master key encryption setup user password change (docu needed)

[himpierre]

Hello Devs.

I have a master key encrypted setup. Reading the docu did not answer my question. Here we go. When a user changes his password, is there any kind of reencryption needed? I guess no, but i wanna be sure. :-)

I would really appreciate if a dev could take the time to explain the master key encyrption setup a litte bit. I have in $docroot/data/files_encryption/OC_DEFAULT_MODULE/:

-rw-r--r-- 1 www-data www-data 4505 Sep  1  2017 master_ba1920b5.privateKey
-rw-r--r-- 1 www-data www-data  800 Sep  1  2017 master_ba1920b5.publicKey
-rw-r--r-- 1 www-data www-data 4505 Sep  1  2017 pubShare_ba1920b5.privateKey
-rw-r--r-- 1 www-data www-data  800 Sep  1  2017 pubShare_ba1920b5.publicKey

These keys are used to encrypt everything, right? The master key is encrypt with the secret stored in config.php?

thank you very much

Server configuration

Operating system: Linux

Web server: Apache2

Database: Maria

PHP version: 7.2

Nextcloud version: 13.0.4

[nextcloud-bot]

GitMate.io thinks possibly related issues are #6576 (Using encryption logs user password in clear-text), #5338 (Set Master key for encryption afterwards), #1262 (Force a password change), #5181 (Password change behavior), and #4162 (LDAP Password Changes -> Encryption App).

[MorrisJobke]

cc @nextcloud/encryption

[schiessle]

@himpierre you described it correctly. We now use the master key to encrypt/decrypt everything. This way users can freely change or reset their login password, it provides way better performance in case large folders are shared with many people and it works with user back-ends which doesn't have a password, such as SAML