Im new to coding in nextcloud, but I what im searching for is a way to implement an encryption method, in particular this one from a repo in git GitHub - mosaicrown/aesmix: aesmix library for encrypting/decrypting data with the Mix&Slice AONT, but i dont even know where to begin. I did install a full nextcloud server but i dont know how to proceed next. Like do i need to create an app, or do i modify the default encryption module, or how can i add a new module. The documention didnt help in the least. I was told maybe to use exec() to run the C library and treat it like a black box.
Hello @V_Drew and welcome.
Unfortunately, you are not starting, what you are really after. So, I can only give you in the direction you requested although I have to warn you: I am not convinced that this is really, what you want and need. Please share your use case or is this just some getting started project with Nextcloud?
Please also not that security is in general a delicate topic. You should be sure what you are doing to avoid unintended backdoors.
Now to your question:
Yes, you will have to create an app on your own. You can have a look on the official app in https://github.com/nextcloud/server/tree/master/apps/encryption for a template. Calling system exec will most probably not be the simple solution you describe. With more, o cannot help right here.
What i want is an app/module that will encrypt my data and store the key in the server just like the default module but instead of using aes 256 ctr i want to use the aesmix library in the previous mentioned repo. This is a personal project. What i was thinking with exec was to run it and obtain the key and encrypted files and then copy them to the correct folder. In summary i would like a copy of the default encrpytion but instead of the the normal encryption method i would like to use the encryption introduced buy the aesmix library and better explained but this pdf https://spdp.di.unimi.it/papers/bdfprs-ccs2016.pdf
There is no point in encrypting via command line. The point is the encryption must be done on the fly instead of storing temporary files on the server. That would counteract the intention of encryption in fact.
The encryption algorithm itself does not make any difference to me, so I did not read the paper, sorry tl,dr. The important part is how to integrate with the nextcloud server.
For me, this sounds like you should get in touch with the authors of the original app and see if they can offer multiple encryption method to the admin as alternatives. Everything else was waste of development power. They might accept one or multiple prs to get your algorithm installed…
Most of what you’re describing are software engineering decisions. What you’re describing doing means you’re in that role. So the answer is… It depends. And if it was obvious there wouldn’t be any engineering to be done!
I’m not going to enumerate all the issues you’re up against, but the kindest way I can put this is: you might be attempting to reach a bit too far all at once. Maybe you can take some smaller steps first such as:
- using and getting familiar with using the existing
encryptionapp as-is (or the
end_to_end_encryptionapp depending on your use case)
- reviewing some of the existing code base
- researching some of the ways you might integrate/access, from PHP, whatever this third-party Encryption library is (before even thinking about how to integrate it into Nextcloud)
So i already did research a bit and a way to interact with the library with php is by using the exec() (or system()) which will call the Python wrapper generating the encrypted file and keys. I would need a way to integrated this exec() with nextcloud and store the result accordingly.
Ok, sorry, but this is a contradiction. Either you did not do research on all topics involved, did not understand the results of it, or you are not making your point clear.
What exactly are you expecting to get here? What is your assumption we are going to do? I can tell you one thing: you will not get a finished solution here that you can copy and paste to have a running app. We are willing to help in general but this is no service where community is eating there time on implementing other users wishes.
As @jtr wrote: you have a bunch of issues at hand. You seem not to have these issues considered yet. Unfortunately, I see no progress on your side so far. I fear, you will not get much help here, therefore.
I understand that you want to call done external binary/script from within PHP. I am no fan of that but this is in fact not self-justifying goal but just a way to interact with the library. So, your question is partly wrong. Why not having a look at the existing solutions at least as a template?