diff options
| author | Michael Gapczynski <mtgap@owncloud.com> | 2013-02-11 20:27:05 -0500 |
|---|---|---|
| committer | Michael Gapczynski <mtgap@owncloud.com> | 2013-02-11 20:27:05 -0500 |
| commit | 6eba790a75ba128e3182771a30dbe88733ee0dfc (patch) | |
| tree | ba313bec694c64928d82e2b76445d6307a305b22 /apps/files_encryption/lib/crypt.php | |
| parent | 6f08b1f829e9d4c49f66b19fdda8c229bc8ae3f3 (diff) | |
| parent | 04bf8c1b66d6adef0466efae00c32745465767f2 (diff) | |
| download | nextcloud-server-6eba790a75ba128e3182771a30dbe88733ee0dfc.tar.gz nextcloud-server-6eba790a75ba128e3182771a30dbe88733ee0dfc.zip | |
Merge branch 'master' into external_storage_ui_feedback
Conflicts:
apps/files_external/js/dropbox.js
apps/files_external/js/google.js
apps/files_external/js/settings.js
apps/files_external/lib/amazons3.php
apps/files_external/lib/dropbox.php
apps/files_external/lib/google.php
apps/files_external/lib/smb.php
apps/files_external/lib/swift.php
apps/files_external/lib/webdav.php
lib/filestorage.php
Diffstat (limited to 'apps/files_encryption/lib/crypt.php')
| -rwxr-xr-x[-rw-r--r--] | apps/files_encryption/lib/crypt.php | 915 |
1 files changed, 695 insertions, 220 deletions
diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 666fedb4e1b..c7a414c5080 100644..100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -1,220 +1,695 @@ -<?php -/** - * ownCloud - * - * @author Frank Karlitschek - * @copyright 2012 Frank Karlitschek frank@owncloud.org - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. - * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see <http://www.gnu.org/licenses/>. - * - */ - - - -// Todo: -// - Crypt/decrypt button in the userinterface -// - Setting if crypto should be on by default -// - Add a setting "Don´t encrypt files larger than xx because of performance reasons" -// - Transparent decrypt/encrypt in filesystem.php. Autodetect if a file is encrypted (.encrypted extension) -// - Don't use a password directly as encryption key, but a key which is stored on the server and encrypted with the -// user password. -> password change faster -// - IMPORTANT! Check if the block lenght of the encrypted data stays the same - - -require_once 'Crypt_Blowfish/Blowfish.php'; - -/** - * This class is for crypting and decrypting - */ -class OC_Crypt { - static private $bf = null; - - public static function loginListener($params) { - self::init($params['uid'], $params['password']); - } - - public static function init($login, $password) { - $view=new OC_FilesystemView('/'); - if ( ! $view->file_exists('/'.$login)) { - $view->mkdir('/'.$login); - } - - OC_FileProxy::$enabled=false; - if ( ! $view->file_exists('/'.$login.'/encryption.key')) {// does key exist? - OC_Crypt::createkey($login, $password); - } - $key=$view->file_get_contents('/'.$login.'/encryption.key'); - OC_FileProxy::$enabled=true; - $_SESSION['enckey']=OC_Crypt::decrypt($key, $password); - } - - - /** - * get the blowfish encryption handeler for a key - * @param string $key (optional) - * @return Crypt_Blowfish - * - * if the key is left out, the default handeler will be used - */ - public static function getBlowfish($key='') { - if ($key) { - return new Crypt_Blowfish($key); - } else { - if ( ! isset($_SESSION['enckey'])) { - return false; - } - if ( ! self::$bf) { - self::$bf=new Crypt_Blowfish($_SESSION['enckey']); - } - return self::$bf; - } - } - - public static function createkey($username, $passcode) { - // generate a random key - $key=mt_rand(10000, 99999).mt_rand(10000, 99999).mt_rand(10000, 99999).mt_rand(10000, 99999); - - // encrypt the key with the passcode of the user - $enckey=OC_Crypt::encrypt($key, $passcode); - - // Write the file - $proxyEnabled=OC_FileProxy::$enabled; - OC_FileProxy::$enabled=false; - $view=new OC_FilesystemView('/'.$username); - $view->file_put_contents('/encryption.key', $enckey); - OC_FileProxy::$enabled=$proxyEnabled; - } - - public static function changekeypasscode($oldPassword, $newPassword) { - if (OCP\User::isLoggedIn()) { - $username=OCP\USER::getUser(); - $view=new OC_FilesystemView('/'.