diff options
| author | Tom Needham <tom@owncloud.com> | 2013-03-05 00:25:56 +0000 |
|---|---|---|
| committer | Tom Needham <tom@owncloud.com> | 2013-03-05 00:25:56 +0000 |
| commit | 370f202251df2425ec49c78265859a804a88433f (patch) | |
| tree | 75fa9d4d8694032dcb6e0987bc97ef379691e546 /apps/files_encryption | |
| parent | f141f8b523f71351841f64ab1e4782b4535ca1b7 (diff) | |
| parent | ef70978524ad0f00c3e5f03a489753547afee45a (diff) | |
| download | nextcloud-server-370f202251df2425ec49c78265859a804a88433f.tar.gz nextcloud-server-370f202251df2425ec49c78265859a804a88433f.zip | |
Rebase to current master
Diffstat (limited to 'apps/files_encryption')
45 files changed, 752 insertions, 967 deletions
diff --git a/apps/files_encryption/ajax/mode.php b/apps/files_encryption/ajax/mode.php deleted file mode 100644 index 64c5be94401..00000000000 --- a/apps/files_encryption/ajax/mode.php +++ /dev/null @@ -1,38 +0,0 @@ -<?php -/**
- * Copyright (c) 2012, Bjoern Schiessle <schiessle@owncloud.com>
- * This file is licensed under the Affero General Public License version 3 or later.
- * See the COPYING-README file.
- */ -
-use OCA\Encryption\Keymanager; - -OCP\JSON::checkAppEnabled('files_encryption');
-OCP\JSON::checkLoggedIn();
-OCP\JSON::callCheck();
- -$mode = $_POST['mode']; -$changePasswd = false; -$passwdChanged = false; - -if ( isset($_POST['newpasswd']) && isset($_POST['oldpasswd']) ) { - $oldpasswd = $_POST['oldpasswd']; - $newpasswd = $_POST['newpasswd']; - $changePasswd = true; - $passwdChanged = Keymanager::changePasswd($oldpasswd, $newpasswd); -} - -$query = \OC_DB::prepare( "SELECT mode FROM *PREFIX*encryption WHERE uid = ?" );
-$result = $query->execute(array(\OCP\User::getUser()));
- -if ($result->fetchRow()){ - $query = OC_DB::prepare( 'UPDATE *PREFIX*encryption SET mode = ? WHERE uid = ?' ); -} else { - $query = OC_DB::prepare( 'INSERT INTO *PREFIX*encryption ( mode, uid ) VALUES( ?, ? )' ); -} - -if ( (!$changePasswd || $passwdChanged) && $query->execute(array($mode, \OCP\User::getUser())) ) { - OCP\JSON::success(); -} else { - OCP\JSON::error(); -}
\ No newline at end of file diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php index 3c100b4957d..3bdf6829a9b 100644 --- a/apps/files_encryption/appinfo/app.php +++ b/apps/files_encryption/appinfo/app.php @@ -13,7 +13,7 @@ OC_FileProxy::register( new OCA\Encryption\Proxy() ); // User-related hooks OCP\Util::connectHook( 'OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login' ); -OCP\Util::connectHook( 'OC_User', 'pre_setPassword','OCA\Encryption\Hooks', 'setPassphrase' ); +OCP\Util::connectHook( 'OC_User', 'pre_setPassword', 'OCA\Encryption\Hooks', 'setPassphrase' ); // Sharing-related hooks OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' ); @@ -44,6 +44,6 @@ if ( } -// Reguster settings scripts +// Register settings scripts OCP\App::registerAdmin( 'files_encryption', 'settings' ); -OCP\App::registerPersonal( 'files_encryption', 'settings-personal' );
\ No newline at end of file +OCP\App::registerPersonal( 'files_encryption', 'settings-personal' ); diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 8bdeee0937b..2731d5a92f7 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -40,7 +40,7 @@ class Hooks { // Manually initialise Filesystem{} singleton with correct
// fake root path, in order to avoid fatal webdav errors
- \OC\Files\Filesystem::init( $params['uid'] . '/' . 'files' . '/' );
+ \OC\Files\Filesystem::init( $params['uid'], $params['uid'] . '/' . 'files' . '/' );
$view = new \OC_FilesystemView( '/' );
@@ -165,16 +165,6 @@ class Hooks { * @brief
*/
public static function postShared( $params ) {
-
- // Delete existing catfile
- Keymanager::deleteFileKey( );
-
- // Generate new catfile and env keys
- Crypt::multiKeyEncrypt( $plainContent, $publicKeys );
-
- // Save env keys to user folders
-
-
}
/**
diff --git a/apps/files_encryption/js/settings-personal.js b/apps/files_encryption/js/settings-personal.js deleted file mode 100644 index 1a53e99d2b4..00000000000 --- a/apps/files_encryption/js/settings-personal.js +++ /dev/null @@ -1,38 +0,0 @@ -/** - * Copyright (c) 2012, Bjoern Schiessle <schiessle@owncloud.com> - * This file is licensed under the Affero General Public License version 3 or later. - * See the COPYING-README file. - */ - -$(document).ready(function(){ - $('input[name=encryption_mode]').change(function(){ - var prevmode = document.getElementById('prev_encryption_mode').value - var client=$('input[value="client"]:checked').val() - ,server=$('input[value="server"]:checked').val() - ,user=$('input[value="user"]:checked').val() - ,none=$('input[value="none"]:checked').val() - if (client) { - $.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'client' }); - if (prevmode == 'server') { - OC.dialogs.info(t('encryption', 'Please switch to your ownCloud client and change your encryption password to complete the conversion.'), t('encryption', 'switched to client side encryption')); - } - } else if (server) { - if (prevmode == 'client') { - OC.dialogs.form([{text:'Login password', name:'newpasswd', type:'password'},{text:'Encryption password used on the client', name:'oldpasswd', type:'password'}],t('encryption', 'Change encryption password to login password'), function(data) { - $.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'server', newpasswd: data[0].value, oldpasswd: data[1].value }, function(result) { - if (result.status != 'success') { - document.getElementById(prevmode+'_encryption').checked = true; - OC.dialogs.alert(t('encryption', 'Please check your passwords and try again.'), t('encryption', 'Could not change your file encryption password to your login password')) - } else { - console.log("alles super"); - } - }, true); - }); - } else { - $.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'server' }); - } - } else { - $.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'none' }); - } - }) -})
\ No newline at end of file diff --git a/apps/files_encryption/js/settings.js b/apps/files_encryption/js/settings.js index 60563bde859..0be857bb73e 100644 --- a/apps/files_encryption/js/settings.js +++ b/apps/files_encryption/js/settings.js @@ -9,38 +9,11 @@ $(document).ready(function(){ $('#encryption_blacklist').multiSelect({ oncheck:blackListChange, onuncheck:blackListChange, - createText:'...', + createText:'...' }); function blackListChange(){ var blackList=$('#encryption_blacklist').val().join(','); OC.AppConfig.setValue('files_encryption','type_blacklist',blackList); } - - //TODO: Handle switch between client and server side encryption - $('input[name=encryption_mode]').change(function(){ - var client=$('input[value="client"]:checked').val() - ,server=$('input[value="server"]:checked').val() - ,user=$('input[value="user"]:checked').val() - ,none=$('input[value="none"]:checked').val() - ,disable=false - if (client) { - OC.AppConfig.setValue('files_encryption','mode','client'); - disable = true; - } else if (server) { - OC.AppConfig.setValue('files_encryption','mode','server'); - disable = true; - } else if (user) { - OC.AppConfig.setValue('files_encryption','mode','user'); - disable = true; - } else { - OC.AppConfig.setValue('files_encryption','mode','none'); - } - if (disable) { - document.getElementById('server_encryption').disabled = true; - document.getElementById('client_encryption').disabled = true; - document.getElementById('user_encryption').disabled = true; - document.getElementById('none_encryption').disabled = true; - } - }) })
\ No newline at end of file diff --git a/apps/files_encryption/l10n/ca.php b/apps/files_encryption/l10n/ca.php index 1b888f7714b..0c661353a77 100644 --- a/apps/files_encryption/l10n/ca.php +++ b/apps/files_encryption/l10n/ca.php @@ -1,9 +1,4 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Connecteu-vos al client ownCloud i canvieu la contrasenya d'encriptació per completar la conversió.", -"switched to client side encryption" => "s'ha commutat a l'encriptació per part del client", -"Change encryption password to login password" => "Canvia la contrasenya d'encriptació per la d'accés", -"Please check your passwords and try again." => "Comproveu les contrasenyes i proveu-ho de nou.", -"Could not change your file encryption password to your login password" => "No s'ha pogut canviar la contrasenya d'encriptació de fitxers per la d'accés", "Encryption" => "Encriptatge", "File encryption is enabled." => "L'encriptació de fitxers està activada.", "The following file types will not be encrypted:" => "Els tipus de fitxers següents no s'encriptaran:", diff --git a/apps/files_encryption/l10n/cs_CZ.php b/apps/files_encryption/l10n/cs_CZ.php index 3278f13920a..d225688a079 100644 --- a/apps/files_encryption/l10n/cs_CZ.php +++ b/apps/files_encryption/l10n/cs_CZ.php @@ -1,9 +1,4 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Prosím přejděte na svého klienta ownCloud a nastavte šifrovací heslo pro dokončení konverze.", -"switched to client side encryption" => "přepnuto na šifrování na straně klienta", -"Change encryption password to login password" => "Změnit šifrovací heslo na přihlašovací", -"Please check your passwords and try again." => "Zkontrolujte, prosím, své heslo a zkuste to znovu.", -"Could not change your file encryption password to your login password" => "Nelze změnit šifrovací heslo na přihlašovací.", "Encryption" => "Šifrování", "File encryption is enabled." => "Šifrování je povoleno.", "The following file types will not be encrypted:" => "Následující typy souborů nebudou šifrovány:", diff --git a/apps/files_encryption/l10n/da.php b/apps/files_encryption/l10n/da.php index c9255759cb8..b085381ea7b 100644 --- a/apps/files_encryption/l10n/da.php +++ b/apps/files_encryption/l10n/da.php @@ -1,9 +1,7 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Skift venligst til din ownCloud-klient og skift krypteringskoden for at fuldføre konverteringen.", -"switched to client side encryption" => "skiftet til kryptering på klientsiden", -"Change encryption password to login password" => "Udskift krypteringskode til login-adgangskode", -"Please check your passwords and try again." => "Check adgangskoder og forsøg igen.", -"Could not change your file encryption password to your login password" => "Kunne ikke udskifte krypteringskode med login-adgangskode", "Encryption" => "Kryptering", +"File encryption is enabled." => "Fil kryptering aktiveret.", +"The following file types will not be encrypted:" => "De følgende filtyper vil ikke blive krypteret:", +"Exclude the following file types from encryption:" => "Ekskluder de følgende fil typer fra kryptering:", "None" => "Ingen" ); diff --git a/apps/files_encryption/l10n/de.php b/apps/files_encryption/l10n/de.php index c3c69e09007..cdcd8a40b23 100644 --- a/apps/files_encryption/l10n/de.php +++ b/apps/files_encryption/l10n/de.php @@ -1,9 +1,7 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Bitte wechseln Sie nun zum ownCloud Client und ändern Sie ihr Verschlüsselungspasswort um die Konvertierung abzuschließen.", -"switched to client side encryption" => "Zur Clientseitigen Verschlüsselung gewechselt", -"Change encryption password to login password" => "Ändern des Verschlüsselungspasswortes zum Anmeldepasswort", -"Please check your passwords and try again." => "Bitte überprüfen sie Ihr Passwort und versuchen Sie es erneut.", -"Could not change your file encryption password to your login password" => "Ihr Verschlüsselungspasswort konnte nicht als Anmeldepasswort gesetzt werden.", "Encryption" => "Verschlüsselung", +"File encryption is enabled." => "Dateiverschlüsselung ist aktiviert", +"The following file types will not be encrypted:" => "Die folgenden Dateitypen werden nicht verschlüsselt:", +"Exclude the following file types from encryption:" => "Schließe die folgenden Dateitypen von der Verschlüsselung aus:", "None" => "Keine" ); diff --git a/apps/files_encryption/l10n/de_DE.php b/apps/files_encryption/l10n/de_DE.php index 465af23efdd..4f08b98eb29 100644 --- a/apps/files_encryption/l10n/de_DE.php +++ b/apps/files_encryption/l10n/de_DE.php @@ -1,12 +1,7 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Bitte wechseln Sie nun zum ownCloud Client und ändern Sie ihr Verschlüsselungspasswort um die Konvertierung abzuschließen.", -"switched to client side encryption" => "Zur Clientseitigen Verschlüsselung gewechselt", -"Change encryption password to login password" => "Ändern des Verschlüsselungspasswortes zum Anmeldepasswort", -"Please check your passwords and try again." => "Bitte überprüfen sie Ihr Passwort und versuchen Sie es erneut.", -"Could not change your file encryption password to your login password" => "Ihr Verschlüsselungspasswort konnte nicht als Anmeldepasswort gesetzt werden.", "Encryption" => "Verschlüsselung", "File encryption is enabled." => "Datei-Verschlüsselung ist aktiviert", -"The following file types will not be encrypted:" => "Die folgenden Datei-Typen werden nicht verschlüsselt:", -"Exclude the following file types from encryption:" => "Die folgenden Datei-Typen von der Verschlüsselung ausnehmen:", +"The following file types will not be encrypted:" => "Die folgenden Dateitypen werden nicht verschlüsselt:", +"Exclude the following file types from encryption:" => "Die folgenden Dateitypen von der Verschlüsselung ausnehmen:", "None" => "Keine" ); diff --git a/apps/files_encryption/l10n/el.php b/apps/files_encryption/l10n/el.php index 94bb68bcbca..0031a731944 100644 --- a/apps/files_encryption/l10n/el.php +++ b/apps/files_encryption/l10n/el.php @@ -1,7 +1,7 @@ <?php $TRANSLATIONS = array( -"Change encryption password to login password" => "Αλλαγή συνθηματικού κρυπτογράφησης στο συνθηματικό εισόδου ", -"Please check your passwords and try again." => "Παρακαλώ ελέγξτε το συνθηματικό σας και προσπαθήστε ξανά.", -"Could not change your file encryption password to your login password" => "Αδυναμία αλλαγής συνθηματικού κρυπτογράφησης αρχείων στο συνθηματικό εισόδου σας", "Encryption" => "Κρυπτογράφηση", +"File encryption is enabled." => "Η κρυπτογράφηση αρχείων είναι ενεργή.", +"The following file types will not be encrypted:" => "Οι παρακάτω τύποι αρχείων δεν θα κρυπτογραφηθούν:", +"Exclude the following file types from encryption:" => "Εξαίρεση των παρακάτω τύπων αρχείων από την κρυπτογράφηση:", "None" => "Καμία" ); diff --git a/apps/files_encryption/l10n/es.php b/apps/files_encryption/l10n/es.php index 73b5f273d1f..4ea87b92e7c 100644 --- a/apps/files_encryption/l10n/es.php +++ b/apps/files_encryption/l10n/es.php @@ -1,9 +1,4 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Por favor, cambie su cliente de ownCloud y cambie su clave de cifrado para completar la conversión.", -"switched to client side encryption" => "Cambiar a cifrado del lado del cliente", -"Change encryption password to login password" => "Cambie la clave de cifrado para su contraseña de inicio de sesión", -"Please check your passwords and try again." => "Por favor revise su contraseña e intentelo de nuevo.", -"Could not change your file encryption password to your login password" => "No se pudo cambiar la contraseña de cifrado de archivos de su contraseña de inicio de sesión", "Encryption" => "Cifrado", "File encryption is enabled." => "La encriptacion de archivo esta activada.", "The following file types will not be encrypted:" => "Los siguientes tipos de archivo no seran encriptados:", diff --git a/apps/files_encryption/l10n/es_AR.php b/apps/files_encryption/l10n/es_AR.php index 8160db10df6..af522879e16 100644 --- a/apps/files_encryption/l10n/es_AR.php +++ b/apps/files_encryption/l10n/es_AR.php @@ -1,9 +1,7 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Por favor, cambiá uu cliente de ownCloud y cambiá tu clave de encriptado para completar la conversión.", -"switched to client side encryption" => "Cambiado a encriptación por parte del cliente", -"Change encryption password to login password" => "Cambiá la clave de encriptado para tu contraseña de inicio de sesión", -"Please check your passwords and try again." => "Por favor, revisá tu contraseña e intentalo de nuevo.", -"Could not change your file encryption password to your login password" => "No se pudo cambiar la contraseña de encriptación de archivos de tu contraseña de inicio de sesión", "Encryption" => "Encriptación", +"File encryption is enabled." => "La encriptación de archivos no está habilitada", +"The following file types will not be encrypted:" => "Los siguientes tipos de archivos no serán encriptados", +"Exclude the following file types from encryption:" => "Excluir los siguientes tipos de archivos de encriptación:", "None" => "Ninguno" ); diff --git a/apps/files_encryption/l10n/et_EE.php b/apps/files_encryption/l10n/et_EE.php index 07f1a48fb0b..0d189ac062e 100644 --- a/apps/files_encryption/l10n/et_EE.php +++ b/apps/files_encryption/l10n/et_EE.php @@ -1,4 +1,7 @@ <?php $TRANSLATIONS = array( "Encryption" => "Krüpteerimine", +"File encryption is enabled." => "Faili krüpteerimine on sisse lülitatud.", +"The following file types will not be encrypted:" => "Järgnevaid failitüüpe ei krüpteerita:", +"Exclude the following file types from encryption:" => "Järgnevaid failitüüpe ei krüpteerita:", "None" => "Pole" ); diff --git a/apps/files_encryption/l10n/eu.php b/apps/files_encryption/l10n/eu.php index a2368816f52..5a22b65728e 100644 --- a/apps/files_encryption/l10n/eu.php +++ b/apps/files_encryption/l10n/eu.php @@ -1,5 +1,7 @@ <?php $TRANSLATIONS = array( -"Please check your passwords and try again." => "Mesedez egiaztatu zure pasahitza eta saia zaitez berriro:", "Encryption" => "Enkriptazioa", +"File encryption is enabled." => "Fitxategien enkriptazioa gaituta dago.", +"The following file types will not be encrypted:" => "Hurrengo fitxategi motak ez dira enkriptatuko:", +"Exclude the following file types from encryption:" => "Baztertu hurrengo fitxategi motak enkriptatzetik:", "None" => "Bat ere ez" ); diff --git a/apps/files_encryption/l10n/fa.php b/apps/files_encryption/l10n/fa.php index 2186c9025b4..21ad7e56566 100644 --- a/apps/files_encryption/l10n/fa.php +++ b/apps/files_encryption/l10n/fa.php @@ -1,5 +1,4 @@ <?php $TRANSLATIONS = array( -"Please check your passwords and try again." => "لطفا گذرواژه خود را بررسی کنید و دوباره امتحان کنید.", "Encryption" => "رمزگذاری", "None" => "هیچکدام" ); diff --git a/apps/files_encryption/l10n/fi_FI.php b/apps/files_encryption/l10n/fi_FI.php index 8a9dd30e670..6352d396b3c 100644 --- a/apps/files_encryption/l10n/fi_FI.php +++ b/apps/files_encryption/l10n/fi_FI.php @@ -1,5 +1,7 @@ <?php $TRANSLATIONS = array( -"Please check your passwords and try again." => "Tarkista salasanasi ja yritä uudelleen.", "Encryption" => "Salaus", +"File encryption is enabled." => "Tiedostojen salaus on käytössä.", +"The following file types will not be encrypted:" => "Seuraavia tiedostotyyppejä ei salata:", +"Exclude the following file types from encryption:" => "Älä salaa seuravia tiedostotyyppejä:", "None" => "Ei mitään" ); diff --git a/apps/files_encryption/l10n/fr.php b/apps/files_encryption/l10n/fr.php index 7d431e6e462..88f1e4a393f 100644 --- a/apps/files_encryption/l10n/fr.php +++ b/apps/files_encryption/l10n/fr.php @@ -1,9 +1,4 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Veuillez vous connecter depuis votre client de synchronisation ownCloud et changer votre mot de passe de chiffrement pour finaliser la conversion.", -"switched to client side encryption" => "Mode de chiffrement changé en chiffrement côté client", -"Change encryption password to login password" => "Convertir le mot de passe de chiffrement en mot de passe de connexion", -"Please check your passwords and try again." => "Veuillez vérifier vos mots de passe et réessayer.", -"Could not change your file encryption password to your login password" => "Impossible de convertir votre mot de passe de chiffrement en