Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added the encryption details page which decribes the server-side encr… #1571

Merged
merged 3 commits into from Nov 22, 2019

Conversation

@yahesh
Copy link
Member

yahesh commented Jul 29, 2019

…yption implementation of the default encryption module

As was advised in the nextcloud/server issue #16419 we provide the description of the server-side encryption as a ReStructuredText document. As this document will likely have another target audience than the existing "Encryption configuration" page we created a separate "Encryption details" page.

…yption implementation of the default encryption module

Signed-off-by: Kenny <k.niehage@syseleven.de>
@skjnldsv skjnldsv requested review from schiessle, rullzer and MorrisJobke Jul 29, 2019
@jknockaert

This comment has been minimized.

Copy link
Contributor

jknockaert commented Jul 31, 2019

I had a look at the text. It's definitely a good idea to document this topic, so thank you for your effort. My knowledge about the encryption mechanism in nextcloud is limited to the encryption wrapper, and as far as that mechanism is concerned the text seems correct, with just one omission that you may want to adress.
Very early versions of owncloud had a different encryption scheme. If I remember correctly there was no header in the first block of the encrypted file. The header only came upon the first revision of the encryption format. All later versions of owncloud/nextcloud still support that initial (and all later) versions of the encryption format, as encrypted files never get updated when a new version of the format is introduced. After that revision there have been later updates to the encryption format, but I don't remember exactly what they were about. There has been a vulnerability adressed, and also file versioning required some tweaking in the encryption mechanism, but I cannot recall the fine details.
Perhaps you should just mention in your document that you are discussing a specific version of the encrypted file format, and that older versions are still around and supported by nextcloud.

… older encryption schemes

Signed-off-by: Kenny <k.niehage@syseleven.de>
@yahesh

This comment has been minimized.

Copy link
Member Author

yahesh commented Jul 31, 2019

@jknockaert Thanks for the feedback. I added a note to the introduction that describes that previous versions of Nextcloud implemented slightly different encryption schemes and that these files may till be around.

@yahesh

This comment has been minimized.

Copy link
Member Author

yahesh commented Sep 6, 2019

@rullzer @MorrisJobke @schiessle @jknockaert Hi, this PR is now stalled for a over a month. Is there something we can help with to get this PR approved?

@J0WI

This comment has been minimized.

Copy link
Contributor

J0WI commented Oct 3, 2019

@J0WI

This comment has been minimized.

Copy link
Contributor

J0WI commented Oct 3, 2019

Maybe you could also add a reference to E2E to fix #1275.

@J0WI

This comment has been minimized.

Copy link
Contributor

J0WI commented Oct 3, 2019

Oh and maybe a note that app data (calendar, contacts, chats etc.) are stored in the database and not encrypted.

@yahesh

This comment has been minimized.

Copy link
Member Author

yahesh commented Oct 4, 2019

Maybe you could also add a reference to E2E to fix #1275.

The server-side encryption is a totally different concept compared to the client-side E2E encryption. So "referencing" it just to fix that issue doesn't seem like a viable solution.

@yahesh

This comment has been minimized.

Copy link
Member Author

yahesh commented Oct 4, 2019

Oh and maybe a note that app data (calendar, contacts, chats etc.) are stored in the database and not encrypted.

IMHO the document already goes into great detail what gets encrypted by the server-side encryption. From the details it should become obvious that data within the database do not get encrypted. :)

@yahesh

This comment has been minimized.

Copy link
Member Author

yahesh commented Oct 8, 2019

@rullzer @MorrisJobke @schiessle @jknockaert Another month has gone by.

@yahesh

This comment has been minimized.

Copy link
Member Author

yahesh commented Nov 8, 2019

@rullzer @MorrisJobke @schiessle @jknockaert Hi there, another month has passed. Did you find the time to review this pull request? 🙂

@skjnldsv

This comment has been minimized.

Copy link
Member

skjnldsv commented Nov 20, 2019

@yahesh unfortunately Morris is unavailable and everyone is completely booked!

Maybe @J0WI and @jknockaert can help and review? :)

Key type: recovery key
----------------------

The recovery key is used to provide a restore mechanism in cases where the user key encryption is enabled and users have lost their passwords. The recovery key is protected by a recovery password that the server administrator should store securely. The advantage of the recovery key is that files can be recovered but has the disadvantage that the server administrator is able to decrypt user files without knowing any user password.

