Question about Administrator Recovery Key in End-to-End Encryption

I have a question about the optional offline administrator recovery key in end-to-end (E2E) encryption. As per Nextcloud’s website,

Each device of the user can aid in recovering their private key. Only if a key is lost on all devices AND the 12 secure key words are lost, the user loses access to his/her data. The optional offline administrator recovery key can still be used to re-gain access.

Suppose that the optional administrator recovery key is disabled, and a user sets up an E2E encrypted folder. Could the administrator recovery key be enabled later and still be able to decrypt the files in this folder? Or does the recovery key only work for folders that were E2E encrypted after it is enabled?

EDIT: In addition, I’m curious how a third administrator recovery key works at all if the system is using asymmetric key pairs. Is the data decrypted+copied on the server and the copy encrypted with the administrator recovery key at some point?

I apologize if this is a badly phrased question–I’m only somewhat familiar with the basics of encryption.

Good question @tca

i’ve got the same question & i’m wondering, why nobody could give an answer yet.

One of my main questions would be - how to enable this “optional offline adminstrator recovery key” ? Must this done on server-/client site or on both?

The metadata are encrypted with the asymmetric keys.

The data itself is encrypted with a symmetric key.

This is similar to gnupg encryption. In gnupg, a randomized symmetric key is generated. The file is encrypted with that key and then the public key of the receiver is used to encrypt the symmetric key. It’s possible to dissect a gpg encrypted message using the --list-packets option if you’d like to take a peek to verify the structure.

You can also find all the architecture information in the Nextcloud E2E whitepaper.

In order to decrypt the files, one would need to retrieve the encryption keys from the encrypted metadata file. Multiple keys can be used in the encryption process… the same can be done with gnupg - just select multiple receivers.

Once the architecture is examined, it becomes clear that no new public keys can be added to the encryption process of the metadata file unless that file is first decrypted. So, if all keys are lost and the passphrase as well… there’s no known method to retrieve the encrypted files… since there’s no known method to extract the symmetric keys from the asymmetrically encrypted metadata.

Please note, I only spent a few minutes looking at the Nextcloud E2E architecture and whitepaper. So, anyone with more knowledge than I may wish to correct any errors I may have in my understanding.