mot de passe de connexion", "Encryption" => "Chiffrement", "File encryption is enabled." => "Le chiffrement des fichiers est activé", "The following file types will not be encrypted:" => "Les fichiers de types suivants ne seront pas chiffrés :", diff --git a/apps/files_encryption/l10n/gl.php b/apps/files_encryption/l10n/gl.php index b240990f3d5..3210f715453 100644 --- a/apps/files_encryption/l10n/gl.php +++ b/apps/files_encryption/l10n/gl.php @@ -1,4 +1,7 @@ <?php $TRANSLATIONS = array( "Encryption" => "Cifrado", -"None" => "Nada" +"File encryption is enabled." => "O cifrado de ficheiros está activado", +"The following file types will not be encrypted:" => "Os seguintes tipos de ficheiros non van seren cifrados:", +"Exclude the following file types from encryption:" => "Excluír os seguintes tipos de ficheiros do cifrado:", +"None" => "Ningún" ); diff --git a/apps/files_encryption/l10n/hu_HU.php b/apps/files_encryption/l10n/hu_HU.php index fa62ae75fb6..4043da108c0 100644 --- a/apps/files_encryption/l10n/hu_HU.php +++ b/apps/files_encryption/l10n/hu_HU.php @@ -1,9 +1,7 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Kérjük, hogy váltson át az ownCloud kliensére, és változtassa meg a titkosítási jelszót az átalakítás befejezéséhez.", -"switched to client side encryption" => "átváltva a kliens oldalai titkosításra", -"Change encryption password to login password" => "Titkosítási jelszó módosítása a bejelentkezési jelszóra", -"Please check your passwords and try again." => "Kérjük, ellenőrizze a jelszavait, és próbálja meg újra.", -"Could not change your file encryption password to your login password" => "Nem módosíthatja a fájltitkosítási jelszavát a bejelentkezési jelszavára", "Encryption" => "Titkosítás", +"File encryption is enabled." => "Az állományok titkosítása be van kapcsolva.", +"The following file types will not be encrypted:" => "A következő fájltípusok nem kerülnek titkosításra:", +"Exclude the following file types from encryption:" => "Zárjuk ki a titkosításból a következő fájltípusokat:", "None" => "Egyik sem" ); diff --git a/apps/files_encryption/l10n/id.php b/apps/files_encryption/l10n/id.php index 3f9a6c7d07f..6044348e72e 100644 --- a/apps/files_encryption/l10n/id.php +++ b/apps/files_encryption/l10n/id.php @@ -1,4 +1,7 @@ <?php $TRANSLATIONS = array( -"Encryption" => "enkripsi", -"None" => "tidak ada" +"Encryption" => "Enkripsi", +"File encryption is enabled." => "Enkripsi berkas aktif.", +"The following file types will not be encrypted:" => "Tipe berkas berikut tidak akan dienkripsi:", +"Exclude the following file types from encryption:" => "Kecualikan tipe berkas berikut dari enkripsi:", +"None" => "Tidak ada" ); diff --git a/apps/files_encryption/l10n/it.php b/apps/files_encryption/l10n/it.php index ffa20b718d9..9ab9bc492a0 100644 --- a/apps/files_encryption/l10n/it.php +++ b/apps/files_encryption/l10n/it.php @@ -1,9 +1,4 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Passa al tuo client ownCloud e cambia la password di cifratura per completare la conversione.", -"switched to client side encryption" => "passato alla cifratura lato client", -"Change encryption password to login password" => "Converti la password di cifratura nella password di accesso", -"Please check your passwords and try again." => "Controlla la password e prova ancora.", -"Could not change your file encryption password to your login password" => "Impossibile convertire la password di cifratura nella password di accesso", "Encryption" => "Cifratura", "File encryption is enabled." => "La cifratura dei file è abilitata.", "The following file types will not be encrypted:" => "I seguenti tipi di file non saranno cifrati:", diff --git a/apps/files_encryption/l10n/ja_JP.php b/apps/files_encryption/l10n/ja_JP.php index b7aeb8d8348..35fba615aec 100644 --- a/apps/files_encryption/l10n/ja_JP.php +++ b/apps/files_encryption/l10n/ja_JP.php @@ -1,9 +1,4 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "変換を完了するために、ownCloud クライアントに切り替えて、暗号化パスワードを変更してください。", -"switched to client side encryption" => "クライアントサイドの暗号化に切り替えました", -"Change encryption password to login password" => "暗号化パスワードをログインパスワードに変更", -"Please check your passwords and try again." => "パスワードを確認してもう一度行なってください。", -"Could not change your file encryption password to your login password" => "ファイル暗号化パスワードをログインパスワードに変更できませんでした。", "Encryption" => "暗号化", "File encryption is enabled." => "ファイルの暗号化は有効です。", "The following file types will not be encrypted:" => "次のファイルタイプは暗号化されません:", diff --git a/apps/files_encryption/l10n/ko.php b/apps/files_encryption/l10n/ko.php index 625906d89d6..bd1580578c4 100644 --- a/apps/files_encryption/l10n/ko.php +++ b/apps/files_encryption/l10n/ko.php @@ -1,9 +1,4 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "ownCloud로 전환한 다음 암호화에 사용할 암호를 변경하면 변환이 완료됩니다.", -"switched to client side encryption" => "클라이언트 암호화로 변경됨", -"Change encryption password to login password" => "암호화 암호를 로그인 암호로 변경", -"Please check your passwords and try again." => "암호를 확인한 다음 다시 시도하십시오.", -"Could not change your file encryption password to your login password" => "암호화 암호를 로그인 암호로 변경할 수 없습니다", "Encryption" => "암호화", "None" => "없음" ); diff --git a/apps/files_encryption/l10n/lv.php b/apps/files_encryption/l10n/lv.php index 1aae1377516..fc31ccdb92d 100644 --- a/apps/files_encryption/l10n/lv.php +++ b/apps/files_encryption/l10n/lv.php @@ -1,9 +1,4 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Lūdzu, pārslēdzieties uz savu ownCloud klientu un maniet savu šifrēšanas paroli, lai pabeigtu pārveidošanu.", -"switched to client side encryption" => "Pārslēdzās uz klienta puses šifrēšanu", -"Change encryption password to login password" => "Mainīt šifrēšanas paroli uz ierakstīšanās paroli", -"Please check your passwords and try again." => "Lūdzu, pārbaudiet savas paroles un mēģiniet vēlreiz.", -"Could not change your file encryption password to your login password" => "Nevarēja mainīt datņu šifrēšanas paroli uz ierakstīšanās paroli", "Encryption" => "Šifrēšana", "File encryption is enabled." => "Datņu šifrēšana ir aktivēta.", "The following file types will not be encrypted:" => "Sekojošās datnes netiks šifrētas:", diff --git a/apps/files_encryption/l10n/nl.php b/apps/files_encryption/l10n/nl.php index c434330049b..b1cba96aad7 100644 --- a/apps/files_encryption/l10n/nl.php +++ b/apps/files_encryption/l10n/nl.php @@ -1,9 +1,4 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Schakel om naar uw eigen ownCloud client en wijzig uw versleutelwachtwoord om de conversie af te ronden.", -"switched to client side encryption" => "overgeschakeld naar client side encryptie", -"Change encryption password to login password" => "Verander encryptie wachtwoord naar login wachtwoord", -"Please check your passwords and try again." => "Controleer uw wachtwoorden en probeer het opnieuw.", -"Could not change your file encryption password to your login password" => "Kon het bestandsencryptie wachtwoord niet veranderen naar het login wachtwoord", "Encryption" => "Versleuteling", "File encryption is enabled." => "Bestandsversleuteling geactiveerd.", "The following file types will not be encrypted:" => "De volgende bestandstypen zullen niet worden versleuteld:", diff --git a/apps/files_encryption/l10n/pl.php b/apps/files_encryption/l10n/pl.php index 505e8659f08..2fa86f454f9 100644 --- a/apps/files_encryption/l10n/pl.php +++ b/apps/files_encryption/l10n/pl.php @@ -1,4 +1,7 @@ <?php $TRANSLATIONS = array( "Encryption" => "Szyfrowanie", +"File encryption is enabled." => "Szyfrowanie plików jest włączone", +"The following file types will not be encrypted:" => "Poniższe typy plików nie będą szyfrowane:", +"Exclude the following file types from encryption:" => "Wyłącz poniższe typy plików z szyfrowania:", "None" => "Brak" ); diff --git a/apps/files_encryption/l10n/pt_BR.php b/apps/files_encryption/l10n/pt_BR.php index 356419e0e7f..28807db72ce 100644 --- a/apps/files_encryption/l10n/pt_BR.php +++ b/apps/files_encryption/l10n/pt_BR.php @@ -1,9 +1,7 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Por favor, vá ao seu cliente ownCloud e mude sua criptografia de senha para completar a conversão.", -"switched to client side encryption" => "alterado para criptografia por parte do cliente", -"Change encryption password to login password" => "Mudar senha de criptografia para senha de login", -"Please check your passwords and try again." => "Por favor, verifique suas senhas e tente novamente.", -"Could not change your file encryption password to your login password" => "Não foi possível mudar sua senha de criptografia de arquivos para sua senha de login", "Encryption" => "Criptografia", +"File encryption is enabled." => "A criptografia de arquivos está ativada.", +"The following file types will not be encrypted:" => "Os seguintes tipos de arquivo não serão criptografados:", +"Exclude the following file types from encryption:" => "Excluir os seguintes tipos de arquivo da criptografia:", "None" => "Nenhuma" ); diff --git a/apps/files_encryption/l10n/pt_PT.php b/apps/files_encryption/l10n/pt_PT.php index 4dac4d2273b..1c46011fc10 100644 --- a/apps/files_encryption/l10n/pt_PT.php +++ b/apps/files_encryption/l10n/pt_PT.php @@ -1,9 +1,7 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Por favor, use o seu cliente de sincronização do ownCloud e altere a sua password de encriptação para concluír a conversão.", -"switched to client side encryption" => "Alterado para encriptação do lado do cliente", -"Change encryption password to login password" => "Alterar a password de encriptação para a password de login", -"Please check your passwords and try again." => "Por favor verifique as suas paswords e tente de novo.", -"Could not change your file encryption password to your login password" => "Não foi possível alterar a password de encriptação de ficheiros para a sua password de login", "Encryption" => "Encriptação", +"File encryption is enabled." => "A encriptação de ficheiros está ligada", +"The following file types will not be encrypted:" => "Os seguintes ficheiros não serão encriptados:", +"Exclude the following file types from encryption:" => "Excluir da encriptação os seguintes tipos de ficheiro:", "None" => "Nenhum" ); diff --git a/apps/files_encryption/l10n/ro.php b/apps/files_encryption/l10n/ro.php index 9a3acc18dd3..a5a6fb3cb78 100644 --- a/apps/files_encryption/l10n/ro.php +++ b/apps/files_encryption/l10n/ro.php @@ -1,9 +1,4 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Te rugăm să mergi în clientul ownCloud și să schimbi parola pentru a finisa conversia", -"switched to client side encryption" => "setat la encriptare locală", -"Change encryption password to login password" => "Schimbă parola de ecriptare în parolă de acces", -"Please check your passwords and try again." => "Verifică te rog parolele și înceracă din nou.", -"Could not change your file encryption password to your login password" => "Nu s-a putut schimba parola de encripție a fișierelor ca parolă de acces", "Encryption" => "Încriptare", "None" => "Niciuna" ); diff --git a/apps/files_encryption/l10n/ru.php b/apps/files_encryption/l10n/ru.php index 651885fe022..22c1e3da374 100644 --- a/apps/files_encryption/l10n/ru.php +++ b/apps/files_encryption/l10n/ru.php @@ -1,9 +1,4 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Пожалуйста переключитесь на Ваш клиент ownCloud и поменяйте пароль шиврования для завершения преобразования.", -"switched to client side encryption" => "переключён на шифрование со стороны клиента", -"Change encryption password to login password" => "Изменить пароль шифрования для пароля входа", -"Please check your passwords and try again." => "Пожалуйста проверьте пароли и попробуйте снова.", -"Could not change your file encryption password to your login password" => "Невозможно изменить Ваш пароль файла шифрования для пароля входа", "Encryption" => "Шифрование", "File encryption is enabled." => "Шифрование файла включено.", "The following file types will not be encrypted:" => "Следующие типы файлов не будут зашифрованы:", diff --git a/apps/files_encryption/l10n/ru_RU.php b/apps/files_encryption/l10n/ru_RU.php index dbbb22ed9cf..7222235485c 100644 --- a/apps/files_encryption/l10n/ru_RU.php +++ b/apps/files_encryption/l10n/ru_RU.php @@ -1,7 +1,4 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Пожалуйста, переключитесь на ownCloud-клиент и измените Ваш пароль шифрования для завершения конвертации.", -"switched to client side encryption" => "переключено на шифрование на клиентской стороне", -"Please check your passwords and try again." => "Пожалуйста, проверьте Ваш пароль и попробуйте снова", "Encryption" => "Шифрование", "None" => "Ни один" ); diff --git a/apps/files_encryption/l10n/sk_SK.php b/apps/files_encryption/l10n/sk_SK.php index dc2907e704f..bebb6234710 100644 --- a/apps/files_encryption/l10n/sk_SK.php +++ b/apps/files_encryption/l10n/sk_SK.php @@ -1,12 +1,7 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Prosím, prejdite do svojho klienta ownCloud a zmente šifrovacie heslo na dokončenie konverzie.", -"switched to client side encryption" => "prepnuté na šifrovanie prostredníctvom klienta", -"Change encryption password to login password" => "Zmeniť šifrovacie heslo na prihlasovacie", -"Please check your passwords and try again." => "Skontrolujte si heslo a skúste to znovu.", -"Could not change your file encryption password to your login password" => "Nie je možné zmeniť šifrovacie heslo na prihlasovacie", "Encryption" => "Šifrovanie", -"File encryption is enabled." => "Kryptovanie súborov nastavené.", -"The following file types will not be encrypted:" => "Uvedené typy súborov nebudú kryptované:", -"Exclude the following file types from encryption:" => "Nekryptovať uvedené typy súborov", +"File encryption is enabled." => "Šifrovanie súborov nastavené.", +"The following file types will not be encrypted:" => "Uvedené typy súborov nebudú šifrované:", +"Exclude the following file types from encryption:" => "Nešifrovať uvedené typy súborov", "None" => "Žiadne" ); diff --git a/apps/files_encryption/l10n/sv.php b/apps/files_encryption/l10n/sv.php index e5294974e4e..e214a937a1d 100644 --- a/apps/files_encryption/l10n/sv.php +++ b/apps/files_encryption/l10n/sv.php @@ -1,9 +1,4 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "Vänligen växla till ownCloud klienten och ändra ditt krypteringslösenord för att slutföra omvandlingen.", -"switched to client side encryption" => "Bytte till kryptering på klientsidan", -"Change encryption password to login password" => "Ändra krypteringslösenord till loginlösenord", -"Please check your passwords and try again." => "Kontrollera dina lösenord och försök igen.", -"Could not change your file encryption password to your login password" => "Kunde inte ändra ditt filkrypteringslösenord till ditt loginlösenord", "Encryption" => "Kryptering", "File encryption is enabled." => "Filkryptering är aktiverat.", "The following file types will not be encrypted:" => "Följande filtyper kommer inte att krypteras:", diff --git a/apps/files_encryption/l10n/th_TH.php b/apps/files_encryption/l10n/th_TH.php index 28d9e30864f..e46d2491186 100644 --- a/apps/files_encryption/l10n/th_TH.php +++ b/apps/files_encryption/l10n/th_TH.php @@ -1,9 +1,4 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "กรุณาสลับไปที่โปรแกรมไคลเอนต์ ownCloud ของคุณ แล้วเปลี่ยนรหัสผ่านสำหรับการเข้ารหัสเพื่อแปลงข้อมูลให้เสร็จสมบูรณ์", -"switched to client side encryption" => "สลับไปใช้การเข้ารหัสจากโปรแกรมไคลเอนต์", -"Change encryption password to login password" => "เปลี่ยนรหัสผ่านสำหรับเข้ารหัสไปเป็นรหัสผ่านสำหรับการเข้าสู่ระบบ", -"Please check your passwords and try again." => "กรุณาตรวจสอบรหัสผ่านของคุณแล้วลองใหม่อีกครั้ง", -"Could not change your file encryption password to your login password" => "ไม่สามารถเปลี่ยนรหัสผ่านสำหรับการเข้ารหัสไฟล์ของคุณไปเป็นรหัสผ่านสำหรับการเข้าสู่ระบบของคุณได้", "Encryption" => "การเข้ารหัส", "None" => "ไม่ต้อง" ); diff --git a/apps/files_encryption/l10n/tr.php b/apps/files_encryption/l10n/tr.php index 0868d0a6905..6b42c757e65 100644 --- a/apps/files_encryption/l10n/tr.php +++ b/apps/files_encryption/l10n/tr.php @@ -1,4 +1,7 @@ <?php $TRANSLATIONS = array( "Encryption" => "Şifreleme", +"File encryption is enabled." => "Dosya şifreleme aktif.", +"The following file types will not be encrypted:" => "Belirtilen dosya tipleri şifrelenmeyecek:", +"Exclude the following file types from encryption:" => "Seçilen dosya tiplerini şifreleme:", "None" => "Hiçbiri" ); diff --git a/apps/files_encryption/l10n/uk.php b/apps/files_encryption/l10n/uk.php index 8236c5afefd..d4957141191 100644 --- a/apps/files_encryption/l10n/uk.php +++ b/apps/files_encryption/l10n/uk.php @@ -1,4 +1,7 @@ <?php $TRANSLATIONS = array( "Encryption" => "Шифрування", +"File encryption is enabled." => "Увімкнуто шифрування файлів.", +"The following file types will not be encrypted:" => "Такі типи файлів шифруватись не будуть:", +"Exclude the following file types from encryption:" => "Виключити наступні типи файлів з шифрування:", "None" => "Жоден" ); diff --git a/apps/files_encryption/l10n/vi.php b/apps/files_encryption/l10n/vi.php index b86cd839783..0a88d1b2db6 100644 --- a/apps/files_encryption/l10n/vi.php +++ b/apps/files_encryption/l10n/vi.php @@ -1,4 +1,7 @@ <?php $TRANSLATIONS = array( "Encryption" => "Mã hóa", +"File encryption is enabled." => "Mã hóa file đã mở", +"The following file types will not be encrypted:" => "Loại file sau sẽ không được mã hóa", +"Exclude the following file types from encryption:" => "Việc mã hóa không bao gồm loại file sau", "None" => "Không có gì hết" ); diff --git a/apps/files_encryption/l10n/zh_TW.php b/apps/files_encryption/l10n/zh_TW.php index bd8257ed602..1655e171433 100644 --- a/apps/files_encryption/l10n/zh_TW.php +++ b/apps/files_encryption/l10n/zh_TW.php @@ -1,9 +1,4 @@ <?php $TRANSLATIONS = array( -"Please switch to your ownCloud client and change your encryption password to complete the conversion." => "請至您的 ownCloud 客戶端程式修改您的加密密碼以完成轉換。", -"switched to client side encryption" => "已切換為客戶端加密", -"Change encryption password to login password" => "將加密密碼修改為登入密碼", -"Please check your passwords and try again." => "請檢查您的密碼並再試一次。", -"Could not change your file encryption password to your login password" => "無法變更您的檔案加密密碼為登入密碼", "Encryption" => "加密", "None" => "無" ); diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index d00f71b6141..437a18669e5 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -4,8 +4,8 @@ * ownCloud
*
* @author Sam Tuke, Frank Karlitschek, Robin Appelman
- * @copyright 2012 Sam Tuke samtuke@owncloud.com,
- * Robin Appelman icewind@owncloud.com, Frank Karlitschek
+ * @copyright 2012 Sam Tuke samtuke@owncloud.com,
+ * Robin Appelman icewind@owncloud.com, Frank Karlitschek
* frank@owncloud.org
*
* This library is free software; you can redistribute it and/or
@@ -47,15 +47,15 @@ class Crypt { public static function mode( $user = null ) {
return 'server';
-
+
}
-
- /**
- * @brief Create a new encryption keypair
- * @return array publicKey, privatekey
- */
+
+ /**
+ * @brief Create a new encryption keypair
+ * @return array publicKey, privatekey
+ */
public static function createKeypair() {
-
+
$res = openssl_pkey_new();
// Get private key
@@ -63,570 +63,543 @@ class Crypt { // Get public key
$publicKey = openssl_pkey_get_details( $res );
-
+
$publicKey = $publicKey['key'];
-
+
return( array( 'publicKey' => $publicKey, 'privateKey' => $privateKey ) );
-
+
}
-
- /**
- * @brief Add arbitrary padding to encrypted data
- * @param string $data data to be padded
- * @return padded data
- * @note In order to end up with data exactly 8192 bytes long we must
- * add two letters. It is impossible to achieve exactly 8192 length
- * blocks with encryption alone, hence padding is added to achieve the
- * required length.
