change private/public key names for consistency reasons

11 files changed, 202 insertions, 226 deletions

diff --git a/apps/files_encryption/ajax/changeRecoveryPassword.php b/apps/files_encryption/ajax/changeRecoveryPassword.php
index bf647f2c8fa..01b76a969b6 100644
--- a/apps/files_encryption/ajax/changeRecoveryPassword.php
+++ b/apps/files_encryption/ajax/changeRecoveryPassword.php
@@ -55,16 +55,15 @@ $proxyStatus = \OC_FileProxy::$enabled;
 \OC_FileProxy::$enabled = false;
 
 $keyId = $util->getRecoveryKeyId();
-$keyPath = '/owncloud_private_key/' . $keyId . '.private.key';
 
-$encryptedRecoveryKey = $view->file_get_contents($keyPath);
-$decryptedRecoveryKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedRecoveryKey, $oldPassword);
+$encryptedRecoveryKey = Encryption\Keymanager::getPrivateSystemKey($keyId);
+$decryptedRecoveryKey = $encryptedRecoveryKey ? \OCA\Encryption\Crypt::decryptPrivateKey($encryptedRecoveryKey, $oldPassword) : false;
 
 if ($decryptedRecoveryKey) {
 	$cipher = \OCA\Encryption\Helper::getCipher();
 	$encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($decryptedRecoveryKey, $newPassword, $cipher);
 	if ($encryptedKey) {
-		\OCA\Encryption\Keymanager::setPrivateSystemKey($encryptedKey, $keyId . '.private.key');
+		\OCA\Encryption\Keymanager::setPrivateSystemKey($encryptedKey, $keyId);
 		$return = true;
 	}
 }
diff --git a/apps/files_encryption/ajax/updatePrivateKeyPassword.php b/apps/files_encryption/ajax/updatePrivateKeyPassword.php
index fa5e279b21b..97da3811a0f 100644
--- a/apps/files_encryption/ajax/updatePrivateKeyPassword.php
+++ b/apps/files_encryption/ajax/updatePrivateKeyPassword.php
@@ -36,10 +36,8 @@ if ($passwordCorrect !== false) {
 $proxyStatus = \OC_FileProxy::$enabled;
 \OC_FileProxy::$enabled = false;
 
-$keyPath = '/' . $user . '/files_encryption/' . $user . '.private.key';
-
-$encryptedKey = $view->file_get_contents($keyPath);
-$decryptedKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword);
+$encryptedKey = Encryption\Keymanager::getPrivateKey($view, $user);
+$decryptedKey = $encryptedKey ? \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword) : false;
 
 if ($decryptedKey) {
 	$cipher = \OCA\Encryption\Helper::getCipher();
diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
index 1413a0580a1..e9d0235d167 100644
--- a/apps/files_encryption/hooks/hooks.php
+++ b/apps/files_encryption/hooks/hooks.php
@@ -152,18 +152,7 @@ class Hooks {
 	public static function postDeleteUser($params) {

 

 		if (\OCP\App::isEnabled('files_encryption')) {

-			$view = new \OC\Files\View('/');

-

-			// cleanup public key

-			$publicKey = '/public-keys/' . $params['uid'] . '.public.key';

-

-			// Disable encryption proxy to prevent recursive calls

-			$proxyStatus = \OC_FileProxy::$enabled;

-			\OC_FileProxy::$enabled = false;

-

-			$view->unlink($publicKey);

-

-			\OC_FileProxy::$enabled = $proxyStatus;

+			Keymanager::deletePublicKey(new \OC\Files\View(), $params['uid']);

 		}

 	}

 

@@ -244,7 +233,7 @@ class Hooks {
 					\OC_FileProxy::$enabled = false;

 

 					// Save public key

-					$view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']);

+					Keymanager::setPublicKey($keypair['publicKey'], $user);

 

 					// Encrypt private key with new password

 					$encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword, Helper::getCipher());

@@ -292,7 +281,7 @@ class Hooks {
 

 		$l = new \OC_L10N('files_encryption');

 		$users = array();

-		$view = new \OC\Files\View('/public-keys/');

+		$view = new \OC\Files\View('/');