$username); - - // read old key - $key=$view->file_get_contents('/encryption.key'); - - // decrypt key with old passcode - $key=OC_Crypt::decrypt($key, $oldPassword); - - // encrypt again with new passcode - $key=OC_Crypt::encrypt($key, $newPassword); - - // store the new key - $view->file_put_contents('/encryption.key', $key ); - } - } - - /** - * @brief encrypts an content - * @param $content the cleartext message you want to encrypt - * @param $key the encryption key (optional) - * @returns encrypted content - * - * This function encrypts an content - */ - public static function encrypt( $content, $key='') { - $bf = self::getBlowfish($key); - return $bf->encrypt($content); - } - - /** - * @brief decryption of an content - * @param $content the cleartext message you want to decrypt - * @param $key the encryption key (optional) - * @returns cleartext content - * - * This function decrypts an content - */ - public static function decrypt( $content, $key='') { - $bf = self::getBlowfish($key); - $data=$bf->decrypt($content); - return $data; - } - - /** - * @brief encryption of a file - * @param string $source - * @param string $target - * @param string $key the decryption key - * - * This function encrypts a file - */ - public static function encryptFile( $source, $target, $key='') { - $handleread = fopen($source, "rb"); - if ($handleread!=false) { - $handlewrite = fopen($target, "wb"); - while (!feof($handleread)) { - $content = fread($handleread, 8192); - $enccontent=OC_CRYPT::encrypt( $content, $key); - fwrite($handlewrite, $enccontent); - } - fclose($handlewrite); - fclose($handleread); - } - } - - - /** - * @brief decryption of a file - * @param string $source - * @param string $target - * @param string $key the decryption key - * - * This function decrypts a file - */ - public static function decryptFile( $source, $target, $key='') { - $handleread = fopen($source, "rb"); - if ($handleread!=false) { - $handlewrite = fopen($target, "wb"); - while (!feof($handleread)) { - $content = fread($handleread, 8192); - $enccontent=OC_CRYPT::decrypt( $content, $key); - if (feof($handleread)) { - $enccontent=rtrim($enccontent, "\0"); - } - fwrite($handlewrite, $enccontent); - } - fclose($handlewrite); - fclose($handleread); - } - } - - /** - * encrypt data in 8192b sized blocks - */ - public static function blockEncrypt($data, $key='') { - $result=''; - while (strlen($data)) { - $result.=self::encrypt(substr($data, 0, 8192), $key); - $data=substr($data, 8192); - } - return $result; - } - - /** - * decrypt data in 8192b sized blocks - */ - public static function blockDecrypt($data, $key='', $maxLength=0) { - $result=''; - while (strlen($data)) { - $result.=self::decrypt(substr($data, 0, 8192), $key); - $data=substr($data, 8192); - } - if ($maxLength>0) { - return substr($result, 0, $maxLength); - } else { - return rtrim($result, "\0"); - } - } -} +<?php
+
+/**
+ * ownCloud
+ *
+ * @author Sam Tuke, Frank Karlitschek, Robin Appelman
+ * @copyright 2012 Sam Tuke samtuke@owncloud.com,
+ * Robin Appelman icewind@owncloud.com, Frank Karlitschek
+ * frank@owncloud.org
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Encryption;
+
+require_once 'Crypt_Blowfish/Blowfish.php';
+
+// Todo:
+// - Add a setting "Don´t encrypt files larger than xx because of performance"
+// - Don't use a password directly as encryption key. but a key which is
+// stored on the server and encrypted with the user password. -> change pass
+// faster
+
+/**
+ * Class for common cryptography functionality
+ */
+
+class Crypt {
+
+ /**
+ * @brief return encryption mode client or server side encryption
+ * @param string user name (use system wide setting if name=null)
+ * @return string 'client' or 'server'
+ */
+ public static function mode( $user = null ) {
+
+ return 'server';
+
+ }
+
+ /**
+ * @brief Create a new encryption keypair
+ * @return array publicKey, privatekey
+ */
+ public static function createKeypair() {
+
+ $res = openssl_pkey_new();
+
+ // Get private key
+ openssl_pkey_export( $res, $privateKey );
+
+ // Get public key
+ $publicKey = openssl_pkey_get_details( $res );
+
+ $publicKey = $publicKey['key'];
+
+ return( array( 'publicKey' => $publicKey, 'privateKey' => $privateKey ) );
+
+ }
+
+ /**
+ * @brief Add arbitrary padding to encrypted data
+ * @param string $data data to be padded
+ * @return padded data
+ * @note In order to end up with data exactly 8192 bytes long we must
+ * add two letters. It is impossible to achieve exactly 8192 length
+ * blocks with encryption alone, hence padding is added to achieve the
+ * required length.