- */
+
+ /**
+ * @brief Add arbitrary padding to encrypted data
+ * @param string $data data to be padded
+ * @return padded data
+ * @note In order to end up with data exactly 8192 bytes long we must
+ * add two letters. It is impossible to achieve exactly 8192 length
+ * blocks with encryption alone, hence padding is added to achieve the
+ * required length.
+ */
public static function addPadding( $data ) {
-
+
$padded = $data . 'xx';
-
+
return $padded;
-
+
}
-
- /**
- * @brief Remove arbitrary padding to encrypted data
- * @param string $padded padded data to remove padding from
- * @return unpadded data on success, false on error
- */
+
+ /**
+ * @brief Remove arbitrary padding to encrypted data
+ * @param string $padded padded data to remove padding from
+ * @return unpadded data on success, false on error
+ */
public static function removePadding( $padded ) {
-
+
if ( substr( $padded, -2 ) == 'xx' ) {
-
+
$data = substr( $padded, 0, -2 );
-
+
return $data;
-
+
} else {
-
+
// TODO: log the fact that unpadded data was submitted for removal of padding
return false;
-
+
}
-
+
}
-
- /**
- * @brief Check if a file's contents contains an IV and is symmetrically encrypted
- * @return true / false
- * @note see also OCA\Encryption\Util->isEncryptedPath()
- */
+
+ /**
+ * @brief Check if a file's contents contains an IV and is symmetrically encrypted
+ * @return true / false
+ * @note see also OCA\Encryption\Util->isEncryptedPath()
+ */
public static function isCatfile( $content ) {
-
+
+ if ( !$content ) {
+
+ return false;
+
+ }
+
$noPadding = self::removePadding( $content );
-
+
// Fetch encryption metadata from end of file
$meta = substr( $noPadding, -22 );
-
+
// Fetch IV from end of file
$iv = substr( $meta, -16 );
-
+
// Fetch identifier from start of metadata
$identifier = substr( $meta, 0, 6 );
-
+
if ( $identifier == '00iv00') {
-
+
return true;
-
+
} else {
-
+
return false;
-
+
}
-
+
}
-
+
/**
* Check if a file is encrypted according to database file cache
* @param string $path
* @return bool
*/
public static function isEncryptedMeta( $path ) {
-
+
// TODO: Use DI to get \OC\Files\Filesystem out of here
-
+
// Fetch all file metadata from DB
$metadata = \OC\Files\Filesystem::getFileInfo( $path, '' );
-
+
// Return encryption status
return isset( $metadata['encrypted'] ) and ( bool )$metadata['encrypted'];
-
+
}
-
- /**
- * @brief Check if a file is encrypted via legacy system
- * @param string $relPath The path of the file, relative to user/data;
- * e.g. filename or /Docs/filename, NOT admin/files/filename
- * @return true / false
- */
+
+ /**
+ * @brief Check if a file is encrypted via legacy system
+ * @param string $relPath The path of the file, relative to user/data;
+ * e.g. filename or /Docs/filename, NOT admin/files/filename
+ * @return true / false
+ */
public static function isLegacyEncryptedContent( $data, $relPath ) {
-
+
// Fetch all file metadata from DB
$metadata = \OC\Files\Filesystem::getFileInfo( $relPath, '' );
-
+
// If a file is flagged with encryption in DB, but isn't a
// valid content + IV combination, it's probably using the
// legacy encryption system
- if (
- isset( $metadata['encrypted'] )
- and $metadata['encrypted'] === true
- and ! self::isCatfile( $data )
+ if (
+ isset( $metadata['encrypted'] )
+ and $metadata['encrypted'] === true
+ and ! self::isCatfile( $data )
) {
-
+
return true;
-
+
} else {
-
+
return false;
-
+
}
-
+
}
-
- /**
- * @brief Symmetrically encrypt a string
- * @returns encrypted file
- */
+
+ /**
+ * @brief Symmetrically encrypt a string
+ * @returns encrypted file
+ */
public static function encrypt( $plainContent, $iv, $passphrase = '' ) {
-
+
if ( $encryptedContent = openssl_encrypt( $plainContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {
return $encryptedContent;
-
+
} else {
-
+
\OC_Log::write( 'Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR );
-
+
return false;
-
+
}
-
+
}
-
- /**
- * @brief Symmetrically decrypt a string
- * @returns decrypted file
- */
+
+ /**
+ * @brief Symmetrically decrypt a string
+ * @returns decrypted file
+ */
public static function decrypt( $encryptedContent, $iv, $passphrase ) {
-
+
if ( $plainContent = openssl_decrypt( $encryptedContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {
return $plainContent;
-
-
+
+
} else {
-
+
throw new \Exception( 'Encryption library: Decryption (symmetric) of content failed' );
-
- return false;
-
+
}
-
+
}
-
- /**
- * @brief Concatenate encrypted data with its IV and padding
- * @param string $content content to be concatenated
- * @param string $iv IV to be concatenated
- * @returns string concatenated content
- */
+
+ /**
+ * @brief Concatenate encrypted data with its IV and padding
+ * @param string $content content to be concatenated
+ * @param string $iv IV to be concatenated
+ * @returns string concatenated content
+ */
public static function concatIv ( $content, $iv ) {
-
+
$combined = $content . '00iv00' . $iv;
-
+
return $combined;
-
+
}
-
- /**
- * @brief Split concatenated data and IV into respective parts
- * @param string $catFile concatenated data to be split
- * @returns array keys: encrypted, iv
- */
+
+ /**
+ * @brief Split concatenated data and IV into respective parts
+ * @param string $catFile concatenated data to be split
+ * @returns array keys: encrypted, iv
+ */
public static function splitIv ( $catFile ) {
-
+
// Fetch encryption metadata from end of file
$meta = substr( $catFile, -22 );
-
+
// Fetch IV from end of file
$iv = substr( $meta, -16 );
-
+
// Remove IV and IV identifier text to expose encrypted content
$encrypted = substr( $catFile, 0, -22 );
-
+
$split = array(
'encrypted' => $encrypted
- , 'iv' => $iv
+ , 'iv' => $iv
);
-
+
return $split;
-
+
}
-
- /**
- * @brief Symmetrically encrypts a string and returns keyfile content
- * @param $plainContent content to be encrypted in keyfile
- * @returns encrypted content combined with IV
- * @note IV need not be specified, as it will be stored in the returned keyfile
- * and remain accessible therein.
- */
+
+ /**
+ * @brief Symmetrically encrypts a string and returns keyfile content
+ * @param $plainContent content to be encrypted in keyfile
+ * @returns encrypted content combined with IV
+ * @note IV need not be specified, as it will be stored in the returned keyfile
+ * and remain accessible therein.
