E2E: Unsupported class: class javax.crypto.spec.IvParameterSpec when encrypting the private key.

[ardevd]

Using the latest version from Google Play, whenever I try to enable an encrypted folder, the app shows me a new recovery key phrase, and when proceeding I get an error saying "Keys could not be stored, please try again".

This is on a Pixel 2 XL running Android 8.1.0.

[ardevd]

02-09 23:12:30.829 28516  3071 D SetupEncryptionDialogFragment: public key successful downloaded for xxx@xxxxx
02-09 23:12:30.831 28516  3071 V ArbitraryDataProvider: Updating arbitrary data with cloud id: xxx@xxxx key: PUBLIC_KEY value: -----BEGIN CERTIFICATE-----
02-09 23:12:30.831 28516  3071 V ArbitraryDataProvider: <REDACTED>
02-09 23:12:30.831 28516  3071 V ArbitraryDataProvider: <REDACTED>
02-09 23:12:30.831 28516  3071 V ArbitraryDataProvider: <REDACTED>
02-09 23:12:30.831 28516  3071 V ArbitraryDataProvider: <REDACTED>
02-09 23:12:30.831 28516  3071 V ArbitraryDataProvider: <REDACTED>
02-09 23:12:30.831 28516  3071 V ArbitraryDataProvider: -----END CERTIFICATE-----
02-09 23:12:30.841 28516  3071 D OwnCloudClient #2: REQUEST GET /ocs/v2.php/apps/end_to_end_encryption/api/v1/private-key

[ardevd]

No related log entries on the server side which makes me suspect that the issue resides in the client. I'm assuming it's unable to create/store the keys on the device. Has this been tested with Android 8.1.0?

[tigernero79]

Some problem on Samsung s8 Nexus 6 and Nexus 6p, but ok on smartphone huawei

[ardevd]

This is where it fails for me.

RemoteOperationResult result = operation.execute(account, getContext(), true);

                if (result.isSuccess()) {
                    Log_OC.d(TAG, "public key success");

                    publicKey = (String) result.getData().get(0);
                } else {
                    keyResult = KEY_FAILED;
                    return "";
                }

operation.execute() is unsuccessful for some reason and hence the AsyncTask returns an empty string.

Stepping into SendCSROperation shows that the server returns status code 409. I've actually never encountered a 409 error before so I had to look it up. No idea what's causing it though. The POST request looks good and a seemingly proper CSR is being passed to the server.

The issue also occurs when using the Android Emulator (API 27).

[ardevd]

Reading through the E2E app docs the 409 error was caused by the fact that a public key already existed for my user. I deleted it, now the RemoteOperationResult returns 200 OK so now I can finally get to the actual cause of the problem, which is an unsupported KeySpec.

SetupEncryptionDialogFragment: Unsupported class: class javax.crypto.spec.IvParameterSpec

This is caused by EncryptionUtils.encryptPrivateKey(privatePemKeyString, keyPhrase);

[tigernero79]

great, I'm waiting for the solution is new release that fixes the bug. in fact I had another user on s8 and Nexus 6, but on Nexus 6p instead no, but I had an error.

[ardevd]

The offending bit of code: byte[] iv = cipher.getParameters().getParameterSpec(IvParameterSpec.class).getIV();

I'll see if I can make a PR that fixes this.

[ardevd]

PR created. The fix is seemingly pretty simple and works fine on my devices, but they all run Android 8.1.

[aquaritus]

Maybe this is only a me too post, but I have the same problem on my Nexus 6P running Android 8.1. Thus I'd like to know if there is a timeline for accepting arddevd PR and releasing a new version of the app fixing this issue?
And of course a big thx for all your research with this problem!

[tobiasKaminsky]

As we had a bit of trouble for many users upgrading to 3.0 I somehow missed this.
Thank you @ardevd for the great fix, I have tested it and it is working fine. 🎉
It will be included in 3.0.1, which will be released today.

[tigernero79]

I upgraded to nextcloud 3.0.1 yet the problem of storing keys has not been solved for Nougat? have you solved just for oreo? I have s8 with Nougat 7.x and Nexus 6 with Nougat 7.1.2 is the problem still persists

[ardevd]

I'm fairly sure this is because you now have a stale private key and/or public key on your server. It would be really useful if you could re-install the app first and see if the problem is resolved. #2158 should ensure that the old keys are deleted.

If that doesnt work, try this:

1 - Delete the private key from the server
curl -X DELETE https://<user>:<password>@<nextcloud>/ocs/v2.php/apps/end_to_end_encryption/api/v1/private-key -H "OCS-APIRequest:true"
2 - Delete the public key
curl -X DELETE https://<user>:<password>@<nextcloud>/ocs/v2.php/apps/end_to_end_encryption/api/v1/public-key -H "OCS-APIRequest:true"

[tigernero79]

I try to uninstall apps and reinstall, otherwise I try your second method .. I hope anyway in an application in the application as soon as possible. I keep you updated

[tigernero79]

I uninstalled and reinstalled but the problem persists. I have my nextcloud hosted on Aruba and I do not have access to the Shell how to fix?

[ardevd]

You don't need shell access. You can curl from your local machine. Just pass the hostname for your NextCloud server to it.

curl -X DELETE https://<user>:<password>@<nextcloud.myserver.com>/ocs/v2.php/apps/end_to_end_encryption/api/v1/private-key -H "OCS-APIRequest:true"

curl -X DELETE https://<user>:<password>@<nextcloud.myserver.com>/ocs/v2.php/apps/end_to_end_encryption/api/v1/public-key -H "OCS-APIRequest:true"

Replacing , and <nextcloud.myserver.com> with their correct values.