 

 		switch ($params['shareType']) {

 			case \OCP\Share::SHARE_TYPE_USER:

@@ -305,7 +294,7 @@ class Hooks {
 

 		$notConfigured = array();

 		foreach ($users as $user) {

-			if (!$view->file_exists($user . '.public.key')) {

+			if (!Keymanager::publicKeyExists($view, $user)) {

 				$notConfigured[] = $user;

 			}

 		}

diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index 3f4d2c99e19..24e1494fc00 100644
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -19,7 +19,7 @@
  * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
  *
  * You should have received a copy of the GNU Affero General Public
- * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ * License alon with this library.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
 
@@ -108,6 +108,25 @@ class Helper {
 	}
 
 	/**
+	 * get recovery key id
+	 *
+	 * @return string|bool recovery key ID or false
+	 */
+	public static function getRecoveryKeyId() {
+		$appConfig = \OC::$server->getAppConfig();
+		$key = $appConfig->getValue('files_encryption', 'recoveryKeyId');
+
+		return ($key === null) ? false : $key;
+	}
+
+	public static function getPublicShareKeyId() {
+		$appConfig = \OC::$server->getAppConfig();
+		$key = $appConfig->getValue('files_encryption', 'publicShareKeyId');
+
+		return ($key === null) ? false : $key;
+	}
+
+	/**
 	 * enable recovery
 	 *
 	 * @param string $recoveryKeyId
@@ -126,38 +145,22 @@ class Helper {
 			$appConfig->setValue('files_encryption', 'recoveryKeyId', $recoveryKeyId);
 		}
 
-		if (!$view->is_dir('/owncloud_private_key')) {
-			$view->mkdir('/owncloud_private_key');
-		}
-
-		if (
-			(!$view->file_exists("/public-keys/" . $recoveryKeyId . ".public.key")
-			 || !$view->file_exists("/owncloud_private_key/" . $recoveryKeyId . ".private.key"))
-		) {
+		if (!Keymanager::recoveryKeyExists($view)) {
 
 			$keypair = \OCA\Encryption\Crypt::createKeypair();
 
-			\OC_FileProxy::$enabled = false;
-
 			// Save public key
-
-			if (!$view->is_dir('/public-keys')) {
-				$view->mkdir('/public-keys');
-			}
-
-			$view->file_put_contents('/public-keys/' . $recoveryKeyId . '.public.key', $keypair['publicKey']);
+			Keymanager::setPublicKey($keypair['publicKey'], $recoveryKeyId);
 
 			$cipher = \OCA\Encryption\Helper::getCipher();
 			$encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($keypair['privateKey'], $recoveryPassword, $cipher);
 			if ($encryptedKey) {
-				Keymanager::setPrivateSystemKey($encryptedKey, $recoveryKeyId . '.private.key');
+				Keymanager::setPrivateSystemKey($encryptedKey, $recoveryKeyId);
 				// Set recoveryAdmin as enabled
 				$appConfig->setValue('files_encryption', 'recoveryAdminEnabled', 1);
 				$return = true;
 			}
 
-			\OC_FileProxy::$enabled = true;
-
 		} else { // get recovery key and check the password
 			$util = new \OCA\Encryption\Util(new \OC\Files\View('/'), \OCP\User::getUser());
 			$return = $util->checkRecoveryPassword($recoveryPassword);
diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php
index 0885267ece0..2c340bcb23f 100644
--- a/apps/files_encryption/lib/keymanager.php
+++ b/apps/files_encryption/lib/keymanager.php
@@ -34,37 +34,69 @@ class Keymanager {
 	const KEYS_BASE_DIR = '/files_encryption/keys/';
 
 	/**
-	 * retrieve the ENCRYPTED private key from a user
+	 * read key from hard disk
 	 *
-	 * @param \OC\Files\View $view
-	 * @param string $user
-	 * @return string private key or false (hopefully)
-	 * @note the key returned by this method must be decrypted before use
+	 * @param string $path to key
+	 * @return string|bool either the key or false
 	 */
-	public static function getPrivateKey(\OC\Files\View $view, $user) {
+	private static function getKey($path, $view) {
+		$proxyStatus = \OC_FileProxy::$enabled;
+		\OC_FileProxy::$enabled = false;
 
