Hey hey, I am thinking of implementing a lself-hosted office suite and on my radar are OnlyOffice and CryptPad. I just demoed cryptpad.fr as a trial, and noticed it uses OnlyOffice client side. So next I wondered, what does CryptPad add to OO?
On the web site FAQs , CP says:
The CryptPad Document, Presentation & Spreadsheet applications are an OnlyOffice Docs integration. However, this only concerns the client-side code, CryptPad does not make use of the OnlyOffice Document Server. CryptPad’s encrypted collaboration, used for document, presentantion & spreadsheets and other applications, is completely different from the encryption system used in parts of upstream OnlyOffice. Some of CryptPad’s file format conversion tools are based on OnlyOffice code, but substantial work has been done to make it run in the browser rather than on the server, therefore avoiding the need to reveal the contents of users’ documents when converting.
That might help developers but I’m still not clear.
On the OO web site, they say the suite includes:
Three levels of encryption: at rest, in transit, end-to-end
Sounds good on the surface. NB - this is just for my family’s simple docs; I’m not trying to protect government whistleblowers here.
So I am still not clear. Why do I need to add CryptPad to the mix if OO already is the basis for the office suite?
Another NB - a big part of my self hosting is I want as few people I have to trust as possible. So if I don’t need CP to host docs on my VPS, I’d rather not add them to my server.
Thanks for any clues.
There have been some controversy that OO has russian involvement, just so you know. I would not use it.
Yah, I just read the History section of the OO wikipedia page, and it mentions that from the start. I’m not someone with a knee jerk reaction to “Russian” but it’s worth considering. Thanks.
The question then is: Does CP replacing the server-side code with their own resolve this concern, or is there still a risk there? Man, nothing is simple.