Replaced phpseclib calls with symmetric re-encryption of user private key
This commit is contained in:
parent
a00dd2d5d6
commit
1fc5b1d02d
|
@ -34,4 +34,6 @@ if (
|
|||
}
|
||||
|
||||
OCP\App::registerAdmin('files_encryption', 'settings');
|
||||
OCP\App::registerPersonal('files_encryption','settings-personal');
|
||||
OCP\App::registerPersonal('files_encryption','settings-personal');
|
||||
|
||||
file_put_contents( '/home/samtuke/tmp.txt', $_SESSION['privateKey'] );
|
|
@ -106,31 +106,20 @@ class Hooks {
|
|||
// the necessary keys)
|
||||
if ( Crypt::mode() == 'server' ) {
|
||||
|
||||
$rsa = new \Crypt_RSA();
|
||||
// Get existing decrypted private key
|
||||
$privateKey = $_SESSION['privateKey'];
|
||||
|
||||
// Load old passphrase
|
||||
$rsa->setPassword( $params['password'] );
|
||||
trigger_error( "\$privateKey = ". var_export($privateKey, 1));
|
||||
|
||||
// Load user's private key
|
||||
$rsa->loadKey( $_SESSION['privateKey'] );
|
||||
|
||||
// Set new passphrase
|
||||
$rsa->setPassword('new_password');
|
||||
|
||||
// Get modified private key
|
||||
$privateKey = $rsa->getPrivateKey();
|
||||
// Encrypt private key with new user pwd as passphrase
|
||||
$encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $privateKey, $params['password'] );
|
||||
|
||||
// Save private key
|
||||
Keymanager::setPrivateKey( $privateKey );
|
||||
Keymanager::setPrivateKey( $encryptedPrivateKey );
|
||||
|
||||
// Get modified public key
|
||||
$publicKey = $rsa->getPublicKey();
|
||||
|
||||
// Save public key
|
||||
Keymanager::setPublicKey( $publicKey );
|
||||
|
||||
# NOTE: Do we need to update session manually here or
|
||||
# will forced logout see to this?
|
||||
# NOTE: Session does not need to be updated as the
|
||||
# private key has not changed, only the passphrase
|
||||
# used to decrypt it has changed
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -192,9 +192,10 @@ class Keymanager {
|
|||
|
||||
/**
|
||||
* @brief store private key from the user
|
||||
*
|
||||
* @param string key
|
||||
* @return bool true/false
|
||||
* @return bool
|
||||
* @note Encryption of the private key must be performed by client code
|
||||
* as no encryption takes place here
|
||||
*/
|
||||
public static function setPrivateKey( $key ) {
|
||||
|
||||
|
|
Loading…
Reference in New Issue