Merge pull request #15654 from owncloud/enc2_header_system_keys

make sure that encrypted private keys always have a header

2 files changed, 4 insertions, 2 deletions

diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php
index a280ea9bde3..87adf75c924 100644
--- a/apps/encryption/lib/keymanager.php
+++ b/apps/encryption/lib/keymanager.php
@@ -140,7 +140,8 @@ class KeyManager {
 
 			// Encrypt private key empty passphrase
 			$encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], '');
-			$this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.privateKey', $encryptedKey);
+			$header = $this->crypt->generateHeader();
+			$this->setSystemPrivateKey($this->publicShareKeyId, $header . $encryptedKey);
 		}
 
 		$this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
diff --git a/apps/encryption/lib/recovery.php b/apps/encryption/lib/recovery.php
index 5c1e91866a0..cfaa3e49619 100644
--- a/apps/encryption/lib/recovery.php
+++ b/apps/encryption/lib/recovery.php
@@ -135,8 +135,9 @@ class Recovery {
 		$recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());
 		$decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $oldPassword);
 		$encryptedRecoveryKey = $this->crypt->symmetricEncryptFileContent($decryptedRecoveryKey, $newPassword);
+		$header = $this->crypt->generateHeader();
 		if ($encryptedRecoveryKey) {
-			$this->keyManager->setSystemPrivateKey($this->keyManager->getRecoveryKeyId(), $encryptedRecoveryKey);
+			$this->keyManager->setSystemPrivateKey($this->keyManager->getRecoveryKeyId(), $header . $encryptedRecoveryKey);
 			return true;
 		}
 		return false;