+ */
+ public static function addPadding( $data ) {
+
+ $padded = $data . 'xx';
+
+ return $padded;
+
+ }
+
+ /**
+ * @brief Remove arbitrary padding to encrypted data
+ * @param string $padded padded data to remove padding from
+ * @return unpadded data on success, false on error
+ */
+ public static function removePadding( $padded ) {
+
+ if ( substr( $padded, -2 ) == 'xx' ) {
+
+ $data = substr( $padded, 0, -2 );
+
+ return $data;
+
+ } else {
+
+ // TODO: log the fact that unpadded data was submitted for removal of padding
+ return false;
+
+ }
+
+ }
+
+ /**
+ * @brief Check if a file's contents contains an IV and is symmetrically encrypted
+ * @return true / false
+ * @note see also OCA\Encryption\Util->isEncryptedPath()
+ */
+ public static function isCatfile( $content ) {
+
+ if ( !$content ) {
+
+ return false;
+
+ }
+
+ $noPadding = self::removePadding( $content );
+
+ // Fetch encryption metadata from end of file
+ $meta = substr( $noPadding, -22 );
+
+ // Fetch IV from end of file
+ $iv = substr( $meta, -16 );
+
+ // Fetch identifier from start of metadata
+ $identifier = substr( $meta, 0, 6 );
+
+ if ( $identifier == '00iv00') {
+
+ return true;
+
+ } else {
+
+ return false;
+
+ }
+
+ }
+
+ /**
+ * Check if a file is encrypted according to database file cache
+ * @param string $path
+ * @return bool
+ */
+ public static function isEncryptedMeta( $path ) {
+
+ // TODO: Use DI to get \OC\Files\Filesystem out of here
+
+ // Fetch all file metadata from DB
+ $metadata = \OC\Files\Filesystem::getFileInfo( $path, '' );
+
+ // Return encryption status
+ return isset( $metadata['encrypted'] ) and ( bool )$metadata['encrypted'];
+
+ }
+
+ /**
+ * @brief Check if a file is encrypted via legacy system
+ * @param string $relPath The path of the file, relative to user/data;
+ * e.g. filename or /Docs/filename, NOT admin/files/filename
+ * @return true / false
+ */
+ public static function isLegacyEncryptedContent( $data, $relPath ) {
+
+ // Fetch all file metadata from DB
+ $metadata = \OC\Files\Filesystem::getFileInfo( $relPath, '' );
+
+ // If a file is flagged with encryption in DB, but isn't a
+ // valid content + IV combination, it's probably using the
+ // legacy encryption system
+ if (
+ isset( $metadata['encrypted'] )
+ and $metadata['encrypted'] === true
+ and ! self::isCatfile( $data )
+ ) {
+
+ return true;
+
+ } else {
+
+ return false;
+
+ }
+
+ }
+
+ /**
+ * @brief Symmetrically encrypt a string
+ * @returns encrypted file
+ */
+ public static function encrypt( $plainContent, $iv, $passphrase = '' ) {
+
+ if ( $encryptedContent = openssl_encrypt( $plainContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {
+
+ return $encryptedContent;
+
+ } else {
+
+ \OC_Log::write( 'Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR );
+
+ return false;
+
+ }
+
+ }
+
+ /**
+ * @brief Symmetrically decrypt a string
+ * @returns decrypted file
+ */
+ public static function decrypt( $encryptedContent, $iv, $passphrase ) {
+
+ if ( $plainContent = openssl_decrypt( $encryptedContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {
+
+ return $plainContent;
+
+
+ } else {
+
+ throw new \Exception( 'Encryption library: Decryption (symmetric) of content failed' );
+
+ }
+
+ }
+
+ /**
+ * @brief Concatenate encrypted data with its IV and padding
+ * @param string $content content to be concatenated
+ * @param string $iv IV to be concatenated
+ * @returns string concatenated content
+ */
+ public static function concatIv ( $content, $iv ) {
+
