Update 5.0.7 uncontrollable encryption

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Update 5.0.7 uncontrollable encryption

Nicolas Mora
Hello,

Yesterday I updated from 5.0.6 to 5.0.7 without any issue, and I
activated the encryption module to test it, but didn't do anything else
later then.

This morning,  I saw that all my files are encrypted, without me
knowing how, and more important, I have absolutely no idea on how to
decrypt them, considering that I never entered any password or
certificate for the encryption...
I only read this morning that encryption is incompatible with
ldap_user, which of course I use...

Fortunately there is still a backup but I would like to know if the
encryption is reversible, and how ?
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Update 5.0.7 uncontrollable encryption

Arthur Schiwon (Blizzz)
On Friday, June 07, 2013 11:51:21 AM Nicolas Mora wrote:

> Hello,
>
> Yesterday I updated from 5.0.6 to 5.0.7 without any issue, and I
> activated the encryption module to test it, but didn't do anything else
> later then.
>
> This morning,  I saw that all my files are encrypted, without me
> knowing how, and more important, I have absolutely no idea on how to
> decrypt them, considering that I never entered any password or
> certificate for the encryption...

Don't panic! You want to read this:
http://blog.schiessle.org/2013/05/28/introduction-to-the-new-owncloud-encryption-app/

> I only read this morning that encryption is incompatible with
> ldap_user, which of course I use...

Where did you read that?! It's wrong. It may become unhandy on password
changes (need to remember the old one once, as the pw change bypasses
ownCloud). To be on the safe side, enable recovering feature (as admin) and
activate it (per user).

Cheers
Arthur

>
> Fortunately there is still a backup but I would like to know if the
> encryption is reversible, and how ?

> _______________________________________________
> Owncloud mailing list
> [hidden email]
> https://mail.kde.org/mailman/listinfo/owncloud
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Update 5.0.7 uncontrollable encryption

Nicolas Mora
Thanks,

Unfortunately I still can't access my files, I read the article but it  
doesn't give technical details like where the keys are stored.

right now, when I acces any file via web, I have a content like this :
dh17iqfcZDXH/cFOh4et2b5aFusjg+8ncywf+JQ1CCsD6JXMkSFxxZX41E/JVylifHj6R/clfhjYLAicVuWXZVM8a3T/NfwP3H2H9zp0r3uUuRI8VY+eSBaYSnVNpU/YvaLTI5uJtgTYJCQbI/EPd7AxR4Cef7Jm+mvZ8gl/MQtrPRQNKZo135HsLRjsWa9IXsZx40n3XRCjvez9eFq/hhp70SWqI4L1JjlmZ6ZGux1dXl//KpXXJjVgIpsWhZRoJcIQZLoQo3a6RY69bZVi5b0Is2cjA1aR2I+UQs8sKQMIM4jNLNIo0T3eaY+gYu1J98pcbXIZi6f8oNSHLkL/+anJG6LV7dnu2037ijA3aUOKi+cCC1KhxRq2wm2fCaDIuPomE95kXsKBPXBihgfenXNI+M7a5jJDA78piY5xgZB04+toEO1nnUumF5KLrekZtis9mGQuv2rfSNqNMMkHc+qeJlCnD6uv4eRlgZTimXpm1k8uAe5TwHA8jScyMTxAreLf+zmvZRfRAv+S4HLBz03MCEY/kIqH7xiasVJeCYBxGQv5oBT7u1q0qOz4V3mQVFm34RSNlnTwcUsIELVfhSliUlpqRk7FaOuEHBUjbM5D5EGLXDBba5x0N1KpEy8WC4Zi4pfLvH9Ln3rXCbndIqva1kI0L/VROoZt4y9TAbbpuA+2IH5kS11L/AGmjIIgiAIghhzNadx6h+IkQqo6ti743yAvMXVbW

The ldap warning is in the app settings, the encryption app has the  
following message :
Encryption 0.4 Internal App

WARNING: This is a preview release of the new ownCloud 5 encryption  
system. Testing and feedback is very welcome but don't use this in  
production yet. Encryption is not yet compatible with LDAP.

