You really think that such tokens are magical ? Most of them are just memories. As such, whenever plugged in, the key is moved to RAM where it can be stolen cleartext just as easily as any other data.
have you ever actually used an hsm? have you ever actually implemented a keychain in software?
what you said is not entirely correct.
Even if you get one with hardware processing, once the key is unlocked, it will just decrypt the data the intruder is looking for before he transfers the cleartext version of what he is looking for. Did you not yourself said that you were looking for the most transparent solution possible ? To be that transparent means that an intruder will have access to the decryption service just as easily as the main user.
correct, once the data is decrypted it resides in memory, an hypothetical attacker can get to the cleartext data in memory, getting to the key itself is another story tho, bot in the case of a simple challenge response (think pkcs12) done with a yubikey or a proper hsm with the whole keychain on it who's actually decrypting the bits.
and we're talking about a very sophisticated kind of attack anyways.
perfect security does not exists, hardware tokens (hsm or auth only yubikey) definitely elevate the level of security.
The basic rule of cryptography is that it can not offer a protection greater than the protection applied to the key itself. Whenever / wherever the cryptogram and the key are present at the same place and time
it's not that simple when you actually implement this, but anyways, the general idea is correct, the details of it in a real world implementations are very different from theory tho.
, crypto is defeated by definition because cryptogram + key = cleartext. In your setup, you look to have these two regrouped in the endpoint, so that will be the overall security level your data will have :
cryptogram + key + endpoint = cleartext + endpoint.
not really, but anyways.
Indeed, they must be exclusive.
no, they are not, endpoint security and server security are not mutually exclusive, they are different layers, and depending on the specific of the situation you might want to shift certain risks to one or the other.
One major thing to know is that security is as strong as its weakest link. If you have only one link (server OR endpoints), you are as strong as that one. If you have both, you are weaker than either of them because you have all the weakness from the weakest plus the few different extra weakness from the other.
this is very generic and general.
The consequence is that you will always be weaker than the weakest. To expose yourself to both risks is an even bigger non-sense than dropping to the security level your endpoints have.
you do not understand the scenario I am operating in.
The proper thing would be server only. You insist for doing endpoint only, so do it. Just don't add the two set of weakness to reduce your security to even lower.
you don't understand what I'm doing.
No, it is the same. It illustrates how your confidentiality solution turns into a threat to availability. To mitigate the risk to availability, you need a complete key escrow system, complete key management, etc. These features themselves bring their own risk and should they fail, they will either expose everything back and defeat your confidentiality or they will fail to gain you back access to your own data, turning your "solution" to a self-inflicted ransomware.
and if server security fails, as it does, the situation is the same.
you are not really describing the weakness of any particular implementations, you are simply describing generic and general weakness in any IT system.
I'am just a security engineer with over 20 years of experience, training police corps, lawyers, securing financial institutions and large enterprises....
and you do not seem to have enough experience to understand there's plenty of different scenarios in plenty of different industries.
what you described is very general and generic.
There are no proper way of doing what you are trying to do because what you are looking for is non-sense. You should not drop your data's security to the level achieved on the endpoint because you consider the server as not safe enough. By definition, the endpoint are worst than the server. If the servers are not safe enough, the proper solution is to harden them / secure them better and not delegate their role to endpoints.
you don't understand every single possible scenario, in this scenario these endpoints are extremely secure, almost airgapped, and heavily monitored.
the servers they are using to exchange files are secured as well, for a number of reasons it makes sense to hold the keys on the endpoint.
If you insist to go down that path and have your encryption micro-managed on the endpoint on a per-user and per-data basis,
yes
you need a complete PKI first.
yes
Once that PKI is in place, that one will provide you with the tool you need for file-level encryption in a way that should be more security than risk. As such, the tool you are looking for is not from TrueNAS, it is from such a PKI like Entrust.
and I was asking what level of integration can TrueNAS offer in such a system, and it's no different than any generic linux/windows server in this regard, since I'm not familiar with TrueNAS that's what I was asking, what I got from you is a generic lecture on security that absolutely does not apply to the scenario I'm currently operating in.
btw, you mentioned nextcloud end to end encryption, did you try it yourself before suggesting it?
I did, and I wasted half a day, it hasn't been fully implemented (i.e. sharing hasn't been implemented as of today) and is extremely buggy