Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revoke keys #32

Open
tobiasKaminsky opened this issue Dec 19, 2017 · 32 comments

Comments

Projects
None yet
@tobiasKaminsky
Copy link
Member

commented Dec 19, 2017

If an user lost the mnemonic he will never be able to use E2E again as there is no restore mechanism neither a way to revoke all keys and start from scratch (with loosing all previously encrypted files).

As #20 I think it should be possible to rekove the keys on server side.

@tacruc

This comment has been minimized.

Copy link

commented Dec 28, 2017

If you are able to do this on server a evil admin could reset the key, setup a new memonic and on reshare get the secret files or?

I was thinking about using u2f to identify the user who wants to reset his memonic. So clients of users with existing shares to the user could get a the u2f public key and vertify the the memonic reset was requested by the user end not a evil admin?

But I'm not sure if it will work in practice.

@tobiasKaminsky

This comment has been minimized.

Copy link
Member Author

commented Dec 29, 2017

Yes, an evil admin could revoke the keys, but then still the can encrypt the files as the keys are stored locally.
An admin cannot setup a new mnemonic as he needs the private key of an user to generate the CSR.

@tacruc

This comment has been minimized.

Copy link

commented Dec 30, 2017

But if I understand it right than, revoking the key's would not help to resetup end to end encryption. Right?

@tobiasKaminsky

This comment has been minimized.

Copy link
Member Author

commented Jan 2, 2018

In current implementation a client only asks for keys (stored on server) on the very first time.
If you then, by accident or on purpose, revoke the keys on the server, you can still access and encrypt the files on the (already configured) client, but cannot add a new one.

@tacruc

This comment has been minimized.

Copy link

commented Jan 2, 2018

Sorry, I think we are talking about different thinks right now. I was wondering if an admin could use the revoke funktion to "steel" the identity of an user. Ask the other users of shares to reshare (He could setup a message looking as it comes from Nextcloud saying user xyz lost his memomic and reset encryption please reshare, if you want him to be able to read the shares.) and gain access to file he/she should not see on this way.

Or would it not be possible to resetup a new end to end encryption with new key's after the old key's are revoked?

And to protect against this I was woundering if it is possible to use the u2f authentikation to vertify against other devices that the user requested the resetup and not an admin trying to steel the identity of the user.

@tobiasKaminsky

This comment has been minimized.

Copy link
Member Author

commented Jan 2, 2018

On very first setup we use tofu (trust on first use), so whoever authenticates with the right credentials can push the keys to the server.
Same will hold for re-setup if you revoke the keys.

But this means that the attacker has access to the user credentials and the user will notice as any new client / file will not be able to decrypt by him.

@tacruc

This comment has been minimized.

Copy link

commented Jan 2, 2018

So the attacker is the admin, because thats where we need e2e encryption for. Knowing the credentials is not the big problem he is the admin and has write access to the database and all serverfiles.

So the problem or the point where I was woundering is using tofu a second time. I'm not strinktly against it but I think it is a point wich should be well thourgt of, if there is not a bedder solution.

@tobiasKaminsky

This comment has been minimized.

Copy link
Member Author

commented Jan 2, 2018

tofu a second time

I guess we have to keep it this way:

  • user sets up E2E on device
  • user gets the device stolen, breaks it whatever
  • user wants to set up E2E again
    --> TOFU at second time

I get your point, but I am unsure how to handle this.
@rullzer @schiessle maybe?

@tacruc

This comment has been minimized.

Copy link

commented Jan 2, 2018

I see the problem on both ways.
One not relay userfrindly version would be a option to opt-out this for more security.

Or I was thinking of using the users U2F device to autenticate the user, but this is not a easy way for development. The clients must be able to read the U2F device and add the public key to the encrypted shares. The revoke could than happen with a by u2f device singed message and could be done by the server. In this cases each client could vertify that the user and not the server requested the revoke.

Maby a big warning or information on the side of users making a new share that the key has change would solve the problem, too.

@frogueat

This comment has been minimized.

Copy link

commented Jan 17, 2018

What to do, if the users private key is broken? when i log in i get the message "Falscher privater Schlüssel für die Verschlüsselungs-App. Bitte aktualisieren Sie Ihren privaten Schlüssel in Ihren persönlichen Einstellungen um wieder Zugriff auf die verschlüsselten Dateien zu erhalten."

I am aon 13 beta rc1 and i once tested with the ios app a folder encryption. can't get rid of the message or reset my private key :-( As i am admin on my instance, i tried many things. but there are no keys stored anywhere. Not in occ encryption:show-key-storage-root nor in my data/myuser/... place. Neither in data/appdata_ ... I do have enabled "default encryption module" and "End-to-End Encryption ".

@tobiasKaminsky

This comment has been minimized.

Copy link
Member Author

commented Jan 18, 2018

Currently there is no user friendly way.
@schiessle do we plan to implement this?

@jonasgarstick

This comment has been minimized.

