-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sftp key handling #39935
Sftp key handling #39935
Conversation
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
💥 Acceptance tests pipeline apiTranslation-mariadb10.2-php7.4 failed. The build has been cancelled. |
1fdde8d
to
42712c0
Compare
@C0rby could you check if the approach is good enough from a secure point of view? |
Security wise these changes look good. There are some other things I want to change though but not in this pull request. Let's do that afterwards. |
SonarCloud Quality Gate failed. |
Description
Modify public/private key behavior for SFTP storage in order to avoid exposing the private key.
The keys will always be generated in the server. The user won't be able to provide his own keys.
The public key will be handled as any "public" parameter, so no encryption or encoding will be applied to this parameter.
For the private key, an opaque token will be sent instead of the actual key. For the user's perspective, this token needs to be sent as private key. The actual private key will be kept in ownCloud and it will be encrypted.
Since the parameters for the storage are different, a migration is provided to convert the old parameters to the new format.
Related Issue
https://github.com/owncloud/enterprise/issues/5036
Motivation and Context
Private key shouldn't be exposed in any way.
How Has This Been Tested?
Screenshots (if appropriate):
Types of changes
Checklist: