protected function execute(InputInterface $input, OutputInterface $output) { $isAlreadyEnabled = $this->util->isMasterKeyEnabled(); if ($isAlreadyEnabled) { $output->writeln('Master key already enabled'); } else { $question = new ConfirmationQuestion('Warning: Only available for fresh installations with no existing encrypted data! ' . 'There is also no way to disable it again. Do you want to continue? (y/n) ', false); if ($this->questionHelper->ask($input, $output, $question)) { $this->config->setAppValue('encryption', 'useMasterKey', '1'); $output->writeln('Master key successfully enabled.'); } else { $output->writeln('aborted.'); } } }
/** * prepare encryption module to decrypt all files * * @param InputInterface $input * @param OutputInterface $output * @param $user * @return bool */ public function prepare(InputInterface $input, OutputInterface $output, $user) { $question = new Question('Please enter the recovery key password: '******'Use master key to decrypt all files'); $user = $this->keyManager->getMasterKeyId(); $password = $this->keyManager->getMasterKeyPassword(); } else { $recoveryKeyId = $this->keyManager->getRecoveryKeyId(); if (!empty($user)) { $output->writeln('You can only decrypt the users files if you know'); $output->writeln('the users password or if he activated the recovery key.'); $output->writeln(''); $questionUseLoginPassword = new ConfirmationQuestion('Do you want to use the users login password to decrypt all files? (y/n) ', false); $useLoginPassword = $this->questionHelper->ask($input, $output, $questionUseLoginPassword); if ($useLoginPassword) { $question = new Question('Please enter the user\'s login password: '******'No recovery key available for user ' . $user); return false; } else { $user = $recoveryKeyId; } } } else { $output->writeln('You can only decrypt the files of all users if the'); $output->writeln('recovery key is enabled by the admin and activated by the users.'); $output->writeln(''); $user = $recoveryKeyId; } $question->setHidden(true); $question->setHiddenFallback(false); $password = $this->questionHelper->ask($input, $output, $question); } $privateKey = $this->getPrivateKey($user, $password); if ($privateKey !== false) { $this->updateSession($user, $privateKey); return true; } else { $output->writeln('Could not decrypt private key, maybe you entered the wrong password?'); } return false; }
/** * Startup encryption backend upon user login * * @note This method should never be called for users using client side encryption * @param array $params * @return boolean|null */ public function login($params) { if (!App::isEnabled('encryption')) { return true; } // ensure filesystem is loaded if (!\OC\Files\Filesystem::$loaded) { $this->setupFS($params['uid']); } if ($this->util->isMasterKeyEnabled() === false) { $this->userSetup->setupUser($params['uid'], $params['password']); } $this->keyManager->init($params['uid'], $params['password']); }
/** * iterate over all user and encrypt their files */ protected function encryptAllUsersFiles() { $this->output->writeln("\n"); $progress = new ProgressBar($this->output); $progress->setFormat(" %message% \n [%bar%]"); $progress->start(); $numberOfUsers = count($this->userPasswords); $userNo = 1; if ($this->util->isMasterKeyEnabled()) { $this->encryptAllUserFilesWithMasterKey($progress); } else { foreach ($this->userPasswords as $uid => $password) { $userCount = "{$uid} ({$userNo} of {$numberOfUsers})"; $this->encryptUsersFiles($uid, $progress, $userCount); $userNo++; } } $progress->setMessage("all files encrypted"); $progress->finish(); }
/** * @dataProvider dataTestIsMasterKeyEnabled * * @param string $value * @param bool $expect */ public function testIsMasterKeyEnabled($value, $expect) { $this->configMock->expects($this->once())->method('getAppValue')->with('encryption', 'useMasterKey', '0')->willReturn($value); $this->assertSame($expect, $this->instance->isMasterKeyEnabled()); }
/** * @param string $path * @param $uid * @return string */ public function getFileKey($path, $uid) { $encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId, Encryption::ID); if (is_null($uid)) { $uid = $this->getPublicShareKeyId(); $shareKey = $this->getShareKey($path, $uid); $privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey', Encryption::ID); $privateKey = $this->crypt->decryptPrivateKey($privateKey); } else { if ($this->util->isMasterKeyEnabled()) { $uid = $this->getMasterKeyId(); } $shareKey = $this->getShareKey($path, $uid); $privateKey = $this->session->getPrivateKey(); } if ($encryptedFileKey && $shareKey && $privateKey) { return $this->crypt->multiKeyDecrypt($encryptedFileKey, $shareKey, $privateKey); } return ''; }
/** * * @param Crypt $crypt * @param KeyManager $keyManager * @param Util $util * @param Session $session * @param EncryptAll $encryptAll * @param DecryptAll $decryptAll * @param ILogger $logger * @param IL10N $il10n */ public function __construct(Crypt $crypt, KeyManager $keyManager, Util $util, Session $session, EncryptAll $encryptAll, DecryptAll $decryptAll, ILogger $logger, IL10N $il10n) { $this->crypt = $crypt; $this->keyManager = $keyManager; $this->util = $util; $this->session = $session; $this->encryptAll = $encryptAll; $this->decryptAll = $decryptAll; $this->logger = $logger; $this->l = $il10n; $this->useMasterPassword = $util->isMasterKeyEnabled(); }