Copy link

commented Nov 15, 2018

I tested E2EE with the beta desktop client when it was first released a few months ago. Back then I did not save the encryption passphrase because I did not plan to use it productively. Now with the new desktop client 2.5.0 and activated E2EE the client asks me now for the passphrase from back then. The possibility of revoking E2EE keys would be very appreciated otherwise I have to create a new user and move all stuff.

@SigLinJo

This comment has been minimized.

Copy link

commented Nov 17, 2018

I tested E2EE with the beta desktop client when it was first released a few months ago. Back then I did not save the encryption passphrase because I did not plan to use it productively. Now with the new desktop client 2.5.0 and activated E2EE the client asks me now for the passphrase from back then. The possibility of revoking E2EE keys would be very appreciated otherwise I have to create a new user and move all stuff.

I am in the exact same situation, tested E2EE on android a long time ago and the passphrase glitched away from me or something. Long story short, the only passphrase I have stored is incorrect and I cant use E2EE. Is it possible to compleatly reset E2EE for all my users on my server and start fresh now when it is getting to production readiness?

@KopfKrieg

This comment has been minimized.

Copy link

commented Nov 17, 2018

Similar problem here: I've enabled the E2E-App and wanted to try it with my Android device, but the Mnemonic never even showed up. Disabling/Enabling the App doesn't work, and unfortunately I don't know how to completely reset the necessary App data.

@skrrgh

This comment has been minimized.

Copy link

commented Nov 18, 2018

I have the same problem. I tested E2E on Android during the early versions of the App. It worked buggy, so I stopped using this feature. Now E2E is stable and released on the desktop, but I can't use it, because I don't know my passphrase / keys anymore. And I use Nextcloud on some cloud provider, so I can't remove my account or reinstall Nextcloud.

@mbiebl

This comment has been minimized.

Copy link

commented Nov 20, 2018

I'm in exactly the same position. Tried the E2EE feature a couple of months ago, unfortunately with my main user account. Turned out to be too buggy, so disabled it again and didn't bother storing the 12word passphrase.
Today, I've upgraded the nextcloud client to 2.5.0 and now I get prompted for the password I no longer have.

I do have access to the SQL db, so if there is a manual way to reset the keys for this account, this would suffice for me.

@tobiasKaminsky

This comment has been minimized.

Copy link
Member Author

commented Nov 23, 2018

@schiessle what is the plan/status of revoking the keys?
As far as I remember, we decided/discussed that this should only be part of web UI, with proper warnings.

@marinofaggiana

This comment has been minimized.

Copy link
Member

commented Nov 23, 2018

@schiessle what is the plan/status of revoking the keys?
As far as I remember, we decided/discussed that this should only be part of web UI, with proper warnings.

with unlock ... :)

@DominikWA

This comment has been minimized.

Copy link

commented Nov 29, 2018

I have the same problem. I tested E2E at the first release. At this time it was too unstable for me, especially with the missing feature in the desktop client. Now with the new desktop client version 2.5.0 I do not remember my passphrase I set back then. At every PC start, I'm asked for the passphrase, that's annoying.

@miwie

This comment has been minimized.

Copy link

commented Dec 7, 2018

Same problem here. Playing initially wit E2EE and didn't save the 12 word passphrase.
There needs to be a way to reset this by the user, urgently! Otherwise not usable :((

@Bromptonaut

This comment has been minimized.

Copy link

commented Dec 10, 2018

Me too. When I tried to copy the passphrase to keepass on the smartphone I accidentally confirmed the dialogue and the passphrase was gone. I would appreciate a way to reset the passphrase even if the encrypted data would be lost. As far as I can see this shouldn't be a problem since when the passphrase once is set, I can decrypt the folders with that single client. The problem is that without knowing the passphrase I can't access the data (apparently any data, encrypted or not) with any other client.

@tobiasKaminsky

This comment has been minimized.

Copy link
Member Author

commented Dec 11, 2018

@Bromptonaut if you created the passphrase with a recent android app version, you can look it up again in settings (there must be any kind of android's device locking enabled)

@Bromptonaut

This comment has been minimized.

Copy link

commented Dec 12, 2018

@tobiasKaminsky Thank you for the hint. I couldn't spot a dialogue to display the passphrase in the settings of the android client V3.2.1., so I updated to V3.3.2. Device locking has always been enabled as you told me. When I now unlock the nextcloud app with my fingerprint I occasionally (not always) get a dialogue headed "E2E-Mnemonic" but with nothing but empty space below which I need to confirm with OK. Either my passphase indeed is empty, or it is not displayed correctly (if this is the purpose of that dialogue). I still do not find anything related to the passphrase in the settings.
If the clients can display the passphrase (which they do not for me at the moment), then there seems to be no urgent need to be able to reset the passphrase since it can only be lost if the device running the client is lost before the password is stored in a safe place. But i can guess that there are people able to do so.

@tobiasKaminsky

This comment has been minimized.

Copy link
Member Author

commented Dec 13, 2018

@Bromptonaut if you have set up E2E on mobile with an old client, then the passphrase is not stored.

@lars-becker

This comment has been minimized.

Copy link

commented Dec 13, 2018

@tobiasKaminsky Is there any way to reset those passphrases (maybe working directly with the SQL storage)? We have some users who wanted to try out the featured when it was released, didn't played around with it any longer and lost the passphrases...