-		$path = '/' . $user . '/' . 'files_encryption' . '/' . $user . '.private.key';
 		$key = false;
-
 		if ($view->file_exists($path)) {
 			$key = $view->file_get_contents($path);
 		}
 
+		\OC_FileProxy::$enabled = $proxyStatus;
+
 		return $key;
 	}
 
 	/**
+	 * write key to disk
+	 *
+	 *
+	 * @param string $path path to key directory
+	 * @param string $name key name
+	 * @param string $key key
+	 * @param \OC\Files\View $view
+	 * @return bool
+	 */
+	private static function setKey($path, $name, $key, $view) {
+		$proxyStatus = \OC_FileProxy::$enabled;
+		\OC_FileProxy::$enabled = false;
+
+		self::keySetPreparation($view, $path);
+		$result = $view->file_put_contents($path . '/' . $name, $key);
+
+		\OC_FileProxy::$enabled = $proxyStatus;
+
+		return (is_int($result) && $result > 0) ? true : false;
+	}
+
+	/**
+	 * retrieve the ENCRYPTED private key from a user
+	 *
+	 * @param \OC\Files\View $view
+	 * @param string $user
+	 * @return string private key or false (hopefully)
+	 * @note the key returned by this method must be decrypted before use
+	 */
+	public static function getPrivateKey(\OC\Files\View $view, $user) {
+		$path = '/' . $user . '/' . 'files_encryption' . '/' . $user . '.privateKey';
+		return self::getKey($path, $view);
+	}
+
+	/**
 	 * retrieve public key for a specified user
 	 * @param \OC\Files\View $view
 	 * @param string $userId
 	 * @return string public key or false
 	 */
 	public static function getPublicKey(\OC\Files\View $view, $userId) {
-
-		$result = $view->file_get_contents('/public-keys/' . $userId . '.public.key');
-
-		return $result;
-
+		$path = '/public-keys/' . $userId . '.publicKey';
+		return self::getKey($path, $view);
 	}
 
 	/**
@@ -91,7 +123,6 @@ class Keymanager {
 	public static function getPublicKeys(\OC\Files\View $view, array $userIds) {
 
 		$keys = array();
-
 		foreach ($userIds as $userId) {
 			$keys[$userId] = self::getPublicKey($view, $userId);
 		}
@@ -112,15 +143,8 @@ class Keymanager {
 	 * asymmetrically encrypt the keyfile before passing it to this method
 	 */
 	public static function setFileKey(\OC\Files\View $view, $util, $path, $catfile) {
-
-		$basePath = self::getKeyPath($view, $util, $path);
-
-		self::keySetPreparation($view, $basePath);
-
-		$result = $view->file_put_contents(
-				$basePath . '/fileKey', $catfile);
-
-		return $result;
+		$path = self::getKeyPath($view, $util, $path);
+		return self::setKey($path, 'fileKey', $catfile, $view);
 
 	}
 
@@ -161,23 +185,8 @@ class Keymanager {
 	 * @return string
 	 */
 	public static function getFileKeyPath($view, $util, $path) {
-
-		if ($view->is_dir('/' . \OCP\User::getUser() . '/' . $path)) {
-			throw new Exception\EncryptionException('file was expected but directoy was given', Exception\EncryptionException::GENERIC);
-		}
-
-		list($owner, $filename) = $util->getUidAndFilename($path);
-		$filename = Helper::stripPartialFileExtension($filename);
-		$filePath_f = ltrim($filename, '/');
-
-		// in case of system wide mount points the keys are stored directly in the data directory
-		if ($util->isSystemWideMountPoint($filename)) {
-			$keyfilePath = self::KEYS_BASE_DIR . $filePath_f . '/fileKey';
-		} else {
-			$keyfilePath = '/' . $owner . self::KEYS_BASE_DIR . $filePath_f . '/fileKey';
-		}
-
-		return $keyfilePath;
+		$keyDir = self::getKeyPath($view, $util, $path);
+		return $keyDir . 'fileKey';
 	}
 
