Ejemplo n.º 1
0
 /**
  * @brief Change a user's encryption passphrase
  * @param array $params keys: uid, password
  */
 public static function setPassphrase($params)
 {
     if (\OCP\App::isEnabled('files_encryption') === false) {
         return true;
     }
     // Only attempt to change passphrase if server-side encryption
     // is in use (client-side encryption does not have access to
     // the necessary keys)
     if (Crypt::mode() === 'server') {
         $view = new \OC_FilesystemView('/');
         $session = new \OCA\Encryption\Session($view);
         // Get existing decrypted private key
         $privateKey = $session->getPrivateKey();
         if ($params['uid'] === \OCP\User::getUser() && $privateKey) {
             // Encrypt private key with new user pwd as passphrase
             $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($privateKey, $params['password']);
             // Save private key
             if ($encryptedPrivateKey) {
                 Keymanager::setPrivateKey($encryptedPrivateKey);
             } else {
                 \OCP\Util::writeLog('files_encryption', 'Could not update users encryption password', \OCP\Util::ERROR);
             }
             // NOTE: Session does not need to be updated as the
             // private key has not changed, only the passphrase
             // used to decrypt it has changed
         } else {
             // admin changed the password for a different user, create new keys and reencrypt file keys
             $user = $params['uid'];
             $util = new Util($view, $user);
             $recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;
             // we generate new keys if...
             // ...we have a recovery password and the user enabled the recovery key
             // ...encryption was activated for the first time (no keys exists)
             // ...the user doesn't have any files
             if ($util->recoveryEnabledForUser() && $recoveryPassword || !$util->userKeysExists() || !$view->file_exists($user . '/files')) {
                 // backup old keys
                 $util->backupAllKeys('recovery');
                 $newUserPassword = $params['password'];
                 // make sure that the users home is mounted
                 \OC\Files\Filesystem::initMountPoints($user);
                 $keypair = Crypt::createKeypair();
                 // Disable encryption proxy to prevent recursive calls
                 $proxyStatus = \OC_FileProxy::$enabled;
                 \OC_FileProxy::$enabled = false;
                 // Save public key
                 $view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']);
                 // Encrypt private key empty passphrase
                 $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword);
                 // Save private key
                 $view->file_put_contents('/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey);
                 if ($recoveryPassword) {
                     // if recovery key is set we can re-encrypt the key files
                     $util = new Util($view, $user);
                     $util->recoverUsersFiles($recoveryPassword);
                 }
                 \OC_FileProxy::$enabled = $proxyStatus;
             }
         }
     }
 }
Ejemplo n.º 2
0
\OCP\JSON::checkAppEnabled('files_encryption');
\OCP\JSON::callCheck();
$l = \OC::$server->getL10N('core');
$return = false;
$oldPassword = $_POST['oldPassword'];
$newPassword = $_POST['newPassword'];
$view = new \OC\Files\View('/');
$session = new \OCA\Encryption\Session($view);
$user = \OCP\User::getUser();
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$keyPath = '/' . $user . '/files_encryption/' . $user . '.private.key';
$encryptedKey = $view->file_get_contents($keyPath);
$decryptedKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword);
if ($decryptedKey) {
    $cipher = \OCA\Encryption\Helper::getCipher();
    $encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($decryptedKey, $newPassword, $cipher);
    if ($encryptedKey) {
        \OCA\Encryption\Keymanager::setPrivateKey($encryptedKey, $user);
        $session->setPrivateKey($decryptedKey);
        $return = true;
    }
}
\OC_FileProxy::$enabled = $proxyStatus;
// success or failure
if ($return) {
    $session->setInitialized(\OCA\Encryption\Session::INIT_SUCCESSFUL);
    \OCP\JSON::success(array('data' => array('message' => $l->t('Private key password successfully updated.'))));
} else {
    \OCP\JSON::error(array('data' => array('message' => $l->t('Could not update the private key password. Maybe the old password was not correct.'))));
}
Ejemplo n.º 3
0
 /**
  * @medium
  */
 function testSetPrivateKey()
 {
     $key = "dummy key";
     Encryption\Keymanager::setPrivateKey($key, 'dummyUser');
     $this->assertTrue($this->view->file_exists('/dummyUser/files_encryption/dummyUser.private.key'));
     //clean up
     $this->view->deleteAll('/dummyUser');
 }
Ejemplo n.º 4
0
 /**
  * @brief Change a user's encryption passphrase
  * @param array $params keys: uid, password
  */
 public static function setPassphrase($params)
 {
     // Only attempt to change passphrase if server-side encryption
     // is in use (client-side encryption does not have access to
     // the necessary keys)
     if (Crypt::mode() === 'server') {
         if ($params['uid'] === \OCP\User::getUser()) {
             $view = new \OC_FilesystemView('/');
             $session = new \OCA\Encryption\Session($view);
             // Get existing decrypted private key
             $privateKey = $session->getPrivateKey();
             // Encrypt private key with new user pwd as passphrase
             $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($privateKey, $params['password']);
             // Save private key
             Keymanager::setPrivateKey($encryptedPrivateKey);
             // NOTE: Session does not need to be updated as the
             // private key has not changed, only the passphrase
             // used to decrypt it has changed
         } else {
             // admin changed the password for a different user, create new keys and reencrypt file keys
             $user = $params['uid'];
             $recoveryPassword = $params['recoveryPassword'];
             $newUserPassword = $params['password'];
             $view = new \OC_FilesystemView('/');
             // make sure that the users home is mounted
             \OC\Files\Filesystem::initMountPoints($user);
             $keypair = Crypt::createKeypair();
             // Disable encryption proxy to prevent recursive calls
             $proxyStatus = \OC_FileProxy::$enabled;
             \OC_FileProxy::$enabled = false;
             // Save public key
             $view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']);
             // Encrypt private key empty passphrase
             $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword);
             // Save private key
             $view->file_put_contents('/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey);
             if ($recoveryPassword) {
                 // if recovery key is set we can re-encrypt the key files
                 $util = new Util($view, $user);
                 $util->recoverUsersFiles($recoveryPassword);
             }
             \OC_FileProxy::$enabled = $proxyStatus;
         }
     }
 }