@tobiasKaminsky

This comment has been minimized.

Copy link
Member Author

commented Dec 13, 2018

@schiessle can you give an advice how to do this manually?

@davesie

This comment has been minimized.

Copy link

commented Jan 7, 2019

Same problem. I set up E2E on my phone months ago and forgot the passphrase. Now, my desktop client isn't syncing anymore (I don't know why) and it's asking for the E2E encryption passphrase on every start.

@Alphakilo

This comment has been minimized.

Copy link

commented Jan 15, 2019

@davesie there's a workaround by @tobiasKaminsky here: nextcloud/server#9083 (comment)

  • go into app folder on server side, then end_to_end_encryption, remove the sure in question
  • log into mysql and "DELETE FROM oc_filecache WHERE name like '%$USER%';"
    (please do a backup first)

Tried it, works.

@miwie

This comment has been minimized.

Copy link

commented Jan 16, 2019

@Alphakilo thanks for sharing the workaround. Unfortunately this does not work for hosted Nextcloud instances :(

@dnclain

This comment has been minimized.

Copy link

commented Jan 18, 2019

@Alphakilo : Hi, same problem here (Nextcloud 14 and I replaced it today with the 15.0.2). E2E was stuck in a hell 'ask for mnemonic' loop, or did not sync at al when E2E is active.
The first time I used E2E, I did not give any mnemonic at all, but it seems the E2E plugin get one like '(null)', and stay stuck with it if we encrypt one folder.
I tried the above sql command, but did not work for me, there was no such line in this table. The client keeps asking for the E2E mnemonics words. I really need to reset the E2E key.
At the end, I completely removed the directory end_to_end_encryption, and the file cache that way :

  • Stop all clients
  • Delete the E2E plugin
  • Delete the folder end_to_end_encryption in app data.
  • Connect the database :
delete from oc_filecache where path like '%end_to_end_encryption%';
  • launch the maintenance crontab manually (/usr/bin/php -f /var/www/nextcloud/cron.php) as user www-data
  • after a couple of minutes, reinstall the E2E plugin.

I don't know if this is the right way, but it worked. It asked me for new mnemonic words.
Desktop clients still ask for mnemonics at starts, but it's ok for me.

@ffuentes

This comment has been minimized.

Copy link

commented Feb 1, 2019

Yes please, at least allow the user to revoke their own key.

@jmcclelland

This comment has been minimized.

Copy link

commented Feb 21, 2019

I recorded my passphrase while setting up e2e on my android before the client was stable (it seems the passphrase I recorded is not the one that was used to create the key).

I didn't pay much attention, but now the desktop client asks for my passphrase everytime I start it and I'm tired of hitting cancel each time.

For better or worse, with Nextcloud 14 and E2E 1.0.5 it does seem possible to delete keys for a fresh start. @tobiasKaminsky's directions I found a bit vague and @dnclain's approach too drastic (I only wanted to revoke the keys for one user, not for everyone!).

So I settled on these steps to revoke the keys for just one user.

  • Enter the end_to_end_encryption folder in your appdata folder. Your appdata folder is a folder inside your data folder (the folder containing all your nextcloud files). It has a randomly generated name that starts with appdata like appdata_487461775a51. The end_to_end_encryption folder has three folders: meta-data, private-keys and public-keys.
  • If your username is joe, then remove meta-data/joe, private-keys/joe.private.key, public-keys/joe.public.key
  • In the database (replace joe with your username):
DELETE FROM oc_filecache WHERE path LIKE 'appdata_%/end_to_end_encryption/meta-data/joe%';
DELETE FROM oc_filecache WHERE path LIKE 'appdata_%/end_to_end_encryption/%-keys/joe.%.key';

I manually ran the cron job ( php -f /var/www/nextcloud/cron.php) - not sure if that is necessary.

I restarted my desktop app. It presented me with a new passphrase. I don't have access to my old encrypted folders, but I can create new ones.

I didn't share any folders with other users, so I'm not sure what would happen now if I had (would those shares be blindly re-keyed with my new key)?

I don't fully understand the intricacies of the Nextcloud e2e implementation, but if possible, I think the desired behavior should be something along the lines of:

  1. If an admin does what I just did, the user's client should warn the user and provide the option to copy the keys it has stored back to the server. The server admin should not be able to force a re-keying just by deleting those files. The clients should not allow that
  2. The clients should have a mechanism to force a re-key. If a client can properly authenticate with the server, then it should be allowed to trigger a re-keying. That means if an attacker takes control of your client, they can force a re-keying.
  3. If a second (or third, etc) client connects and detects a mis-match in keys, this client should prompt the user to choose the old or the new key. This way, if you have one deviced compromised, you can at least put your old key back, change your server password and regain control. Or, if you legitimately re-keyed you can choose to accept the new key.
  4. Any user that shared data with you via your old key should get prompted and it should require an active click through of the warning to re-encrypt the data to the new key.

I know it's not perfect and many users blindly click throug those warnings, but I think it's a reasonable compromise.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.