Server-side-encryption keys breaking after file upload from 3rd Party iOS App

9.0.x

#1

Hello ownclouders,

i’m facing some key breakings in special cases when i upload files through a third party app on iOS to an OwnCloud user.

It looks like that sometimes, especially when i‘m Uploading files from iPhone (6s IOS 11.1.4) with the 3rd party app „iFiles 2“ and the OC user comes close to his storage limit (around 90% storage used), that the encryption keys of the Server-side-encryption are breaking. I‘m be able to open the files in the iFiles2 app (I guess through caching), but not on the browser. The sync to my Windows PC with the OC client works perfectly in the same moment of the upload. That’s why I was not hit by a complete data lost through this problem.
I was using this 3rd party app because I had the oAuth2 problems with the original OC app. Now I will go back to the original OC app.
As alert message I received, that the encryption keys are not matching with the users public/private key.
The problem also hits all new uploaded files a few hours after upload to the user directory.

The iOS App tells me, when i want to open a “broken”-file that i don’t have the permission to complete the operation.

The only solution I know at the moment is to create a new user and to upload the files via the Windows OC client again or if several users of the same OC instance are hit by the problem, then I rebuilt the OC instance completely. A complicated way was to restore the file encryption keys from a backup. This solved the problem as well but it’s quite complicated and needs a lot of time.

Maybe someone of you ownclouders has an idea how to solve it easier or how to avoid these problems.
I’m using OC 10.0.8 on a shared hosted Webspace.
The problem also occurred on earlier OC 10 versions.

Thanks and best regards,
Sven


#2

Hey, maybe you can update to the recent ownCloud 10.0.9 and try again? If this doesn’t help then i think its probably the best to report a bug to the ownCloud bugtracker.


#3

Hey,

I didn’t get the update notification yet. But last time it took also a few days until i got the automatic update notification.

This problem is making me busy since a few own cloud versions. I’m not sure if it’s really a problem of own cloud it selves. Maybe the fact that my hosting provider doesn’t allow to read /dev/urandom to use the module for encryption. Maybe it’s the third party app or that i’m using different app passwords for the 2factor security. It’s also possible that the problem occurs because of deactivation of the filelocking. I have deactivated this since OC 9.1 because it made huge problems at this time on my former provider hosted webspace.

I only know that it starts suddenly with one user and if i do not recover the file keys in /data//file_encryption immediately it also expands to other users.

Maybe it also a problem to run different OC instances on the same domain but in different sub directories.
Maybe it’s also a problem to use user specific encryption keys instead of master key encryption.

For example just this evening. I got the oAuth2 work in my iPhone and the original OC app and i uploaded 10 files to a user. Upload successful. Files are listed. Download on the Windows Client to my PC successful. Not even 10 minutes later i want to open one of the files in den OC app on my iPhone and i get the alert message: “You don’t have permissions to complete this operation”.
I change to my firefox browser to test the file download there. I’m getting a “Forbidden” alert message back. Like the user has no permission to access his own files.

That’s quite strange and annoying.