 	/**
@@ -190,22 +199,37 @@ class Keymanager {
 	 * @retrun string
 	 */
 	public static function getShareKeyPath($view, $util, $path, $uid) {
+		$keyDir = self::getKeyPath($view, $util, $path);
+		return $keyDir . $uid . '.shareKey';
+	}
 
-		if ($view->is_dir('/' . \OCP\User::getUser() . '/' . $path)) {
-			throw new Exception\EncryptionException('file was expected but directoy was given', Exception\EncryptionException::GENERIC);
-		}
+	/**
+	 * delete public key from a given user
+	 *
+	 * @param \OC\Files\View $view
+	 * @param string $uid user
+	 * @return bool
+	 */
+	public static function deletePublicKey($view, $uid) {
 
-		list($owner, $filename) = $util->getUidAndFilename($path);
-		$filename = Helper::stripPartialFileExtension($filename);
+		$result = false;
 
-		// in case of system wide mount points the keys are stored directly in the data directory
-		if ($util->isSystemWideMountPoint($filename)) {
-			$shareKeyPath = self::KEYS_BASE_DIR . $filename . '/'. $uid . '.shareKey';
-		} else {
-			$shareKeyPath = '/' . $owner . self::KEYS_BASE_DIR . $filename . '/' . $uid . '.shareKey';
+		if (!\OCP\User::userExists($uid)) {
+			$publicKey = '/public-keys/' . $uid . '.publicKey';
+			$result = $view->unlink($publicKey);
 		}
 
-		return $shareKeyPath;
+		return $result;
+	}
+
+	/**
+	 * check if public key for user exists
+	 *
+	 * @param \OC\Files\View $view
+	 * @param string $uid
+	 */
+	public static function publicKeyExists($view, $uid) {
+		return $view->file_exists('/public-keys/'. $uid . '.publicKey');
 	}
 
 
@@ -221,17 +245,8 @@ class Keymanager {
 	 * of the keyfile must be performed by client code
 	 */
 	public static function getFileKey($view, $util, $filePath) {
-
-		$keyfilePath = self::getFileKeyPath($view, $util, $filePath);
-
-		if ($view->file_exists($keyfilePath)) {
-			$result = $view->file_get_contents($keyfilePath);
-		} else {
-			$result = false;
-		}
-
-		return $result;
-
+		$path = self::getFileKeyPath($view, $util, $filePath);
+		return self::getKey($path, $view);
 	}
 
 	/**
@@ -243,80 +258,86 @@ class Keymanager {
 	 */
 	public static function setPrivateKey($key, $user = '') {
 
-		if ($user === '') {
-			$user = \OCP\User::getUser();
-		}
-
+		$user = $user === '' ? \OCP\User::getUser() : $user;
+		$path = '/' . $user . '/files_encryption';
 		$header = Crypt::generateHeader();
 
-		$view = new \OC\Files\View('/' . $user . '/files_encryption');
+		return self::setKey($path, $user . '.privateKey', $header . $key, new \OC\Files\View());
 
-		$proxyStatus = \OC_FileProxy::$enabled;
-		\OC_FileProxy::$enabled = false;
+	}
 
-		if (!$view->file_exists('')) {
-			$view->mkdir('');
+	/**
+	 * check if recovery key exists
+	 *
+	 * @param \OC\Files\View $view
+	 * @return bool
+	 */
+	public static function recoveryKeyExists($view) {
+
+		$result = false;
+
+		$recoveryKeyId = Helper::getRecoveryKeyId();
+		if ($recoveryKeyId) {
+			$result = ($view->file_exists("/public-keys/" . $recoveryKeyId . ".publicKey")
+					&& $view->file_exists("/owncloud_private_key/" . $recoveryKeyId . ".privateKey"));
 		}
 
-		$result = $view->file_put_contents($user . '.private.key', $header . $key);
+		return $result;
+	}
+
+	public static function publicShareKeyExists($view) {
+		$result = false;
 
-		\OC_FileProxy::$enabled = $proxyStatus;
+		$publicShareKeyId = Helper::getPublicShareKeyId();
+		if ($publicShareKeyId) {
+			$result = ($view->file_exists("/public-keys/" . $publicShareKeyId . ".publicKey")
+					&& $view->file_exists("/owncloud_private_key/" . $publicShareKeyId . ".privateKey"));
+
+		}
 
 		return $result;
+	}
+
+	/**
+	 * store public key from the user
+	 * @param string $key
+	 * @param string $user
+	 *
+	 * @return bool
+	 */
+	public static function setPublicKey($key, $user = '') {
 
