Shared encrypted files now readable by both sharer and sharee

12 years ago · 4550ae6a69
parent ca1b94d890
commit 4550ae6a69
4 changed files with 53 additions and 21 deletions
--- a/apps/files_encryption/lib/crypt.php
+++ b/apps/files_encryption/lib/crypt.php
@ -391,6 +391,8 @@ class Crypt {
 	
 		if( openssl_seal( $plainContent, $sealed, $shareKeys, $publicKeys ) ) {
 		
+// 			trigger_error("SEALED = $sealed");
+			
 			$i = 0;
 			
 			// Ensure each shareKey is labelled with its 
--- a/apps/files_encryption/lib/keymanager.php
+++ b/apps/files_encryption/lib/keymanager.php
@ -105,6 +105,8 @@ class Keymanager {
 	 */
 	public static function setFileKey( \OC_FilesystemView $view, $path, $userId, $catfile ) {
 		
+		\OC_FileProxy::$enabled = false;
+		
 		\OC\Files\Filesystem::initMountPoints($userId);
 		$basePath = '/' . $userId . '/files_encryption/keyfiles';
 		
@ -112,15 +114,19 @@ class Keymanager {
 		
 		if ( $view->is_dir( $basePath . '/' . $targetPath ) ) {
 		
-			
+			// FIXME: write me
 		
 		} else {

 			// Save the keyfile in parallel directory
-			return $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile );
+			$result = $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile );
 		
 		}
 		
+		\OC_FileProxy::$enabled = true;
+		
+		return $result;
+		
 	}
 	
 	/**
@ -140,16 +146,22 @@ class Keymanager {
 		
 		$keyfilePath = '/' . $userId . '/files_encryption/keyfiles/' . $filePath_f . '.key';
 		
+		\OC_FileProxy::$enabled = false;
+		
 		if ( $view->file_exists( $keyfilePath ) ) {

-			return $view->file_get_contents( $keyfilePath );
+			$result =  $view->file_get_contents( $keyfilePath );
 			
 		} else {
 		
-			return false;
+			$result =  false;
 			
 		}
 		
+		\OC_FileProxy::$enabled = true;
+		
+		return $result;
+		
 	}
 	
 	/**
--- a/apps/files_encryption/lib/proxy.php
+++ b/apps/files_encryption/lib/proxy.php
@ -91,7 +91,8 @@ class Proxy extends \OC_FileProxy {
 		return false;
 	}
 	
-	public function preFile_put_contents( $path, &$data ) {
+	public function preFile_put_contents( $path, &$data ) { 
+		
 		// TODO check for existing key file and reuse it if possible to avoid problems with versioning etc.
 		if ( self::shouldEncrypt( $path ) ) {
 		
@ -204,22 +205,22 @@ class Proxy extends \OC_FileProxy {
 			// Get the encrypted keyfile
 			$encKeyfile = Keymanager::getFileKey( $view, $fileOwner, $relPath );
 			
-			trigger_error("\$encKeyfile = ". var_export($encKeyfile, 1));
-			
 			// Attempt to fetch the user's shareKey
 			$shareKey = Keymanager::getShareKey( $view, $userId, $relPath );
 			
-			trigger_error("\$shareKey = ".var_export($shareKey, 1));
-			
 			// Check if key is shared or not
 			if ( $shareKey ) {
 				
 				\OC_FileProxy::$enabled = false;
 				
+// 				trigger_error("\$encKeyfile = $encKeyfile, \$shareKey = $shareKey, \$privateKey = $privateKey");
+				
 				// Decrypt keyfile with shareKey
 				$plainKeyfile = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey );
 				
-				trigger_error("PROXY plainkeyfile = ". var_export($plainKeyfile, 1));
+// 				$plainKeyfile = $encKeyfile;
+				
+// 				trigger_error("PROXY plainkeyfile = ". var_export($plainKeyfile, 1));
 			
 			} else {
 				
@ -229,6 +230,8 @@ class Proxy extends \OC_FileProxy {
 			}
 			
 			$plainData = Crypt::symmetricDecryptFileContent( $data, $plainKeyfile );
+			
+// 			trigger_error("PLAINDATA = ". var_export($plainData, 1));

 		} elseif (
 		Crypt::mode() == 'server' 
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@ -21,17 +21,28 @@
 *
 */

-// Todo:
+# Bugs
+# ----
+# Sharing a file to a user without encryption set up will not provide them with access but won't notify the sharer
+# Deleting files if keyfile is missing fails
+# When encryption app is disabled files become unreadable
+# Timeouts on first login due to encryption of very large files
+# MultiKeyEncrypt() may be failing
+
+
+# Missing features
+# ----------------
+# Unshare a file
+# Re-use existing keyfiles so they don't need version control
+# Make sure user knows if large files weren't encrypted
+# Trashbin support
+
+
+// Old Todo:
 //  - Crypt/decrypt button in the userinterface
 //  - Setting if crypto should be on by default
 //  - Add a setting "Don´t encrypt files larger than xx because of performance 
 //    reasons"
-//  - Transparent decrypt/encrypt in filesystem.php. Autodetect if a file is 
-//    encrypted (.encrypted extension)
-//  - Don't use a password directly as encryption key. but a key which is 
-//    stored on the server and encrypted with the user password. -> password 
-//    change faster
-//  - IMPORTANT! Check if the block lenght of the encrypted data stays the same

 namespace OCA\Encryption;

@ -663,10 +674,14 @@ class Util {
 		}
 		
 		// Re-enc keyfile to (additional) sharekeys
-		$newShareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys );
-
-		// Save new sharekeys to all necessary user folders
-		if ( ! Keymanager::setShareKeys( $this->view, $filePath, $newShareKeys['keys'] ) ) {
+		$multiEncKey = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys );
+		
+		// Save the recrypted key to it's owner's keyfiles directory
+		// Save new sharekeys to all necessary user directory
+		if ( 
+			! Keymanager::setFileKey( $this->view, $filePath, $fileOwner, $multiEncKey['data'] )
+			|| ! Keymanager::setShareKeys( $this->view, $filePath, $multiEncKey['keys'] ) 
+		) {

 			trigger_error( "SET Share keys failed" );