Comments (11)
Also Looping in @artonge
from server.
Sorry for the late response.
Did you try it with an markdown / image file? We believe that some files are either in the cache or unencrypted thumbnails. But the timestamps in the key files and encrypted files differ. Also you will see that the download will fail.
However we just reproduced it with .mp4
and .pdf
files locally in a fresh install. It breaks as expected.
Sorry we didn't realize that before... I updated the Steps to reproduce
.
from server.
fyi @AndyScherzinger @sorbaugh @come-nc
from server.
I cannot tell if related but noticed that end_to_end_encryption is listed in app_install_overwrite.
E2E and SSE are not compatible and cannot be used at the same time afaik, because they both use the encrypted column in oc_filecache.
from server.
@kesselb when starting the cloud we tried E2EE but then disabled the app (years ago) without having any problems so far. So i guess this is not related.
from server.
I failed to reproduce.
@derschiw I tried to move a file out of the shared folder, both from the emitter and the recipient.
When doing it from the recipient account, the fileKey
is deleted, but the file can still be opened. Anything I am missing?
from server.
I was just able to reproduce the error on a fresh instance with the updated steps @derschiw posted.
Moved all default files into a folder on NC26 and shared that. Upgrade to NC27. After moving the folder without editing the files, none of them can be opened anymore.
This seems like a serious problem to me...
from server.
I was also able to reproduce this issue with the steps provided by @derschiw.
I also moved all the preexisting files in a folder on NC26 and shared it with a user. I then upgraded to NC27 and added another user to that same folder, which then made files in it inacessible to all participants.
from server.
Are there any news on that? Were you able to reproduce it? This bug still keeps breaking all files from our customers and we can't do something against it. So, help would be very much appreciated!
from server.
I was able to reproduce by adding a recipient after the update. @come-nc:
When adding a new recipient, we trigger
server/apps/encryption/lib/Crypto/Encryption.php
Lines 412 to 455 in 5bc8329
Which:
- Generate
$shareKeys
for each recipient deleteAllFileKeys
, includingfileKey
setShareKey
for each recipient, but notfileKey
The issue is with n°2
server/lib/private/Encryption/Keys/Storage.php
Lines 187 to 191 in 5bc8329
Which will remove the fileKey
which is not added again by n°3.
Draft level solutions ideas:
- Temporary save
fileKey in
update, and rewrite it after
deleteAllFileKeys`. - Or update
deleteAllFileKeys
to not deletefileKey
. But that would be unexpected and might lead to other issues. - Use detect if using legacy file key and use
multiKeyEncryptLegacy
instead ofmultiKeyEncrypt
? - Or something else? What were we doing previously?
What do you think?
from server.
I think it is on purpose that the fileKey is removed, because it should be embedded in the generated shareKeys once legacy encryption is not used anymore.
Maybe the problem here is that the useLegacyFileKey
is not set to false
in the header when this update happens?
I remember this was complicated because rewriting header means rewriting the file.
from server.
Related Issues (20)
- [Bug]: Task sync very slow with a lot of Lists with a lot of Tasks
- WebDAV is fetched twice on initial page load HOT 15
- [Bug]: Move folders/files to public link share: No user ID found HOT 4
- [Bug]: LDAP backend disabled upon fresh install --> Failed to construct console command 'OCA\LdapWriteSupport\Command\GroupAdminsToLdap': Could not resolve OCA\User_LDAP\Helper! Class "OCA\User_LDAP\Helper" does not exist HOT 2
- Discord Embed not working HOT 3
- [Bug]: Exaggerated presence of errors into the log viewer during syncing of a new macOS device (uplod ndr!) HOT 2
- login field placeholders look weird HOT 2
- [Bug]: Slow bulk-move operation after upgrade to 28
- [Bug]: Cannot open video files shot on phone camera on web
- Issue with Bulk Tagging since Nextcloud 28 Updat HOT 2
- Unified Search for apps on Discovery page does not work HOT 1
- Create public API for user list actions
- [Bug]: Canceling a move operation should not show an error
- [Bug]: Label is missing for enforced password for link share
- Predict database migration impact of upgrades HOT 5
- [Bug]: "dirty table reads" after Upgrade to 29.0.2 HOT 1
- Redesign search UI HOT 6
- [Bug]: 403 Forbidden on public shares HOT 3
- [Bug]: Default setting for download limit not adhered to
- Can development Kkfileviwer plug HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
đ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. đđđ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google â¤ď¸ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from server.