I dont know whether I understood your way of encryption or not but I have this question about filekey.
I will explain the steps in order and comment my confusions:
1- at user login oc creates new private and public key.(private key gets encrypted with user password) - if has been created already oc decrypts the private key and store it into session.
***2- random ascci string gets generated and stored into file key (why oc keeps this file!!)
3- encrypt file with the ascci code -
4- generate shared file key for every user responsible to the file
***5- decrypt file key with the private key stored in the session (what? oc doesnt encrypt file key in first place) and match it with shared file key and decrypt the main file with the file key ( I thought that we need to decrypt shared file key back to file key and decrypt file with the file key )
the share key is only used to decrypt the file key.
the share key cannot decrypt the file directly.
see this older blog post that explains it a bit better: https://www.schiessle.org/articles/2013/05/28/introduction-to-the-new-owncloud-encryption-app/
2 Likes