It would be nice to have an option to encrypt files with AES and a password before sending them to a DAV location. This would increase the privacy of the user because
- Not all webspaces are secured by an TLS Connection
- If the server is kidnaped by some criminals, your data are still safe
Thanks for your suggestion.
What exactly do you think should be encrypted and where/when/how?
- If you want to protect the transport layer, you have to use TLS. Just using a symmetric cipher won’t bring any benefits because well-negotiated symmetric encryption is the essential part of a TLS connection.
- On the application layer, a CalDAV/CardDAV server has to know all data, because it needs to understand and process it. This is how CalDAV and CardDAV work. It’s not possible to send encrypted data to a CalDAV/CardDAV server and it wouldn’t make any sense, too. For instance, a server must be able to filter all events and return only the ones of the last 90 days. This can’t work if the server doesn’t understand the data (because it’s encrypted).
- So, if you want to protect your server, you will have to protect it physically and use disk encryption.
- If you want to protect your Android device from unauthorized usage, you can use full-disk encryption together with an appropriate locking mechanism.