Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revoke keys #32

Open
tobiasKaminsky opened this issue Dec 19, 2017 · 42 comments
Open

Revoke keys #32

tobiasKaminsky opened this issue Dec 19, 2017 · 42 comments

Comments

@tobiasKaminsky
Copy link
Member

@tobiasKaminsky tobiasKaminsky commented Dec 19, 2017

If an user lost the mnemonic he will never be able to use E2E again as there is no restore mechanism neither a way to revoke all keys and start from scratch (with loosing all previously encrypted files).

As #20 I think it should be possible to rekove the keys on server side.

@tacruc
Copy link

@tacruc tacruc commented Dec 28, 2017

If you are able to do this on server a evil admin could reset the key, setup a new memonic and on reshare get the secret files or?

I was thinking about using u2f to identify the user who wants to reset his memonic. So clients of users with existing shares to the user could get a the u2f public key and vertify the the memonic reset was requested by the user end not a evil admin?

But I'm not sure if it will work in practice.

@tobiasKaminsky
Copy link
Member Author

@tobiasKaminsky tobiasKaminsky commented Dec 29, 2017

Yes, an evil admin could revoke the keys, but then still the can encrypt the files as the keys are stored locally.
An admin cannot setup a new mnemonic as he needs the private key of an user to generate the CSR.

@tacruc
Copy link

@tacruc tacruc commented Dec 30, 2017

But if I understand it right than, revoking the key's would not help to resetup end to end encryption. Right?

@tobiasKaminsky
Copy link
Member Author

@tobiasKaminsky tobiasKaminsky commented Jan 2, 2018

In current implementation a client only asks for keys (stored on server) on the very first time.
If you then, by accident or on purpose, revoke the keys on the server, you can still access and encrypt the files on the (already configured) client, but cannot add a new one.

@tacruc
Copy link

@tacruc tacruc commented Jan 2, 2018

Sorry, I think we are talking about different thinks right now. I was wondering if an admin could use the revoke funktion to "steel" the identity of an user. Ask the other users of shares to reshare (He could setup a message looking as it comes from Nextcloud saying user xyz lost his memomic and reset encryption please reshare, if you want him to be able to read the shares.) and gain access to file he/she should not see on this way.

Or would it not be possible to resetup a new end to end encryption with new key's after the old key's are revoked?

And to protect against this I was woundering if it is possible to use the u2f authentikation to vertify against other devices that the user requested the resetup and not an admin trying to steel the identity of the user.

@tobiasKaminsky
Copy link
Member Author

@tobiasKaminsky tobiasKaminsky commented Jan 2, 2018

On very first setup we use tofu (trust on first use), so whoever authenticates with the right credentials can push the keys to the server.
Same will hold for re-setup if you revoke the keys.

But this means that the attacker has access to the user credentials and the user will notice as any new client / file will not be able to decrypt by him.

@tacruc
Copy link

@tacruc tacruc commented Jan 2, 2018

So the attacker is the admin, because thats where we need e2e encryption for. Knowing the credentials is not the big problem he is the admin and has write access to the database and all serverfiles.

So the problem or the point where I was woundering is using tofu a second time. I'm not strinktly against it but I think it is a point wich should be well thourgt of, if there is not a bedder solution.

@tobiasKaminsky
Copy link
Member Author

@tobiasKaminsky tobiasKaminsky commented Jan 2, 2018

tofu a second time

I guess we have to keep it this way:

  • user sets up E2E on device
  • user gets the device stolen, breaks it whatever
  • user wants to set up E2E again
    --> TOFU at second time

I get your point, but I am unsure how to handle this.
@rullzer @schiessle maybe?

@tacruc
Copy link

@tacruc tacruc commented Jan 2, 2018

I see the problem on both ways.
One not relay userfrindly version would be a option to opt-out this for more security.

Or I was thinking of using the users U2F device to autenticate the user, but this is not a easy way for development. The clients must be able to read the U2F device and add the public key to the encrypted shares. The revoke could than happen with a by u2f device singed message and could be done by the server. In this cases each client could vertify that the user and not the server requested the revoke.

Maby a big warning or information on the side of users making a new share that the key has change would solve the problem, too.

@frogueat
Copy link

@frogueat frogueat commented Jan 17, 2018

What to do, if the users private key is broken? when i log in i get the message "Falscher privater Schlüssel für die Verschlüsselungs-App. Bitte aktualisieren Sie Ihren privaten Schlüssel in Ihren persönlichen Einstellungen um wieder Zugriff auf die verschlüsselten Dateien zu erhalten."

