Desktop: [E2E] [OSX] Client not accepting e2e encryption passphrase

any idea @tcanabrava @dantti?
any changes on your side @tobiasKaminsky @mario that could have cause this?

thanks for the report @niwakame

When I tested this using a second user unix account it worked fine, would need to test again...

Just tested here and it worked fine, the last line

"-----BEGIN RSA PRIVATE KEY-----\n-----END RSA PRIVATE KEY-----\n"

had the key contents where you see just \n.

Now the obvious question, did you try with another client like Android? And are you sure the passphrase is right?

Thanks for testing.

The passphrase is definitely right. I will try with an Android device later on and see if this makes a difference. And try vice versa desktop and mobile.

Is there a way to delete the keys on the server, so I can start the key creation procedure again?

same here with 64cbc8 on macOS - same log output @niwakame . encryted folder was created by stock iOS app - E2E decryption was possible with prereleases/E2E/Windows/ c04d1f on windows10

hm...
when you get the payload from the server you are receiving an empty
metadata.
I'll try the following:

create an account in a linux box,
test the download in another linux box.

Expect test results and patches for today tomorrow.

On Sat, Apr 28, 2018 at 4:56 PM, Christian Messerschmidt <
[email protected]> wrote:

same here with 64cbc8 on macOS - same log output @niwakame
https://github.com/niwakame . encryted folder was created by iOS - E2E
decryption was possible with prereleases/E2E/Windows/ on windows10

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/nextcloud/client/issues/268#issuecomment-385181931,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AD1zUHqssIJuYfz2pH6JFfZeC2yElzMFks5ttIMdgaJpZM4TqcsZ
.

Confirming @messimuc 's observations. It's fully working with iOS and Windows, yet OSX is failing.

hm, please, now I'm confused. it's working or not with this client, in Windows?
the compiled code is the same in the OSX and it fails?
(just so I understand where I need to focus the bugfix)

Windows (prerelease) and iOS working.
OSX ( 64cbc88 ) fails with above errors.

Haven't tested 64cbc88 in Windows, as I don't have the build env here.

Any updates / roadmap?

Mmm it sounds like the IOS code does something slightly different from our code.

I would need some way to verify this.

I can try to reproduce this error.

Just bumped into it :sob:
Debugging it now...

Status yet: :sob:

At first I got the same problem described in the issue and the client would not accept the passphrase. I debugged and found out that _privateKey is null :skull: here:
https://github.com/nextcloud/desktop/blob/ac631d008c5e158e22b184354f32fc2b84af3157/src/libsync/clientsideencryption.cpp#L1027-L1028

So I have found this:

• OS X: Using PEM private keys fail with error
• Apple dropping support for OpenSSL. Because of that, Qt switched from OpenSSL backend to Secure Transport backend on Mac with Qt5.6.

After trying to compile Qt 5.11.1 with openssl enabled instead of not accepting the mnemonic, it crashes :disappointed: when you click ok on the dialog when the mnemonic is displayed for the first time for the user. It crashes :bomb: here - pkey is 0x0: https://github.com/nextcloud/desktop/blob/ac631d008c5e158e22b184354f32fc2b84af3157/src/libsync/clientsideencryption.cpp#L397

Any ideas @tcanabrava @dantti @rullzer? I didn't try yet to use any other format for the key, is that even recommendable? Or the whole issue doesn't make any sense :D (sanity check)? Maybe I am missing pieces of the end to end encryption workflow?

Changing the format of the key is not "allowed" as it needs to stay this way as Android/iOS already using it and write their keys into this format.

Shall I give you a "working" key from Android to debug? And you can give me the non-working one, so I can try to find the problem via debugging it on Android side.

@tobiasKaminsky

Changing the format of the key is not "allowed" as it needs to stay this way as Android/iOS already using it and write their keys into this format.

I thought so.

Shall I give you a "working" key from Android to debug? And you can give me the non-working one, so I can try to find the problem via debugging it on Android side.

Yes, that sounds like a good idea. Thanks!

byte[] key = EncryptionUtils.generateKey();
String encryptedString = EncryptionUtils.encryptStringSymmetric(privateKey, key);
        String decryptedString = EncryptionUtils.decryptStringSymmetric(encryptedString, key);

private key:

MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDsn0JKS/THu328z1IgN0VzYU53HjSX03WJIgWkmyTaxbiKpoJaKbksXmfSpgzVGzKFvGfZ03fwFrN7Q8P8R2e8SNiell7mh1TDw9/0P7Bt/ER8PJrXORo+GviKHxaLr7Y0BJX9i/nW/L0L/VaE8CZTAqYBdcSJGgHJjY4UMf892ZPTa9T2Dl3ggdMZ7BQ2kiCiCC3qV99b0igRJGmmLQaGiAflhFzuDQPMifUMq75wI8RSRPdxUAtjTfkl68QHu7Umyeyy33OQgdUKaTl5zcS3VSQbNjveVCNM4RDH1RlEc+7Wf1BY8APqT6jbiBcROJD2CeoLH2eiIJCi+61ZkSGfAgMBAAECggEBALFStCHrhBf+GL9a+qer4/8QZ/X6i91PmaBX/7SYk2jjjWVSXRNmex+V6+Y/jBRT2mvAgm8J+7LPwFdatE+lz0aZrMRD2gCWYF6Itpda90OlLkmQPVWWtGTgX2ta2tF5r2iSGzk0IdoL8zw98Q2UzpOcw30KnWtFMxuxWk0mHqpgp00g80cDWg3+RPbWOhdLp5bflQ36fKDfmjq05cGlIk6unnVyC5HXpvh4d4k2EWlXrjGsndVBPCjGkZePlLRgDHxT06r+5XdJ+1CBDZgCsmjGz3M8uOHyCfVW0WhB7ynzDTagVgz0iqpuhAi9sPt6iWWwpAnRw8cQgqEKw9bvKKECgYEA/WPi2PJtL6u/xlysh/H7A717CId6fPHCMDace39ZNtzUzc0nT5BemlcF0wZ74NeJSur3Q395YzB+eBMLs5p8mA95wgGvJhM65/J+HX+k9kt6Z556zLMvtG+j1yo4D0VEwm3xahB4SUUP+1kD7dNvo4+8xeSCyjzNllvYZZC0DrECgYEA7w8pEqhHHn0a+twkPCZJS+gQTB9Rm+FBNGJqB3XpWsTeLUxYRbVGk0iDve+eeeZ41drxcdyWP+WcL34hnrjgI1Fo4mK88saajpwUIYMy6+qMLY+jC2NRSBox56eH7nsVYvQQK9eKqv9wbB+PF9SwOIvuETN7fd8mAY02UnoaaU8CgYBoHRKocXPLkpZJuuppMVQiRUi4SHJbxDo19Tp2w+y0TihiJ1lvp7I3WGpcOt3LlMQktEbExSvrRZGxZKH6Og/XqwQsYuTEkEIz679F/5yYVosE6GkskrOXQAfh8Mb3/04xVVtMaVgDQw0+CWVD4wyL+BNofGwBDNqsXTCdCsfxAQKBgQCDv2EtbRw0y1HRKv21QIxoju5cZW4+cDfVPN+eWPdQFOs1H7wOPsc0aGRiiupV2BSEF3O1ApKziEE5U1QH+29bR4R8L1pemeGX8qCNj5bCubKjcWOz5PpouDcEqimZ3q98p3E6GEHN15UHoaTkx0yO/V8oj6zhQ9fYRxDHB5ACtQKBgQCOO7TJUO1IaLTjcrwS4oCfJyRnAdz49L1AbVJkIBK0fhJLecOFu3ZlQl/RStQb69QKb5MNOIMmQhg8WOxZxHcpmIDbkDAm/J/ovJXFSoBdOr5ouQsYsDZhsWW97zvLMzg5pH9/3/1BNz5q3Vu4HgfBSwWGt4E2NENj+XA+QAVmGA==

encrypted:

