Skip to content

Bugfix/e2ee fixes for hardware certificate end to end encryption#9514

Merged
mgallien merged 4 commits intomasterfrom
bugfix/e2eeFixCertificateMigration
Feb 26, 2026
Merged

Bugfix/e2ee fixes for hardware certificate end to end encryption#9514
mgallien merged 4 commits intomasterfrom
bugfix/e2eeFixCertificateMigration

Conversation

@mgallien
Copy link
Collaborator

@mgallien mgallien commented Feb 25, 2026

No description provided.

@mgallien mgallien force-pushed the bugfix/e2eeFixCertificateMigration branch 4 times, most recently from 90afdf0 to efc1737 Compare February 25, 2026 14:44
@mgallien mgallien changed the title Bugfix/e2ee fix certificate migration Bugfix/e2ee fixes for hardware certificate end to end encryption Feb 26, 2026
@mgallien mgallien added this to the 33.0.0 milestone Feb 26, 2026
@mgallien mgallien marked this pull request as ready for review February 26, 2026 08:40
@mgallien mgallien force-pushed the bugfix/e2eeFixCertificateMigration branch from b14efb0 to dfa1c77 Compare February 26, 2026 08:58
@github-actions
Copy link

github-actions bot commented Feb 26, 2026

Artifact containing the AppImage: nextcloud-appimage-pr-9514.zip

Digest: sha256:3c540f102e13e96bac49af4db653cde4794edf01b1f43ddf0f43f40a49deb004

To test this change/fix you can download the above artifact file, unzip it, and run it.

Please make sure to quit your existing Nextcloud app and backup your data.

@nilsding nilsding force-pushed the bugfix/e2eeFixCertificateMigration branch from 15b26ba to ffe94a9 Compare February 26, 2026 20:01
@mgallien
Copy link
Collaborator Author

mgallien commented Feb 26, 2026

/backport to stable-33.0

@mgallien mgallien enabled auto-merge February 26, 2026 21:05
@mgallien mgallien disabled auto-merge February 26, 2026 21:06
@mgallien
fix(e2ee): use the correct certificate when recovering folder metadata
4835f73 
we need to use the certificate that was used to encrypt folder metadata
when reading and decrypting them

Signed-off-by: Matthieu Gallien <matthieu.gallien@nextcloud.com>
@mgallien
fix(e2ee): we need a valid certificate finger print for all types
0bef18c 
we also want to get the fingerprint of a software certificate not only
for hardware ones

should enable us to have correct behavior in all cases (and maybe be
able to migrate software certificates if there is a need)

Signed-off-by: Matthieu Gallien <matthieu.gallien@nextcloud.com>
@mgallien
fix(e2ee): store certificate handle rather than key
6f463ec 
during discovery of all certificates, the private key handle can become
invalid

to avoid having invalid references, rather store the certificate handle
and use it to get the cached key

Signed-off-by: Matthieu Gallien <matthieu.gallien@nextcloud.com>
@mgallien
fix(e2ee): generate valid metadata after certificate migration
e216d97 
ensure the proper owner user certificate is used after a migration

Signed-off-by: Matthieu Gallien <matthieu.gallien@nextcloud.com>
@mgallien mgallien force-pushed the bugfix/e2eeFixCertificateMigration branch from ffe94a9 to e216d97 Compare February 26, 2026 21:07
@mgallien mgallien merged commit 07a4c86 into master Feb 26, 2026
17 of 18 checks passed
@mgallien mgallien deleted the bugfix/e2eeFixCertificateMigration branch February 26, 2026 21:07
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 26, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nilsding nilsding nilsding approved these changes

@Aiiaiiio Aiiaiiio Awaiting requested review from Aiiaiiio Aiiaiiio is a code owner

@camilasan camilasan Awaiting requested review from camilasan camilasan is a code owner

@i2h3 i2h3 Awaiting requested review from i2h3 i2h3 is a code owner

Assignees

No one assigned

Labels

3. to review feature: 🔒 end to end encryption

Projects

None yet

Milestone

33.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@mgallien @nilsding