I am aon 13 beta rc1 and i once tested with the ios app a folder encryption. can't get rid of the message or reset my private key :-( As i am admin on my instance, i tried many things. but there are no keys stored anywhere. Not in occ encryption:show-key-storage-root nor in my data/myuser/... place. Neither in data/appdata_ ... I do have enabled "default encryption module" and "End-to-End Encryption ".

@tobiasKaminsky
Copy link
Member Author

@tobiasKaminsky tobiasKaminsky commented Jan 18, 2018

Currently there is no user friendly way.
@schiessle do we plan to implement this?

@jonasgarstick
Copy link

@jonasgarstick jonasgarstick commented Nov 15, 2018

I tested E2EE with the beta desktop client when it was first released a few months ago. Back then I did not save the encryption passphrase because I did not plan to use it productively. Now with the new desktop client 2.5.0 and activated E2EE the client asks me now for the passphrase from back then. The possibility of revoking E2EE keys would be very appreciated otherwise I have to create a new user and move all stuff.

@SigLinJo
Copy link

@SigLinJo SigLinJo commented Nov 17, 2018

I tested E2EE with the beta desktop client when it was first released a few months ago. Back then I did not save the encryption passphrase because I did not plan to use it productively. Now with the new desktop client 2.5.0 and activated E2EE the client asks me now for the passphrase from back then. The possibility of revoking E2EE keys would be very appreciated otherwise I have to create a new user and move all stuff.

I am in the exact same situation, tested E2EE on android a long time ago and the passphrase glitched away from me or something. Long story short, the only passphrase I have stored is incorrect and I cant use E2EE. Is it possible to compleatly reset E2EE for all my users on my server and start fresh now when it is getting to production readiness?

@KopfKrieg
Copy link

@KopfKrieg KopfKrieg commented Nov 17, 2018

Similar problem here: I've enabled the E2E-App and wanted to try it with my Android device, but the Mnemonic never even showed up. Disabling/Enabling the App doesn't work, and unfortunately I don't know how to completely reset the necessary App data.

@skrrgh
Copy link

@skrrgh skrrgh commented Nov 18, 2018

I have the same problem. I tested E2E on Android during the early versions of the App. It worked buggy, so I stopped using this feature. Now E2E is stable and released on the desktop, but I can't use it, because I don't know my passphrase / keys anymore. And I use Nextcloud on some cloud provider, so I can't remove my account or reinstall Nextcloud.

@mbiebl
Copy link

@mbiebl mbiebl commented Nov 20, 2018

I'm in exactly the same position. Tried the E2EE feature a couple of months ago, unfortunately with my main user account. Turned out to be too buggy, so disabled it again and didn't bother storing the 12word passphrase.
Today, I've upgraded the nextcloud client to 2.5.0 and now I get prompted for the password I no longer have.

I do have access to the SQL db, so if there is a manual way to reset the keys for this account, this would suffice for me.

@tobiasKaminsky
Copy link
Member Author

@tobiasKaminsky tobiasKaminsky commented Nov 23, 2018

@schiessle what is the plan/status of revoking the keys?
As far as I remember, we decided/discussed that this should only be part of web UI, with proper warnings.

@marinofaggiana
Copy link
Member

@marinofaggiana marinofaggiana commented Nov 23, 2018

@schiessle what is the plan/status of revoking the keys?
As far as I remember, we decided/discussed that this should only be part of web UI, with proper warnings.

with unlock ... :)

@DominikWA
Copy link

@DominikWA DominikWA commented Nov 29, 2018

I have the same problem. I tested E2E at the first release. At this time it was too unstable for me, especially with the missing feature in the desktop client. Now with the new desktop client version 2.5.0 I do not remember my passphrase I set back then. At every PC start, I'm asked for the passphrase, that's annoying.

@miwie
Copy link

@miwie miwie commented Dec 7, 2018

Same problem here. Playing initially wit E2EE and didn't save the 12 word passphrase.
There needs to be a way to reset this by the user, urgently! Otherwise not usable :((

@Bromptonaut
Copy link

@Bromptonaut Bromptonaut commented Dec 10, 2018

Me too. When I tried to copy the passphrase to keepass on the smartphone I accidentally confirmed the dialogue and the passphrase was gone. I would appreciate a way to reset the passphrase even if the encrypted data would be lost. As far as I can see this shouldn't be a problem since when the passphrase once is set, I can decrypt the folders with that single client. The problem is that without knowing the passphrase I can't access the data (apparently any data, encrypted or not) with any other client.

