ownCloud encryption not working with Notes App #9392
Comments
|
@schiesbn Can you test? |
|
I run an encrypted ownCloud. The Notes app is installed and enabled. Accessing the url /index.php/apps/notes/api/v0.2/notes gives me the contents. Trying to access with the myownnotes from Android generates an error "There was a connection error. Please check your username / password". The log contains the following: SSL keychain for the https connection? I have a RapidSSL cert, installed in Apache and intermediate cert in the config as well. Seems to work fine. |
|
Oh man, that issue.... @Raydiation: Is owncloud/notes#48 still unresolved? @tigrino says the API is working fine. A quick check on our testmachine gave us the impression that the app is working too with ownCloud encryption enabled (aykit/MyOwnNotes#35). However, I have no idea (nor time to look at atm) how ownCloud implemented encryption. It would be great if we could figure out if owncloud/notes#48 is solved and the app is the only "weak" link here. Questions
|
|
@tigrino : Please use https://www.ssllabs.com/ssltest/ to test your chain. Additionally, it would be great if you could test it with encryption disabled as well. Just to make sure... and please provide us with every step you take ;) |
|
@maltemafia Can you try it with the newest beta of 7? Works for me |
|
Mmm... Taking the server offline and replacing it with a fresh instance to check the working without/with encryption may be possible but I would rather avoid doing that if possible... Mine is encryption first, long time ago, notes installed yesterday. Call to the API (/index.php/apps/notes/api/v0.2/notes) returns this: The file on disk is encrypted and contains this: ssllabs check reports all ok with the certificate except for limited support for forward secrecy. Do you want the complete report here? |
|
That would be great. But if you don't want to share it, just report this: Additional Certificates (if supplied)Certificates provided x (z bytes) |
|
@Raydiation : My colleague is testing 6.0.4 today and I will test 7 later on. Btw, my name is maltefiala, not to be confused with some mafia :) @tigrino : What server version of ownCloud are you running? |
|
My colleague @steppenhahn made various tests today. From our point of view, encryption seems to be the problem. My Own Notes works like a charm with the encryption-plugin disabled. As soon as we activate the encryption-plugin, we get an it does not matter if the encryption is disabled or enabled (admin-tab) - If the plugin is enabled, myownnotes does not work. System tested
Next StepsWe will investigate this issue on 7.0 this weekend. |
|
Try to log out after enabling encryption. The error code in the URL means that encryption is not yet initialized |
|
Additional Certificates (if supplied) ownCloud 6.0.4 (stable) |
|
@Raydiation I run for several months already on this version and with encryption enabled. I just installed notes and ran into problems, encryption was there before and is working fine. |
|
The chain looks good then. I will investigate further on the weekend. |
|
I came to the same conclusion as maltefiala: it must have to do with the encryption. My nginx-access.log reports |
|
@urenzel @Raydiation here is exactly what i did:
now myownnotes can connect properly - no errors then:
now myownnotes can NOT connect. see error message from maltefiala then:
same problem as above System tested:
|
|
Just for clarification owncloud/notes#48 is not solved. I spent the entire weekend working on this without a solution. It's a high priority for users. |
|
This issue is really a duplicate of #8830. |
|
With the new release, 1.3.1, I get a different message in the log file: Accessing the URL directly in the browser returns the expected |
|
Nope, back to the original errors. |
|
Sry, we are in a summer limbo atm. We will try to find a solution in September. |
|
Referencing aykit/MyOwnNotes#71 |
|
Summer is over and we are slowly getting back on track. After thoroughly testing, the following has been found out: Tested System:owncloud 7.0.2 405 ErrorThose of you who are getting 405 errors forgot to enable mod_rewrite. Look at http://forum.owncloud.org/viewtopic.php?t=7536 for how to fix this. Encryption app not initalisedWhen GETting the API-URL via browser, notes are shown. GET requests via curl lead to https://own-my-notes.maltefiala.org/owncloud/apps/files_encryption/files/error.php?p=0&errorCode=1. I guess the fix is coming in sight. In shortStay tuned :) |
|
I have same problem. Never had it working but seems like this problem. I have encryption enabled. Owncloud 7.0.2 Browsing to https://my.domain/owncloud/index.php/apps/notes/api/v0.2/notes shows my test notes: Loggy Output 9140NoteListActivityD menu |
|
Just want to report that it happened to me as well with OC 7.0.2 and Notes 0.9 - I enabled the module, created two notes, renamed one of them, tried to add markup (before I noticed it had been removed), moved back and forth between my 2 test notes, and all of a sudden, I got the encryption error message. This would happen each time I click on the "Notes" icon in the user menu. Only choice was to disable the Notes module entirely. |
|
Just a guess, but maybe it is related to #11127 |
|
Dear community, after spending hours trying to understand the ownCloud encryption app's purpose and implementation we have come to the conclusion that we do not have the financial means to support encryption with My Own Notes. The reasons in detail: encryption app misconception encryption app codebase
There is no good encryption but client-side encryption Conclusion Your's, |
|
There is a lot of talk about doing client side encryption with javascript. Although Javascript encryption takes place client side, the javascript code is loaded from a server that my belong to a domain not controlled by oneself. Therefore, using JS-encryption is not the same as using offline client side encryption and can not be deemed secure per se. |
|
Malte, I appreciate all the work you and other folks at aykit do. However, I think you may be overreacting in this instance. Your attacks on the concept of ownCloud encryption are somewhat justified but I feel that you see things in a much darker light than they should be. The encryption does what it says. It is not perfect, it is not protecting you from some of the attacks but it is useful. Discarding it just because it is not perfect is silly. The issues you referred to above are not really issues for security within the context we are talking about. Everything seems to be well taken care of and developers provided pretty good feedback, actually. I would say that for my purposes it is sufficient to have the encryption that the ownCloud provides. I am definitely not enjoying the idea of the client-side encryption in the browser. That has its own pitfalls. Also, I would like to note that you provide an app for ownCloud, not another system, not your own. You have to support whatever is there because we use that and we are happy with what it does despite all the shortcomings. I would very much appreciate if you reconsidered and actually implemented proper support for encryption as it is at the moment in ownCloud. Thank you for your consideration. |
|
@tigrino Thanks for your positive words! @maltefiala First let me say that I use your app by my own and I really like it! I don't really understand what you mean if you say that your app doesn't support encryption. Encryption happens server-side, so there is nothing you app have to support. It just upload and download files and the rest happens on the server. I don't know the notes app API, but if the API has a problem with the encryption then it is probably a problem we need to address at the notes app. |
|
@Raydiation you are the main author of the notes app. Did you tested the API with encryption enabled? |
|
Nope. I do not maintain it anymore btw |
|
I can reproduce the problem with ownCloud 7.0.2, for some reasons I don't understand yet, the login hook isn't triggered. But this seems to be fixed in stable7, so the problem should be solved with ownCloud 7.0.3 which will be released soon. |
|
Is 7.0.3RC1 stable enough for product environment to try it out? |
|
@tigrino you have to figure that out for yourself, its in RC status atm |
|
Oh!!! It finally works! Yahoo! The release 7.0.3 made it work! Thank you! |
|
Great that it solved the problem! |
|
@schiesbn @tigrino Good to know! Not supporting just means that we are not doing support for it for the reasons given. Nevertheless we are more than happy it's working now. Big thanks to all developers who made this happen! |
We are getting a lot of feedback concerning encryption not working in ownCloud Notes. As suggested by @Raydiation I hereby open this one in core. Please everyone out there:
Dependent Issues
Core Devs
It would be great if you could comment on this.
Thanks.
The text was updated successfully, but these errors were encountered: