. 

To enable Datto Drive Encryption, follow these steps:

Open the Admin page, as shown in Figure 1.

Figure 1: Admin menu

Go to the Server Side Encryption section, and check in the box to Enable server-side encryption.

Figure 2: Server-side encryption

After clicking the Enable Encryption button, you see the message "No encryption module loaded, please load a encryption module in the app menu."

Go into the Apps page, as shown in Figure 3.

Figure 3: Apps

Click on Not enabled to toggle it to Enabled.

Figure 4: Toggle encryption

Find the Default Encryption Module in the list.

Read the documentation before deciding to enable encryption.

Click the Enable button to enable this module.

For more information about encryption on Datto Drive see the article How ownCloud uses encryption to protect your data.

Sharing Encrypted Files

Only users with private encryption keys have access to shared encrypted files and folders. Users who have not yet created their private encryption keys will see folders and filenames, but will not be able to open or download the files. Instead, they will see a yellow warning banner stating: "Encryption App is enabled but your keys are not initialized, please log-out and log-in again.”

Share owners may need to re-share files after encryption is enabled; users trying to access the share will see a message advising them to ask the share owner to re-share the file. For individual shares, un-share and re-share the file. For group shares, share with any individuals who can’t access the share. This updates the encryption, and then the share owner can remove the individual shares.

Recovery Key Password

If your ownCloud administrator has enabled the recovery key feature, you can choose to use this feature for your account. If you enable Password recovery, the administrator can read your data with a special password. This feature lets the administrator recover your files if you lose your ownCloud password. If the recovery key is not enabled, then there is no way to restore your files if you lose your login password.

Figure 5: Enabling Recovery Key functionality

Files Not Encrypted

Only the data in your files is encrypted, not the filenames or folder structures. These files are never encrypted:

  • Old files in the trash bin
  • Image thumbnails from the Gallery app
  • Previews from the Files app
  • The search index from the full text search app
  • Third-party app data

There may be other files that are not encrypted; only files that are exposed to third-party storage providers are guaranteed to be encrypted.

Change Private Key Password

This option is only available if your log-in password, but not your encryption password, was changed by your administrator. This can occur if your ownCloud provider uses a external user back-end (for example, LDAP) and changed your login password using that back-end configuration. In this case, you can set your encryption password to your new login password by providing your old and new login password. The Encryption app works only if your login password and your encryption password are identical.

Figure 6 - Changing the recovery key password

Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Community Forum or get live help.

Datto Homepage