+ */
public static function symmetricEncryptFileContent( $plainContent, $passphrase = '' ) {
-
+
if ( !$plainContent ) {
-
+
return false;
-
+
}
-
+
$iv = self::generateIv();
-
+
if ( $encryptedContent = self::encrypt( $plainContent, $iv, $passphrase ) ) {
-
- // Combine content to encrypt with IV identifier and actual IV
- $catfile = self::concatIv( $encryptedContent, $iv );
-
- $padded = self::addPadding( $catfile );
-
- return $padded;
-
+
+ // Combine content to encrypt with IV identifier and actual IV
+ $catfile = self::concatIv( $encryptedContent, $iv );
+
+ $padded = self::addPadding( $catfile );
+
+ return $padded;
+
} else {
-
+
\OC_Log::write( 'Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR );
-
+
return false;
-
+
}
-
+
}
/**
- * @brief Symmetrically decrypts keyfile content
- * @param string $source
- * @param string $target
- * @param string $key the decryption key
- * @returns decrypted content
- *
- * This function decrypts a file
- */
+ * @brief Symmetrically decrypts keyfile content
+ * @param string $source
+ * @param string $target
+ * @param string $key the decryption key
+ * @returns decrypted content
+ *
+ * This function decrypts a file
+ */
public static function symmetricDecryptFileContent( $keyfileContent, $passphrase = '' ) {
-
+
if ( !$keyfileContent ) {
-
+
throw new \Exception( 'Encryption library: no data provided for decryption' );
-
+
}
-
+
// Remove padding
$noPadding = self::removePadding( $keyfileContent );
-
+
// Split into enc data and catfile
$catfile = self::splitIv( $noPadding );
-
+
if ( $plainContent = self::decrypt( $catfile['encrypted'], $catfile['iv'], $passphrase ) ) {
-
+
return $plainContent;
-
+
}
-
+
}
-
+
/**
- * @brief Creates symmetric keyfile content using a generated key
- * @param string $plainContent content to be encrypted
- * @returns array keys: key, encrypted
- * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
- *
- * This function decrypts a file
- */
+ * @brief Creates symmetric keyfile content using a generated key
+ * @param string $plainContent content to be encrypted
+ * @returns array keys: key, encrypted
+ * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
+ *
+ * This function decrypts a file
+ */
public static function symmetricEncryptFileContentKeyfile( $plainContent ) {
-
+
$key = self::generateKey();
-
+
if( $encryptedContent = self::symmetricEncryptFileContent( $plainContent, $key ) ) {
-
+
return array(
'key' => $key
- , 'encrypted' => $encryptedContent
+ , 'encrypted' => $encryptedContent
);
-
+
} else {
-
+
return false;
-
+
}
-
+
}
-
+
/**
- * @brief Create asymmetrically encrypted keyfile content using a generated key
- * @param string $plainContent content to be encrypted
- * @returns array keys: key, encrypted
- * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
- *
- * This function decrypts a file
- */
+ * @brief Create asymmetrically encrypted keyfile content using a generated key
+ * @param string $plainContent content to be encrypted
+ * @returns array keys: key, encrypted
+ * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
+ *
+ * This function decrypts a file
+ */
public static function multiKeyEncrypt( $plainContent, array $publicKeys ) {
-
+
// Set empty vars to be set by openssl by reference
$sealed = '';
$envKeys = array();
-
+
if( openssl_seal( $plainContent, $sealed, $envKeys, $publicKeys ) ) {
-
+
return array(
'keys' => $envKeys
- , 'encrypted' => $sealed
+ , 'encrypted' => $sealed
);
-
+
} else {
-
+
return false;
-
+
}
-
+
}
-
+
/**
- * @brief Asymmetrically encrypt a file using multiple public keys
- * @param string $plainContent content to be encrypted
- * @returns string $plainContent decrypted string
- * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
- *
- * This function decrypts a file
- */
+ * @brief Asymmetrically encrypt a file using multiple public keys
+ * @param string $plainContent content to be encrypted
+ * @returns string $plainContent decrypted string
+ * @note symmetricDecryptFileContent() can be used to decrypt files created using this method
+ *
+ * This function decrypts a file
+ */
public static function multiKeyDecrypt( $encryptedContent, $envKey, $privateKey ) {
-
+
if ( !$encryptedContent ) {
-
+
return false;
-
+
}
-
+
if ( openssl_open( $encryptedContent, $plainContent, $envKey, $privateKey ) ) {
-
+
return $plainContent;
-
+
} else {
-
+
\OC_Log::write( 'Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR );
-
+
return false;
-
+
}
-
+
}
-
- /**
- * @brief Asymetrically encrypt a string using a public key
- * @returns encrypted file
- */
+
+ /**
+ * @brief Asymmetrically encrypt a string using a public key
+ * @returns encrypted file
+ */
public static function keyEncrypt( $plainContent, $publicKey ) {
-
+
openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey );
-
+
return $encryptedContent;
-
+
}
-
- /**
- * @brief Asymetrically decrypt a file using a private key
- * @returns decrypted file
- */
+
+ /**
+ * @brief Asymetrically decrypt a file using a private key
+ * @returns decrypted file
+ */
public static function keyDecrypt( $encryptedContent, $privatekey ) {
-
+
openssl_private_decrypt( $encryptedContent, $plainContent, $privatekey );
-
+
return $plainContent;
-
+
}
- /**
- * @brief Encrypts content symmetrically and generates keyfile asymmetrically
- * @returns array containing catfile and new keyfile.
- * keys: data, key
- * @note this method is a wrapper for combining other crypt class methods
- */
+ /**
+ * @brief Encrypts content symmetrically and generates keyfile asymmetrically
+ * @returns array containing catfile and new keyfile.
+ * keys: data, key
+ * @note this method is a wrapper for combining other crypt class methods
+ */
public static function keyEncryptKeyfile( $plainContent, $publicKey ) {
-
+
// Encrypt plain data, generate keyfile & encrypted file
$cryptedData = self::symmetricEncryptFileContentKeyfile( $plainContent );
-
+
// Encrypt keyfile
$cryptedKey = self::keyEncrypt( $cryptedData['key'], $publicKey );
-
+
return array( 'data' => $cryptedData['encrypted'], 'key' => $cryptedKey );
-
+
}
-
- /**
- * @brief Takes catfile, keyfile, and private key, and
- * performs decryption
- * @returns decrypted content
- * @note this method is a wrapper for combining other crypt class methods
- */
+
+ /**
+ * @brief Takes catfile, keyfile, and private key, and
+ * performs decryption
+ * @returns decrypted content
+ * @note this method is a wrapper for combining other crypt class methods
+ */
public static function keyDecryptKeyfile( $catfile, $keyfile, $privateKey ) {
-
+
// Decrypt the keyfile with the user's private key
$decryptedKeyfile = self::keyDecrypt( $keyfile, $privateKey );
-
+
// Decrypt the catfile symmetrically using the decrypted keyfile
$decryptedData = self::symmetricDecryptFileContent( $catfile, $decryptedKeyfile );
-
+
return $decryptedData;
-
+
}
-
+
/**
- * @brief Symmetrically encrypt a file by combining encrypted component data blocks
- */
+ * @brief Symmetrically encrypt a file by combining encrypted component data blocks
+ */
public static function symmetricBlockEncryptFileContent( $plainContent, $key ) {
-
+
$crypted = '';
-
+
$remaining = $plainContent;
-
+
$testarray = array();
-
+
while( strlen( $remaining ) ) {
-
+
//echo "\n\n\$block = ".substr( $remaining, 0, 6126 );
-
+
// Encrypt a chunk of unencrypted data and add it to the rest
$block = self::symmetricEncryptFileContent( substr( $remaining, 0, 6126 ), $key );
-
+
$padded = self::addPadding( $block );
-
+
$crypted .= $block;
-
+
$testarray[] = $block;
-
+
// Remove the data already encrypted from remaining unencrypted data
$remaining = substr( $remaining, 6126 );
-
+
}
-
- //echo "hags ";
-
- //echo "\n\n\n\$crypted = $crypted\n\n\n";
-
- //print_r($testarray);
-
+
return $crypted;
}
/**
- * @brief Symmetrically decrypt a file by combining encrypted component data blocks
- */
+ * @brief Symmetrically decrypt a file by combining encrypted component data blocks
+ */
public static function symmetricBlockDecryptFileContent( $crypted, $key ) {
-
+
$decrypted = '';
-
+
$remaining = $crypted;
-
+
$testarray = array();
-
+
while( strlen( $remaining ) ) {
-
+
$testarray[] = substr( $remaining, 0, 8192 );
-
+
// Decrypt a chunk of unencrypted data and add it to the rest
$decrypted .= self::symmetricDecryptFileContent( $remaining, $key );
-
+
// Remove the data already encrypted from remaining unencrypted data
$remaining = substr( $remaining, 8192 );
-
+
}
-
- //echo "\n\n\$testarray = "; print_r($testarray);
-
+
return $decrypted;
-
+
}
-
- /**
- * @brief Generates a pseudo random initialisation vector
- * @return String $iv generated IV
- */
+
+ /**
+ * @brief Generates a pseudo random initialisation vector
+ * @return String $iv generated IV
+ */
public static function generateIv() {
-
+
if ( $random = openssl_random_pseudo_bytes( 12, $strong ) ) {
-
+
if ( !$strong ) {
-
+
// If OpenSSL indicates randomness is insecure, log error
\OC_Log::write( 'Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN );
-
+
}
-
+
// We encode the iv purely for string manipulation
// purposes - it gets decoded before use
$iv = base64_encode( $random );
-
+
return $iv;
-
+
} else {
-
- throw new Exception( 'Generating IV failed' );
-
+
+ throw new \Exception( 'Generating IV failed' );
+
}
-
+
}
-
- /**
- * @brief Generate a pseudo random 1024kb ASCII key
- * @returns $key Generated key
- */
+
+ /**
+ * @brief Generate a pseudo random 1024kb ASCII key
+ * @returns $key Generated key
+ */
public static function generateKey() {
-
+
// Generate key
if ( $key = base64_encode( openssl_random_pseudo_bytes( 183, $strong ) ) ) {
-
+
if ( !$strong ) {
-
+
// If OpenSSL indicates randomness is insecure, log error
- throw new Exception ( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' );
-
+ throw new \Exception ( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' );
+
}
-
+
return $key;
-
+
} else {
-
+
return false;
-
- }
-
- }
- public static function changekeypasscode( $oldPassword, $newPassword ) {
-
- if ( \OCP\User::isLoggedIn() ) {
-
- $key = Keymanager::getPrivateKey( $user, $view );
-
- if ( ( $key = Crypt::symmetricDecryptFileContent($key,$oldpasswd) ) ) {
-
- if ( ( $key = Crypt::symmetricEncryptFileContent( $key, $newpasswd ) ) ) {
-
- Keymanager::setPrivateKey( $key );
-
- return true;
- }
-
- }
-
}
-
- return false;
-
+
}
-
+
/**
* @brief Get the blowfish encryption handeler for a key
* @param $key string (optional)
@@ -635,21 +608,21 @@ class Crypt { * if the key is left out, the default handeler will be used
*/
public static function getBlowfish( $key = '' ) {
-
+
if ( $key ) {
-
+
return new \Crypt_Blowfish( $key );
-
+
} else {
-
+
return false;
-
+
}
-
+
}
-
+
public static function legacyCreateKey( $passphrase ) {
-
+