Arthur Schiwon <[hidden email]> a écrit :

> On Friday, June 07, 2013 11:51:21 AM Nicolas Mora wrote:
>> Hello,
>>
>> Yesterday I updated from 5.0.6 to 5.0.7 without any issue, and I
>> activated the encryption module to test it, but didn't do anything else
>> later then.
>>
>> This morning,  I saw that all my files are encrypted, without me
>> knowing how, and more important, I have absolutely no idea on how to
>> decrypt them, considering that I never entered any password or
>> certificate for the encryption...
>
> Don't panic! You want to read this:
> http://blog.schiessle.org/2013/05/28/introduction-to-the-new-owncloud-encryption-app/
>
>> I only read this morning that encryption is incompatible with
>> ldap_user, which of course I use...
>
> Where did you read that?! It's wrong. It may become unhandy on password
> changes (need to remember the old one once, as the pw change bypasses
> ownCloud). To be on the safe side, enable recovering feature (as admin) and
> activate it (per user).
>
> Cheers
> Arthur
>
>>
>> Fortunately there is still a backup but I would like to know if the
>> encryption is reversible, and how ?
>
>> _______________________________________________
>> Owncloud mailing list
>> [hidden email]
>> https://mail.kde.org/mailman/listinfo/owncloud
> _______________________________________________
> Owncloud mailing list
> [hidden email]
> https://mail.kde.org/mailman/listinfo/owncloud


_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Update 5.0.7 uncontrollable encryption

Arthur Schiwon (Blizzz)
On Friday, June 07, 2013 12:57:48 PM Nicolas Mora wrote:

> Thanks,
>
> Unfortunately I still can't access my files, I read the article but it
> doesn't give technical details like where the keys are stored.
>
> right now, when I acces any file via web, I have a content like this :
> dh17iqfcZDXH/cFOh4et2b5aFusjg+8ncywf+JQ1CCsD6JXMkSFxxZX41E/JVylifHj6R/clfhjY
> LAicVuWXZVM8a3T/NfwP3H2H9zp0r3uUuRI8VY+eSBaYSnVNpU/YvaLTI5uJtgTYJCQbI/EPd7Ax
> R4Cef7Jm+mvZ8gl/MQtrPRQNKZo135HsLRjsWa9IXsZx40n3XRCjvez9eFq/hhp70SWqI4L1Jjlm
> Z6ZGux1dXl//KpXXJjVgIpsWhZRoJcIQZLoQo3a6RY69bZVi5b0Is2cjA1aR2I+UQs8sKQMIM4jN
> LNIo0T3eaY+gYu1J98pcbXIZi6f8oNSHLkL/+anJG6LV7dnu2037ijA3aUOKi+cCC1KhxRq2wm2f
> CaDIuPomE95kXsKBPXBihgfenXNI+M7a5jJDA78piY5xgZB04+toEO1nnUumF5KLrekZtis9mGQu
> v2rfSNqNMMkHc+qeJlCnD6uv4eRlgZTimXpm1k8uAe5TwHA8jScyMTxAreLf+zmvZRfRAv+S4HLB
> z03MCEY/kIqH7xiasVJeCYBxGQv5oBT7u1q0qOz4V3mQVFm34RSNlnTwcUsIELVfhSliUlpqRk7F
> aOuEHBUjbM5D5EGLXDBba5x0N1KpEy8WC4Zi4pfLvH9Ln3rXCbndIqva1kI0L/VROoZt4y9TAbbp
> uA+2IH5kS11L/AGmjIIgiAIghhzNadx6h+IkQqo6ti743yAvMXVbW
>
> The ldap warning is in the app settings, the encryption app has the
> following message :
> Encryption 0.4 Internal App
>
> WARNING: This is a preview release of the new ownCloud 5 encryption
> system. Testing and feedback is very welcome but don't use this in
> production yet. Encryption is not yet compatible with LDAP.

Is the encryption app still enabled? Or did you disable it? Then enable it
again.

