How does KeepassDX work with Nextcloud? where is the decryption done?? #1587
-
|
I'm using KeepassDX on my Android, using my Nextcloud server for syncing. I've selected a kdbx file on my Nextcloud server using the account selector (Open From: Recent, Images, Videos... and then lists cloud accounts, I selected the Nextcloud icon in the cloud accounts section, and not the Internal Storage option). Currently I can only access my Nextcloud Server on my home LAN, and when I try to use KeepassDX outside my LAN I get a small Nextcloud popup that says something like. "File could not be synced, using most recent version". I'm considering using a Cloudflare tunnel to make my Nextcloud server available outside my LAN, though my understanding is that they decrypt data passing through their servers, and I'd prefer my passwords not be visible to them. My question is, if I used KeePassDX, Nextcloud, and Cloudflare, when I enter my main password, and view my stored passwords, would Cloudflare be able to see those, or would they only see the encrypted kdbx file being synced between my phone and Nextcloud server? Thank you for making KeePassDX. It is a very useful and well designed tool. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
KeePassDX has been specially designed to keep sensitive data within the application. Regardless of the synchronization application used, only encrypted data is sent in the file save stream through the Storage Access Framework. So you can be sure that the master password will never pass the stream. |
Beta Was this translation helpful? Give feedback.
-
Another option would be to use Tailscale, which uses wireguard in the backend. That way you can access it regardless of where you are (home, work, supermarket, etc.) and you can set it up so only you have access via their ACL. |
Beta Was this translation helpful? Give feedback.
-
|
Tailscale is a great option, but it uses a lot of my phone's battery, and I'm not sure my family members wood leave it on. Also it isn't great if I want to share some photos with people not on my tailnet. |
Beta Was this translation helpful? Give feedback.
-
|
I understand all of those concerns. I have not solved the photo sharing situation myself. You can set tailscale to be always on VPN, but there's an issue on Android whereby, when you're on WiFi you cannot make phone calls. Also a problem. I agree with you, it's a partial solution but has some down sides to it. Though it's great security wise. |
Beta Was this translation helpful? Give feedback.
KeePassDX has been specially designed to keep sensitive data within the application. Regardless of the synchronization application used, only encrypted data is sent in the file save stream through the Storage Access Framework. So you can be sure that the master password will never pass the stream.