[tigernero79]

suppose my user is called "Ti@er"
and suppose my password is "pallino"

and suppose my nextcloud is

https://www.pensierando.it/Nextcloud

which command to curl where to write in a linux terminal because it happens?

I receive error

curl: (3) Illegal port number

[ardevd]

Hmm, your username really has an @ in it? Damn, that must be screwing things up for you! The error you're getting is because the @ is messing up the command for you.

Say your username was "bob" and the password was "SuperSecretPass" the command would be

Your command would be:

curl -X DELETE https://bob:SuperSecretPass@www.pensierando.it/Nextcloud/ocs/v2.php/apps/end_to_end_encryption/api/v1/private-key -H "OCS-APIRequest:true"

[ardevd]

Try this?

curl -X DELETE https://"Ti@er":SuperSecretPass@www.pensierando.it/Nextcloud/ocs/v2.php/apps/end_to_end_encryption/api/v1/private-key -H "OCS-APIRequest:true"

I'll be honest, I have no idea if that will work ^^

[tigernero79]

also tried with the tips "Ti@er" even my password has the "@@"

but always error curl: (3) Illegal port number

[tobiasKaminsky]

curl supports -u to specifcy user/password, so maybe try:
curl -u "Ti@er:SuperSecretPass" -X DELETE https://www.pensierando.it/Nextcloud/ocs/v2.php/apps/end_to_end_encryption/api/v1/private-key -H "OCS-APIRequest:true"

[tigernero79]

view?

[ardevd]

@tigernero79 use the suggestion from @tobiasKaminsky

curl -u "Ti@er:SuperSecretPass" -X DELETE https://www.pensierando.it/Nextcloud/ocs/v2.php/apps/end_to_end_encryption/api/v1/private-key -H "OCS-APIRequest:true"

Also... you should probably obfuscate your password from that screenshot better.

[tigernero79]

curl -u "Ti@er:SuperSecretPass" -X DELETE https://www.pensierando.it/Nextcloud/ocs/v2.php/apps/end_to_end_encryption/api/v1/private-key -H "OCS-APIRequest:true"

[ardevd]

Ok, good. No stale private key. Now do:

curl -u "Ti@er:SuperSecretPass" -X DELETE https://www.pensierando.it/Nextcloud/ocs/v2.php/apps/end_to_end_encryption/api/v1/public-key -H "OCS-APIRequest:true"

[tigernero79]

ok

[ardevd]

Ok, doesnt seem like there was any stale public keys either. I'm beginning to suspect you're experiencing a different issue here.

Whats the output of the following command?

curl -u "Ti@er:SuperSecretPass" -X GET https://www.pensierando.it/Nextcloud/ocs/v2.php/apps/end_to_end_encryption/api/v1/public-key -H "OCS-APIRequest:true"

[tigernero79]

[ardevd]

And if you now run the Android app it still doesnt work?

[tigernero79]

exact it does not work for me. I tried both with Samsung s8 and with Nexus 6 both have Nougat. I tried as well with another nextcloud domain I have. same problem

[tigernero79]

with my wife Huawei's cell phone on both my nextcloud domains it worked right away. I have also deleted my Tiger user and Created Ti @ er thinking about Key problems but as you also see Tiger from the same problem

[tigernero79]

if you want to create test user to you on my nextcloud and try it too? if you have a Nexus 6 or s8? with Huawei it worked

[tigernero79]

As you see the key is generated but then it is not saved

[ardevd]

So you're saying it works with your wife's Huawei using the same Nextcloud account as you're trying to use on your device?

[tigernero79]

no, with my wife's account works, same domain, also tested with nexus 6p my brother's account has oreo and it also works.

[ardevd]

Can you try your wife's account with your phone then? We have to figure out if the problem here is with your account (in which case you should start a new issue as your problem is unrelated to the bug described here).

[tigernero79]

ok I try to configure it with my wife's account give me a minute

[tigernero79]

then on my phone with my wife's account is gone, what does this mean? mystery of faith.
being an administrator I create a new account and I'll try .. but that's strange.

[tigernero79]

I'm doing some tests, but I think if one has in the password some special character like the "@" app has trouble storing it ... also because it is not stored in public or private key as you can see on the server for my account and goes however, in error ..

[tigernero79]

creating Tiger accounts and not everything went well, I believe that users with special characters are not managed well

[tobiasKaminsky]

@tigernero79 which special chars do you use? And where, in user or pass or both?

[tigernero79]

Both @ and #

[ConorIA]

Just thought I'd chip in here. I'm also experiencing issues trying to create keys for my admin account.

~ >>> curl -u "user(no special chars):password(with special chars)" -X GET https://my_server/ocs/v2.php/apps/end_to_end_encryption/api/v1/public-key -H "OCS-APIRequest:true" 
<?xml version="1.0"?>
<ocs>
 <meta>
  <status>failure</status>
  <statuscode>404</statuscode>
  <message>Could not find the public key belonging to the user user</message>
 </meta>
 <data/>
</ocs>

My special chars are were > and <.

EDIT: Changed my password (no special chars), but am experiencing the same behaviour with the CSR error.

EDIT 2: Created a non-admin user, but am getting the same error for that user as well.