Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No private key generated for new user accounts #2907

Closed
zecke opened this issue Jan 1, 2017 · 4 comments · Fixed by #2918
Closed

No private key generated for new user accounts #2907

zecke opened this issue Jan 1, 2017 · 4 comments · Fixed by #2918
Labels
bug feature: encryption (server-side)
Milestone
Nextcloud 12.0

Comments

@zecke
Copy link

zecke commented Jan 1, 2017

Steps to reproduce

  1. occ user:add foo
  2. add password/confirm password
  3. ls -rw-r--r-- 1 www www 0 Jan 1 19:25 data/foo/files_encryption/OC_DEFAULT_MODULE/foo.publicKey

Expected behaviour

Private and public key being generated

Actual behaviour

Truncated private key.. login will fail/warn about it

Server configuration

Operating system:
FreeBSD 10.3

Web server:
nginx

Database:
mysql

PHP version:
7

Nextcloud version: (see Nextcloud admin page)
nextcloud-11.0

Updated from an older Nextcloud/ownCloud or fresh install:
Updated from 9

Where did you install Nextcloud from:
FreeBSD ports

Signing status:
No errors have been found.

List of activated apps:

Enabled: - activity: 2.4.1 - admin_audit: 1.1.0 - comments: 1.1.0 - dav: 1.1.1 - encryption: 1.4.1 - federatedfilesharing: 1.1.1 - federation: 1.1.1 - files: 1.6.1 - files_pdfviewer: 1.0.1 - files_sharing: 1.1.1 - files_texteditor: 2.2 - files_trashbin: 1.1.0 - files_versions: 1.4.0 - files_videoplayer: 1.0.0 - firstrunwizard: 2.0 - gallery: 16.0.0 - logreader: 2.0.0 - lookup_server_connector: 1.0.0 - nextcloud_announcements: 1.0 - notifications: 1.0.1 - password_policy: 1.1.0 - provisioning_api: 1.1.0 - serverinfo: 1.1.1 - sharebymail: 1.0.1 - survey_client: 0.1.5 - systemtags: 1.1.3 - templateeditor: 0.2 - theming: 1.1.1 - twofactor_backupcodes: 1.0.0 - updatenotification: 1.1.1 - workflowengine: 1.1.1 Disabled: - calendar - contacts - external - files_accesscontrol - files_antivirus - files_automatedtagging - files_external - files_retention - user_external - user_ldap - user_saml

The content of config/config.php:

{ "system": { "instanceid": "private", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "private" ], "datadirectory": "\/usr\/local\/www\/nextcloud\/data", "overwrite.cli.url": "private", "dbtype": "mysql", "version": "11.0.0.10", "dbname": "nextcloud", "dbhost": "localhost", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "logtimezone": "UTC", "installed": true, "mail_from_address": "private", "mail_smtpmode": "smtp", "mail_domain": "private", "mail_smtpauthtype": "LOGIN", "mail_smtphost": "private", "theme": "", "loglevel": 2, "maintenance": false, "singleuser": false } }

Are you using external storage, if yes which one: local/smb/sftp/...
local

Are you using encryption: yes/no
yes

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
no

LDAP configuration (delete this part if not used)

Client configuration

Browser:

Operating system:

Logs

Web server error log

Web server error log ``` Insert your webserver log here ```

Nextcloud log (data/nextcloud.log)

Nextcloud log ``` Insert your Nextcloud log here ```

Browser log

Browser log ``` Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...

</details>
@zecke zecke mentioned this issue Jan 1, 2017
Closed
@zecke
Copy link
Author

zecke commented Jan 1, 2017

I forced to call createKeyPair ...

