CSR and Key creation failed for New and old user, v13NC and v3.0 Android about end_to_end_encryption HOT 27 CLOSED

The issue is still present with End-to-End Encryption 1.0.5, Nextcloud Android client 3.1.0 and Android 8.0.0. Do you have any update please?

from end_to_end_encryption.

@schiessle does the second error mean that there is no CSR at all?

from end_to_end_encryption.

@tobiasKaminsky thanks for the reply.

I have reinstalled nextcloud from scratch due to the lingering table lock error from an earlier beta.

Now I have a clean install I am not sure if no CSR would mean something I have missed, or something that should have been created when the user was created.

Also is that CA related to my letsencrypt https certificate, to do with the default php7 config, or something completely differant.

from end_to_end_encryption.

The CSR is created by the client on the very first time you use E2E, either android, ios or desktop.
With with device do you try to setup your E2E?

from end_to_end_encryption.

Oh ok by the client, so I tried 3 different android clients and all gave me the same errors, using V3 from the play store with beta testing enabled.

from end_to_end_encryption.

Which devices did you used? And with which android version?
I am still unsure, if this is a server or client problem.

from end_to_end_encryption.

Xperia Z3 Tablet (Android 6), Honor 8 (Android 7) and Nexus 9 (LineageOS, Android 7) all gave the same error in the server log.

from end_to_end_encryption.

@tobiasKaminsky I successfully enabled E2EE using an old iPad on iOS 10 using the NC2.20 app.

If the iOS app creates the certs in the same way as android then it would mean the server is fine and the android app is at fault.

Edit: Tried on more android devices and they ALL fail to create the cert.

from end_to_end_encryption.

This might be related to the user id.
How do you login? And what is the user name as seen in the admin -> user section?

from end_to_end_encryption.

Mmh I login with the full username and pass and enter my 2fa. So the new method.

Username is a 16 charactor string with one digit in it, no special charactors.

from end_to_end_encryption.

I have an issue enabling end-to-end encryption on directories via Android client (v3.0.1) as well.

Android client displays:
"Keys could not be stored, please try again"

Log on the serve side contains:

"app":"PHP","method":"POST","url":"\/ocs\/v2.php\/apps\/notifications\/api\/v2\/push?format=json&pushTokenHash=XXXXXXXXXX&devicePublicKey=XXXXXXXXXX%0A&proxyServer=https%3A%2F%2Fpush-notifications.nextcloud.com","message":"openssl_sign(): supplied key param cannot be coerced into a private key at \/var\/www\/owncloud\/apps\/notifications\/lib\/Controller\/PushController.php#117","userAgent":"Mozilla\/5.0 (Android) ownCloud-android\/3.0.1","version":"13.0.0.14"
"app":"PHP","method":"POST","url":"\/ocs\/v2.php\/apps\/end_to_end_encryption\/api\/v1\/public-key?format=json","message":"openssl_csr_sign(): cannot get private key from parameter 3 at \/var\/www\/owncloud\/apps\/end_to_end_encryption\/lib\/SignatureHandler.php#60","userAgent":"Mozilla\/5.0 (Android) ownCloud-android\/3.0.1","version":"13.0.0.14"
"app":"end_to_end_encryption","method":"POST","url":"\/ocs\/v2.php\/apps\/end_to_end_encryption\/api\/v1\/public-key?format=json","message":"Can't create public key: could not sign the CSR, please make sure to submit a valid CSR","userAgent":"Mozilla\/5.0 (Android) ownCloud-android\/3.0.1","version":"13.0.0.14"

... I have removed parts with XXXXXXXXXX

Mobile: Samsung Galaxy S8 with Android 7.0
Server: Debian 9 64bit, PHP 7.0.27-0+deb9u1, MariaDB, OpenSSL 1.1.0f 25 May 2017

I have nextcloud server updated from older owncloud installation since NC 11 if I remember correctly. I had no issues until now. 2 factor authentication is enabled for the users.

from end_to_end_encryption.

Issue is still present with End-to-End Encryption v1.0.4 and Android app v3.0.2. Last 2 errors in Nextcloud log are the same.

from end_to_end_encryption.

Can you create us a test account, test if the problem occurs also there and if so send the credentials to tobias at nextcloud dot com with a reference to this issue?

from end_to_end_encryption.

@tobiasKaminsky @schiessle :

nextcloud/ios#524

from end_to_end_encryption.

I have created a test account and sent you more details via mail 3 days ago on 2018-03-05 18:42. Did you receive the email? Are you able to connect the server?

from end_to_end_encryption.

The CSR is generated correctly on client/android side, but server side says:

{"ocs":{"meta":{"status":"failure","statuscode":400,"message":"could not sign the CSR, please make sure to submit a valid CSR"},"data":[]}}

@schiessle I know that server is only calling openssl, but is there a way to debug this?
The common name (CN) is same as userid.

from end_to_end_encryption.

Small update (and also reminder for me in future):

• tried it with a fresh new emulator to connect @ati562 server -> failed
• tried the generated CSR also on local server -> failed
• however, generating & signing a new CSR work on local server

from end_to_end_encryption.

Really wanting to use E2EE but for both my personal and business NC, but the key fails to be saved.

Is there any progress on getting this one resolved at all please? 👍

Thanks in advance

from end_to_end_encryption.

I'vo got the same Problem.

My Environment:
BQ X PRO (Android 8.1), Nextcloud Client 3.1
Nextcloud 13.04
End-to-End Encryption 1.0.5

Log on Server:

Error | end_to_end_encryption | Can't create public key: could not sign the CSR, please make sure to submit a valid CSR | 2018-06-18T12:23:42+0200

Error | PHP | openssl_csr_sign(): cannot get CSR from parameter 1 at /nextcloud/apps/end_to_end_encryption/lib/SignatureHandler.php#60 | 2018-06-18T12:23:42+0200

from end_to_end_encryption.

@tobiasKaminsky this seems to not be a priority, can you perhaps let us know how to reset, ie delete public / private key if they exist, so that newer NC builds can be tested?

from end_to_end_encryption.

from end_to_end_encryption.

Is this on the server or clients?

Edit: Must be the clients as there is nothing in my nextcloud/data directory.... wouldn't something in the database need removing too?

from end_to_end_encryption.

@mannp server side.

from end_to_end_encryption.

Thanks @marinofaggiana is that the same location where the files are stored for you?

/www/nextcloud/data/

Not sure why E2EE is working on one of my instances and that directory is empty? Well only the nextcloud log.

from end_to_end_encryption.

The keys can be deleted with the api, which works, but then the latest 3.2.1 android app won't save the new keys.

Tried the same with the iOS app and the keys are saved no problem.

That said using the passcode on the android app doesn't work, so removing e2ee again until nc14.

from end_to_end_encryption.

I meet the same problem: nextcloud/server#12365

from end_to_end_encryption.

We were no longer able to reproduce this issue with the latest set of clients / server app.
https://help.nextcloud.com/t/help-test-the-latest-version-of-e2ee/87590

If you are still able to reproduce it, please speak up and we will reopen this issue.

from end_to_end_encryption.