+ $combined = $content . '00iv00' . $iv;
+
+ return $combined;
+
+ }
+
+ /**
+ * @brief Split concatenated data and IV into respective parts
+ * @param string $catFile concatenated data to be split
+ * @returns array keys: encrypted, iv
+ */
+ public static function splitIv ( $catFile ) {
+
+ // Fetch encryption metadata from end of file
+ $meta = substr( $catFile, -22 );
+
+ // Fetch IV from end of file
+ $iv = substr( $meta, -16 );
+
+ // Remove IV and IV identifier text to expose encrypted content
+ $encrypted = substr( $catFile, 0, -22 );
+
+ $split = array(
+ 'encrypted' => $encrypted
+ , 'iv' => $iv
+ );
+
+ return $split;
+
+ }
+
+ /**
+ * @brief Symmetrically encrypts a string and returns keyfile content
+ * @param $plainContent content to be encrypted in keyfile
+ * @returns encrypted content combined with IV
+ * @note IV need not be specified, as it will be stored in the returned keyfile
+ * and remain accessible therein.
+ */
+ public static function symmetricEncryptFileContent( $plainContent, $passphrase = '' ) {
+
+ if ( !$plainContent ) {
+
+ return false;
+
+ }
+
+ $iv = self::generateIv();
+
+ if ( $encryptedContent = self::encrypt( $plainContent, $iv, $passphrase ) ) {
+
+ // Combine content to encrypt with IV identifier and actual IV
+ $catfile = self::concatIv( $encryptedContent, $iv );
+
+ $padded = self::addPadding( $catfile );
+
+ return $padded;
+
+ } else {
+
+ \OC_Log::write( 'Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR );
+
+ return false;
+
+ }
+
+ }
+
+
+ /**
+ * @brief Symmetrically decrypts keyfile content
+ * @param string $source
+ * @param string $target
+ * @param string $key the decryption key
+ * @returns decrypted content
+ *
+ * This function decrypts a file
+ */
+ public static function symmetricDecryptFileContent( $keyfileContent, $passphrase = '' ) {
+
+ if ( !$keyfileContent ) {
+
+ throw new \Exception( 'Encryption library: no data provided for decryption' );
+
+ }
+
+ // Remove padding
+ $noPadding = self::removePadding( $keyfileContent );
+
+ // Split into enc data and catfile
+ $catfile = self::splitIv( $noPadding );
+
+ if ( $plainContent = self::decrypt( $catfile['encrypted'], $catfile['iv'], $passphrase ) ) {
+
+ return $plainContent;
+
+ }
+
+ }
+
+ /**
+ * @brief Creates symmetric keyfile content using a generated key
+ * @param string $plainContent content to be encrypted
+ * @returns array keys: key, encrypted
+ * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
+ *
+ * This function decrypts a file
+ */
+ public static function symmetricEncryptFileContentKeyfile( $plainContent ) {
+
+ $key = self::generateKey();
+
+ if( $encryptedContent = self::symmetricEncryptFileContent( $plainContent, $key ) ) {
+
+ return array(
+ 'key' => $key
+ , 'encrypted' => $encryptedContent
+ );
+
+ } else {
+
+ return false;
+
+ }
+
+ }
+
+ /**
+ * @brief Create asymmetrically encrypted keyfile content using a generated key
+ * @param string $plainContent content to be encrypted
+ * @returns array keys: key, encrypted
+ * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
+ *
+ * This function decrypts a file
+ */
+ public static function multiKeyEncrypt( $plainContent, array $publicKeys ) {
+
+ // Set empty vars to be set by openssl by reference
+ $sealed = '';
+ $envKeys = array();
+
+ if( openssl_seal( $plainContent, $sealed, $envKeys, $publicKeys ) ) {
+
+ return array(
+ 'keys' => $envKeys
+ , 'encrypted' => $sealed
+ );
+
+ } else {
+
+ return false;
+
+ }
+
+ }
+
+ /**
+ * @brief Asymmetrically encrypt a file using multiple public keys
