OC6 losing encryption & share keys

[lorddoumer]

Expected behaviour OC keeps the generated share and encryption keys

Actual behaviour on random intervalls all encryption and share keys are lost – the folders are empty (while the actual data remains in place)

Steps to reproduce not sure. first thought about public upload to an shared folder while encryption is enabled, but couldn't be reproduced (see here: https://github.com/owncloud/core/issues/6411 )

Server configuration

• Operating system: Linux ovm4979 2.6.32-6-pve
• Web server: Apache
• Database: MySQL 5.5
• PHP version: PHP 5.3.27
• ownCloud version: 6.0.3

BTW: it's a managed v-server

Client configuration

• Client version: 1.5.4
• Operating system: Win7 x64
• OS language: DE

Logs I did a complete fresh install after the last time all keys got lost, so I don't have a full log anymore, sorry! Here are the parts from the last comment: https://gist.github.com/lorddoumer/d27055901b367ebd659e

Additional information I use the admin-account to create folders and share them with a lot of groups and users. The folderstructure is like this:

• root
• - folder1 // shared with group1 and user1
• - folder2 // shared with group1 and user2
• - folder3 // shared with group2 and user3 ...

The client is only used by a few people, most are using the web-interface.

[karlitschek]

@schiesbn

[lorddoumer]

UPDATE I have another private OC instance running at my personal webspace (1und1 Linux Hosting), which I use to sync my contacts, calendars and files like ebooks (which shouldn't be shared with others because of copyright) between my Android devices. There is only my user account, no groups, no shares nothing. This instance has been running for about 8 months now without any issues, but last night one of those ebooks can't be decrypted anymore. This happened somewhere between the sync of my devices: one device synced all books correctly, the remaining two failed. Only this particular ebook (with two png files for cover) seems to be affected – everything else seems to be OK (as far as I can tell by now).

Server configration:

• MySQL: 5.1.73
• PHP: 5.3.3
• OC: 6.0.3
• Webserver: Apache
• OS: don't know, some Linux version

Here is the log (the affected book is "Swords of Dargonfire" by Ed Greenwood): https://gist.github.com/lorddoumer/5b17707b9df914d821e5

[schiessle]

Can you still download the book with the web interface?

[lorddoumer]

No, there is a message that the file can't be decrypted or isn't shared anymore. I deleted the corrupt files, reuploaded and now it's working again (new encryption keys have been generated).

[schiessle]

Was the file moved to a different location or renamed in between? Is the "deleted files" app enabled? Can you check if the encryption keys are located in data/user/files_trashbin/ ?

[lorddoumer]

no, file hasn't been moved. the delete files app is enabled, yes. here is a list of all apps enabled:

• calendar
• contacts
• deleted files
• documents
• encryption
• external sites (only on the private server)
• external storage support (only on the private server)
• pdf viewer
• pictures
• shared files
• text editor
• updater
• versions
• vide viewer (only on the private server)
• webdav user backend (only on the private server)

the encryption keys ar enot in files_trashbin – but i reuploaded the book to restore a working copy on my android.

[schiessle]

@lorddoumer I can't reproduce it. But I created a pull request against master (the upcoming ownCloud7) with additional checks if a file still exists and with additional debug output.

Tomorrow I will try to prepare a backport to OC6. Is it possible for you to try the version from master? Otherwise just wait for the backport. I hope this way we can catch all false delete requests.

[schiessle]

@lorddoumer Now I created a pull request agains stable6, #9250

Would be great if you could apply this patch to your installation and enable debug mode to get some additional information if it should happen again. But I'm quite confident that this PR will prevent the deletion of keys from existing files.

[lorddoumer]

@schiesbn great, thanks a lot! i apply the patch tomorrow and report back if the problem occurs again. but since I don't know myselfe how to reproduce the problem and the occurrence is more or less random I can't promise a quick report.

[PVince81]

Closing for now, fix is in above PR.

@lorddoumer feel free to reopen if it still happens after patching.

[derkostka]

Hey guys it seems this has happened to me right now on OC 7.0.1. Has this patch been merged to master also ?

No keyfiles after clearing the trash:

root@odroid:/media/data/owncloud/data/skostka/files_encryption# l * skostka.private.key

keyfiles:

share-keys:

EDIT: confirmed, i just lost some Data right now ... I will try to restore my last Backup to see when the keys were deleted (did the update to 7.0.1 and did not check afterwards) ...

[lorddoumer]

since the patch from june its worlking fine for me ... but currently I'm on 7.0.0 on the one server and 6.0.4 on the other. additional note: I've disabled deleted files and versioning sinc I had a lot of those problems – do you have those enabled?

[derkostka]

yes both are enabled. i checked again an could not reproduce this issue, which is bad ...

Here some more detail on how this happened:

• i have a readonly smb mount bonded as external source in my owncloud
• from this mount, i deleted a share by link
• the next morning, i had about 40 gig in my owncloud trashbin. i had 0 byte left and deleted the trashbin without having a look --> i "guess" this is when i deleted the keyfiles, don´t know how they made it into trash and i could not reproduce this yet.

[derkostka]

I restarted my Server and it happened again, very weird. I try to open a PDF Document in the Browser:

"app":"index","message":"Exception: Encryption key not found for \"\/skostka\/files\/MyData\/KnowHow\/kalman.pdf\" during attempted read via stream","level":4,"time":"August 14, 2014 23:21:35"}

But as you can see, the key is present: /media/data/owncloud/data/skostka/files_encryption/keyfiles/MyData/KnowHow# ls -lh kalman.pdf.key -rw-r--r-- 1 www-data www-data 44 Aug 8 02:02 kalman.pdf.key

Please help me how to fix this (obvious) bug !

@schiesbn maybe you can assist me in debugging this one ?

[aaujon]

Same thing is happening here on 7.0.1. "Encryption key not found", when trying to open old documents ; newly created documents work fine. Tell me if you need some extras information.

[derkostka]

I created a new Item to rise attention for this task: https://github.com/owncloud/core/issues/10533

[lorddoumer]

@schiesbn this just happend to me again ... to be more precicely: user A uploaded some files to folder XY shared by user B (admin) but the encryption- and share-keys don't get stored in user B's data-folder but in user A's data-folder. But still the files are broken and can't get decrypted. Any idea? Just noticed: user A created a subfolder in the original folder by user B and one keyfile actually got stored in user B's data-folder – the rest as stated above is in user A's data-folder.

[schiessle]

@lorddoumer Not sure, but could you try this patch: https://github.com/owncloud/core/pull/10181 This fixes a bug with encryption if the external storage app is enabled.

[lorddoumer]

thanks, gonna try as soon as possible – although i still don't have external storage enabled.

[lorddoumer]

Update: I applied the patch and upgraded to 7.0.2 in the meantime and everything worked fine untill today. Now the same issue occures again – but only one specific user seems to be affected. At least only this user is affected by the bug...

[kaplandani]

No share keys found for.... 7.0.3 as well.....

[PVince81]

Question is whether the keys were lost already before or just got lost while using 7.0.3. 7.0.3 is more robust in that regard but if the keys were lost before already it will not be able to restore them.

[kaplandani]

I wouldn't know, just upgraded yesterday, and found this on the log today,