+		$user = $user === '' ? \OCP\User::getUser() : $user;
+		$path = '/public-keys';
+
+		return self::setKey($path, $user . '.publicKey', $key, new \OC\Files\View('/'));
 	}
 
 	/**
 	 * write private system key (recovery and public share key) to disk
 	 *
 	 * @param string $key encrypted key
-	 * @param string $keyName name of the key file
+	 * @param string $keyName name of the key
 	 * @return boolean
 	 */
 	public static function setPrivateSystemKey($key, $keyName) {
 
+		$keyName = $keyName . '.privateKey';
+		$path = '/owncloud_private_key';
 		$header = Crypt::generateHeader();
 
-		$view = new \OC\Files\View('/owncloud_private_key');
-
-		$proxyStatus = \OC_FileProxy::$enabled;
-		\OC_FileProxy::$enabled = false;
-
-		if (!$view->file_exists('')) {
-			$view->mkdir('');
-		}
-
-		$result = $view->file_put_contents($keyName, $header . $key);
-
-		\OC_FileProxy::$enabled = $proxyStatus;
-
-		return $result;
+		return self::setKey($path, $keyName,$header . $key, new \OC\Files\View());
 	}
 
 	/**
-	 * store share key
+	 * read private system key (recovery and public share key) from disk
 	 *
-	 * @param \OC\Files\View $view
-	 * @param string $path where the share key is stored
-	 * @param string $shareKey
-	 * @return bool true/false
-	 * @note The keyfile is not encrypted here. Client code must
-	 * asymmetrically encrypt the keyfile before passing it to this method
+	 * @param string $keyName name of the key
+	 * @return string|boolean private system key or false
 	 */
-	private static function setShareKey(\OC\Files\View $view, $path, $shareKey) {
-
-		$proxyStatus = \OC_FileProxy::$enabled;
-		\OC_FileProxy::$enabled = false;
-
-		$result = $view->file_put_contents($path, $shareKey);
-
-		\OC_FileProxy::$enabled = $proxyStatus;
-
-		if (is_int($result) && $result > 0) {
-			return true;
-		} else {
-			return false;
-		}
+	public static function getPrivateSystemKey($keyName) {
+		$path = $keyName . '.privateKey';
+		return self::getKey($path, new \OC\Files\View('/owncloud_private_key'));
 	}
 
 	/**
@@ -337,11 +358,7 @@ class Keymanager {
 		$result = true;
 
 		foreach ($shareKeys as $userId => $shareKey) {
-
-			$writePath = $basePath . '/' . $userId . '.shareKey';
-
-			if (!self::setShareKey($view, $writePath, $shareKey)) {
-
+			if (!self::setKey($basePath, $userId . '.shareKey', $shareKey, $view)) {
 				// If any of the keys are not set, flag false
 				$result = false;
 			}
@@ -362,16 +379,8 @@ class Keymanager {
 	 * of the keyfile must be performed by client code
 	 */
 	public static function getShareKey($view, $userId, $util, $filePath) {
-
-		$shareKeyPath = self::getShareKeyPath($view, $util, $filePath, $userId);
-
-		if ($view->file_exists($shareKeyPath)) {
-			$result = $view->file_get_contents($shareKeyPath);
-		} else {
-			$result = false;
-		}
-
-		return $result;
+		$path = self::getShareKeyPath($view, $util, $filePath, $userId);
+		return self::getKey($path, $view);
 	}
 
 	/**
@@ -432,7 +441,6 @@ class Keymanager {
 	 * @param string $basePath
 	 */
 	protected static function keySetPreparation($view, $path) {
-
 		// If the file resides within a subdirectory, create it
 		if (!$view->file_exists($path)) {
 			$sub_dirs = explode('/', $path);
diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php
index e4fef536235..355264a5070 100644
--- a/apps/files_encryption/lib/session.php
+++ b/apps/files_encryption/lib/session.php
@@ -56,43 +56,30 @@ class Session {
 
