Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

If app fails to store the E2E encryption keys the public key should be deleted from the server #2153

Closed
ardevd opened this issue Feb 12, 2018 · 6 comments
Closed

If app fails to store the E2E encryption keys the public key should be deleted from the server #2153

ardevd opened this issue Feb 12, 2018 · 6 comments
Assignees
@tobiasKaminsky
Labels
bug E2E feature: encryption (client-side) AKA: E2E / E2EE pr exists
Milestone
Nextcloud App 3.1.0

Comments

@ardevd
Copy link
Collaborator

ardevd commented Feb 12, 2018
edited
Loading

Currently, the public key is posted to the E2E server side app and stored there for the user before the Android app tries to store the associated keys locally. If this fails, the user is prompted to create a new key the next time they try to go through the encryption process. This will then always fail because the server will return a 409 error as a public key already exists. I think the correct behavior would be to send a DELETE request to the E2E API to remove the uploaded public key.

Furthermore, the private key needs to be removed as well.
@AndyScherzinger
Copy link
Member

Calling Mr e2e @tobiasKaminsky :)

@ardevd ardevd mentioned this issue Feb 13, 2018
Closed
@ardevd
Copy link
Collaborator Author

ardevd commented Feb 13, 2018

I gave it some thought during the night and how about we store the keys locally first before pushing them to the server. If the server returns 200 OK then all is good, if not then we can simply delete the keys locally instead of sending another request to the server.

Or perhaps we should do both.

@tobiasKaminsky tobiasKaminsky self-assigned this Feb 13, 2018
@tobiasKaminsky tobiasKaminsky mentioned this issue Feb 13, 2018
Merged
@tobiasKaminsky
Copy link
Member

@ardevd I created a PR with some context, how I resolved it: #2158
Do you think this is enough?

@AndyScherzinger AndyScherzinger added this to the Nextcloud App 3.1.0 milestone Feb 13, 2018
@tobiasKaminsky tobiasKaminsky mentioned this issue Feb 13, 2018
Closed
@ardevd
Copy link
Collaborator Author

ardevd commented Feb 13, 2018

Looks fine, shouldnt you also attempt to delete the private key?

@tobiasKaminsky
Copy link
Member

tobiasKaminsky commented Feb 13, 2018
edited
Loading

The private key is stored after the public key.
If the private key fails, we delete public key.
If the private key storage suceeds, we store both locally.

Why (and where) would you try to delete the private key?

@ardevd
Copy link
Collaborator Author

ardevd commented Feb 13, 2018

That's fine I think as long as server side returns the proper error if the private key somehow already exists.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tobiasKaminsky tobiasKaminsky

Labels
bug E2E feature: encryption (client-side) AKA: E2E / E2EE pr exists
Projects
None yet
Milestone
Nextcloud App 3.1.0
Development

No branches or pull requests
4 participants
@ardevd @AndyScherzinger @joshtrichards @tobiasKaminsky