Help test the latest version of E2EE!

Hi all,

The latest beta of the desktop client (2.7 beta 3), as well as upcoming test versions of the Android and iOS client, all support version 1.1 of our End-to-end Encryption protocol, part of v v1.5.2-beta1 of our new server-side E2E app.

This protocol fixes some serious issues, but is sadly not backwards compatible with the tech preview we had before. This means data has to be backed-up and migrated when you update!

Note you 2.7 beta 3 also brings further improvements to the new menu, and we’d love feedback on this feature!

The new beta is available on our installation page, bottom-right but of course I’ll happily post direct links:

Below instructions for testing.

Step 1: backup your data!

You will really have to backup all data you have in E2EE folders, or you will lose access. Don’t forget this!

Step 2: grab the new server release

Next you will need the server-side E2EE app version 1.5.2 for Nextcloud Hub v19 or 1.6.0 for the upcoming 20. We have published this as a test version and not released it into the app store, so you will have to grab and manually install it:
https://github.com/nextcloud/end_to_end_encryption/releases

Step 3. Cleanup.

As said, you will have to start from scratch, that is, backup your E2EE data, clean keys from client and server, and start fresh. Here is how, for clients and server:

Desktop

On the desktop client side, this is about removing every entry containing “e2e” from
its name in your keyring (can’t really tell more, its not the same keyring
management app if you’re using KDE, Gnome, Windows or Mac… people have to
know how their individual platforms handle passwords).

Example on Linux/KDE:

  • Open KWalletManager
  • Expand the Nextcloud folder
  • Expand the Passwords subfolder
  • Delete the _e2e-mnemonic entries
  • Expand the Binary Data subfolder
  • Delete the _e2e-private entries
  • Delete the _e2e-certificate entries

It is possible to start fresh and delete all Nextcloud related keys from the key manager. Alternatively, just deleting the mnemnonic, e2e key and certificates would do. Here’s a screenshot of how those look on Linux/KDE/KWallet:

In KWallet, the right-click menu allows you to delete entries.

After that, you can install the new client from our installation page, bottom-right or the direct links below:

Mobile

For the Android client and iOS clients, for security reasons there is no way to manually reset the data. The user account has to be deleted and re-created on the client. To speed this process up, we recommend to use the QR code scan so you don’t have to enter any details on your phone.

How to do this:

  • go to your user security settings
  • create a new app password
  • click “show QR code for mobile apps”
  • scan the code from your mobile device while setting up the account

Note that a beta of the Android client that supports the new API is coming next week. The same goes for a Testflight version of the iOS client.

Server

Last but not least, you have to clean up the server configuration. This is also described in the release notes:

Step 1

To delete all active locks, execute the following command on the SQL server:

DELETE FROM oc_e2e_encryption_lock;

For MYSQL/Mariadb, this goes like this:

mysql -h hostname -u root -p
   <--you might be able to get away with just `mysql` or `mysql -u root` depending on your setup-->
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 104
Server version: 10.4.13-MariaDB MariaDB package

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| Nextcloud          |
| wordpressdatabase  |
+--------------------+
5 rows in set (0.000 sec)
   <--We have to find the right database and then 'USE' it-->
MariaDB [(none)]> USE Nextcloud
Database changed
   <--Then we can delete all rows in the encryption lock table.-->
MariaDB [Nextcloud]> DELETE FROM oc_e2e_encryption_lock;
Query OK, 4 rows affected (0.002 sec)
MariaDB [Nextcloud]> quit
Bye

For SQLite, use sqlite3 owncloud.db in your data directory to open the sqlite command line, and then use DELETE FROM oc_e2e_encryption_lock; to delete the data from the table.

Step 2

To delete existing metadata files, existing public and private keys.

  • Locate the data folder
  • Open appdata_{instanceId}/end_to_end_encryption
  • Delete ./meta-data , ./public-keys , ./private-keys .
  • Run php occ files:scan-app-data in the Nextcloud folder.

Step 4

Now you’ve cleaned up and have fresh accounts. At this point, grab 2.7.0beta 3 for the desktop and/or, once released, the new mobile clients. You can now create a E2E folder and put files in it.

Tell us what you think

The desktop client team is looking forward to your feedback. Please, file issues in our github repo! The same goes for the Android and iOS issues you find. Finally, find the End-to-End encryption server repo here.

Careful!

As usual with E2EE and test releases: use with caution. That being said once properly setup, in our testing, things work quite smooth now. E2E is not very fast, but eventually will sync all data and we are currently prioritizing correctness over performance.

3 Likes

Fantastic! Very exciting to have development on e2e.

1 Like

Android 3.13 RC1 was released right now.
You can find it soon in Play Store beta program.
Please test it and let us know how it works :+1:

Especially cross-platform testing would gain us more confidence!

Android: available via Play Store beta program or


iOS: available via TestFlight

See above for server/client!

1 Like

Hi,

thank you for your great work!

I might have found some issues concerning e2e encryption using multiple devices. Trying to summarize here (original thread was: End-to-end encryption with multiple devices )

Used components:

  • nextcloud server 19.0
  • e2e encryption app 1.5.2
  • ubuntu desktop client to 3.0.0
  • phone android app to 3.13.0

Creating an encrypted folder with Desktop app first
When creating an encrypted folder with the desktop app first the Android app does not allow to enter a pre-existing mnemonic and always generates its own mnemonic. Tried removing/re-adding the account from the app and also completely uninstalling the app. It just never prompts for the desktop mnemonic but generates it’s own.

Creating an encrypted folder with Android app first
The other way around seems to work (with one inconvenience): when creating the encrypted folder with the Android app and then setting up the desktop app the desktop app works as expected. It immediately prompts for the mnemonic. The inconvenience was again the Android app: when setting encryption on a folder it shows the mnemonic. I copied & pasted the mnemonic into a password safe and tried entering the mnemonic in the desktop app and failed with an error. After a while I discovered that the Android app did not use the displayed mnemonic but created a new one. Luckily it is possible to show the mnemonic from within the app again and I was able to copy & paste the correct one.

Remaining issue
The main issue now: all files uploaded through Android app work fine on the Desktop app.

Sadly when uploading folders & files through Desktop app the Android app does show the Folder but does not list its contents inside. Error message on Android: “Download failed
Could not complete operation. Server unavailable.”

During upload with the Desktop app I get error messages in the Nextcloud server log: “Error PHP fread(): read of 8192 bytes failed with errno=21 Is a directory at /data/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php#861” - When I browse through the server web interface everything seems fine (folders/file names are encrypted but I see all expected entries & matching file sizes).

Thanks again for your great work! I love this feature.

1 Like