// Generate a random integer
$key = mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 );
@@ -657,9 +630,9 @@ class Crypt { $legacyEncKey = self::legacyEncrypt( $key, $passphrase );
return $legacyEncKey;
-
+
}
-
+
/**
* @brief encrypts content using legacy blowfish system
* @param $content the cleartext message you want to encrypt
@@ -669,54 +642,54 @@ class Crypt { * This function encrypts an content
*/
public static function legacyEncrypt( $content, $passphrase = '' ) {
-
+
$bf = self::getBlowfish( $passphrase );
-
+
return $bf->encrypt( $content );
-
+
}
-
+
/**
- * @brief decrypts content using legacy blowfish system
- * @param $content the cleartext message you want to decrypt
- * @param $key the encryption key (optional)
- * @returns cleartext content
- *
- * This function decrypts an content
- */
+ * @brief decrypts content using legacy blowfish system
+ * @param $content the cleartext message you want to decrypt
+ * @param $key the encryption key (optional)
+ * @returns cleartext content
+ *
+ * This function decrypts an content
+ */
public static function legacyDecrypt( $content, $passphrase = '' ) {
-
+
$bf = self::getBlowfish( $passphrase );
-
+
$decrypted = $bf->decrypt( $content );
-
+
$trimmed = rtrim( $decrypted, "\0" );
-
+
return $trimmed;
-
+
}
-
+
public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKey, $newPassphrase ) {
-
+
$decrypted = self::legacyDecrypt( $legacyEncryptedContent, $legacyPassphrase );
-
+
$recrypted = self::keyEncryptKeyfile( $decrypted, $publicKey );
-
+
return $recrypted;
-
+
}
-
+
/**
- * @brief Re-encryptes a legacy blowfish encrypted file using AES with integrated IV
- * @param $legacyContent the legacy encrypted content to re-encrypt
- * @returns cleartext content
- *
- * This function decrypts an content
- */
+ * @brief Re-encryptes a legacy blowfish encrypted file using AES with integrated IV
+ * @param $legacyContent the legacy encrypted content to re-encrypt
+ * @returns cleartext content
+ *
+ * This function decrypts an content
+ */
public static function legacyRecrypt( $legacyContent, $legacyPassphrase, $newPassphrase ) {
-
+
// TODO: write me
-
+
}
-
-}
\ No newline at end of file +
+} diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index 43af70dacc2..95587797154 100755 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -1,325 +1,323 @@ -<?php
-
-/**
- * ownCloud
- *
- * @author Bjoern Schiessle
- * @copyright 2012 Bjoern Schiessle <schiessle@owncloud.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
- *
- * You should have received a copy of the GNU Affero General Public
- * License along with this library. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-namespace OCA\Encryption;
-
-/**
- * @brief Class to manage storage and retrieval of encryption keys
- * @note Where a method requires a view object, it's root must be '/'
- */
-class Keymanager {
-
- /**
- * @brief retrieve the ENCRYPTED private key from a user
- *
- * @return string private key or false
- * @note the key returned by this method must be decrypted before use
- */
- public static function getPrivateKey( \OC_FilesystemView $view, $user ) {
-
- $path = '/' . $user . '/' . 'files_encryption' . '/' . $user.'.private.key';
-
- $key = $view->file_get_contents( $path );
-
- return $key;
- }
-
- /**
- * @brief retrieve public key for a specified user
- * @return string public key or false
- */
- public static function getPublicKey( \OC_FilesystemView $view, $userId ) {
-
- return $view->file_get_contents( '/public-keys/' . '/' . $userId . '.public.key' );
-
- }
-
- /**
- * @brief retrieve both keys from a user (private and public)
- * @return array keys: privateKey, publicKey
- */
- public static function getUserKeys( \OC_FilesystemView $view, $userId ) {
-
- return array(
- 'publicKey' => self::getPublicKey( $view, $userId )
- , 'privateKey' => self::getPrivateKey( $view, $userId )
- );
-
- }
-
- /**
- * @brief Retrieve public keys of all users with access to a file
- * @param string $path Path to file
- * @return array of public keys for the given file
- * @note Checks that the sharing app is enabled should be performed
- * by client code, that isn't checked here
- */
- public static function getPublicKeys( \OC_FilesystemView $view, $userId, $filePath ) {
-
- $path = ltrim( $path, '/' );
-
- $filepath = '/' . $userId . '/files/' . $filePath;
-
- // Check if sharing is enabled
- if ( OC_App::isEnabled( 'files_sharing' ) ) {
-
-
-
- } else {
-
- // check if it is a file owned by the user and not shared at all
- $userview = new \OC_FilesystemView( '/'.$userId.'/files/' );
-
- if ( $userview->file_exists( $path ) ) {
-
- $users[] = $userId;
-
- }
-
- }
-
- $view = new \OC_FilesystemView( '/public-keys/' );
-
- $keylist = array();
-
- $count = 0;
-
- foreach ( $users as $user ) {
-
- $keylist['key'.++$count] = $view->file_get_contents( $user.'.public.key' );
-
- }
-
- return $keylist;
-
- }
-
- /**
- * @brief store file encryption key
- *
- * @param string $path relative path of the file, including filename
- * @param string $key
- * @return bool true/false
- * @note The keyfile is not encrypted here. Client code must
- * asymmetrically encrypt the keyfile before passing it to this method
- */
- public static function setFileKey( \OC_FilesystemView $view, $path, $userId, $catfile ) {
-
- $basePath = '/' . $userId . '/files_encryption/keyfiles';
-
- $targetPath = self::keySetPreparation( $view, $path, $basePath, $userId );
-
- if ( $view->is_dir( $basePath . '/' . $targetPath ) ) {
-
-
-
- } else {
-
- // Save the keyfile in parallel directory
- return $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile );
-
- }
-
- }
-
- /**
- * @brief retrieve keyfile for an encrypted file
- * @param string file name
- * @return string file key or false on failure
- * @note The keyfile returned is asymmetrically encrypted. Decryption
- * of the keyfile must be performed by client code
- */
- public static function getFileKey( \OC_FilesystemView $view, $userId, $filePath ) {
-
- $filePath_f = ltrim( $filePath, '/' );
-
- $catfilePath = '/' . $userId . '/files_encryption/keyfiles/' . $filePath_f . '.key';
-
- if ( $view->file_exists( $catfilePath ) ) {
-
- return $view->file_get_contents( $catfilePath );
-
- } else {
-
- return false;
-
- }
-
- }
-
- /**
- * @brief Delete a keyfile
- *
- * @param OC_FilesystemView $view
- * @param string $userId username
- * @param string $path path of the file the key belongs to
- * @return bool Outcome of unlink operation
- * @note $path must be relative to data/user/files. e.g. mydoc.txt NOT
- * /data/admin/files/mydoc.txt
- */
- public static function deleteFileKey( \OC_FilesystemView $view, $userId, $path ) {
-
- $trimmed = ltrim( $path, '/' );
- $keyPath = '/' . $userId . '/files_encryption/keyfiles/' . $trimmed . '.key';
-
- // Unlink doesn't tell us if file was deleted (not found returns
- // true), so we perform our own test
- if ( $view->file_exists( $keyPath ) ) {
-
- return $view->unlink( $keyPath );
-
- } else {
-
- \OC_Log::write( 'Encryption library', 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR );
-
- return false;
-
- }
-
- }
-
- /**
- * @brief store private key from the user
- * @param string key
- * @return bool
- * @note Encryption of the private key must be performed by client code
- * as no encryption takes place here
- */
- public static function setPrivateKey( $key ) {
-
- $user = \OCP\User::getUser();
-
- $view = new \OC_FilesystemView( '/' . $user . '/files_encryption' );
-
- \OC_FileProxy::$enabled = false;
-
- if ( !$view->file_exists( '' ) ) $view->mkdir( '' );
-
- return $view->file_put_contents( $user . '.private.key', $key );
-
- \OC_FileProxy::$enabled = true;
-
- }
-
- /**
- * @brief store private keys from the user
- *
- * @param string privatekey
- * @param string publickey
- * @return bool true/false
- */
- public static function setUserKeys($privatekey, $publickey) {
-
- return ( self::setPrivateKey( $privatekey ) && self::setPublicKey( $publickey ) );
-
- }
-
- /**
- * @brief store public key of the user
- *
- * @param string key
- * @return bool true/false
- */
- public static function setPublicKey( $key ) {
-
- $view = new \OC_FilesystemView( '/public-keys' );
-
- \OC_FileProxy::$enabled = false;
-
- if ( !$view->file_exists( '' ) ) $view->mkdir( '' );
-
- return $view->file_put_contents( \OCP\User::getUser() . '.public.key', $key );
-
- \OC_FileProxy::$enabled = true;
-
- }
-
- /**
- * @note 'shareKey' is a more user-friendly name for env_key
- */
- public static function setShareKey( \OC_FilesystemView $view, $path, $userId, $shareKey ) {
-
- $basePath = '/' . $userId . '/files_encryption/share-keys';
-
- $shareKeyPath = self::keySetPreparation( $view, $path, $basePath, $userId );
-
- return $view->file_put_contents( $basePath . '/' . $shareKeyPath . '.shareKey', $shareKey );
-
- }
-
- /**
- * @brief Make preparations to vars and filesystem for saving a keyfile
- */
- public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) {
-
- $targetPath = ltrim( $path, '/' );
-
- $path_parts = pathinfo( $targetPath );
-
- // If the file resides within a subdirectory, create it
- if (
- isset( $path_parts['dirname'] )
- && ! $view->file_exists( $basePath . '/' . $path_parts['dirname'] )
- ) {
-
- $view->mkdir( $basePath . '/' . $path_parts['dirname'] );
-
- }
-
- return $targetPath;
-
- }
-
- /**
- * @brief change password of private encryption key
- *
- * @param string $oldpasswd old password
- * @param string $newpasswd new password
- * @return bool true/false
- */
- public static function changePasswd($oldpasswd, $newpasswd) {
-
- if ( \OCP\User::checkPassword(\OCP\User::getUser(), $newpasswd) ) {
- return Crypt::changekeypasscode($oldpasswd, $newpasswd);
- }
- return false;
-
- }
-
- /**
- * @brief Fetch the legacy encryption key from user files
- * @param string $login used to locate the legacy key
- * @param string $passphrase used to decrypt the legacy key
- * @return true / false
- *
- * if the key is left out, the default handeler will be used
- */
- public function getLegacyKey() {
-
- $user = \OCP\User::getUser();
- $view = new \OC_FilesystemView( '/' . $user );
- return $view->file_get_contents( 'encryption.key' );
-
- }
-
