-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add user:keys:verify command #43646
Add user:keys:verify command #43646
Conversation
d0322ff
to
1aa71d4
Compare
Doc add at nextcloud/documentation#11580 |
I saw that on a production instance for a single user. Is it possible that two requests end up generating a new keypair and one wins to store the private key and one the public key? Otherwise I am not really sure how to end up in that situation. The instance in question uses S3 to store data, in case that makes a difference. Ref server/lib/private/Security/IdentityProof/Manager.php Lines 99 to 103 in 1d8d43f
Ref |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good apart from nitpick
92e56a1
to
ccf1331
Compare
Thanks! Changed as suggested and updated the documentation. |
ccf1331
to
a429e5a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn’t that be part of the encryption application actually?
Since the keypair is handled in server (https://github.com/nextcloud/server/blob/master/lib/private/Security/IdentityProof/Manager.php) and is also used outside of encryption (e.g. for push at https://github.com/nextcloud/notifications/blob/8c752c19903c7db7e7ea766289258cc9f9df2130/lib/Push.php#L320), I don't think so? |
a429e5a
to
5fd899e
Compare
Signed-off-by: Marcel Müller <[email protected]>
5fd899e
to
e23e89f
Compare
Summary
This occ command checks if the stored public key belongs to the stored private key. In case of a mismatch, some nextcloud functionality is broken (e.g. push proxy registration fails). While this should not happen, it is hard to debug when we end up in such a situation. The command is for verification only, in a next step we could add a second command to update the stored public key.
Checklist