 		$appConfig = \OC::$server->getAppConfig();
 
-		$publicShareKeyId = $appConfig->getValue('files_encryption', 'publicShareKeyId');
+		$publicShareKeyId = Helper::getPublicShareKeyId();
 
-		if ($publicShareKeyId === null) {
+		if ($publicShareKeyId === false) {
 			$publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
 			$appConfig->setValue('files_encryption', 'publicShareKeyId', $publicShareKeyId);
 		}
 
-		if (
-			!$this->view->file_exists("/public-keys/" . $publicShareKeyId . ".public.key")
-			|| !$this->view->file_exists("/owncloud_private_key/" . $publicShareKeyId . ".private.key")
-		) {
+		if (!Keymanager::publicShareKeyExists($view)) {
 
 			$keypair = Crypt::createKeypair();
 
-			// Disable encryption proxy to prevent recursive calls
-			$proxyStatus = \OC_FileProxy::$enabled;
-			\OC_FileProxy::$enabled = false;
 
 			// Save public key
-
-			if (!$view->is_dir('/public-keys')) {
-				$view->mkdir('/public-keys');
-			}
-
-			$this->view->file_put_contents('/public-keys/' . $publicShareKeyId . '.public.key', $keypair['publicKey']);
+			Keymanager::setPublicKey($keypair['publicKey'], $publicShareKeyId);
 
 			// Encrypt private key empty passphrase
 			$cipher = \OCA\Encryption\Helper::getCipher();
 			$encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($keypair['privateKey'], '', $cipher);
 			if ($encryptedKey) {
-				Keymanager::setPrivateSystemKey($encryptedKey, $publicShareKeyId . '.private.key');
+				Keymanager::setPrivateSystemKey($encryptedKey, $publicShareKeyId);
 			} else {
 				\OCP\Util::writeLog('files_encryption', 'Could not create public share keys', \OCP\Util::ERROR);
 			}
 
-			\OC_FileProxy::$enabled = $proxyStatus;
-
 		}
 
 		if (\OCA\Encryption\Helper::isPublicAccess() && !self::getPublicSharePrivateKey()) {
@@ -100,8 +87,7 @@ class Session {
 			$proxyStatus = \OC_FileProxy::$enabled;
 			\OC_FileProxy::$enabled = false;
 
-			$encryptedKey = $this->view->file_get_contents(
-				'/owncloud_private_key/' . $publicShareKeyId . '.private.key');
+			$encryptedKey = Keymanager::getPrivateSystemKey($publicShareKeyId);
 			$privateKey = Crypt::decryptPrivateKey($encryptedKey, '');
 			self::setPublicSharePrivateKey($privateKey);
 
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index 8299ed5fe6e..6c1b2f60d7e 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -77,9 +77,9 @@ class Util {
 		$this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption';
 		$this->keysPath = $this->encryptionDir . '/' . 'keys';
 		$this->publicKeyPath =
-				$this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key
+				$this->publicKeyDir . '/' . $this->userId . '.publicKey'; // e.g. data/public-keys/admin.publicKey
 		$this->privateKeyPath =
-				$this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key
+				$this->encryptionDir . '/' . $this->userId . '.privateKey'; // e.g. data/admin/admin.privateKey
 		// make sure that the owners home is mounted
 		\OC\Files\Filesystem::initMountPoints($userId);
 
@@ -1363,22 +1363,14 @@ class Util {
 	public function checkRecoveryPassword($password) {
 
 		$result = false;
-		$pathKey = '/owncloud_private_key/' . $this->recoveryKeyId . ".private.key";
-
-		$proxyStatus = \OC_FileProxy::$enabled;
-		\OC_FileProxy::$enabled = false;
-
-		$recoveryKey = $this->view->file_get_contents($pathKey);
 
+		$recoveryKey = Keymanager::getPrivateSystemKey($this->recoveryKeyId);
 		$decryptedRecoveryKey = Crypt::decryptPrivateKey($recoveryKey, $password);
 
 		if ($decryptedRecoveryKey) {
 			$result = true;
 		}
 
-		\OC_FileProxy::$enabled = $proxyStatus;
-
-
 		return $result;
 	}
 
@@ -1486,16 +1478,9 @@ class Util {
 	 */
 	public function recoverUsersFiles($recoveryPassword) {
 
