Giter Site home page Giter Site logo

Comments (4)

LukasReschke avatar LukasReschke commented on May 26, 2024 1

@schiessle is on holidays right now but I already talked to him about this and I can share some more insights on this.

So basically the encryption in Nextcloud works the way that every user has a private and a public key. The private key is stored encrypted by a derivative of the users' password and only stored unencrypted in memory when the user accesses Nextcloud logged-in. So we cannot access the users' file and modify it.

To work with publicly shared files we basically have a system public and private key which is accessible to the system obviously. What we should do here is have a possibility to generate such a key on-demand for single files and destroy it once used. So the workflow would be like:

  1. User presses "open file in Collabora"
  2. DocumentController::index gets called and would create a public sharing key for the file
  3. When Collabora accesses the file via WOPI the public sharing key is used
  4. When Collabora is closed the public sharing key is deleted

@schiessle Did I recap that correctly? If you would find some time to look into item 2 and 4 basically by just showing us a snippet creating and deleting the keys we could probably go a long way here. :)

from richdocuments.

pranavk avatar pranavk commented on May 26, 2024

cc @LukasReschke @schiessle

from richdocuments.

mmeeks avatar mmeeks commented on May 26, 2024

Interesting; so - given that the users are pleading for this feature =) what information can we transfer from the user-context outside the iframe, to add to the WOPI credentials we pass to make this fly ? I guess this is further complicated by multi-factor authentication (?) anyhow - worth talking through. Ultimately, if we have the right WOPI token, and the user is still logged into OC the server has all the information we need - if only it would share it with us (?)

from richdocuments.

pranavk avatar pranavk commented on May 26, 2024

Spent some time reading code around it. There doesn't seem to be any provision of adding extra system public/private key pair that can be used in this case as you described above. The default encryption module and internal encryption library handles publicShareKey, recovery keys, master keys and user keys. It might be possible to create a random $uid everytime and then add it in key storage so it is used as a user key instead of a system key (?)

Thoughts ?

from richdocuments.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.