Change to re-create masterkeys #12
Conversation
c7c0efa to
73870af
Compare
73870af to
cd1a215
Compare
|
moving to planned. Let's focus on fixing the core issues first. |
lib/Command/RecreateMasterKey.php
Outdated
| $yes = $input->getOption('yes'); | ||
| if ($this->util->isMasterKeyEnabled()) { | ||
| $question = new ConfirmationQuestion( | ||
| 'Warning: Inorder to re-create master key, the entire ownCloud filesystem will be decrypted and then encrypted using new master key.' |
There was a problem hiding this comment.
not the entire filesystem but: "all the user's home storages will be decrypted".
Will external storages be affected ? I'm not sure
There was a problem hiding this comment.
Verified with external storages:
- SFTP
- ownCloud ( without encryption when added and later running the recreate master key script )
- ownCloud ( with maseter key encryption added and later ran the recreate master key script )
- ownlCloud ( with user key encryption added and later ran the recreate master key script )
lib/Command/RecreateMasterKey.php
Outdated
| $output->writeln("Decryption started\n"); | ||
| $progress = new ProgressBar($output); | ||
| $progress->start(); | ||
| $progress->setMessage("Decryption progress..."); |
There was a problem hiding this comment.
"Decryption in progress..."
lib/Command/RecreateMasterKey.php
Outdated
| $this->IAppManager->disableApp('encryption'); | ||
|
|
||
| //Delete the files_encryption dir | ||
| $this->rootView->deleteAll('files_encryption'); |
There was a problem hiding this comment.
is this correct ? Remember that encryption keys can be stored in a different location with an occ storage (key storage root)
lib/Command/RecreateMasterKey.php
Outdated
| $this->appConfig->setValue('encryption', 'enabled', 'yes'); | ||
| $this->appConfig->setValue('encryption', 'useMasterKey', '1'); | ||
|
|
||
| $this->keyManager->validateShareKey(); |
There was a problem hiding this comment.
what happens if this fails ? will it throw an exception, should we catch it ?
There was a problem hiding this comment.
It would try to create keys if it doesn't exist. If key exist nothing will be done. Same is for validateMasterKey
lib/Command/RecreateMasterKey.php
Outdated
| $target = $path . '.decrypted.' . $this->getTimestamp(); | ||
|
|
||
| try { | ||
| \OC\Files\Storage\Wrapper\Encryption::setDisableWriteEncryption(true); |
There was a problem hiding this comment.
are we also using this in the occ decrypt:all command ?
There was a problem hiding this comment.
No we don't this technique of calling setDisableWriteEncryption at \OC\Encryption\DecryptAll::decryptAll()
765ab35 to
9ca5039
Compare
6d61606 to
9dce123
Compare
tests/KeyManagerTest.php
Outdated
| @@ -73,9 +73,12 @@ public function setUp() { | |||
| ->disableOriginalConstructor() | |||
| ->getMock(); | |||
| $this->configMock = $this->createMock('OCP\IConfig'); | |||
| /*$this->configMock->expects($this->any()) | |||
There was a problem hiding this comment.
Removed the commented out code.
lib/Command/RecreateMasterKey.php
Outdated
| protected $encUtil; | ||
|
|
||
| /** @var IAppManager */ | ||
| protected $IAppManager; |
There was a problem hiding this comment.
Replaced with $appManager
lib/Command/RecreateMasterKey.php
Outdated
| $this->IAppManager->disableApp('encryption'); | ||
|
|
||
| //Delete the files_encryption dir | ||
| $filesEncryptionDir = $this->encUtil->getKeyStorageRoot(); |
There was a problem hiding this comment.
assuming this works with alternative key storages ?
There was a problem hiding this comment.
Yes I have tested with alternate key storages
lib/KeyManager.php
Outdated
|
|
||
| $this->masterKeyId = $this->config->getAppValue('encryption', | ||
| 'masterKeyId'); | ||
| if (empty($this->masterKeyId)) { |
There was a problem hiding this comment.
don't use empty() for strings, because in PHP empty("0") is true...
There was a problem hiding this comment.
Instead of using empty() , tried to use !== ''
There was a problem hiding this comment.
can it be null ? in your other PRs you tested with both is_null and !== ''
There was a problem hiding this comment.
Updated the check for is_null and !== ''
9dce123 to
a34a983
Compare
|
This PR should go along with owncloud/core#29072 |
This change brings a new command to re-create masterkey A small modification to the decryptall, to standard output to console. Signed-off-by: Sujith H <sharidasan@owncloud.com>
a34a983 to
4c962f7
Compare
|
@sharidas please backport to stable10 |
|
Backport available here: owncloud/core#29260 |
This change brings a new command to re-create
masterkey
Signed-off-by: Sujith H sharidasan@owncloud.com