owncloud
Decryption incorrectly attempted when recovery re-encryption is not complete
We have a flag for recoveryEnabled which triggers the encryption on login.
However, until they have logged in, they are not actually ready for decryption. We need to store this additional status somehow. I suggest a flag/marker on the user, that is added after the recovery key is used to re-encrypt the files. This should be checked when attempting to decrypt.
is the flag just a convenience ?
I suppose it might be possible to get the required information already by checking whether the user already has keys generated. However this is more complicated to get at and wouldn't work with a simple DB query.
Add flag here https://github.com/owncloud/encryption/blob/master/lib/Recovery.php#L206 and then check in here if they are ready and able to decrypt with recovery key https://github.com/owncloud/encryption/blob/master/lib/Crypto/DecryptAll.php#L160
is the flag just a convenience ?
It marks that it is complete, for all files. Otherwise you have to check all the keys for all the files to determine if its ready.
@tomneedham mind rewording the subject ? this is a technical solution to solve which problem ?
from what I understand this is about being able to run decrypt-all in one pass for all users after knowing they are all ready ? migration case ?