Cheers
Arthur

>
> Arthur Schiwon <[hidden email]> a écrit :
> > On Friday, June 07, 2013 11:51:21 AM Nicolas Mora wrote:
> >> Hello,
> >>
> >> Yesterday I updated from 5.0.6 to 5.0.7 without any issue, and I
> >> activated the encryption module to test it, but didn't do anything else
> >> later then.
> >>
> >> This morning,  I saw that all my files are encrypted, without me
> >> knowing how, and more important, I have absolutely no idea on how to
> >> decrypt them, considering that I never entered any password or
> >> certificate for the encryption...
> >
> > Don't panic! You want to read this:
> > http://blog.schiessle.org/2013/05/28/introduction-to-the-new-owncloud-encr
> > yption-app/>
> >> I only read this morning that encryption is incompatible with
> >> ldap_user, which of course I use...
> >
> > Where did you read that?! It's wrong. It may become unhandy on password
> > changes (need to remember the old one once, as the pw change bypasses
> > ownCloud). To be on the safe side, enable recovering feature (as admin)
> > and
> > activate it (per user).
> >
> > Cheers
> > Arthur
> >
> >> Fortunately there is still a backup but I would like to know if the
> >> encryption is reversible, and how ?
> >>
> >> _______________________________________________
> >> Owncloud mailing list
> >> [hidden email]
> >> https://mail.kde.org/mailman/listinfo/owncloud
> >
> > _______________________________________________
> > Owncloud mailing list
> > [hidden email]
> > https://mail.kde.org/mailman/listinfo/owncloud
>
> _______________________________________________
> Owncloud mailing list
> [hidden email]
> https://mail.kde.org/mailman/listinfo/owncloud
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Update 5.0.7 uncontrollable encryption

Nicolas Mora

Arthur Schiwon <[hidden email]> a écrit :

>
> Is the encryption app still enabled? Or did you disable it? Then enable it
> again.
>
Indeed I disabled and re-enabled it a few times.

_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Update 5.0.7 uncontrollable encryption

Arthur Schiwon (Blizzz)
On Friday, June 07, 2013 01:36:38 PM Nicolas Mora wrote:
> Arthur Schiwon <[hidden email]> a écrit :
> > Is the encryption app still enabled? Or did you disable it? Then enable it
> > again.
>
> Indeed I disabled and re-enabled it a few times.

Afair, if you enable it, you should be able to open all your files correctly
i.e. unencrypted.

Cheers
Arthur

>
> _______________________________________________
> Owncloud mailing list
> [hidden email]
> https://mail.kde.org/mailman/listinfo/owncloud
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Update 5.0.7 uncontrollable encryption

Nicolas Mora
Arthur Schiwon <[hidden email]> a écrit :

> On Friday, June 07, 2013 01:36:38 PM Nicolas Mora wrote:
>> Arthur Schiwon <[hidden email]> a écrit :
>> > Is the encryption app still enabled? Or did you disable it? Then enable it
>> > again.
>>
>> Indeed I disabled and re-enabled it a few times.
>
> Afair, if you enable it, you should be able to open all your files correctly
> i.e. unencrypted.
>
Unfortunately it doesn't work, I still have the same output, with  
encryption enabled or not, even after logging out then relogging in.

Should I open an issue ?
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Update 5.0.7 uncontrollable encryption

Arthur Schiwon (Blizzz)
On Friday, June 07, 2013 01:56:26 PM Nicolas Mora wrote:

> Arthur Schiwon <[hidden email]> a écrit :
> > On Friday, June 07, 2013 01:36:38 PM Nicolas Mora wrote:
> >> Arthur Schiwon <[hidden email]> a écrit :
> >> > Is the encryption app still enabled? Or did you disable it? Then enable
> >> > it
> >> > again.
> >>
> >> Indeed I disabled and re-enabled it a few times.
> >
> > Afair, if you enable it, you should be able to open all your files
> > correctly i.e. unencrypted.
>
> Unfortunately it doesn't work, I still have the same output, with
> encryption enabled or not, even after logging out then relogging in.
>
> Should I open an issue ?

Björn, do you have an idea?

Cheers
Arthur

> _______________________________________________
> Owncloud mailing list
> [hidden email]
> https://mail.kde.org/mailman/listinfo/owncloud
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Update 5.0.7 uncontrollable encryption

Bjoern Schiessle
On Fri, 07 Jun 2013 20:23:09 +0200 Arthur Schiwon wrote:
> > Unfortunately it doesn't work, I still have the same output, with
> > encryption enabled or not, even after logging out then relogging in.
> >
> > Should I open an issue ?
>
> Björn, do you have an idea?

