nextcloud / documentation

📘 Nextcloud documentation
https://docs.nextcloud.com
Other
502 stars 1.78k forks source link

Encryption recovery key configuration field not visible #11076

Open RMuetterlein opened 2 years ago

RMuetterlein commented 2 years ago

⚠️ This issue respects the following points: ⚠️

Bug description

I activated the module and then wanted to specify the recovery password. Unfortunately, the necessary input fields are not displayed.

Steps to reproduce

  1. Install/Upgrade to Version 23.0.3
  2. Settings => Security => Activate Serverside Encryption => Confirm Dialog
  3. Page Refresh => no Module is visible
  4. Activate Module under "Apps"
  5. Settings => Security => Serverside Encryption (no inputfilds are avalible)

Expected behavior

As described in the instructions, 2 input fields should be displayed https://docs.nextcloud.com/server/23/admin_manual/configuration_files/encryption_configuration.html#enabling-users-file-recovery-keys

Installation method

Other

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.0

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

No response

Are you using the Nextcloud Server Encryption module?

No response

What user-backends are you using?

Configuration report

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "cloud.***REMOVED SENSITIVE VALUE***.de"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "23.0.3.2",
        "overwrite.cli.url": "http:\/\/localhost",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "updater.secret": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "theme": "",
        "loglevel": 2,
        "mail_smtpmode": "smtp",
        "mail_smtpsecure": "ssl",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***"
    }
}

List of activated Apps

Enabled:
  - accessibility: 1.9.0
  - activity: 2.15.0
  - circles: 23.1.0
  - cloud_federation_api: 1.6.0
  - comments: 1.13.0
  - contactsinteraction: 1.4.0
  - dashboard: 7.3.0
  - dav: 1.21.0
  - encryption: 2.11.0
  - federatedfilesharing: 1.13.0
  - federation: 1.13.0
  - files: 1.18.0
  - files_external: 1.15.0
  - files_pdfviewer: 2.4.0
  - files_rightclick: 1.2.0
  - files_sharing: 1.15.0
  - files_trashbin: 1.13.0
  - files_versions: 1.16.0
  - files_videoplayer: 1.12.0
  - firstrunwizard: 2.12.0
  - logreader: 2.8.0
  - lookup_server_connector: 1.11.0
  - nextcloud_announcements: 1.12.0
  - notifications: 2.11.1
  - oauth2: 1.11.0
  - password_policy: 1.13.0
  - photos: 1.5.0
  - privacy: 1.7.0
  - provisioning_api: 1.13.0
  - ransomware_protection: 1.13.0
  - recommendations: 1.2.0
  - serverinfo: 1.13.0
  - settings: 1.5.0
  - sharebymail: 1.13.0
  - support: 1.6.0
  - survey_client: 1.11.0
  - systemtags: 1.13.0
  - text: 3.4.1
  - theming: 1.14.0
  - twofactor_backupcodes: 1.12.0
  - updatenotification: 1.13.0
  - user_status: 1.3.1
  - viewer: 1.7.0
  - weather_status: 1.3.0
  - workflowengine: 2.5.0
Disabled:
  - admin_audit
  - user_ldap

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

No response

Additional info

No response

patrickuhlmann commented 2 years ago

I had the same situation. No input fields displayed to specify the recovery password. I am not sure if it is relevant but I have enabled the encryption already a while ago (I think at that time the recovery password feature was not yet available) and went through several major release upgrades. Maybe it has something to do with the fact that I enabled the encryption before the recovery password feature was available?

Extarys commented 2 years ago

Fresh installation of Nextcloud 24.0.5, installed the encryption module, enabled it and no input field for recovery either: image

The issue might be that I enabled encryption before installing the Default encryption module. I'm not sure how I can disable/re enable this for testing :/

EDIT: I followed the instruction to turn off Server side encryption in maintenance mode, disabled/removed the Default encryption module, reinstalled it and re-enable server side encryption. Still no fields.

Clicking on the title of the notification from above redirects me to "https://myawesomenextcloudinstance.org/settings/user/security". I believe either the link in the notification is wrong, or the notification is meant for the user part of my session and not the admin part. Either way the link should take me to the form to provide a recovery key.

szaimen commented 1 year ago

Hi, please update to 24.0.8 or better 25.0.2 and report back if it fixes the issue. Thank you!

RMuetterlein commented 1 year ago

Hello

I have updated NextCloud to version 25.0.5. Unfortunately it is still not possible to enter a key, because a corresponding field is not available. Therefore, the error still exists.

RMuetterlein commented 1 year ago

After updating to version 26.0.1, the password field is not present (still not), nor can encryption be disabled. This function has been disabled. I'm starting to get seriously worried about whether it was wise to enable this feature in the first place. For more than 1 year, the problems can't be solved - rather, they become even bigger. I find this very worrying. I therefore ask for support in solving this problem.

Extarys commented 1 year ago

This is something that holds me about using encryption with Nextcloud - the UI for it is not polished at all, and I really don't want to get stuck with encrypted files with no key in case of a disaster recovery, for example.

RMuetterlein commented 1 year ago

This is precisely why this (in my view serious) problem must finally be rectified. Unfortunately, I can't see if this massive bug has any kind of priority at all. The developers don't communicate this very well.

joshtrichards commented 1 year ago

The recovery key is only applicable if using per-user keys. The field will not appear in a default setup.

The default mode is a master key (not per-user keys) so the recovery key isn't applicable. Unless you've explicitly switched to per-user key mode by disabling the master key, this is expected behavior. But it does sound like the encryption config documentation could be clarified a bit.

You can see the details rather than take my word for it by clicking on the Encryption Details section that exists in the Admin Manual just after the Encryption Configuration section:

https://github.com/nextcloud/documentation/blob/5dde59862fe9a60b2bceb534e5095e201cec8a43/admin_manual/configuration_files/encryption_details.rst#key-type-master-key https://github.com/nextcloud/documentation/blob/5dde59862fe9a60b2bceb534e5095e201cec8a43/admin_manual/configuration_files/encryption_details.rst#key-type-recovery-key

(the above links are to the docs in the code repo, but they're the same as the main docs - I just can't reach docs.nextcloud.com at the moment to give you those links).

Extarys commented 1 year ago

@joshtrichards Long awaiting explanation I believe. Thanks!

Master key seems the friendlier version. I tried turning E2EE on my server, but my friend complaining the key was too complicated to set up on the client. I believe the steps needed maybe weren't explicit enough for regular users (the opposite of enthusiast users). Master key though could raise eyebrows for the general users too though since trust is on the decline (couch GAMAF cough)