This comment has been minimized.

Copy link
@J0WI

J0WI Nov 21, 2019

Contributor

The recovery key is only used if user keys are activated and no master key is used. Both, the admin and the user must enable the recovery key:
https://docs.nextcloud.com/server/stable/admin_manual/configuration_files/encryption_configuration.html#enabling-users-file-recovery-keys

Key type: user key
------------------

While the user key encryption has been enabled by default in older versions of Nextcloud it now has to be enabled explictly in newer versions including Nextcloud 16 by calling ``./occ encryption:disable-master-key``. With user key encryption enabled all users have their own user keys that are used to secure the files handled by Nextcloud. The user keys are protected by the user passwords. The advantage is that the server administrator is not able to decrypt user files without knowing any user password - unless the file is publicly shared or a recovery key is defined - but has the disadvantage that files are permanently lost if the users forget their user passwords - unless the files are (publicly) shared or a recovery key is defined.

This comment has been minimized.

Copy link
@J0WI

J0WI Nov 21, 2019

Contributor
Suggested change
While the user key encryption has been enabled by default in older versions of Nextcloud it now has to be enabled explictly in newer versions including Nextcloud 16 by calling ``./occ encryption:disable-master-key``. With user key encryption enabled all users have their own user keys that are used to secure the files handled by Nextcloud. The user keys are protected by the user passwords. The advantage is that the server administrator is not able to decrypt user files without knowing any user password - unless the file is publicly shared or a recovery key is defined - but has the disadvantage that files are permanently lost if the users forget their user passwords - unless the files are (publicly) shared or a recovery key is defined.
While the user key encryption has been enabled by default in older versions of Nextcloud it now has to be enabled explicitly in newer versions including Nextcloud 16 by calling ``./occ encryption:disable-master-key``. With user key encryption enabled all users have their own user keys that are used to secure the files handled by Nextcloud. The user keys are protected by the user passwords. The advantage is that the server administrator is not able to decrypt user files without knowing any user password - unless the file is publicly shared or a recovery key is defined - but has the disadvantage that files are permanently lost if the users forget their user passwords - unless the files are (publicly) shared or a recovery key is defined.

(explictly => explicitly)

@skjnldsv skjnldsv requested a review from kesselb Nov 21, 2019
Signed-off-by: Kenny <k.niehage@syseleven.de>
@yahesh

This comment has been minimized.

Copy link
Member Author

yahesh commented Nov 22, 2019

@J0WI I introduced your recommended changes. :)

@J0WI
J0WI approved these changes Nov 22, 2019
@yahesh yahesh merged commit 7c66034 into nextcloud:master Nov 22, 2019
3 checks passed
3 checks passed
DCO DCO
Details
continuous-integration/drone/pr Build is passing
Details
fixupbot No fixup commits found. The commit history is clean 👍
Details
@welcome

This comment has been minimized.

Copy link

welcome bot commented Nov 22, 2019

Thanks for your first pull request and welcome to the community! Feel free to keep them coming! If you are looking for issues to tackle then have a look at this selection: https://github.com/nextcloud/documentation/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22
Most developers hang out on IRC. So join #nextcloud-dev on Freenode for a chat!

@kesselb

This comment has been minimized.

Copy link
Contributor

kesselb commented Nov 22, 2019

Thanks @yahesh 👍

yahesh added a commit to yahesh/documentation that referenced this pull request Nov 24, 2019
Signed-off-by: Yahe <hello@yahe.sh>
yahesh added a commit to yahesh/documentation that referenced this pull request Nov 24, 2019
Signed-off-by: Yahe <hello@yahe.sh>
@J0WI

This comment has been minimized.

Copy link
Contributor

J0WI commented Nov 24, 2019

/backport to stable17

@J0WI

This comment has been minimized.

Copy link
Contributor

J0WI commented Nov 24, 2019

/backport to stable16

@backportbot-nextcloud

This comment has been minimized.

Copy link

backportbot-nextcloud bot commented Nov 24, 2019

backport to stable17 in #1718

@backportbot-nextcloud

This comment has been minimized.

Copy link

backportbot-nextcloud bot commented Nov 24, 2019

backport to stable16 in #1719

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.