+<?php + +/** + * ownCloud + * + * @author Bjoern Schiessle + * @copyright 2012 Bjoern Schiessle <schiessle@owncloud.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Encryption; + +/** + * @brief Class to manage storage and retrieval of encryption keys + * @note Where a method requires a view object, it's root must be '/' + */ +class Keymanager { + + /** + * @brief retrieve the ENCRYPTED private key from a user + * + * @return string private key or false + * @note the key returned by this method must be decrypted before use + */ + public static function getPrivateKey( \OC_FilesystemView $view, $user ) { + + $path = '/' . $user . '/' . 'files_encryption' . '/' . $user.'.private.key'; + + $key = $view->file_get_contents( $path ); + + return $key; + } + + /** + * @brief retrieve public key for a specified user + * @param \OC_FilesystemView $view + * @param $userId + * @return string public key or false + */ + public static function getPublicKey( \OC_FilesystemView $view, $userId ) { + + return $view->file_get_contents( '/public-keys/' . '/' . $userId . '.public.key' ); + + } + + /** + * @brief retrieve both keys from a user (private and public) + * @param \OC_FilesystemView $view + * @param $userId + * @return array keys: privateKey, publicKey + */ + public static function getUserKeys( \OC_FilesystemView $view, $userId ) { + + return array( + 'publicKey' => self::getPublicKey( $view, $userId ) + , 'privateKey' => self::getPrivateKey( $view, $userId ) + ); + + } + + /** + * @brief Retrieve public keys of all users with access to a file + * @param string $path Path to file + * @return array of public keys for the given file + * @note Checks that the sharing app is enabled should be performed + * by client code, that isn't checked here + */ + public static function getPublicKeys( \OC_FilesystemView $view, $userId, $filePath ) { + + $path = ltrim( $path, '/' ); + + $filepath = '/' . $userId . '/files/' . $filePath; + + // Check if sharing is enabled + if ( OC_App::isEnabled( 'files_sharing' ) ) { + + + + } else { + + // check if it is a file owned by the user and not shared at all + $userview = new \OC_FilesystemView( '/'.$userId.'/files/' ); + + if ( $userview->file_exists( $path ) ) { + + $users[] = $userId; + + } + + } + + $view = new \OC_FilesystemView( '/public-keys/' ); + + $keylist = array(); + + $count = 0; + + foreach ( $users as $user ) { + + $keylist['key'.++$count] = $view->file_get_contents( $user.'.public.key' ); + + } + + return $keylist; + + } + + /** + * @brief store file encryption key + * + * @param string $path relative path of the file, including filename + * @param string $key + * @return bool true/false + * @note The keyfile is not encrypted here. Client code must + * asymmetrically encrypt the keyfile before passing it to this method + */ + public static function setFileKey( \OC_FilesystemView $view, $path, $userId, $catfile ) { + + $basePath = '/' . $userId . '/files_encryption/keyfiles'; + + $targetPath = self::keySetPreparation( $view, $path, $basePath, $userId ); + + if ( $view->is_dir( $basePath . '/' . $targetPath ) ) { + + + + } else { + + // Save the keyfile in parallel directory + return $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile ); + + } + + } + + /** + * @brief retrieve keyfile for an encrypted file + * @param \OC_FilesystemView $view + * @param $userId + * @param $filePath + * @internal param \OCA\Encryption\file $string name + * @return string file key or false + * @note The keyfile returned is asymmetrically encrypted. Decryption + * of the keyfile must be performed by client code + */ + public static function getFileKey( \OC_FilesystemView $view, $userId, $filePath ) { + + $filePath_f = ltrim( $filePath, '/' ); + + $catfilePath = '/' . $userId . '/files_encryption/keyfiles/' . $filePath_f . '.key'; + + if ( $view->file_exists( $catfilePath ) ) { + + return $view->file_get_contents( $catfilePath ); + + } else { + + return false; + + } + + } + + /** + * @brief Delete a keyfile + * + * @param OC_FilesystemView $view + * @param string $userId username + * @param string $path path of the file the key belongs to + * @return bool Outcome of unlink operation + * @note $path must be relative to data/user/files. e.g. mydoc.txt NOT + * /data/admin/files/mydoc.txt + */ + public static function deleteFileKey( \OC_FilesystemView $view, $userId, $path ) { + + $trimmed = ltrim( $path, '/' ); + $keyPath = '/' . $userId . '/files_encryption/keyfiles/' . $trimmed . '.key'; + + // Unlink doesn't tell us if file was deleted (not found returns + // true), so we perform our own test + if ( $view->file_exists( $keyPath ) ) { + + return $view->unlink( $keyPath ); + + } else { + + \OC_Log::write( 'Encryption library', 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR ); + + return false; + + } + + } + + /** + * @brief store private key from the user + * @param string key + * @return bool + * @note Encryption of the private key must be performed by client code + * as no encryption takes place here + */ + public static function setPrivateKey( $key ) { + + $user = \OCP\User::getUser(); + + $view = new \OC_FilesystemView( '/' . $user . '/files_encryption' ); + + \OC_FileProxy::$enabled = false; + + if ( !$view->file_exists( '' ) ) + $view->mkdir( '' ); + + return $view->file_put_contents( $user . '.private.key', $key ); + + } + + /** + * @brief store private keys from the user + * + * @param string privatekey + * @param string publickey + * @return bool true/false + */ + public static function setUserKeys($privatekey, $publickey) { + + return ( self::setPrivateKey( $privatekey ) && self::setPublicKey( $publickey ) ); + + } + + /** + * @brief store public key of the user + * + * @param string key + * @return bool true/false + */ + public static function setPublicKey( $key ) { + + $view = new \OC_FilesystemView( '/public-keys' ); + + \OC_FileProxy::$enabled = false; + + if ( !$view->file_exists( '' ) ) + $view->mkdir( '' ); + + return $view->file_put_contents( \OCP\User::getUser() . '.public.key', $key ); + + + } + + /** + * @brief store file encryption key + * + * @param string $path relative path of the file, including filename + * @param string $key + * @param null $view + * @param string $dbClassName + * @return bool true/false + * @note The keyfile is not encrypted here. Client code must + * asymmetrically encrypt the keyfile before passing it to this method + */ + public static function setShareKey( \OC_FilesystemView $view, $path, $userId, $shareKey ) { + + $basePath = '/' . $userId . '/files_encryption/share-keys'; + + $shareKeyPath = self::keySetPreparation( $view, $path, $basePath, $userId ); + + return $view->file_put_contents( $basePath . '/' . $shareKeyPath . '.shareKey', $shareKey ); + + } + + /** + * @brief Make preparations to vars and filesystem for saving a keyfile + */ + public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) { + + $targetPath = ltrim( $path, '/' ); + + $path_parts = pathinfo( $targetPath ); + + // If the file resides within a subdirectory, create it + if ( + isset( $path_parts['dirname'] ) + && ! $view->file_exists( $basePath . '/' . $path_parts['dirname'] ) + ) { + + $view->mkdir( $basePath . '/' . $path_parts['dirname'] ); + + } + + return $targetPath; + + } + + /** + * @brief Fetch the legacy encryption key from user files + * @param string $login used to locate the legacy key + * @param string $passphrase used to decrypt the legacy key + * @return true / false + * + * if the key is left out, the default handler will be used + */ + public function getLegacyKey() { + + $user = \OCP\User::getUser(); + $view = new \OC_FilesystemView( '/' . $user ); + return $view->file_get_contents( 'encryption.key' ); + + } + }
\ No newline at end of file diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php index d4b993b4c06..65d7d57a05a 100644 --- a/apps/files_encryption/lib/stream.php +++ b/apps/files_encryption/lib/stream.php @@ -173,7 +173,7 @@ class Stream { // $count will always be 8192 https://bugs.php.net/bug.php?id=21641 // This makes this function a lot simpler, but will break this class if the above 'bug' gets 'fixed' - \OCP\Util::writeLog( 'files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', OCP\Util::FATAL ); + \OCP\Util::writeLog( 'files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL ); die(); @@ -209,7 +209,7 @@ class Stream { } /** - * @brief Encrypt and pad data ready for writting to disk + * @brief Encrypt and pad data ready for writing to disk * @param string $plainData data to be encrypted * @param string $key key to use for encryption * @return encrypted data on success, false on failure @@ -403,7 +403,7 @@ class Stream { $encrypted = $this->preWriteEncrypt( $chunk, $this->keyfile ); // Write the data chunk to disk. This will be - // addended to the last data chunk if the file + // attended to the last data chunk if the file // being handled totals more than 6126 bytes fwrite( $this->handle, $encrypted ); diff --git a/apps/files_encryption/settings-personal.php b/apps/files_encryption/settings-personal.php index 6fe4ea6d564..af0273cfdc4 100644 --- a/apps/files_encryption/settings-personal.php +++ b/apps/files_encryption/settings-personal.php @@ -12,8 +12,6 @@ $blackList = explode( ',', \OCP\Config::getAppValue( 'files_encryption', 'type_b $tmpl->assign( 'blacklist', $blackList );
-OCP\Util::addscript('files_encryption','settings-personal');
-
return $tmpl->fetchPage();
return null;
diff --git a/apps/files_encryption/templates/settings-personal.php b/apps/files_encryption/templates/settings-personal.php index 1f71efb1735..5f0accaed5f 100644 --- a/apps/files_encryption/templates/settings-personal.php +++ b/apps/files_encryption/templates/settings-personal.php @@ -1,22 +1,22 @@ <form id="encryption">
<fieldset class="personalblock">
<legend>
- <?php echo $l->t( 'Encryption' ); ?>
+ <?php p($l->t( 'Encryption' )); ?>
</legend>
<p>
- <?php echo $l->t( 'File encryption is enabled.' ); ?>
+ <?php p($l->t( 'File encryption is enabled.' )); ?>
</p>
<?php if ( ! empty( $_["blacklist"] ) ): ?>
<p>
- <?php $l->t( 'The following file types will not be encrypted:' ); ?>
+ <?php p($l->t( 'The following file types will not be encrypted:' )); ?>
</p>
<ul>
<?php foreach( $_["blacklist"] as $type ): ?>
<li>
- <?php echo $type; ?>
+ <?php p($type); ?>
</li>
<?php endforeach; ?>
- </p>
+ </ul>
<?php endif; ?>
</fieldset>
</form>
diff --git a/apps/files_encryption/templates/settings.php b/apps/files_encryption/templates/settings.php index f7ef8a8efe6..b873d7f5aaf 100644 --- a/apps/files_encryption/templates/settings.php +++ b/apps/files_encryption/templates/settings.php @@ -2,17 +2,17 @@ <fieldset class="personalblock"> <p> - <strong><?php echo $l->t( 'Encryption' ); ?></strong> + <strong><?php p($l->t( 'Encryption' )); ?></strong> - <?php echo $l->t( "Exclude the following file types from encryption:" ); ?> + <?php p($l->t( "Exclude the following file types from encryption:" )); ?> <br /> <select id='encryption_blacklist' - title="<?php echo $l->t( 'None' )?>" + title="<?php p($l->t( 'None' ))?>" multiple="multiple"> <?php foreach($_["blacklist"] as $type): ?> - <option selected="selected" value="<?php echo $type; ?>"> <?php echo $type; ?> </option> + <option selected="selected" value="<?php p($type); ?>"> <?php p($type); ?> </option> <?php endforeach;?> </select> </p> |