/** * @param string $uid user id * @param string $password user password * @return bool */ public function setupUser($uid, $password) { if (!$this->keyManager->userHasKeys($uid)) { return $this->keyManager->storeKeyPair($uid, $password, $this->crypt->createKeyPair()); } return true; }
/** * @param string $uid userid * @param string $password user password * @return bool */ public function setupServerSide($uid, $password) { // Check if user already has keys if (!$this->keyManager->userHasKeys($uid)) { return $this->keyManager->storeKeyPair($uid, $password, $this->crypt->createKeyPair()); } return true; }
/** * @param $recoveryKeyId * @param $password * @return bool */ public function enableAdminRecovery($password) { $appConfig = $this->config; $keyManager = $this->keyManager; if (!$keyManager->recoveryKeyExists()) { $keyPair = $this->crypt->createKeyPair(); $this->keyManager->setRecoveryKey($password, $keyPair); } if ($keyManager->checkRecoveryPassword($password)) { $appConfig->setAppValue('encryption', 'recoveryAdminEnabled', 1); return true; } return false; }
/** * @param IStorage $keyStorage * @param Crypt $crypt * @param IConfig $config * @param IUserSession $userSession * @param Session $session * @param ILogger $log * @param Util $util */ public function __construct(IStorage $keyStorage, Crypt $crypt, IConfig $config, IUserSession $userSession, Session $session, ILogger $log, Util $util) { $this->util = $util; $this->session = $session; $this->keyStorage = $keyStorage; $this->crypt = $crypt; $this->config = $config; $this->log = $log; $this->recoveryKeyId = $this->config->getAppValue('encryption', 'recoveryKeyId'); if (empty($this->recoveryKeyId)) { $this->recoveryKeyId = 'recoveryKey_' . substr(md5(time()), 0, 8); $this->config->setAppValue('encryption', 'recoveryKeyId', $this->recoveryKeyId); } $this->publicShareKeyId = $this->config->getAppValue('encryption', 'publicShareKeyId'); if (empty($this->publicShareKeyId)) { $this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8); $this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId); } $shareKey = $this->getPublicShareKey(); if (empty($shareKey)) { $keyPair = $this->crypt->createKeyPair(); // Save public key $this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.publicKey', $keyPair['publicKey']); // Encrypt private key empty passphrase $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], ''); $this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.privateKey', $encryptedKey); } $this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false; $this->log = $log; }
/** * check if a key pair for the master key exists, if not we create one */ public function validateMasterKey() { $masterKey = $this->getPublicMasterKey(); if (empty($masterKey)) { $keyPair = $this->crypt->createKeyPair(); // Save public key $this->keyStorage->setSystemUserKey($this->masterKeyId . '.publicKey', $keyPair['publicKey'], Encryption::ID); // Encrypt private key with system password $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $this->getMasterKeyPassword(), $this->masterKeyId); $header = $this->crypt->generateHeader(); $this->setSystemPrivateKey($this->masterKeyId, $header . $encryptedKey); } }
public function validateShareKey() { $shareKey = $this->getPublicShareKey(); if (empty($shareKey)) { $keyPair = $this->crypt->createKeyPair(); // Save public key $this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.publicKey', $keyPair['publicKey'], Encryption::ID); // Encrypt private key empty passphrase $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], ''); $header = $this->crypt->generateHeader(); $this->setSystemPrivateKey($this->publicShareKeyId, $header . $encryptedKey); } }
/** * Change a user's encryption passphrase * * @param array $params keys: uid, password * @return boolean|null */ public function setPassphrase($params) { // Get existing decrypted private key $privateKey = $this->session->getPrivateKey(); $user = $this->user->getUser(); // current logged in user changes his own password if ($user && $params['uid'] === $user->getUID() && $privateKey) { // Encrypt private key with new user pwd as passphrase $encryptedPrivateKey = $this->crypt->encryptPrivateKey($privateKey, $params['password'], $params['uid']); // Save private key if ($encryptedPrivateKey) { $this->keyManager->setPrivateKey($this->user->getUser()->getUID(), $this->crypt->generateHeader() . $encryptedPrivateKey); } else { $this->logger->error('Encryption could not update users encryption password'); } // NOTE: Session does not need to be updated as the // private key has not changed, only the passphrase // used to decrypt it has changed } else { // admin changed the password for a different user, create new keys and re-encrypt file keys $user = $params['uid']; $this->initMountPoints($user); $recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null; // we generate new keys if... // ...we have a recovery password and the user enabled the recovery key // ...encryption was activated for the first time (no keys exists) // ...the user doesn't have any files if ($this->recovery->isRecoveryEnabledForUser($user) && $recoveryPassword || !$this->keyManager->userHasKeys($user) || !$this->util->userHasFiles($user)) { // backup old keys //$this->backupAllKeys('recovery'); $newUserPassword = $params['password']; $keyPair = $this->crypt->createKeyPair(); // Save public key $this->keyManager->setPublicKey($user, $keyPair['publicKey']); // Encrypt private key with new password $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword, $user); if ($encryptedKey) { $this->keyManager->setPrivateKey($user, $this->crypt->generateHeader() . $encryptedKey); if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files $this->recovery->recoverUsersFiles($recoveryPassword, $user); } } else { $this->logger->error('Encryption Could not update users encryption password'); } } } }