-		// Disable encryption proxy to prevent recursive calls
-		$proxyStatus = \OC_FileProxy::$enabled;
-		\OC_FileProxy::$enabled = false;
-
-		$encryptedKey = $this->view->file_get_contents(
-			'/owncloud_private_key/' . $this->recoveryKeyId . '.private.key');
+		$encryptedKey = Keymanager::getPrivateSystemKey( $this->recoveryKeyId);
 		$privateKey = Crypt::decryptPrivateKey($encryptedKey, $recoveryPassword);
 
-		\OC_FileProxy::$enabled = $proxyStatus;
-
 		$this->recoverAllFiles('/', $privateKey);
 	}
 
@@ -1510,8 +1495,8 @@ class Util {
 		$backupDir .= ($purpose === '') ? date("Y-m-d_H-i-s") . '/' : $purpose . '.' . date("Y-m-d_H-i-s") . '/';
 		$this->view->mkdir($backupDir);
 		$this->view->copy($this->keysPath, $backupDir . 'keys/');
-		$this->view->copy($this->privateKeyPath, $backupDir . $this->userId . '.private.key');
-		$this->view->copy($this->publicKeyPath, $backupDir . $this->userId . '.public.key');
+		$this->view->copy($this->privateKeyPath, $backupDir . $this->userId . '.privateKey');
+		$this->view->copy($this->publicKeyPath, $backupDir . $this->userId . '.publicKey');
 	}
 
 	/**
@@ -1571,7 +1556,10 @@ class Util {
 
 		$encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']);
 
-		$privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
+		$privateKey = false;
+		if ($encryptedKey) {
+			$privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
+		}
 
 		if ($privateKey === false) {
 			\OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid']
diff --git a/apps/files_encryption/tests/hooks.php b/apps/files_encryption/tests/hooks.php
index 944d8a38870..fc40d4cd61f 100644
--- a/apps/files_encryption/tests/hooks.php
+++ b/apps/files_encryption/tests/hooks.php
@@ -439,8 +439,8 @@ class Test_Encryption_Hooks extends \OCA\Files_Encryption\Tests\TestCase {
 		// set user password for the first time
 		\OCA\Encryption\Hooks::postCreateUser(array('uid' => 'newUser', 'password' => 'newUserPassword'));
 
-		$this->assertTrue($view->file_exists('public-keys/newUser.public.key'));
-		$this->assertTrue($view->file_exists('newUser/files_encryption/newUser.private.key'));
+		$this->assertTrue($view->file_exists('public-keys/newUser.publicKey'));
+		$this->assertTrue($view->file_exists('newUser/files_encryption/newUser.privateKey'));
 
 		// check if we are able to decrypt the private key
 		$encryptedKey = \OCA\Encryption\Keymanager::getPrivateKey($view, 'newUser');
diff --git a/apps/files_encryption/tests/keymanager.php b/apps/files_encryption/tests/keymanager.php
index d4a3f85ed48..f86f7d894ce 100644
--- a/apps/files_encryption/tests/keymanager.php
+++ b/apps/files_encryption/tests/keymanager.php
@@ -175,7 +175,7 @@ class Test_Encryption_Keymanager extends \OCA\Files_Encryption\Tests\TestCase {
 
 		Encryption\Keymanager::setPrivateKey($key, 'dummyUser');
 
-		$this->assertTrue($this->view->file_exists('/dummyUser/files_encryption/dummyUser.private.key'));
+		$this->assertTrue($this->view->file_exists('/dummyUser/files_encryption/dummyUser.privateKey'));
 
 		//clean up
 		$this->view->deleteAll('/dummyUser');
@@ -187,14 +187,19 @@ class Test_Encryption_Keymanager extends \OCA\Files_Encryption\Tests\TestCase {
 	function testSetPrivateSystemKey() {
 
 		$key = "dummy key";
-		$keyName = "myDummyKey.private.key";
+		$keyName = "myDummyKey";
+		$encHeader = Encryption\Crypt::generateHeader();
 
 		Encryption\Keymanager::setPrivateSystemKey($key, $keyName);
 
