search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
27.37k stars 4.06k forks source link

Better way to handle recovery keys #3016

Open schiessle opened 7 years ago

schiessle commented 7 years ago

At the moment we create a recovery key-pair and use the public key to encrypt all files if the user enabled the recovery feature. Basically the recovery key works like a additional user to whom all files are shared. This can have some performance impacts if a user enable/disable the recovery key with a lot of files.

Therefore the idea is to make a copy of the users private key, encrypted with the recovery password. In this case we only have to copy one file (the private key) to a backup location and encrypt it with the recovery password instead of updating every individual file key. Also disabling the recovery key is much easier because we just need to delete the copy of the private key. The performance of the recovery process would also improve significantly because on recovery we no longer have to decrypt/re-encrypt all file keys but just copy over the backup of the private key and re-encrypt the private key with the users new password.

Only thing which needs to keep in mind:

This was a idea from @jknockaert. I just decided to summarize it here to make sure that it doesn't get lost. If I missed something, feel free to add it. If you have some time and want to implement it feel free to assign the issue to yourself.

schiessle commented 7 years ago

copied the issue over from https://github.com/owncloud/core/issues/18951

@jknockaert would you be still interested to work on it?

jknockaert commented 7 years ago

@schiessle I will first have to invest time in building a platform to host nextcloud, after that I will migrate to nextcloud, and after that I may take up developing something useful. In the meantime don't hold your breath.

schiessle commented 7 years ago

@jknockaert thanks for your feedback... Take your time... I'm happy to welcome you back at any time! 😃

szaimen commented 3 years ago

I am going to close this since there doesn't seem to be a lot of interest and no respond since around 2 years. Please reopen if you still want to implement this.