Bug 280314 - implement server-side encryption
Summary: implement server-side encryption
Status: RESOLVED REMIND
Alias: None
Product: owncloud
Classification: Unmaintained
Component: general (show other bugs)
Version: unspecified
Platform: Unlisted Binaries Linux
: NOR wishlist
Target Milestone: ---
Assignee: Frank Karlitschek
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-18 06:46 UTC by Sebastian Henschel
Modified: 2013-09-30 02:00 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
padding support for file encryption (2.45 KB, patch)
2011-08-20 18:47 UTC, Sebastian Henschel 		Details
patch to add padding to encryption lib (2.50 KB, patch)
2011-08-31 11:26 UTC, Sebastian Henschel 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Henschel 2011-08-18 06:46:02 UTC 
Version:           unspecified
OS:                Linux

this is not a bug, but a wish.

it would be absolutely awesome, if owncloud would implement an (optional) server-side encryption, using the already existing blowfish or gpg. 
i trust my own server only as long as it isn't compromised. :)


Reproducible: Didn't try

Steps to Reproduce:
none


Expected Results:  
server-side encryption.
Comment 1 Pavel Baranchikov 2011-08-18 07:07:27 UTC 
I suggest to particularize the way of encryption is requested. I think it is not very useful to encrypt all the data, stored in onwcloud. This function can be easily delegated to operating system, using LUKS, for example.

But it would be very useful to encrypt every user's files independently. Some way, that other user (and server admin too) could not decrypt the data. For example, the encryption key can be generated on the base of user password.
Comment 2 Jan-Christoph Borchardt 2011-08-18 07:22:55 UTC 
This is very high on our task list and as you see Frank already started working on integrating Blowfish.

If you have thoughts or tips on that, join our mailing list: https://mail.kde.org/mailman/listinfo/owncloud
Comment 3 Aaron 2011-08-18 18:13:43 UTC 
Can't wait to see what becomes of this. As a cleanup measure, I'm changing it to a wish instead of a bug, though :-)
Comment 5 Sebastian Henschel 2011-08-20 13:42:45 UTC 
re #1:

i agree, don't encrypt every little bit of owncloud, just the user files (and their metadata).

i reckon, but correct me if i'm wrong, that LUKS wouldn't be helpful for encrypting user files, though. as soon as the device (can that even be a file? thinking loop device here or whatever Ubuntu does to encrypt home directories) is mounted (login), they are accessible by other processes until unmounted (logout)
i wouldn't like a malicious admin to copy my data once i have logged in.
Comment 6 Sebastian Henschel 2011-08-20 18:47:40 UTC 
Created attachment 63014 [details]
padding support for file encryption

as agreed upon in the chat, i added padding support for the file encryption, but it's not working properly. 
a few bytes in the output are missing for each block - which is worse then not using padding where only the last newline seems to go missing.

the first bugfix in the diff took me 90 minutes to find - a decrypt routine should decrypt, not encrypt, eh? :) i'm running out of time and hence i'm attaching the code so it might be of some use to someone.
Comment 7 Sebastian Henschel 2011-08-31 11:26:22 UTC 
Created attachment 63255 [details]
patch to add padding to encryption lib

ok, i have found the bug in the padding algorithm. good to go now.
Comment 8 Jekyll Wu 2013-09-30 02:00:58 UTC 
owncould doesn't use bugs.kde.org as its bug trakcer since about two years ago. If the issue in this report still exist or apply to the recent owncloud release (5.0.11), please re-report the issue to its new bug tracker as documented in https://github.com/owncloud/core/blob/master/CONTRIBUTING.md .