Change to re-create masterkeys #12
Conversation
sharidas
force-pushed
the
withencryptionwrapper-recreate-master
branch
2 times, most recently
from
c7c0efa to
73870af
Compare
sharidas
force-pushed
the
withencryptionwrapper-recreate-master
branch
from
73870af to
cd1a215
Compare
|
moving to planned. Let's focus on fixing the core issues first. |
PVince81
left a comment
PVince81
left a comment
There was a problem hiding this comment.
please refresh my memory: how much code from decrypt-all and encrypt-all has been reused/copied ?
If a lot, is there a way to internally invoke the decrypt-all and encrypt-all command ? before and after regenerating the master key ?
lib/Command/RecreateMasterKey.php
Outdated
| $yes = $input->getOption('yes'); | ||
| if ($this->util->isMasterKeyEnabled()) { | ||
| $question = new ConfirmationQuestion( | ||
| 'Warning: Inorder to re-create master key, the entire ownCloud filesystem will be decrypted and then encrypted using new master key.' |
There was a problem hiding this comment.
not the entire filesystem but: "all the user's home storages will be decrypted".
Will external storages be affected ? I'm not sure
There was a problem hiding this comment.
Verified with external storages:
- SFTP
- ownCloud ( without encryption when added and later running the recreate master key script )
- ownCloud ( with maseter key encryption added and later ran the recreate master key script )
- ownlCloud ( with user key encryption added and later ran the recreate master key script )
lib/Command/RecreateMasterKey.php
Outdated
| $output->writeln("Decryption started\n"); | ||
| $progress = new ProgressBar($output); | ||
| $progress->start(); | ||
| $progress->setMessage("Decryption progress..."); |
There was a problem hiding this comment.
"Decryption in progress..."
lib/Command/RecreateMasterKey.php
Outdated
| $this->IAppManager->disableApp('encryption'); | ||
|
|
||
| //Delete the files_encryption dir | ||
| $this->rootView->deleteAll('files_encryption'); |
There was a problem hiding this comment.
is this correct ? Remember that encryption keys can be stored in a different location with an occ storage (key storage root)
| $this->appConfig->setValue('encryption', 'enabled', 'yes'); | ||
| $this->appConfig->setValue('encryption', 'useMasterKey', '1'); | ||
|
|
||
| $this->keyManager->validateShareKey(); |
There was a problem hiding this comment.
what happens if this fails ? will it throw an exception, should we catch it ?
There was a problem hiding this comment.
It would try to create keys if it doesn't exist. If key exist nothing will be done. Same is for validateMasterKey
lib/Command/RecreateMasterKey.php
Outdated
| $target = $path . '.decrypted.' . $this->getTimestamp(); | ||
|
|
||
| try { | ||
| \OC\Files\Storage\Wrapper\Encryption::setDisableWriteEncryption(true); |
There was a problem hiding this comment.
are we also using this in the occ decrypt:all command ?
There was a problem hiding this comment.
No we don't this technique of calling setDisableWriteEncryption at \OC\Encryption\DecryptAll::decryptAll()
sharidas
force-pushed
the
withencryptionwrapper-recreate-master
branch
3 times, most recently
from
765ab35 to
9ca5039
Compare
sharidas
force-pushed
the
withencryptionwrapper-recreate-master
branch
2 times, most recently
from
6d61606 to
9dce123
Compare
tests/KeyManagerTest.php
Outdated
| ->disableOriginalConstructor() | ||
| ->getMock(); | ||
| $this->configMock = $this->createMock('OCP\IConfig'); | ||
| /*$this->configMock->expects($this->any()) |
There was a problem hiding this comment.
Removed the commented out code.
lib/Command/RecreateMasterKey.php
Outdated
| protected $encUtil; | ||
|
|
||
| /** @var IAppManager */ | ||
| protected $IAppManager; |
There was a problem hiding this comment.
Replaced with $appManager
| $this->IAppManager->disableApp('encryption'); | ||
|
|
||
| //Delete the files_encryption dir | ||
| $filesEncryptionDir = $this->encUtil->getKeyStorageRoot(); |
There was a problem hiding this comment.
assuming this works with alternative key storages ?
There was a problem hiding this comment.
Yes I have tested with alternate key storages
lib/KeyManager.php
Outdated
|
|
||
| $this->masterKeyId = $this->config->getAppValue('encryption', | ||
| 'masterKeyId'); | ||
| if (empty($this->masterKeyId)) { |
There was a problem hiding this comment.
don't use empty() for strings, because in PHP empty("0") is true...
There was a problem hiding this comment.
Instead of using empty() , tried to use !== ''
There was a problem hiding this comment.
can it be null ? in your other PRs you tested with both is_null and !== ''
There was a problem hiding this comment.
Updated the check for is_null and !== ''
sharidas
force-pushed
the
withencryptionwrapper-recreate-master
branch
from
9dce123 to
a34a983
Compare
|
This PR should go along with owncloud/core#29072 |
This change brings a new command to re-create masterkey A small modification to the decryptall, to standard output to console. Signed-off-by: Sujith H <sharidasan@owncloud.com>
sharidas
force-pushed
the
withencryptionwrapper-recreate-master
branch
from
a34a983 to
4c962f7
Compare
|
@sharidas please backport to stable10 |
|
Backport available here: owncloud/core#29260 |
This change brings a new command to re-create
masterkey
Signed-off-by: Sujith H sharidasan@owncloud.com