+ * @param string $plainContent content to be encrypted
+ * @returns string $plainContent decrypted string
+ * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
+ *
+ * This function decrypts a file
+ */
+ public static function multiKeyDecrypt( $encryptedContent, $envKey, $privateKey ) {
+
+ if ( !$encryptedContent ) {
+
+ return false;
+
+ }
+
+ if ( openssl_open( $encryptedContent, $plainContent, $envKey, $privateKey ) ) {
+
+ return $plainContent;
+
+ } else {
+
+ \OC_Log::write( 'Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR );
+
+ return false;
+
+ }
+
+ }
+
+ /**
+ * @brief Asymmetrically encrypt a string using a public key
+ * @returns encrypted file
+ */
+ public static function keyEncrypt( $plainContent, $publicKey ) {
+
+ openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey );
+
+ return $encryptedContent;
+
+ }
+
+ /**
+ * @brief Asymetrically decrypt a file using a private key
+ * @returns decrypted file
+ */
+ public static function keyDecrypt( $encryptedContent, $privatekey ) {
+
+ openssl_private_decrypt( $encryptedContent, $plainContent, $privatekey );
+
+ return $plainContent;
+
+ }
+
+ /**
+ * @brief Encrypts content symmetrically and generates keyfile asymmetrically
+ * @returns array containing catfile and new keyfile.
+ * keys: data, key
+ * @note this method is a wrapper for combining other crypt class methods
+ */
+ public static function keyEncryptKeyfile( $plainContent, $publicKey ) {
+
+ // Encrypt plain data, generate keyfile & encrypted file
+ $cryptedData = self::symmetricEncryptFileContentKeyfile( $plainContent );
+
+ // Encrypt keyfile
+ $cryptedKey = self::keyEncrypt( $cryptedData['key'], $publicKey );
+
+ return array( 'data' => $cryptedData['encrypted'], 'key' => $cryptedKey );
+
+ }
+
+ /**
+ * @brief Takes catfile, keyfile, and private key, and
+ * performs decryption
+ * @returns decrypted content
+ * @note this method is a wrapper for combining other crypt class methods
+ */
+ public static function keyDecryptKeyfile( $catfile, $keyfile, $privateKey ) {
+
+ // Decrypt the keyfile with the user's private key
+ $decryptedKeyfile = self::keyDecrypt( $keyfile, $privateKey );
+
+ // Decrypt the catfile symmetrically using the decrypted keyfile
+ $decryptedData = self::symmetricDecryptFileContent( $catfile, $decryptedKeyfile );
+
+ return $decryptedData;
+
+ }
+
+ /**
+ * @brief Symmetrically encrypt a file by combining encrypted component data blocks
+ */
+ public static function symmetricBlockEncryptFileContent( $plainContent, $key ) {
+
+ $crypted = '';
+
+ $remaining = $plainContent;
+
+ $testarray = array();
+
+ while( strlen( $remaining ) ) {
+
+ //echo "\n\n\$block = ".substr( $remaining, 0, 6126 );
+
+ // Encrypt a chunk of unencrypted data and add it to the rest
+ $block = self::symmetricEncryptFileContent( substr( $remaining, 0, 6126 ), $key );
+
+ $padded = self::addPadding( $block );
+
+ $crypted .= $block;
+
+ $testarray[] = $block;
+
+ // Remove the data already encrypted from remaining unencrypted data
+ $remaining = substr( $remaining, 6126 );
+
+ }
+
+ return $crypted;
+
+ }
+
+
+ /**
+ * @brief Symmetrically decrypt a file by combining encrypted component data blocks
+ */
+ public static function symmetricBlockDecryptFileContent( $crypted, $key ) {
+
+ $decrypted = '';
+
+ $remaining = $crypted;
+
+ $testarray = array();
+
+ while( strlen( $remaining ) ) {
+
+ $testarray[] = substr( $remaining, 0, 8192 );
+
+ // Decrypt a chunk of unencrypted data and add it to the rest
