I’d like to give my users some private network storage (private from me, ie. something encrypted at rest with keys that root cannot obtain).

Do you have any recommendations?

Ideally, it should be something where files are only decrypted on the client, but server-side decryption would be acceptable too as long as the server doesn’t save the decryption keys to disk.

Before someone suggests that, I know I could just put lucks-encrypted disk images on the NAS, but I’d like the whole thing to have decent performance (the idea is to allow people to store their photos/videos, so some may have several GB of files).

  • Avid Amoeba@lemmy.caEnglish
    1·
    2 hours ago

    The fact you didn’t mention the barest of minimums in your comment if where the issue lies.

    I described the procedure step-by-step mentioning each layer. That’s the best I could do.

    OP specifically said they DID NOT want exactly what you’re describing.

    OP said they’re worried about performance with this solution. Hence why my first response addressed the performance issue. The rest was responding to you (and anyone else who is reading) since you thought that is not an E2E solution. I tried explaining why it’s client-side encryption and no keys are stored on the host.