{"reqId":"xUEG29978wGeVJzRhGcY","remoteAddr":"","app":"encryption","message":"Encryption Library couldn't generate users key-pair for \"no user given\"","level":3,"time":"2017-01-01T20:21:12+00:00","method":"--","url":"--","user":"--","version":"11.0.0.10"}
{"reqId":"xUEG29978wGeVJzRhGcY","remoteAddr":"","app":"encryption","message":"Encryption library openssl_pkey_new() fails: error:2006D080:BIO routines:BIO_new_file:no such file","level":3,"time":"2017-01-01T20:21:12+00:00","method":"--","url":"--","user":"--","version":"11.0.0.10"}
{"reqId":"xUEG29978wGeVJzRhGcY","remoteAddr":"","app":"encryption","message":"Encryption library couldn't export users private key, please check your servers OpenSSL configuration.\"no user given\"","level":3,"time":"2017-01-01T20:21:12+00:00","method":"--","url":"--","user":"--","version":"11.0.0.10"}
{"reqId":"xUEG29978wGeVJzRhGcY","remoteAddr":"","app":"encryption","message":"Encryption Library:error:02001002:system library:fopen:No such file or directory","level":3,"time":"2017-01-01T20:21:12+00:00","method":"--","url":"--","user":"--","version":"11.0.0.10"}
{"reqId":"xUEG29978wGeVJzRhGcY","remoteAddr":"","app":"PHP","message":"Missing argument 2 for OC\\Files\\Storage\\Wrapper\\Wrapper::file_put_contents(), called in \/usr\/local\/www\/nextcloud\/lib\/private\/Files\/View.php on line 1124 and defined at \/usr\/local\/www\/nextcloud\/lib\/private\/Files\/Storage\/Wrapper\/Wrapper.php#250","level":3,"time":"2017-01-01T20:21:12+00:00","method":"--","url":"--","user":"--","version":"11.0.0.10"}
{"reqId":"xUEG29978wGeVJzRhGcY","remoteAddr":"","app":"PHP","message":"Undefined variable: data at \/usr\/local\/www\/nextcloud\/lib\/private\/Files\/Storage\/Wrapper\/Wrapper.php#251","level":3,"time":"2017-01-01T20:21:12+00:00","method":"--","url":"--","user":"--","version":"11.0.0.10"}
{"reqId":"xUEG29978wGeVJzRhGcY","remoteAddr":"","app":"encryption","message":"Encryption Library, symmetrical encryption failed no content given","level":3,"time":"2017-01-01T20:21:13+00:00","method":"--","url":"--","user":"--","version":"11.0.0.10"}
{"reqId":"xUEG29978wGeVJzRhGcY","remoteAddr":"","app":"no app in context","message":"Encryption Could not update users encryption password","level":3,"time":"2017-01-01T20:21:13+00:00","method":"--","url":"--","user":"--","version":"11.0.0.10"}

openssl genrsa itself is working.. but the privateKey doesn't seem to be PEM encoded. OpenSSL is 1.0.2j

@zecke
Copy link
Author

zecke commented Jan 1, 2017

  • Commands should not succeed in case of errors (e.g. sharing succeeds besides plenty of errors in the log). Initial account creation succeeds even if a hook fails (e.g. here the encryption hook)
  • Check errors. E.g. openssl_pkey_new and call openssl_error_string()
  • Make setPassphrase() work even if there is no current private key (e.g. catch the exception?)

In my case openssl_pkey_new ends in the x509 code and tries to open a openssl.cnf which doesn't exist for the port version of OpenSSL 1.0.2. Copying the one from the base system resolved the issue.

@schiessle
Copy link
Member

How do you perform step 2 "add password/confirm password"? With the reset password occ command?

@schiessle schiessle mentioned this issue Jan 2, 2017
Merged
@zecke
Copy link
Author

zecke commented Jan 3, 2017

IIRC the CLI will ask for and for the confirmation and then claim it was successful and I think that is the "real" problem.

@zecke zecke mentioned this issue Jan 5, 2017
Closed
@MorrisJobke MorrisJobke added this to the Nextcloud 12.0 milestone Jan 13, 2017
@nextcloud-bot nextcloud-bot mentioned this issue Sep 2, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug feature: encryption (server-side)
Projects
None yet
Milestone
Nextcloud 12.0
Development

Successfully merging a pull request may close this issue.

create new encryption keys on password reset and backup the old one nextcloud/server
3 participants
@MorrisJobke @zecke @schiessle