Hello everyone,
first of all sorry for the links since my account is new I can’t put more than 2 links so I had to write hppt instead of http.
I’m running the latest version of OwnCloud (i.e 10.1.0) and I’m concerned about the master key encryption. I’m testing the encryption with master key and noticed that it’s never asking for a password when decrypting data.
Is it better to use master key encryption or user key encryption ? I thought the last one was unadvised.
Also, running the master key encryption, I cannot set the recovery key with an admin account hppt://i.imgur.com/7WFcyiy.png.
Nor can I set one with a normal user hppt://i.imgur.com/NYWnlhD.png
Steps to reproduce
- Enable master key encryption hppts://doc.owncloud.org/server/10.1/admin_manual/configuration/files/encryption_configuration.html#enabling-encryption-from-the-command-line
- Upload data with a user, best is text file so you can cat it when decrypted
- Decrypt hppts://doc.owncloud.org/server/10.1/admin_manual/configuration/files/encryption_configuration.html#decrypt-master-key-encryption all files of the user
Actual behaviour
When running the command below
occ encryption:decrypt-all <user_name>
All the data of the user is decrypted without asking a password.
Expected behaviour
Shouldn’t a password be prompted to decrypt any data ?
Does it mean that the master key has no password ?
Server configuration
Operating system: Devuan 2.0
Web server: NGinx 1.14.2
Database: MySQL 5.7.25
PHP version: PHP7.2
ownCloud version: 10.1.0
Updated from an older ownCloud or fresh install: fresh install
Where did you install ownCloud from:
Downloaded the tar.gz and installed with occ maintenance.
Signing status (ownCloud 9.0 and above):
It’s fine.
List of config.php:
{
"system": {
"datadirectory": "\/var\/owncloud\/data",
"version.hide": true,
"logtimezone": "UTC",
"installed": true,
"upgrade.disable-web": true,
"upgrade.automatic-app-update": false,
"updatechecker": false,
"maintenance": false,
"loglevel": 2,
"log_type": "syslog",
"singleuser": false,
"filelocking.enabled": true,
"memcache.local": "\\OC\\Memcache\\Redis",
"redis": {
"host": "localhost",
"port": 6379
},
"memcache.locking": "\\OC\\Memcache\\Redis",
"apps_paths": [
{
"path": "\/var\/owncloud\/apps_orig",
"url": "\/apps_orig",
"writable": false
},
{
"path": "\/var\/owncloud\/apps",
"url": "\/apps",
"writable": false
}
],
"mail_smtpmode": "smtp",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "25",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"***REMOVED SENSITIVE VALUE***"
],
"overwrite.cli.url": "http:\/\/localhost",
"dbtype": "mysql",
"version": "10.1.0.4",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"instanceid": "***REMOVED SENSITIVE VALUE***"
}
}
Are you using external storage, if yes which one: local
Are you using encryption: yes, master key
Are you using an external user-backend, if yes which one: none