/** * Sets up user folders and keys for serverside encryption * * @param string $passphrase to encrypt server-stored private key with * @return bool */ public function setupServerSide($passphrase = null) { // Set directories to check / create $setUpDirs = array($this->userDir, $this->publicKeyDir, $this->encryptionDir, $this->keysPath); // Check / create all necessary dirs foreach ($setUpDirs as $dirPath) { if (!$this->view->file_exists($dirPath)) { $this->view->mkdir($dirPath); } } // Create user keypair // we should never override a keyfile if (!$this->view->file_exists($this->publicKeyPath) && !$this->view->file_exists($this->privateKeyPath)) { // Generate keypair $keypair = Crypt::createKeypair(); if ($keypair) { \OC_FileProxy::$enabled = false; // Encrypt private key with user pwd as passphrase $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $passphrase, Helper::getCipher()); // Save key-pair if ($encryptedPrivateKey) { $header = crypt::generateHeader(); $this->view->file_put_contents($this->privateKeyPath, $header . $encryptedPrivateKey); $this->view->file_put_contents($this->publicKeyPath, $keypair['publicKey']); } \OC_FileProxy::$enabled = true; } } else { // check if public-key exists but private-key is missing if ($this->view->file_exists($this->publicKeyPath) && !$this->view->file_exists($this->privateKeyPath)) { \OCP\Util::writeLog('Encryption library', 'public key exists but private key is missing for "' . $this->keyId . '"', \OCP\Util::FATAL); return false; } else { if (!$this->view->file_exists($this->publicKeyPath) && $this->view->file_exists($this->privateKeyPath)) { \OCP\Util::writeLog('Encryption library', 'private key exists but public key is missing for "' . $this->keyId . '"', \OCP\Util::FATAL); return false; } } } return true; }
/** * Encrypt and pad data ready for writing to disk * @param string $plainData data to be encrypted * @param string $key key to use for encryption * @return string encrypted data on success, false on failure */ public function preWriteEncrypt($plainData, $key) { // Encrypt data to 'catfile', which includes IV if ($encrypted = Crypt::symmetricEncryptFileContent($plainData, $key, $this->cipher)) { return $encrypted; } else { return false; } }
$errorMessage = $l->t('Please repeat the new recovery password'); \OCP\JSON::error(array('data' => array('message' => $errorMessage))); exit; } if ($_POST['newPassword'] !== $_POST['confirmPassword']) { $errorMessage = $l->t('Repeated recovery key password does not match the provided recovery key password'); \OCP\JSON::error(array('data' => array('message' => $errorMessage))); exit; } $view = new \OC\Files\View('/'); $util = new \OCA\Files_Encryption\Util(new \OC\Files\View('/'), \OCP\User::getUser()); $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; $keyId = $util->getRecoveryKeyId(); $encryptedRecoveryKey = \OCA\Files_Encryption\Keymanager::getPrivateSystemKey($keyId); $decryptedRecoveryKey = $encryptedRecoveryKey ? \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedRecoveryKey, $oldPassword) : false; if ($decryptedRecoveryKey) { $cipher = \OCA\Files_Encryption\Helper::getCipher(); $encryptedKey = \OCA\Files_Encryption\Crypt::symmetricEncryptFileContent($decryptedRecoveryKey, $newPassword, $cipher); if ($encryptedKey) { \OCA\Files_Encryption\Keymanager::setPrivateSystemKey($encryptedKey, $keyId); $return = true; } } \OC_FileProxy::$enabled = $proxyStatus; // success or failure if ($return) { \OCP\JSON::success(array('data' => array('message' => $l->t('Password successfully changed.')))); } else { \OCP\JSON::error(array('data' => array('message' => $l->t('Could not change the password. Maybe the old password was not correct.')))); }
/** * @medium */ public function testIsEncryptedContent() { $this->assertFalse(\OCA\Files_Encryption\Crypt::isCatfileContent($this->dataUrl)); $this->assertFalse(\OCA\Files_Encryption\Crypt::isCatfileContent($this->legacyEncryptedData)); $keyfileContent = \OCA\Files_Encryption\Crypt::symmetricEncryptFileContent($this->dataUrl, 'hat', 'AES-128-CFB'); $this->assertTrue(\OCA\Files_Encryption\Crypt::isCatfileContent($keyfileContent)); }