# uname -a

Switch

NotesInformatique › Hacks

Fil des billets

lundi 20 avril 2015

Owncloud 8 : manually decrypt files

Par Mathieu le lundi 20 avril 2015, 19:01

Owncloud has the ability to encrypt files. You can restore your files with a complete backup/restore of your Owncloud folder, but what if you want to restore just one file from a previous backup ? Here is the code for a one-shot file decryption.

This code is the solution I posted on Github : https://github.com/owncloud/core/issues/13591

2015-08-05 : UPDATE : to make it work with binary files, use the following code instead :

<?php

// Replace these with your custom values
$datadir = '_PATH_TO_DATADIR_INCLUDING_TRAILING_SLASH_';
$filepath = 'some/directory/relative/to/datadir/myfile.txt';
$username = '_OWNCLOUD_LOGIN_';
$password = '_OWNCLOUD_PASSWORD_';

require_once '_PATH_TO_OWNCLOUD_/apps/files_encryption/lib/crypt.php';

// first get users private key and decrypt it
$encryptedUserKey = file_get_contents($datadir . $username . '/files_encryption/' . $username . '.privateKey');
$decryptedUserKey = OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedUserKey, $password);

// now we need to decrypt the file-key, therefore we use our private key and the share key
$shareKey = file_get_contents($datadir . $username . '/files_encryption/keys/' . $filepath . '/' . $username . '.shareKey');
$encryptedKeyfile = file_get_contents($datadir . $username . '/files_encryption/keys/' . $filepath . '/fileKey');
$decryptedKeyfile = OCA\Files_Encryption\Crypt::multiKeyDecrypt($encryptedKeyfile, $shareKey, $decryptedUserKey);

// finally we can use the decrypted file-key to decrypt the file
// but first, strip header block
$handle = fopen($datadir . $username . '/files/' . $filepath, 'r');

// if this block contained the header we move on to the next block
if (OCA\Files_Encryption\Crypt::isHeader($data)) {
        $header = OCA\Files_Encryption\Crypt::parseHeader($data);
        $cipher = OCA\Files_Encryption\Crypt::getCipher($header);
} else {
    die('Cannot find header');
}

// Decrypt the content block by block
$decryptedContent = '';
while ($data = fread($handle, OCA\Files_Encryption\Crypt::BLOCKSIZE)) {
    $decryptedContent .= OCA\Files_Encryption\Crypt::symmetricDecryptFileContent($data, $decryptedKeyfile, $cipher);
}
fclose($handle);

// Save the decrypted file
file_put_contents(str_replace('/', '-', $filepath), $decryptedContent);

 

vendredi 13 mars 2015

Configure sender rate limits to prevent spam, using cluebringer (policyd) with Postfix

Par Mathieu le vendredi 13 mars 2015, 09:18

This small how-to will show you how to configure cluebringer (aka policyd) to set a per-hour/per-user limit for sent mails. Note that sending to multiple recipient will count like multiple mails were sent.

This how-to is Debian-oriented but should apply to any unix operating system.

Lire la suite...

8 commentaires

mercredi 25 février 2015

Drupal 7 : create your own image effect for use in image styles

Par Mathieu le mercredi 25 février 2015, 18:56

Drupal comes with many predefined effects, you can combine them in image styles to get the picture you want. But what if you have to make your own effect ? Here is how.

Lire la suite...

vendredi 20 février 2015

Set up an incremental backup with duplicity, rsync, and backupninja on Debian

Par Mathieu le vendredi 20 février 2015, 22:08

Version française.

This is a not-so-concise how-to about setting up an incremental backup, using Backupninja with Duplicity backend on Debian.

Abstract

If you know what a backup is, you should know there are several types of backups :

  • A full backup is when you just copy all your files, hoping that the hard drive on the backup server will not explode after 3 backups.
  • An incremental backup consist in a base full backup, and the next backups are just "diffs" sent to the backup server, to keep track of modified files.

Obviously, a full backup is easier to read and to restore because it's just plain files, whereas an incremental backup has a specific file format to represent diffs. But considering the gain in speed, bandwidth, and disk space, your choice for a long-term backup solution should be the incremental backup.

The tools

Duplicity is an opensource software similar to rdiff-backup. It creates incremental backups. Duplicity can also encrypt your backups, so they can be safely sent to any remote disk provider. A classic setup for Duplicity would be using rsync as a backend to send files faster to the remote backup server, but you can also use a local drive, a remote FTP server, or an Amazon E3 cloud server. As the title says, I will be using rsync for that setup.

But what about databases ? Databases can't be saved by simply copying files, it could lead to corrupted and unusable data in your backups, so you would use a backup script to fetch your databases before sending it to Duplicity.

Good news : backupninja is the global solution you need. Backupninja is a sort of "backup-master" : it can fetch different type of data (files, databases...) from different sources and sent it to different destinations (plain backup, duplicity, etc). you just have to write a specific config file for each source !

We will use backupninja to fetch our databases, we will add these SQL archives to our files backup, send this to Duplicity backend, and finally send it to our backup server with rsync. And with just 3 config files (one by SQL type, one for Duplicity and rsync).

Let's go !

Lire la suite...

2 commentaires

vendredi 5 décembre 2014

Drupal 7 : integrate a simple payment workflow with Payment module

Par Mathieu le vendredi 5 décembre 2014, 15:00

Payment forms are common these days, and Drupal has already many out-of-the-box modules to implement a web shop.

But these modules are often very cumbersome, complicated, and not-so-easy to tweak for your own needs.

So, let’s (re)start from the beginning: let’s implement our own Payment form with Payment, and throw Ubercart, Commerce, and all his friends away.

Note that the use of Payment is compatible with Ubercart and Commerce, but please let me make it simpler.

Lire la suite...

- page 6 de 12 -