I’d like to give my users some private network storage (private from me, ie. something encrypted at rest with keys that root cannot obtain).
Do you have any recommendations?
Ideally, it should be something where files are only decrypted on the client, but server-side decryption would be acceptable too as long as the server doesn’t save the decryption keys to disk.
Before someone suggests that, I know I could just put lucks-encrypted disk images on the NAS, but I’d like the whole thing to have decent performance (the idea is to allow people to store their photos/videos, so some may have several GB of files).
Yup. VeraCrypt is also portable but it would play badly with web-backed storage that uploads/downlaods whole files. Would only be usable on local NAS storage. That said, I’m curious to see how Cryptomator performs on local NAS for high-perf applications compared to VC or LUKS. E.g. if you want to have a large photo collection with Immich on top of it. 😀 Sadly I don’t have NAS anymore to test it out.