客戶端加密

客戶端加密（英語：Client-side encryption）是一門密码学加密技術，指的是先将數據於發送端進行加密，然後才傳送到像网盘般的伺服端^[1]。此舉使得只有發送者擁有密鑰，繼令服務提供者難以將數據解密。應用了客戶端加密的應用程式私隱性相對較強，即使是服務提供者也不能直接得知被加密的內容^[1]。該些應用程式有時會以「零知識」這一誤導性用語作宣傳^[2]。

解說

客戶端加密旨在使服務提供者（或強迫其交出數據的第三方）難以窺探用戶上傳的數據，保證儲存在雲端上的文件只能於相應客戶端上查看。这样可以防止数据丢失，以及文件在未經授權的情況下洩露給第三方，令用戶更為安心^[1]。

目前的学术研究及IT專業人士皆建議，开发者應在應用程式上加入客戶端加密功能，以保障資訊的機密性及完整性^[3]^[4]^[5]。

提供了客戶端加密的云存储服務有Tresorit（英语：Tresorit）^[6]、MEGA^[7]、SpiderOak（英语：SpiderOak）^[8]。苹果iCloud可以通过启用“高级数据保护”功能提供可选的客户端加密。^[9]Google Drive自2024年7月起，可选的客户端加密功能仅对付费用户开放。^[10]^[11]Dropbox^[12]暂不支援客戶端加密。

參見

參考資料

^ ^1.0 ^1.1 ^1.2 Tunio Gaffer. Why Client-Side Encryption Is the Next Best Idea in Cloud-Based Data Security. Information Security Today. Auerbach Publications. 2015 [2016-02-21]. （原始内容存档于2016-01-16）.
^ Spider Oak - Please stop describing your service as "Zero Knowledge" unless and ... | Hacker News. news.ycombinator.com. [2018-07-16]. （原始内容存档于2018-07-16）.
^ Deka, Ganesh Chandra. 3 Security Architecture for Cloud Computing. Handbook of Research on Securing Cloud-Based Databases with Biometric Applications. IGI Global. 2014-10-31 [2016-02-21]. ISBN 978-1-4666-6560-6. （原始内容存档于2020-07-18）.
^ Tobias Ackermann. IT Security Risk Management: Perceived IT Security Risks in the Context of Cloud Computing. Springer Science & Business Media. 2012-12-22: 136– [2016-02-21]. ISBN 978-3-658-01115-4. （原始内容存档于2020-07-20）.
^ Communications of the Association for Information Systems 13:Article 24. Cloud Computing Sicherheit: Schutzziele, Taxonomie, Marktübersicht. Fraunhofer-Institut für Sichere Informationstechnologie SIT. 2009 [2016-02-21]. ISBN 978-3-9813317-0-7. （原始内容存档于2020-08-06）.
^ Get 50GB of Free, Encrypted Online Storage from Tresorit. lifehacker. 2013-11-04 [2020-07-11]. （原始内容存档于2018-05-10）.
^ Graeber, Charles. Megaupload Is Dead. Long Live Mega! | Threat Level. Wired.com. 2013-03-28 [2013-06-14]. （原始内容存档于2013-06-25）.
^ SpiderOak: Dropbox for the security obsessive. [2020-07-11]. （原始内容存档于2016-10-01）. The chief difference between SpiderOak and its competitors for the security and privacy-conscious is in how the services treat user data.
^ Klosowski, Thorin. How to Enable Advanced Data Protection on iOS, and Why You Should. Electronic Frontier Foundation. 2023-05-17 [2025-10-03] （英语）.
^ Client-side encryption and strengthened collaboration in Google Workspace. Google Workspace Blog. [2025-10-03] （美国英语）.
^ About client-side encryption - Google Workspace Admin Help. support.google.com. [2025-10-03]. （原始内容存档于2025-09-21）（英语）.
^ Can I specify my own private key for my Dropbox?. [2016-02-21]. （原始内容存档于2016-03-03）.

[infosectoday-1] 1.0 ^1.1 ^1.2 Tunio Gaffer. Why Client-Side Encryption Is the Next Best Idea in Cloud-Based Data Security. Information Security Today. Auerbach Publications. 2015 [2016-02-21]. （原始内容存档于2016-01-16）.

[2] Spider Oak - Please stop describing your service as "Zero Knowledge" unless and ... | Hacker News. news.ycombinator.com. [2018-07-16]. （原始内容存档于2018-07-16）.

[Chandra2014-3] Deka, Ganesh Chandra. 3 Security Architecture for Cloud Computing. Handbook of Research on Securing Cloud-Based Databases with Biometric Applications. IGI Global. 2014-10-31 [2016-02-21]. ISBN 978-1-4666-6560-6. （原始内容存档于2020-07-18）.

[Ackermann2012-4] Tobias Ackermann. IT Security Risk Management: Perceived IT Security Risks in the Context of Cloud Computing. Springer Science & Business Media. 2012-12-22: 136– [2016-02-21]. ISBN 978-3-658-01115-4. （原始内容存档于2020-07-20）.

[5] Communications of the Association for Information Systems 13:Article 24. Cloud Computing Sicherheit: Schutzziele, Taxonomie, Marktübersicht. Fraunhofer-Institut für Sichere Informationstechnologie SIT. 2009 [2016-02-21]. ISBN 978-3-9813317-0-7. （原始内容存档于2020-08-06）.

[6] Get 50GB of Free, Encrypted Online Storage from Tresorit. lifehacker. 2013-11-04 [2020-07-11]. （原始内容存档于2018-05-10）.

[7] Graeber, Charles. Megaupload Is Dead. Long Live Mega! | Threat Level. Wired.com. 2013-03-28 [2013-06-14]. （原始内容存档于2013-06-25）.

[8] SpiderOak: Dropbox for the security obsessive. [2020-07-11]. （原始内容存档于2016-10-01）. The chief difference between SpiderOak and its competitors for the security and privacy-conscious is in how the services treat user data.

[9] Klosowski, Thorin. How to Enable Advanced Data Protection on iOS, and Why You Should. Electronic Frontier Foundation. 2023-05-17 [2025-10-03] （英语）.

[10] Client-side encryption and strengthened collaboration in Google Workspace. Google Workspace Blog. [2025-10-03] （美国英语）.

[11] About client-side encryption - Google Workspace Admin Help. support.google.com. [2025-10-03]. （原始内容存档于2025-09-21）（英语）.

[dropboxnoprivatekey-12] Can I specify my own private key for my Dropbox?. [2016-02-21]. （原始内容存档于2016-03-03）.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]