[6.0.2] Encryption and Sharing

[ser72]

STEPS

1. ownCloud is running without encryption
2. User A has files
3. User B has files
4. User A has files shared to User B
5. Admin (User A) enables encryption app
6. Admin gets message to logout and log in
7. Admin logs out and logs in and sets keys
8. File appears to be shared
9. User B logs in -- setting his encryption key
10. User B goes to open Shared file and gets an error stating Encryption was enabled and request the file owner to re-share

REQUEST
When the Admin enables the encryption app, this has potentially adverse affects on the ownCloud instance -- as shown above.

The Admin should receive a pop up stating what may happen if they enable encryption. Such as ALL SHARES will be corrupted.

The Admin should be asked if they desire to move forward with the enabling of the app or not.

The Admin should be made aware of any and all possible affects -- listed here is just one that was discovered. If more exist, they should be placed in the pop-up as well.

The Encryption app should not be enabled unless the Admin agrees to the popup.

[karlitschek]

@schiesbn

[PVince81]

If I remember well this is not 100% true. Not all shares will be corrupted, but it depends on the order in which every user logs in.
For example in your test case, if before step 7), user B logs in first, that user will have newly generated keys, so when user A logs in, these keys will be available during initial encryption so the shares can also be encrypted and be preserved (the shares from user A to user B)

BUT I wouldn't expect any user or admin to have to understand such complicated internals.

At some point we joked about computing the optimal order in which the users need to login and outputting that list for the admin, to minimize share loss... which doesn't make much sense.

So I think adding the warning you suggested is a good idea!
I'd say the warning only needs to appear if at least one share exists. Some admins might enable encryption very early before creating users, in which case there is no need to "scare" them with such warning.

[DeepDiver1975]

Well - using encryption or not is a rater fundamental decision.

Maybe we should allow the usage of encryption as a one time option on setup?
And once enabled that ownCloud is using encryption - period.

For any kind of migration scenarios we could still offer console commands to support admins and users.

[schiessle]

Generally I agree with Thomas that the decision to use encryption or not is a rather fundamental one. We already do a lot to make the user experience as smooth as possible. But encryption is not something you should enabled/disable every few days, the same way that you don't change your database every few days.

I think it would be to aggressive to allow the usage of encryption only during set-up. It is perfectly fine for a Admin to try the encryption in a test environment and also disable it again, play around with it, etc.. But once a system goes live the Admin should take a informed decision as soon as possible. Enabling encryption on a productive system with hundreds of users is possible, but the admin needs to be aware that this is a quite fundamental change and needs some coordination. E.g. inform the users before, schedule a timeframe in which the users should log-in to finish the migration process, etc.

I also wouldn't like to scare users by a to negative pop-up massage. It is not that you lose your data or something like this. You just need some extra steps to complete the migration in some circumstances. But ownCloud guides the user quite well through all these steps. I think the best thing is to explain this in detail in the admin- (and partially user-) documentation and maybe add a additional not to the info.xml to urge the admin to read the documentation first.

@ser72 Do you want to extend the documentation with a paragraph regarding this subject?

[cdamken]

Seems to be related to this one: #9543

[schiessle]

I close this issue now. I think the problem and the reasons why it works this way was explained in detail. There is one possible solution which we could also use to "solve" this issue but it needs some discussion if we really want to go this way. Follow the discussion here: #10010