-		$this->assertTrue($this->view->file_exists('/owncloud_private_key/' . $keyName));
+		$this->assertTrue($this->view->file_exists('/owncloud_private_key/' . $keyName . '.privateKey'));
+
+		$result = Encryption\Keymanager::getPrivateSystemKey($keyName);
+
+		$this->assertSame($encHeader . $key, $result);
 
 		// clean up
-		$this->view->unlink('/owncloud_private_key/' . $keyName);
+		$this->view->unlink('/owncloud_private_key/' . $keyName.'.privateKey');
 	}
 
 
diff --git a/apps/files_encryption/tests/share.php b/apps/files_encryption/tests/share.php
index 48aaec5c196..d7afc9e2da7 100755
--- a/apps/files_encryption/tests/share.php
+++ b/apps/files_encryption/tests/share.php
@@ -915,8 +915,8 @@ class Test_Encryption_Share extends \OCA\Files_Encryption\Tests\TestCase {
 		$this->assertGreaterThan(0, $fileInfo['unencrypted_size']);
 
 		// break users public key
-		$this->view->rename('/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key',
-			'/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key_backup');
+		$this->view->rename('/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.publicKey',
+			'/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.publicKey_backup');
 
 		// re-enable the file proxy
 		\OC_FileProxy::$enabled = $proxyStatus;
@@ -943,8 +943,8 @@ class Test_Encryption_Share extends \OCA\Files_Encryption\Tests\TestCase {
 
 		// break user1 public key
 		$this->view->rename(
-			'/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key_backup',
-			'/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key');
+			'/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.publicKey_backup',
+			'/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.publicKey');
 
 		// remove share file
 		$this->view->unlink('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/'
diff --git a/apps/files_encryption/tests/util.php b/apps/files_encryption/tests/util.php
index fc6145a8cb5..96e8fcd81fe 100755
--- a/apps/files_encryption/tests/util.php
+++ b/apps/files_encryption/tests/util.php
@@ -89,9 +89,9 @@ class Test_Encryption_Util extends \OCA\Files_Encryption\Tests\TestCase {
 		$this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption';
 		$this->keysPath = $this->encryptionDir . '/' . 'keys';
 		$this->publicKeyPath =
-			$this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key
+			$this->publicKeyDir . '/' . $this->userId . '.publicKey'; // e.g. data/public-keys/admin.publicKey
 		$this->privateKeyPath =
-			$this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key
+			$this->encryptionDir . '/' . $this->userId . '.privateKey'; // e.g. data/admin/admin.privateKey
 
 		$this->view = new \OC\Files\View('/');
 
@@ -402,8 +402,8 @@ class Test_Encryption_Util extends \OCA\Files_Encryption\Tests\TestCase {
 		$this->assertTrue($this->view->is_dir($backupPath . '/keys'));
 		$this->assertTrue($this->view->file_exists($backupPath . '/keys/' . $filename . '/fileKey'));
 		$this->assertTrue($this->view->file_exists($backupPath . '/keys/' . $filename . '/' . $user . '.shareKey'));
-		$this->assertTrue($this->view->file_exists($backupPath . '/' . $user . '.private.key'));
-		$this->assertTrue($this->view->file_exists($backupPath . '/' . $user . '.public.key'));
+		$this->assertTrue($this->view->file_exists($backupPath . '/' . $user . '.privateKey'));
+		$this->assertTrue($this->view->file_exists($backupPath . '/' . $user . '.publicKey'));
 
 		// cleanup
 		$this->view->unlink($this->userId . '/files/' . $filename);
@@ -435,8 +435,8 @@ class Test_Encryption_Util extends \OCA\Files_Encryption\Tests\TestCase {
 		$this->assertTrue($this->view->is_dir($backupPath . '/keys/foo'));
 		$this->assertTrue($this->view->file_exists($backupPath . '/keys/foo/fileKey'));
 		$this->assertTrue($this->view->file_exists($backupPath . '/keys/foo/user1.shareKey'));
-		$this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.private.key'));
-		$this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.public.key'));
+		$this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.privateKey'));
+		$this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.publicKey'));
 
 		//cleanup
 		$this->view->deleteAll($backupPath);