Self-Hosting Threema Safe

On Nextcloud, or any cloud with WebDAV! 

Threema has a so called “Safe”, which will store an encrypted backup of your private key, your identity (profile picture and name), and your contacts plus their verification status. It will however not store chats. But having your identity backed up is crucial to keep in touch with your contacts, and also not having to verify everyone again, in case anything happens to your phone or Threema installation.

Creating an account with your cloud

If you have your own Nextcloud instance, or found a provider that offers WebDAV connection to your cloud drive, I recommend setting up a fresh account dedicated to Threema Safe. It’s optional but I recommend it for isolation. Make sure to generate a strong, random password of at least 16 characters while 32 would be better.

Setting up folders and configuration

Now, simply create a folder for Threema in your cloud. It can be called anything and be put anywhere but I recommend the root of your cloud with the simple name “threema” to make life easier later. Inside the folder “threema” you’ll want to create a file called “config” without any file name extensions. Inside that file you’ll write something like the following:

{
   "maxBackupBytes": 5000000,
   "retentionDays": 365
}

This will configure “Threema Safe” to allow up to 5 MB for each back up, and will retain it for up to one year. If you don’t know how to create this file, simply download it from my GitHub and upload it to your “threema” folder.

Now the final step is, to create a folder for the actual backups. It must be called “backups” and be put inside your “threema” folder. Now inside your “threema” folder, you should see a folder called “backups” and a file called “config”.

That’s all there is to it. Now we will move on to setting up Threema Safe on your phone.

Connecting Threema to your Threema Safe

You will need to know 4 things for this:

  • Your cloud provider’s WebDAV URL with the path to the Threema folder
    • On Nextcloud, with above naming, that would be https://your-cloud.example.com/remote.php/webdav/threema adjust to point to your domain.
  • Your cloud username
  • Your cloud password
  • Randomly generated, strong password for the Threema Safe backup (used as encryption key).

On Android

Tap on the top right menu (three dots) and choose “Backups” and you will see a screen about Threema Safe. Continue to Universal Setup below.

On iOS

In the “My Profile” tab, select “Threema Safe” and activate it. Continue to Universal Setup below.

Universal Setup

If you are currently using Threema’s servers you will have to disconnect from it first.

Then, you can choose to set up Threema Safe by enabling it. During the setup, tap on “Expert Settings” and disable “Use default server”.

Now enter the full URL to your cloud folder including the Threema folder as discussed above. Enter your cloud’s username and password and continue the setup. You will now enter a password for the backup itself and that’s it!

If all went well you should see that a successful backup was made.

Conclusion

Self-Hosted Threema Safe is effortlessly and quickly set up and a good option if you don’t want to hand out data to be hosted by someone else.

That’s all there is to it! I hope this helped you out. 😉

External Links

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.