@tobiasKaminsky
Copy link
Member Author

@tobiasKaminsky tobiasKaminsky commented Dec 11, 2018

@Bromptonaut if you created the passphrase with a recent android app version, you can look it up again in settings (there must be any kind of android's device locking enabled)

@Bromptonaut
Copy link

@Bromptonaut Bromptonaut commented Dec 12, 2018

@tobiasKaminsky Thank you for the hint. I couldn't spot a dialogue to display the passphrase in the settings of the android client V3.2.1., so I updated to V3.3.2. Device locking has always been enabled as you told me. When I now unlock the nextcloud app with my fingerprint I occasionally (not always) get a dialogue headed "E2E-Mnemonic" but with nothing but empty space below which I need to confirm with OK. Either my passphase indeed is empty, or it is not displayed correctly (if this is the purpose of that dialogue). I still do not find anything related to the passphrase in the settings.
If the clients can display the passphrase (which they do not for me at the moment), then there seems to be no urgent need to be able to reset the passphrase since it can only be lost if the device running the client is lost before the password is stored in a safe place. But i can guess that there are people able to do so.

@tobiasKaminsky
Copy link
Member Author

@tobiasKaminsky tobiasKaminsky commented Dec 13, 2018

@Bromptonaut if you have set up E2E on mobile with an old client, then the passphrase is not stored.

@lars-becker
Copy link

@lars-becker lars-becker commented Dec 13, 2018

@tobiasKaminsky Is there any way to reset those passphrases (maybe working directly with the SQL storage)? We have some users who wanted to try out the featured when it was released, didn't played around with it any longer and lost the passphrases...

@tobiasKaminsky
Copy link
Member Author

@tobiasKaminsky tobiasKaminsky commented Dec 13, 2018

@schiessle can you give an advice how to do this manually?

@davesie
Copy link

@davesie davesie commented Jan 7, 2019

Same problem. I set up E2E on my phone months ago and forgot the passphrase. Now, my desktop client isn't syncing anymore (I don't know why) and it's asking for the E2E encryption passphrase on every start.

@Alphakilo
Copy link

@Alphakilo Alphakilo commented Jan 15, 2019

@davesie there's a workaround by @tobiasKaminsky here: nextcloud/server#9083 (comment)

  • go into app folder on server side, then end_to_end_encryption, remove the sure in question
  • log into mysql and "DELETE FROM oc_filecache WHERE name like '%$USER%';"
    (please do a backup first)

Tried it, works.

@miwie
Copy link

@miwie miwie commented Jan 16, 2019

@Alphakilo thanks for sharing the workaround. Unfortunately this does not work for hosted Nextcloud instances :(

@dnclain
Copy link

@dnclain dnclain commented Jan 18, 2019

@Alphakilo : Hi, same problem here (Nextcloud 14 and I replaced it today with the 15.0.2). E2E was stuck in a hell 'ask for mnemonic' loop, or did not sync at al when E2E is active.
The first time I used E2E, I did not give any mnemonic at all, but it seems the E2E plugin get one like '(null)', and stay stuck with it if we encrypt one folder.
I tried the above sql command, but did not work for me, there was no such line in this table. The client keeps asking for the E2E mnemonics words. I really need to reset the E2E key.
At the end, I completely removed the directory end_to_end_encryption, and the file cache that way :

  • Stop all clients
  • Delete the E2E plugin
  • Delete the folder end_to_end_encryption in app data.
  • Connect the database :
delete from oc_filecache where path like '%end_to_end_encryption%';
  • launch the maintenance crontab manually (/usr/bin/php -f /var/www/nextcloud/cron.php) as user www-data
  • after a couple of minutes, reinstall the E2E plugin.

I don't know if this is the right way, but it worked. It asked me for new mnemonic words.
Desktop clients still ask for mnemonics at starts, but it's ok for me.

@ffuentes
Copy link

@ffuentes ffuentes commented Feb 1, 2019

Yes please, at least allow the user to revoke their own key.

@jmcclelland
Copy link

@jmcclelland jmcclelland commented Feb 21, 2019

I recorded my passphrase while setting up e2e on my android before the client was stable (it seems the passphrase I recorded is not the one that was used to create the key).

I didn't pay much attention, but now the desktop client asks for my passphrase everytime I start it and I'm tired of hitting cancel each time.

For better or worse, with Nextcloud 14 and E2E 1.0.5 it does seem possible to delete keys for a fresh start. @tobiasKaminsky's directions I found a bit vague and @dnclain's approach too drastic (I only wanted to revoke the keys for one user, not for everyone!).

So I settled on these steps to revoke the keys for just one user.