+ $decrypted .= self::symmetricDecryptFileContent( $remaining, $key );
+
+ // Remove the data already encrypted from remaining unencrypted data
+ $remaining = substr( $remaining, 8192 );
+
+ }
+
+ return $decrypted;
+
+ }
+
+ /**
+ * @brief Generates a pseudo random initialisation vector
+ * @return String $iv generated IV
+ */
+ public static function generateIv() {
+
+ if ( $random = openssl_random_pseudo_bytes( 12, $strong ) ) {
+
+ if ( !$strong ) {
+
+ // If OpenSSL indicates randomness is insecure, log error
+ \OC_Log::write( 'Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN );
+
+ }
+
+ // We encode the iv purely for string manipulation
+ // purposes - it gets decoded before use
+ $iv = base64_encode( $random );
+
+ return $iv;
+
+ } else {
+
+ throw new \Exception( 'Generating IV failed' );
+
+ }
+
+ }
+
+ /**
+ * @brief Generate a pseudo random 1024kb ASCII key
+ * @returns $key Generated key
+ */
+ public static function generateKey() {
+
+ // Generate key
+ if ( $key = base64_encode( openssl_random_pseudo_bytes( 183, $strong ) ) ) {
+
+ if ( !$strong ) {
+
+ // If OpenSSL indicates randomness is insecure, log error
+ throw new \Exception ( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' );
+
+ }
+
+ return $key;
+
+ } else {
+
+ return false;
+
+ }
+
+ }
+
+ /**
+ * @brief Get the blowfish encryption handeler for a key
+ * @param $key string (optional)
+ * @return Crypt_Blowfish blowfish object
+ *
+ * if the key is left out, the default handeler will be used
+ */
+ public static function getBlowfish( $key = '' ) {
+
+ if ( $key ) {
+
+ return new \Crypt_Blowfish( $key );
+
+ } else {
+
+ return false;
+
+ }
+
+ }
+
+ public static function legacyCreateKey( $passphrase ) {
+
+ // Generate a random integer
+ $key = mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 );
+
+ // Encrypt the key with the passphrase
+ $legacyEncKey = self::legacyEncrypt( $key, $passphrase );
+
+ return $legacyEncKey;
+
+ }
+
+ /**
+ * @brief encrypts content using legacy blowfish system
+ * @param $content the cleartext message you want to encrypt
+ * @param $key the encryption key (optional)
+ * @returns encrypted content
+ *
+ * This function encrypts an content
+ */
+ public static function legacyEncrypt( $content, $passphrase = '' ) {
+
+ $bf = self::getBlowfish( $passphrase );
+
+ return $bf->encrypt( $content );
+
+ }
+
+ /**
+ * @brief decrypts content using legacy blowfish system
+ * @param $content the cleartext message you want to decrypt
+ * @param $key the encryption key (optional)
+ * @returns cleartext content
+ *
+ * This function decrypts an content
+ */
+ public static function legacyDecrypt( $content, $passphrase = '' ) {
+
+ $bf = self::getBlowfish( $passphrase );
+
+ $decrypted = $bf->decrypt( $content );
+
+ $trimmed = rtrim( $decrypted, "\0" );
+
+ return $trimmed;
+
+ }
+
+ public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKey, $newPassphrase ) {
+
+ $decrypted = self::legacyDecrypt( $legacyEncryptedContent, $legacyPassphrase );
+
+ $recrypted = self::keyEncryptKeyfile( $decrypted, $publicKey );
+
+ return $recrypted;
+
+ }
+
+ /**
+ * @brief Re-encryptes a legacy blowfish encrypted file using AES with integrated IV
+ * @param $legacyContent the legacy encrypted content to re-encrypt
+ * @returns cleartext content
+ *
+ * This function decrypts an content
+ */
+ public static function legacyRecrypt( $legacyContent, $legacyPassphrase, $newPassphrase ) {
+
+ // TODO: write me
+
+ }
+
+}
\ No newline at end of file |