BRdWMW37y5kH6fIzO6C+5ASIYgngPOAaLdU+CtBtQQ3I/HfN5um4Y2s7MASTjQdXAClbA+H7UW213o/Z2XLEyjvDEYJDBEYO5gSCwnCREFZbX2ZUUZI60mFkEZdWPjcIoyoKBuLswMub4QUBaqt9j0LXm1XnHQ706EC1ELqdY/KBz39MLwKHu+AdUoeewmQOHn9IiX+JMQbL2dd8x79uhQW8XAb7ed+8Gmuo9Vlrs8Z1nTPoP4PWdpXG+/fZvUiqJpM7s8+2wvQbMOg3HDWTHMxSWoPPuEmyndgvH6wyzZlzIe/p/FCff28Oex+w7u7qh4XSsAfag34SPe3dRV/NNiRSEfvxfLAfSU4jsOy4pEcXCtRiW4CK285vaHBgshuDqRLSCbZTboNX+NlN3P6DEsVP5g1ziln8ndjig+KXGqNPQBpAHZX3fpobI8xCnybJJefoMhdJStlpZBuWBGnVYl2DxIsKH1z+adEogWBcCy32DIeAc4+Ipeev84qrPV2JpnpYLYr14WNjjyegUy5KUXdADDzRn+Q+aAAkoMA4mOdHAdZfeIzDPvQ+Vru0ZUEiPE/nOrPyyRJ4E+2g1lRItA6ybehL4vlITfpQdZZP7W0a8PHWGKJ1Rrjr/7ApQMqPA4CkgyZzCTbYwe43Ne6Tk8mTzR0brkAvFg/t+1oQjW5OMT5STBtEQbSKfQbDnl+IMk9aWWtZjUsIpf5SD321pbB6pdFmJRqiH/Pr1BYq4hzKct23BSXUIQzJMNesZTPqf+JiMd+3B7K7c7f588FPl0DqcNm1yKXyfx+I0a6NRi9EnKm9KySdvBDFE0QiAi3VDdguUgeKvYG0oSpbDMJz9ZNCDSjqBJFbxOrrQnmUS1DWpdPOMF1i38IyxYvVgTD2bXOAh43d326FhHJCoFYRuAw0NBAokpO/N26K3Ohp/Rxt18f1yV/7T7p0nQvF6jvvbAvcxG8dJKYlwMMgZXW+tiLhDcPWyBUaBUgMfvOsWe6v2RXfddewziJ0CisyCW39cQkA48O2vRzvKuWOMtVLuF7jOT7/y8huRRcELMnHDsO76f8aB0q65h3gbO1PvIn8iJjks6IWsaiqWbdff+4yuFcj5ZoJ7ZEaKKaqDk8k6Aa1oJB4ZbFdiOUfKTraiSpVA33buKNSHKjsE9/vOIMBVVTamn7DHK4tQD9HAq/8sXf6l1CcXOMj65mNFmEDaSAGnd+02Xf2dlBdHAvUt/r5tG+R+HFgbxQidrXi0wxPcyhrwc0Q+B5ULnbHALmhccHp2Usbsp5ywIRL73sUiILoeHvBT/Cd7tcVfOwZFOei9LT4daI0esQKk6jOKEE8nTSfUohxst8ri3u6mH3nSL54tlR9ldmuG2Xcl0+76TDCWGrLqpuhQw8CX6D9Uodq4XEROQTh7SflLYd0nYk9DiA4zFV+qm3S91EhYf9NLC2Mgx2KDlaG+tew5MFNJ3pV63pfPLn+0FXGwbmSmljFBIeBgB1ESlyJVhvSNRuZel7vTS4CdZ3nQJgS6XJyuR5OYYDbztwAdMIcO6A0tSW62I+TTsdWNtQXJoPgoqPTGzpTMznNVQrLkSve3HTpT1dIIqhp2za84FKvr+6bcdamlDqkf7aEFGixZjJfxmZ513nDCGaDqllXy45EiOUTya2HSJYWrAK5xy/EExqS3OKXGl0WLEo1ZH0O8f7oxfVzu5cAxiSFRZFaeFsQngFy6AdxESDKm8InDfGuSaZKQLtqbKVQGenB4yJxTMiawTxttXpxRfLwZnmgCiJlPRG7d0eAPA5MvS34LLBwblw58fBfSmjbTB7dg9yjaItCjMXrTHGETfPLSGb3/5EwwyniYiZZJwULQe860QN+8UvAHPtqKGoT/ZLTVyIVIYyS+ea4phCLKBxyW1VkA63sG0tesNfX3IPYyBJc6FygrxtDU8CAoVbg5C/EhAEQwWNlQ/RNHYK22fhH59Vx6Wx0XJEG8Ur9BmkwVKXAu0fFlJjyNQN2Gnk17oMotQvfO1rkbrlJ4TivsugShq0XLKRZw5RrORhJql+eMU5s16T340ZJeDN7w+MVFUz4xqjMYfckFi8wG7xgPn47ZRyMjCB1MoydyWzqrVZh8qFqc6EeHdStTF9UwZaD1DsYa9tXPsr4+CnvkZpetVT5KBLXVbaCDmjc0K7CRscHQyHK96acwAlqGLzO94kB/g0Y4CbpkEPsu6vpdVrKofYUOdZpUQsKzJJ+aLI4pxEtATd+/8hd743psER+uintSdsDAQl5Vj3EOqBQx8Hjd+E/Nm/NmOl55f90n/J8540pZSYGs7JNyNzA3R9+zwmwktblofAXoBBq0n1CihCorZTlOAiccMoSFqRDuTjW2gGs/OsNijV3X5DzsMFfvcPiYNYPmdvRHWB7y7w5AzI0g/H9EYkHR1o8GtOmEMyh9+sy2eZM+PrrN5zESW2EbP9QriHv1kwuBlzaFNyKDmMSBrhpO+r5Ayy7dc/CtKr7siBUl+MmPz7xy9TXe2CdikmonHPS0DG+7+TRKFaqztzIvgyZNvH1Qfk6/t9sZK04hnELLZ8OCteW6gHc55TdtImUc8b2huDGhBbHb9Nf6GABxAoV7ULOK9VePG3Nt92KjIMO6wfIoA0lyR3fHYNLt2Bcx4OgGGS34pO4ZWJnhvjmQ6Sl6KJb6y34VTDhoiL62qudM7VhhPK0X6u2nY8juGGuyDRoUB2K3x7RPa3b9rcGgtCr4F2rTg8vnvJMbxJhiwO2QIG4p/fJ8k5gwN3wvgOfxGXMw9S0PcJPKYlU6wumxc9lw8lu/C17/1SHFEascsQv5w1PJ79AQmFf5o6h3gGQuuSnVWqGFWVhGHDNrcEw4tXL3G6plHwFv7qBOcJx697DmtYgixtA1cgfwlIVojisNKynYUXh2wIR4fZfAw==fA==f2h8U+r8QRzhblp2a0D+jg==

decrypted:

/THu328z1IgN0VzYU53HjSX03WJIgWkmyTaxbiKpoJaKbksXmfSpgzVGzKFvGfZ03fwFrN7Q8P8R2e8SNiell7mh1TDw9/0P7Bt/ER8PJrXORo+GviKHxaLr7Y0BJX9i/nW/L0L/VaE8CZTAqYBdcSJGgHJjY4UMf892ZPTa9T2Dl3ggdMZ7BQ2kiCiCC3qV99b0igRJGmmLQaGiAflhFzuDQPMifUMq75wI8RSRPdxUAtjTfkl68QHu7Umyeyy33OQgdUKaTl5zcS3VSQbNjveVCNM4RDH1RlEc+7Wf1BY8APqT6jbiBcROJD2CeoLH2eiIJCi+61ZkSGfAgMBAAECggEBALFStCHrhBf+GL9a+qer4/8QZ/X6i91PmaBX/7SYk2jjjWVSXRNmex+V6+Y/jBRT2mvAgm8J+7LPwFdatE+lz0aZrMRD2gCWYF6Itpda90OlLkmQPVWWtGTgX2ta2tF5r2iSGzk0IdoL8zw98Q2UzpOcw30KnWtFMxuxWk0mHqpgp00g80cDWg3+RPbWOhdLp5bflQ36fKDfmjq05cGlIk6unnVyC5HXpvh4d4k2EWlXrjGsndVBPCjGkZePlLRgDHxT06r+5XdJ+1CBDZgCsmjGz3M8uOHyCfVW0WhB7ynzDTagVgz0iqpuhAi9sPt6iWWwpAnRw8cQgqEKw9bvKKECgYEA/WPi2PJtL6u/xlysh/H7A717CId6fPHCMDace39ZNtzUzc0nT5BemlcF0wZ74NeJSur3Q395YzB+eBMLs5p8mA95wgGvJhM65/J+HX+k9kt6Z556zLMvtG+j1yo4D0VEwm3xahB4SUUP+1kD7dNvo4+8xeSCyjzNllvYZZC0DrECgYEA7w8pEqhHHn0a+twkPCZJS+gQTB9Rm+FBNGJqB3XpWsTeLUxYRbVGk0iDve+eeeZ41drxcdyWP+WcL34hnrjgI1Fo4mK88saajpwUIYMy6+qMLY+jC2NRSBox56eH7nsVYvQQK9eKqv9wbB+PF9SwOIvuETN7fd8mAY02UnoaaU8CgYBoHRKocXPLkpZJuuppMVQiRUi4SHJbxDo19Tp2w+y0TihiJ1lvp7I3WGpcOt3LlMQktEbExSvrRZGxZKH6Og/XqwQsYuTEkEIz679F/5yYVosE6GkskrOXQAfh8Mb3/04xVVtMaVgDQw0+CWVD4wyL+BNofGwBDNqsXTCdCsfxAQKBgQCDv2EtbRw0y1HRKv21QIxoju5cZW4+cDfVPN+eWPdQFOs1H7wOPsc0aGRiiupV2BSEF3O1ApKziEE5U1QH+29bR4R8L1pemeGX8qCNj5bCubKjcWOz5PpouDcEqimZ3q98p3E6GEHN15UHoaTkx0yO/V8oj6zhQ9fYRxDHB5ACtQKBgQCOO7TJUO1IaLTjcrwS4oCfJyRnAdz49L1AbVJkIBK0fhJLecOFu3ZlQl/RStQb69QKb5MNOIMmQhg8WOxZxHcpmIDbkDAm/J/ovJXFSoBdOr5ouQsYsDZhsWW97zvLMzg5pH9/3/1BNz5q3Vu4HgfBSwWGt4E2NENj+XA+QAVmGA==

key:
YXbFCAnfUsMZMizGs7rTeg==

If you have any further questions, do not hesitate to ping me on IRC :-)

Possible fix: https://github.com/nextcloud/desktop/pull/727
@tobiasKaminsky even your "working" key didn't work on the client :/ Thanks though :)

Confirm fixed in 2.5 Release, thank you @camilasan !