  • Enter the end_to_end_encryption folder in your appdata folder. Your appdata folder is a folder inside your data folder (the folder containing all your nextcloud files). It has a randomly generated name that starts with appdata like appdata_487461775a51. The end_to_end_encryption folder has three folders: meta-data, private-keys and public-keys.
  • If your username is joe, then remove meta-data/joe, private-keys/joe.private.key, public-keys/joe.public.key
  • In the database (replace joe with your username):
DELETE FROM oc_filecache WHERE path LIKE 'appdata_%/end_to_end_encryption/meta-data/joe%';
DELETE FROM oc_filecache WHERE path LIKE 'appdata_%/end_to_end_encryption/%-keys/joe.%.key';

I manually ran the cron job ( php -f /var/www/nextcloud/cron.php) - not sure if that is necessary.

I restarted my desktop app. It presented me with a new passphrase. I don't have access to my old encrypted folders, but I can create new ones.

I didn't share any folders with other users, so I'm not sure what would happen now if I had (would those shares be blindly re-keyed with my new key)?

I don't fully understand the intricacies of the Nextcloud e2e implementation, but if possible, I think the desired behavior should be something along the lines of:

  1. If an admin does what I just did, the user's client should warn the user and provide the option to copy the keys it has stored back to the server. The server admin should not be able to force a re-keying just by deleting those files. The clients should not allow that
  2. The clients should have a mechanism to force a re-key. If a client can properly authenticate with the server, then it should be allowed to trigger a re-keying. That means if an attacker takes control of your client, they can force a re-keying.
  3. If a second (or third, etc) client connects and detects a mis-match in keys, this client should prompt the user to choose the old or the new key. This way, if you have one deviced compromised, you can at least put your old key back, change your server password and regain control. Or, if you legitimately re-keyed you can choose to accept the new key.
  4. Any user that shared data with you via your old key should get prompted and it should require an active click through of the warning to re-encrypt the data to the new key.

I know it's not perfect and many users blindly click throug those warnings, but I think it's a reasonable compromise.

@TinTinMar515
Copy link

@TinTinMar515 TinTinMar515 commented Feb 7, 2020

EDIT : issue!
The solution proposed by jmcclelland worked fine for me with NC 17.0.3 and E2EE 1.3.0
Thank you so much!
EDIT :
Oups the folder that I tried to encrypt seems in clear in the server data folder.
This is a big security issues because the folder seems encrypted at client side, no way to get it from the web-cli, nor in other device which don't have the passphrase but, in ftp, I can download and open the files stored in... not so much in the e2ee philosophy !?

Client used is ubuntu 2.6.2git

@tigernero79
Copy link

@tigernero79 tigernero79 commented Aug 19, 2020

if you forget the mnemonic code or you have no client connected to retrieve it, I use these 2 commands from the terminal to delete the user's private and public key

curl -u "USER:Password" -X DELETE https://mysite/ocs/v2.php/apps/end_to_end_encryption/api/v1/private-key -H "OCS-APIRequest:true"

curl -u "USER:Password" -X DELETE https://mysite/ocs/v2.php/apps/end_to_end_encryption/api/v1/public-key -H "OCS-APIRequest:true"

@paulcalabro
Copy link

@paulcalabro paulcalabro commented Sep 10, 2020

@tigernero79 Thanks for the fix! The only change I had to make was spoofing the user agent. You can find a list of accepted user agents here:

public function supportsEndToEndEncryptionDataProvider(): array {
return [
// Android
['Mozilla/5.0 (Android) Nextcloud-android/1.9.9', false],
['Mozilla/5.0 (Android) Nextcloud-android/2.1.3', false],
['Mozilla/5.0 (Android) Nextcloud-android/2.3.3', false],
['Mozilla/5.0 (Android) Nextcloud-android/2.3.4', true],
['Mozilla/5.0 (Android) Nextcloud-android/2.4.9', true],
['Mozilla/5.0 (Android) Nextcloud-android/3.0.0', true],
// Android without version
['Mozilla/5.0 (Android) Nextcloud-android/beta', false],
['Mozilla/5.0 (Android) Nextcloud-android/', false],
['Mozilla/5.0 (Android) Nextcloud-android', false],
// iOS
['Mozilla/5.0 (iOS) Nextcloud-iOS/1.9.9', false],
['Mozilla/5.0 (iOS) Nextcloud-iOS/2.1.3', false],
['Mozilla/5.0 (iOS) Nextcloud-iOS/2.3.3', false],
['Mozilla/5.0 (iOS) Nextcloud-iOS/2.3.4', true],
['Mozilla/5.0 (iOS) Nextcloud-iOS/2.4.9', true],
['Mozilla/5.0 (iOS) Nextcloud-iOS/3.0.0', true],
// iOS without version
['Mozilla/5.0 (iOS) Nextcloud-iOS/beta', false],
['Mozilla/5.0 (iOS) Nextcloud-iOS/', false],
['Mozilla/5.0 (iOS) Nextcloud-iOS', false],
// Desktop
['Mozilla/5.0 (Macintosh) mirall/1.9.9stable (build 20200303) (Nextcloud)', false],
['Mozilla/5.0 (Macintosh) mirall/2.1.3rc (build 20200303)', false],
['Mozilla/5.0 (Macintosh) mirall/2.3.3', false],
['Mozilla/5.0 (Linux) mirall/2.3.4', true],
['Mozilla/5.0 (Macintosh) csyncoC/2.4.9RC (build 20200303) (Nextcloud)', true],
['Mozilla/5.0 (Macintosh) mirall/3.0.0 (build 20200303)', true],
// Desktop without version
['Mozilla/5.0 (Macintosh) mirall/ (build 20200303)', false],
['Mozilla/5.0 (Macintosh) mirall/', false],
['Mozilla/5.0 (Macintosh) mirall', false],

@boistordu
Copy link

@boistordu boistordu commented May 19, 2021

I would like to reopen this case because it's still really ungrateful as a way to do things.

the curl command doesn't work:

failure
403
Client "curl/7.76.1" is not allowed to access end-to-end encrypted content.

the entries in mysql database is not accurate anymore

to_end_encryption/public-keys
to_end_encryption/private-keys

there is no meta-data etc

@mjeshurun
Copy link

@mjeshurun mjeshurun commented Jul 7, 2021

So I settled on these steps to revoke the keys for just one user.

  • Enter the end_to_end_encryption folder in your appdata folder. Your appdata folder is a folder inside your data folder (the folder containing all your nextcloud files). It has a randomly generated name that starts with appdata like appdata_487461775a51. The end_to_end_encryption folder has three folders: meta-data, private-keys and public-keys.

I also made the stupid mistake of enabling and then disabling end-to-end encryption without properly saving the passphrase.
@jmcclelland can I trouble you and ask how I can find the end_to_end_encryption folder?
I cannot find the "appdata_..." folder you mentioned.
I'm running Nextcloud on a Raspberry Pi 4 installed using NextcloudPi's curl command.

@jmcclelland
Copy link

@jmcclelland jmcclelland commented Jul 7, 2021

Hi @mjeshurun - If you look in your config file, you'll see a variable called datadirectory - that's the path to your data directory. It might be something like /var/www/nextcloud/data. You should be able to find your data directory by running the command (replacing /var/www/nexztcloud/data/ with your actual data directory): ls /var/www/nextcloud/data/appdata*.

@mjeshurun
Copy link

@mjeshurun mjeshurun commented Jul 7, 2021

Hi @mjeshurun - If you look in your config file, you'll see a variable called datadirectory - that's the path to your data directory. It might be something like /var/www/nextcloud/data. You should be able to find your data directory by running the command (replacing /var/www/nexztcloud/data/ with your actual data directory): ls /var/www/nextcloud/data/appdata*.

Thank you! I was able to find the full appdata_... folder name.
However, I am not able to open it. Terminal says the permission to the folder is denied.

pi@raspberrypi:~ $ cd  /var/www/nextcloud/data/appdata_oc********qd
bash: cd: /var/www/nextcloud/data/appdata_oc********qd: Permission denied

Is there a command I need to run in order to allow permission?

@jmcclelland
Copy link

@jmcclelland jmcclelland commented Jul 7, 2021

Try becoming root with: sudo -i and then try those commands again.

@mjeshurun
Copy link

@mjeshurun mjeshurun commented Jul 7, 2021

Try becoming root with: sudo -i and then try those commands again.

That worked :)))
Thank you very much 🙏🙏🙏

@bcutter
Copy link

@bcutter bcutter commented Aug 1, 2021

@jmcclelland regarding #32 (comment)

Thanks so much for saving some (including my) asses 👍

Deleted private and public key for one specific user from filecache table and deleted User.private.key as well as User.public.key from server. Restarted desktop client of affected user - and the annoying message has gone. New pair of keys has been created immediately (possibly by cron running in the back meanwhile). Desktop client now also shows mnemonic again (before in broken E2E situation it only showed plain text (nothing)). So far no side effects discovered.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
E2Ev2
Awaiting triage
Linked pull requests

Successfully merging a pull request may close this issue.

None yet