Not directly. The file content you (Nicolas) showed to us is the
encrypted file. It is totally OK if you see it if the encryption app is
disabled. If the app is enabled the file should be automatically
decrypted. After you enabled the app it is important that you log out
and than log in again so that the encryption app can decrypt your
private key.

Can you try to enable the encryption app, log-out, log-in again and
than try to open one of your files?

Cheers,
Björn

--
Björn Schießle <[hidden email]>
Software Developer
ownCloud GmbH - www.owncloud.com

Your Data, Your Cloud, Your Way!

ownCloud GmbH, GF: Markus Rex, Holger Dyroff
Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Update 5.0.7 uncontrollable encryption

Nicolas Mora

Bjoern Schiessle <[hidden email]> a écrit :

>
> Not directly. The file content you (Nicolas) showed to us is the
> encrypted file. It is totally OK if you see it if the encryption app is
> disabled. If the app is enabled the file should be automatically
> decrypted. After you enabled the app it is important that you log out
> and than log in again so that the encryption app can decrypt your
> private key.
>
> Can you try to enable the encryption app, log-out, log-in again and
> than try to open one of your files?
>
Yup, still not working.

My steps were the following :
1- Logged out, relogged in
   => files not readable (encrypted)
2- deactivated encryption, logged out, relogged in
   => files not readable either but that's normal
3- reactivated encryption, logged out, relogged in
   => files still not readable

I see nothing related to encryption in the logs

I did some other tests:
I created a text file during encryption disabled, called test.txt, no  
problem, I can open it
When encryption is enabled, I created another text file, retest.txt,  
wrote into it, then saved. This file is correct, decrypted on the web  
interface, and encrypted on the hard drive. But, for some reason, I  
see a new file which is empty and has the name retest.txt.etmp, that  
was created at the same time.
The first file (test.txt) is still readable.

Maybe there's a encrypted files index somewhere that is empty ?
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Update 5.0.7 uncontrollable encryption

Bjoern Schiessle
On Fri, 07 Jun 2013 15:18:06 -0400 Nicolas Mora wrote:
> When encryption is enabled, I created another text file, retest.txt,  
> wrote into it, then saved. This file is correct, decrypted on the
> web interface, and encrypted on the hard drive. But, for some reason,
> I see a new file which is empty and has the name retest.txt.etmp,
> that was created at the same time.
> The first file (test.txt) is still readable.

*.etmp gets generated during file encryption but they get removed
afterwards. I never saw this file in my files list. Can you check if
the file exists on your hard drive.

The initial encryption takes place only once after the first time you
enabled the app. To enforce another initial encryption run you have to
edit the owncloud database table 'oc_encryption' and set
'migration_status' to '0'.

For every file a encryption key should exists in
data/userid/files_encryption/keyfiles/. Additionally for each file at
least one file called filename.userid.shareKey should exist in
data/userid/files_encryption/share-keys.

Can you please check if this files exists, especially for the files
which doesn't get decrypted?

cheers,
Björn

--
Björn Schießle <[hidden email]>
Software Developer
ownCloud GmbH - www.owncloud.com

Your Data, Your Cloud, Your Way!

ownCloud GmbH, GF: Markus Rex, Holger Dyroff
Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Update 5.0.7 uncontrollable encryption

Nicolas Mora
Le 07/06/2013 16:32, Bjoern Schiessle a écrit :
>
> *.etmp gets generated during file encryption but they get removed
> afterwards. I never saw this file in my files list. Can you check if
> the file exists on your hard drive.
>
The file doesn't exists in my hard drive, it's a ghost file in owncloud
(and empty if I open it)

> The initial encryption takes place only once after the first time you
> enabled the app. To enforce another initial encryption run you have to
> edit the owncloud database table 'oc_encryption' and set
> 'migration_status' to '0'.
>
I wouldn't test another encryption with files that are already
encrypted, it could make a not helpful double encryption.
Although, the content of the table is  :
mysql> select * from oc_encryption;
+---------+-------------+------------------+------------------+
| uid     | mode        | recovery_enabled | migration_status |
+---------+-------------+------------------+------------------+
| nicolas | server-side |                0 |                1 |
+---------+-------------+------------------+------------------+

