[Owncloud] help needed with encryption and corruped files

Victor Dubiniuk victor.dubiniuk at gmail.com
Thu Jun 14 13:51:58 UTC 2012


Hi,

Since  *OC_Crypt::encrypt* and * OC_Crypt::decrypt* are used for string
data I assume that there were an issue with decoded string size and rtrim
was added to fix it without taking into account the file decryption case.
Probably it will be handy to add the  *OC_Crypt::encryptString* and *
OC_Crypt::decryptString* wrappers for strings and do not call *
OC_Crypt::encrypt *and *OC_Crypt::decrypt*  directly.

Btw, base64_encode is not a good idea since it creates significant overhead
for the file size.

I did a quick search and found no Linux GUI tool for binary comparison so I
have written the script for testing [1].
It's self-explanatory, the only thing one needs to change is the lines
#3-5. For sure, it is slow with large files so I don't recommend it for
testing files over 1MB.

[1]
http://owncube.com/apps/files_sharing/get.php?token=9f177ed2e197b12bc6af7bc4af588f1abf603cfc

---
Victor Dubiniuk

On Wed, Jun 13, 2012 at 7:05 PM, Frank Karlitschek <frank at owncloud.org>wrote:

> Wow.
> Very good catch.
>
> Now the question is why was the rtrim here in the first place. I can´t
> remember if this is my code from last summer ob from someone else :-)
>
>
> Frank
>
>
> On 13.06.2012, at 17:18, Victor Dubiniuk <victor.dubiniuk at gmail.com>
> wrote:
>
> > My apologies for sending the incomplete message.
> >
> > I used 4.0.2 to debug the encryption and found that the problem is in
> the OC_Crypt::decrypt  - it strips all 0x00 characters at the 8KB block
> boundary.
> > Please check the encryption with the attached files. One has 32 of 0x00
> inside and another one is the same but has 0x05 at the 7th position.
> >
> > When I change apps/files_encryption/lib/crypt.php  line #136
> >               return rtrim($data, "\0");
> > to
> >               return $data;
> >
> > the file is decrypted correctly except the fact that it's last block is
> padded with 0x00. (Tested on *.exe ~ 7MB)
> >
> > ---
> > Victor Dubiniuk
> >
> >
> > On Wed, Jun 13, 2012 at 4:45 AM, Michael Gapczynski <mtgap at owncloud.com>
> wrote:
> > On Tuesday, June 12, 2012 12:52:06 PM Klaas Freitag wrote:
> > > On 04.06.2012 18:33, Klaas Freitag wrote:
> > > > On 04.06.2012 18:13, Frank Karlitschek wrote:
> > > >> Hi,
> > > >>
> > > >> we have a very evil bug report about corrupted files together with
> the
> > > >> encryption app.
> > > >>
> > > >> http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-912
> > > >> http://forum.owncloud.org/viewtopic.php?f=3&t=2726
> > > >>
> > > >> Everything works for me and I can´t find the problem
> > > >> Can someone help me with reproducing it?
> > > >
> > > > I can reproduce it with a Firefox on Linux and on Windows 7. I have
> > > > master running from this morning.
> > >
> > > Frank, do you think that
> > > http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-669
> > > can be related to this problem? Is there a fix already for #912?
> > >
> > > Thanks,
> > >
> > > Klaas
> >
> > It seems that binary data has problems going through the encryption. I
> did
> > some research and read that base64_encode()/decode() should allow binary
> files
> > to be encrypted. My attempts to encode and decode the data with base64
> still
> > result in corrupted binary files.
> >
> > http://bytes.com/topic/php/answers/8958-binary-encryption
> >
> >
> http://stackoverflow.com/questions/6033972/encrypting-files-with-php-mcrypt-
> > is-corrupting-docx-and-other-microsoft-office
> >
> >
> http://www.itnewb.com/tutorial/PHP-Encryption-Decryption-Using-the-MCrypt-
> > Library-libmcrypt
> >
> >
> >
> > Michael
> > _______________________________________________
> > Owncloud mailing list
> > Owncloud at kde.org
> > https://mail.kde.org/mailman/listinfo/owncloud
> >
> >
> > _______________________________________________
> > Owncloud mailing list
> > Owncloud at kde.org
> > https://mail.kde.org/mailman/listinfo/owncloud
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20120614/0f021c33/attachment.html>


More information about the Owncloud mailing list