Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
Solved
End-to-end encryption API
Now that end-to-end encryption for teams is available, will there be any API support for this feature?
Hi josuegomes , currently there are no plans to support the API with encrypted files/folders. But I'll share that feedback with our team.
Thank you!
I'm failing to understand why providing API support is a security threat.
And instead of a (closed?) library, the most secure approach is to use a public, open source encryption algorithm that can be analyzed and scrutinized by third parties. Good encryption relies on strong keys and public algorithms.
josuegomes wrote:...
And instead of a (closed?) library, the most secure approach is to use a public, open source encryption algorithm that can be analyzed and scrutinized by third parties. Good encryption relies on strong keys and public algorithms.
Hi again josuegomes,
Absolutely! I fully agree. 😉
josuegomes wrote:I'm failing to understand why providing API support is a security threat.
...
... and ... what's Dropbox API? 🤔 Is it something public you can rely on? 😀 No!
No - about the e2e protection at least. As I said, such type of protection targets avoiding info leak during transmission from one end to another end; the weakest point in this route is the service provider that would provide protection. Use either third party service (as far as you may rely there is no any relation) or organize it on your own - using library of your choice with keys algorithms selected by you or your users and unknown to Dropbox (or any other service provider).
Dropbox may improve transportation between endpoints and its servers only. That's something encrypted well with TLS 1.2 (may be better). Don't rely, as I said, a fox to protect a rabbit - something equivalent to expect service providers to organize protection targets them. 😉
Hope this sheds some light.
I'm talking about specifically about an API support. Something like a hypothetical: /upload_session/start_encrypted that only accepts locally encrypted payloads.
josuegomes wrote:I'm talking about specifically about an API support. Something like a hypothetical: /upload_session/start_encrypted that only accepts locally encrypted payloads.
Is something preventing you to do so?! 🤔🙂
You don't need special support. Missing of such a support and not rely on such make your code even more secure! 😉 In such a way Dropbox cannot distinguish (or not directly at least) between encrypted and unencrypted content.
> Is something preventing you to do so?!
Yes. The API doesn't exist. That is the very reason for the original post.
About Discuss Dropbox Developer & API
Make connections with other developers