> For every file a encryption key should exists in
> data/userid/files_encryption/keyfiles/. Additionally for each file at
> least one file called filename.userid.shareKey should exist in
> data/userid/files_encryption/share-keys.
>
There are .key files and .shareKey files in the proper folders

> Can you please check if this files exists, especially for the files
> which doesn't get decrypted?
>
The files you mention are present, is there some other things to check ?
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Update 5.0.7 uncontrollable encryption

Nicolas Mora
Hi guys,

Any update on my issue ? Or should I restore the backup ? :/

Thanks for your help so far.

Le 2013-06-07 22:28, Nicolas Mora a écrit :

> Le 07/06/2013 16:32, Bjoern Schiessle a écrit :
>>
>> *.etmp gets generated during file encryption but they get removed
>> afterwards. I never saw this file in my files list. Can you check if
>> the file exists on your hard drive.
>>
> The file doesn't exists in my hard drive, it's a ghost file in owncloud
> (and empty if I open it)
>
>> The initial encryption takes place only once after the first time you
>> enabled the app. To enforce another initial encryption run you have to
>> edit the owncloud database table 'oc_encryption' and set
>> 'migration_status' to '0'.
>>
> I wouldn't test another encryption with files that are already
> encrypted, it could make a not helpful double encryption.
> Although, the content of the table is  :
> mysql> select * from oc_encryption;
> +---------+-------------+------------------+------------------+
> | uid     | mode        | recovery_enabled | migration_status |
> +---------+-------------+------------------+------------------+
> | nicolas | server-side |                0 |                1 |
> +---------+-------------+------------------+------------------+
>
>> For every file a encryption key should exists in
>> data/userid/files_encryption/keyfiles/. Additionally for each file at
>> least one file called filename.userid.shareKey should exist in
>> data/userid/files_encryption/share-keys.
>>
> There are .key files and .shareKey files in the proper folders
>
>> Can you please check if this files exists, especially for the files
>> which doesn't get decrypted?
>>
> The files you mention are present, is there some other things to check ?
> _______________________________________________
> Owncloud mailing list
> [hidden email]
> https://mail.kde.org/mailman/listinfo/owncloud

_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Update 5.0.7 uncontrollable encryption

Bjoern Schiessle
Hi Nicolas,

On Mon, 10 Jun 2013 23:08:47 -0400 Nicolas Mora wrote:
> Any update on my issue ? Or should I restore the backup ? :/

Yesterday I had some discussions with other ownCloud developers and we
come up with a idea.

Did your sync client run in the background at the time you enabled the
encryption app?

Since the initial encryption take some time it could happen that more
than one migration gets triggered if you have more than one connection
to your ownCloud server. This would mean that your files get encrypted
twice.

A simple test would be to compare the encrypted file you downloaded
with the file stored on your servers hard disk. Are they exactly the
same or are they only the same in structure but not in content. This
would mean that the files where encrypted multiple time and the
download just decrypted the decrypted file.

Would be great if you could check this. Meanwhile I will look into
solutions to prevent such situations.

cheers,
Björn

--
Björn Schießle <[hidden email]>
Software Developer
ownCloud GmbH - www.owncloud.com

Your Data, Your Cloud, Your Way!

ownCloud GmbH, GF: Markus Rex, Holger Dyroff
Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Update 5.0.7 uncontrollable encryption

Nicolas Mora
Le 2013-06-11 03:45, Bjoern Schiessle a écrit :
> Hi Nicolas,
>
Hi,

> On Mon, 10 Jun 2013 23:08:47 -0400 Nicolas Mora wrote:
>> Any update on my issue ? Or should I restore the backup ? :/
>
> Yesterday I had some discussions with other ownCloud developers and we
> come up with a idea.
>
> Did your sync client run in the background at the time you enabled the
> encryption app?
>
No, that's not that too, because I don't use a sync client, only the web
UI...

/Nicolas
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud