Revoke keys about end_to_end_encryption HOT 48 CLOSED

PLEASE NOTE: following manual steps are not needed anymore, please use the UI at the users own settings (/settings/user/security) !

See comment below.

I recorded my passphrase while setting up e2e on my android before the client was stable (it seems the passphrase I recorded is not the one that was used to create the key).

I didn't pay much attention, but now the desktop client asks for my passphrase everytime I start it and I'm tired of hitting cancel each time.

For better or worse, with Nextcloud 14 and E2E 1.0.5 it does seem possible to delete keys for a fresh start. @tobiasKaminsky's directions I found a bit vague and @dnclain's approach too drastic (I only wanted to revoke the keys for one user, not for everyone!).

So I settled on these steps to revoke the keys for just one user.

• Enter the end_to_end_encryption folder in your appdata folder. Your appdata folder is a folder inside your data folder (the folder containing all your nextcloud files). It has a randomly generated name that starts with appdata like appdata_487461775a51. The end_to_end_encryption folder has three folders: meta-data, private-keys and public-keys.
• If your username is joe, then remove meta-data/joe, private-keys/joe.private.key, public-keys/joe.public.key
• In the database (replace joe with your username):

DELETE FROM oc_filecache WHERE path LIKE 'appdata_%/end_to_end_encryption/meta-data/joe%';
DELETE FROM oc_filecache WHERE path LIKE 'appdata_%/end_to_end_encryption/%-keys/joe.%.key';

I manually ran the cron job ( php -f /var/www/nextcloud/cron.php) - not sure if that is necessary.

I restarted my desktop app. It presented me with a new passphrase. I don't have access to my old encrypted folders, but I can create new ones.

I didn't share any folders with other users, so I'm not sure what would happen now if I had (would those shares be blindly re-keyed with my new key)?

I don't fully understand the intricacies of the Nextcloud e2e implementation, but if possible, I think the desired behavior should be something along the lines of:

1. If an admin does what I just did, the user's client should warn the user and provide the option to copy the keys it has stored back to the server. The server admin should not be able to force a re-keying just by deleting those files. The clients should not allow that
2. The clients should have a mechanism to force a re-key. If a client can properly authenticate with the server, then it should be allowed to trigger a re-keying. That means if an attacker takes control of your client, they can force a re-keying.
3. If a second (or third, etc) client connects and detects a mis-match in keys, this client should prompt the user to choose the old or the new key. This way, if you have one deviced compromised, you can at least put your old key back, change your server password and regain control. Or, if you legitimately re-keyed you can choose to accept the new key.
4. Any user that shared data with you via your old key should get prompted and it should require an active click through of the warning to re-encrypt the data to the new key.

I know it's not perfect and many users blindly click throug those warnings, but I think it's a reasonable compromise.

from end_to_end_encryption.

I tested E2EE with the beta desktop client when it was first released a few months ago. Back then I did not save the encryption passphrase because I did not plan to use it productively. Now with the new desktop client 2.5.0 and activated E2EE the client asks me now for the passphrase from back then. The possibility of revoking E2EE keys would be very appreciated otherwise I have to create a new user and move all stuff.

from end_to_end_encryption.

@schiessle can you give an advice how to do this manually?

from end_to_end_encryption.

if you forget the mnemonic code or you have no client connected to retrieve it, I use these 2 commands from the terminal to delete the user's private and public key

curl -u "USER:Password" -X DELETE https://mysite/ocs/v2.php/apps/end_to_end_encryption/api/v1/private-key -H "OCS-APIRequest:true"

curl -u "USER:Password" -X DELETE https://mysite/ocs/v2.php/apps/end_to_end_encryption/api/v1/public-key -H "OCS-APIRequest:true"

from end_to_end_encryption.

Currently there is no user friendly way.
@schiessle do we plan to implement this?

from end_to_end_encryption.

I tested E2EE with the beta desktop client when it was first released a few months ago. Back then I did not save the encryption passphrase because I did not plan to use it productively. Now with the new desktop client 2.5.0 and activated E2EE the client asks me now for the passphrase from back then. The possibility of revoking E2EE keys would be very appreciated otherwise I have to create a new user and move all stuff.

I am in the exact same situation, tested E2EE on android a long time ago and the passphrase glitched away from me or something. Long story short, the only passphrase I have stored is incorrect and I cant use E2EE. Is it possible to compleatly reset E2EE for all my users on my server and start fresh now when it is getting to production readiness?

from end_to_end_encryption.

@schiessle what is the plan/status of revoking the keys?
As far as I remember, we decided/discussed that this should only be part of web UI, with proper warnings.

from end_to_end_encryption.

@davesie there's a workaround by @tobiasKaminsky here: nextcloud/server#9083 (comment)

• go into app folder on server side, then end_to_end_encryption, remove the sure in question
• log into mysql and "DELETE FROM oc_filecache WHERE name like '%$USER%';"
  (please do a backup first)

Tried it, works.

from end_to_end_encryption.

Yes, an evil admin could revoke the keys, but then still the can encrypt the files as the keys are stored locally.
An admin cannot setup a new mnemonic as he needs the private key of an user to generate the CSR.

from end_to_end_encryption.

Same problem. I set up E2E on my phone months ago and forgot the passphrase. Now, my desktop client isn't syncing anymore (I don't know why) and it's asking for the E2E encryption passphrase on every start.

from end_to_end_encryption.

@Alphakilo thanks for sharing the workaround. Unfortunately this does not work for hosted Nextcloud instances :(

from end_to_end_encryption.

@Alphakilo : Hi, same problem here (Nextcloud 14 and I replaced it today with the 15.0.2). E2E was stuck in a hell 'ask for mnemonic' loop, or did not sync at al when E2E is active.
The first time I used E2E, I did not give any mnemonic at all, but it seems the E2E plugin get one like '(null)', and stay stuck with it if we encrypt one folder.
I tried the above sql command, but did not work for me, there was no such line in this table. The client keeps asking for the E2E mnemonics words. I really need to reset the E2E key.
At the end, I completely removed the directory end_to_end_encryption, and the file cache that way :

• Stop all clients
• Delete the E2E plugin
• Delete the folder end_to_end_encryption in app data.
• Connect the database :

delete from oc_filecache where path like '%end_to_end_encryption%';

• launch the maintenance crontab manually (/usr/bin/php -f /var/www/nextcloud/cron.php) as user www-data
• after a couple of minutes, reinstall the E2E plugin.

I don't know if this is the right way, but it worked. It asked me for new mnemonic words.
Desktop clients still ask for mnemonics at starts, but it's ok for me.

from end_to_end_encryption.

Hi @mjeshurun - If you look in your config file, you'll see a variable called datadirectory - that's the path to your data directory. It might be something like /var/www/nextcloud/data. You should be able to find your data directory by running the command (replacing /var/www/nexztcloud/data/ with your actual data directory): ls /var/www/nextcloud/data/appdata*.

from end_to_end_encryption.

E2EE can now be reset from the user's settings. There's no need mess with files and db anymore.

from end_to_end_encryption.

@bcutter Sorry you had to waste those hours! I just updated my comment as suggested.

from end_to_end_encryption.

If you are able to do this on server a evil admin could reset the key, setup a new memonic and on reshare get the secret files or?

I was thinking about using u2f to identify the user who wants to reset his memonic. So clients of users with existing shares to the user could get a the u2f public key and vertify the the memonic reset was requested by the user end not a evil admin?

But I'm not sure if it will work in practice.

from end_to_end_encryption.

But if I understand it right than, revoking the key's would not help to resetup end to end encryption. Right?

from end_to_end_encryption.

In current implementation a client only asks for keys (stored on server) on the very first time.
If you then, by accident or on purpose, revoke the keys on the server, you can still access and encrypt the files on the (already configured) client, but cannot add a new one.

from end_to_end_encryption.

Sorry, I think we are talking about different thinks right now. I was wondering if an admin could use the revoke funktion to "steel" the identity of an user. Ask the other users of shares to reshare (He could setup a message looking as it comes from Nextcloud saying user xyz lost his memomic and reset encryption please reshare, if you want him to be able to read the shares.) and gain access to file he/she should not see on this way.

Or would it not be possible to resetup a new end to end encryption with new key's after the old key's are revoked?

And to protect against this I was woundering if it is possible to use the u2f authentikation to vertify against other devices that the user requested the resetup and not an admin trying to steel the identity of the user.

from end_to_end_encryption.

On very first setup we use tofu (trust on first use), so whoever authenticates with the right credentials can push the keys to the server.
Same will hold for re-setup if you revoke the keys.

But this means that the attacker has access to the user credentials and the user will notice as any new client / file will not be able to decrypt by him.

from end_to_end_encryption.

So the attacker is the admin, because thats where we need e2e encryption for. Knowing the credentials is not the big problem he is the admin and has write access to the database and all serverfiles.

So the problem or the point where I was woundering is using tofu a second time. I'm not strinktly against it but I think it is a point wich should be well thourgt of, if there is not a bedder solution.

from end_to_end_encryption.

tofu a second time

I guess we have to keep it this way:

• user sets up E2E on device
• user gets the device stolen, breaks it whatever
• user wants to set up E2E again
  --> TOFU at second time

I get your point, but I am unsure how to handle this.
@rullzer @schiessle maybe?

from end_to_end_encryption.

I see the problem on both ways.
One not relay userfrindly version would be a option to opt-out this for more security.

Or I was thinking of using the users U2F device to autenticate the user, but this is not a easy way for development. The clients must be able to read the U2F device and add the public key to the encrypted shares. The revoke could than happen with a by u2f device singed message and could be done by the server. In this cases each client could vertify that the user and not the server requested the revoke.

Maby a big warning or information on the side of users making a new share that the key has change would solve the problem, too.

from end_to_end_encryption.

What to do, if the users private key is broken? when i log in i get the message "Falscher privater Schlüssel für die Verschlüsselungs-App. Bitte aktualisieren Sie Ihren privaten Schlüssel in Ihren persönlichen Einstellungen um wieder Zugriff auf die verschlüsselten Dateien zu erhalten."

I am aon 13 beta rc1 and i once tested with the ios app a folder encryption. can't get rid of the message or reset my private key :-( As i am admin on my instance, i tried many things. but there are no keys stored anywhere. Not in occ encryption:show-key-storage-root nor in my data/myuser/... place. Neither in data/appdata_ ... I do have enabled "default encryption module" and "End-to-End Encryption ".

from end_to_end_encryption.

Similar problem here: I've enabled the E2E-App and wanted to try it with my Android device, but the Mnemonic never even showed up. Disabling/Enabling the App doesn't work, and unfortunately I don't know how to completely reset the necessary App data.

from end_to_end_encryption.

I have the same problem. I tested E2E on Android during the early versions of the App. It worked buggy, so I stopped using this feature. Now E2E is stable and released on the desktop, but I can't use it, because I don't know my passphrase / keys anymore. And I use Nextcloud on some cloud provider, so I can't remove my account or reinstall Nextcloud.

from end_to_end_encryption.

I'm in exactly the same position. Tried the E2EE feature a couple of months ago, unfortunately with my main user account. Turned out to be too buggy, so disabled it again and didn't bother storing the 12word passphrase.
Today, I've upgraded the nextcloud client to 2.5.0 and now I get prompted for the password I no longer have.

I do have access to the SQL db, so if there is a manual way to reset the keys for this account, this would suffice for me.

from end_to_end_encryption.

@schiessle what is the plan/status of revoking the keys?
As far as I remember, we decided/discussed that this should only be part of web UI, with proper warnings.

with unlock ... :)

from end_to_end_encryption.

I have the same problem. I tested E2E at the first release. At this time it was too unstable for me, especially with the missing feature in the desktop client. Now with the new desktop client version 2.5.0 I do not remember my passphrase I set back then. At every PC start, I'm asked for the passphrase, that's annoying.

from end_to_end_encryption.

Same problem here. Playing initially wit E2EE and didn't save the 12 word passphrase.
There needs to be a way to reset this by the user, urgently! Otherwise not usable :((

from end_to_end_encryption.

Me too. When I tried to copy the passphrase to keepass on the smartphone I accidentally confirmed the dialogue and the passphrase was gone. I would appreciate a way to reset the passphrase even if the encrypted data would be lost. As far as I can see this shouldn't be a problem since when the passphrase once is set, I can decrypt the folders with that single client. The problem is that without knowing the passphrase I can't access the data (apparently any data, encrypted or not) with any other client.

from end_to_end_encryption.

@Bromptonaut if you created the passphrase with a recent android app version, you can look it up again in settings (there must be any kind of android's device locking enabled)

from end_to_end_encryption.

@tobiasKaminsky Thank you for the hint. I couldn't spot a dialogue to display the passphrase in the settings of the android client V3.2.1., so I updated to V3.3.2. Device locking has always been enabled as you told me. When I now unlock the nextcloud app with my fingerprint I occasionally (not always) get a dialogue headed "E2E-Mnemonic" but with nothing but empty space below which I need to confirm with OK. Either my passphase indeed is empty, or it is not displayed correctly (if this is the purpose of that dialogue). I still do not find anything related to the passphrase in the settings.
If the clients can display the passphrase (which they do not for me at the moment), then there seems to be no urgent need to be able to reset the passphrase since it can only be lost if the device running the client is lost before the password is stored in a safe place. But i can guess that there are people able to do so.

from end_to_end_encryption.

@Bromptonaut if you have set up E2E on mobile with an old client, then the passphrase is not stored.

from end_to_end_encryption.

@tobiasKaminsky Is there any way to reset those passphrases (maybe working directly with the SQL storage)? We have some users who wanted to try out the featured when it was released, didn't played around with it any longer and lost the passphrases...

from end_to_end_encryption.

Yes please, at least allow the user to revoke their own key.

from end_to_end_encryption.

EDIT : issue!
The solution proposed by jmcclelland worked fine for me with NC 17.0.3 and E2EE 1.3.0
Thank you so much!
EDIT :
Oups the folder that I tried to encrypt seems in clear in the server data folder.
This is a big security issues because the folder seems encrypted at client side, no way to get it from the web-cli, nor in other device which don't have the passphrase but, in ftp, I can download and open the files stored in... not so much in the e2ee philosophy !?

Client used is ubuntu 2.6.2git

from end_to_end_encryption.

@tigernero79 Thanks for the fix! The only change I had to make was spoofing the user agent. You can find a list of accepted user agents here:

from end_to_end_encryption.

I would like to reopen this case because it's still really ungrateful as a way to do things.

the curl command doesn't work:

failure
403
Client "curl/7.76.1" is not allowed to access end-to-end encrypted content.

the entries in mysql database is not accurate anymore

to_end_encryption/public-keys
to_end_encryption/private-keys

there is no meta-data etc

from end_to_end_encryption.

So I settled on these steps to revoke the keys for just one user.

• Enter the end_to_end_encryption folder in your appdata folder. Your appdata folder is a folder inside your data folder (the folder containing all your nextcloud files). It has a randomly generated name that starts with appdata like appdata_487461775a51. The end_to_end_encryption folder has three folders: meta-data, private-keys and public-keys.

I also made the stupid mistake of enabling and then disabling end-to-end encryption without properly saving the passphrase.
@jmcclelland can I trouble you and ask how I can find the end_to_end_encryption folder?
I cannot find the "appdata_..." folder you mentioned.
I'm running Nextcloud on a Raspberry Pi 4 installed using NextcloudPi's curl command.

from end_to_end_encryption.

Hi @mjeshurun - If you look in your config file, you'll see a variable called datadirectory - that's the path to your data directory. It might be something like /var/www/nextcloud/data. You should be able to find your data directory by running the command (replacing /var/www/nexztcloud/data/ with your actual data directory): ls /var/www/nextcloud/data/appdata*.

Thank you! I was able to find the full appdata_... folder name.
However, I am not able to open it. Terminal says the permission to the folder is denied.

pi@raspberrypi:~ $ cd  /var/www/nextcloud/data/appdata_oc********qd
bash: cd: /var/www/nextcloud/data/appdata_oc********qd: Permission denied

Is there a command I need to run in order to allow permission?

from end_to_end_encryption.

Try becoming root with: sudo -i and then try those commands again.

from end_to_end_encryption.

Try becoming root with: sudo -i and then try those commands again.

That worked :)))
Thank you very much 🙏🙏🙏

from end_to_end_encryption.

@jmcclelland regarding #32 (comment)

Thanks so much for saving some (including my) asses 👍

Deleted private and public key for one specific user from filecache table and deleted User.private.key as well as User.public.key from server. Restarted desktop client of affected user - and the annoying message has gone. New pair of keys has been created immediately (possibly by cron running in the back meanwhile). Desktop client now also shows mnemonic again (before in broken E2E situation it only showed plain text (nothing)). So far no side effects discovered.

from end_to_end_encryption.

related PR #305 (!)

from end_to_end_encryption.

This is now done

from end_to_end_encryption.

• If your username is joe, then remove meta-data/joe, private-keys/joe.private.key, public-keys/joe.public.key

• In the database (replace joe with your username):

Please note that (tested with NC v27.1.5.1 and E2EE app v1.13.1) there's no username (anymore). So this is

• either because only one of my users ever used E2EE or
• this has changed meanwhile (I assume this is the case rather than the line above)

Anyway, one has to delete all meta-data/* content on the file storage and the database - unless there's a smart approach on how to first check which user those files/entries belong to.

from end_to_end_encryption.

That's good and bad news. Bad because I spent 1 to 2 hours for nothing... 😆 ...and good of cause.

Found it at /settings/user/security:

Maybe it's possible for you @jmcclelland to edit your post (#32 (comment)) - which is linked on many places on GitHub, the NC forums, Google, ... - and just add a

"PLEASE NOTE: following manual steps are not needed anymore, please use the UI at the users own settings (/settings/user/security) !"

from end_to_end_encryption.