UVF support #274

overheadhunter · 2024-05-10T05:19:20Z

This PR adds fundamental support for UVF-based vaults. During vault creation either format is selected. There is no migration of format 8 based vaults planned. Vault access tokens either contain a format 8 Masterkey OR a UVF member key (which is an A256KW key for the vault.uvf file).

Notable changes:

split up crypto implementation into uvf.ts and vaultv8.ts, leaving common crypto in crypto.ts
make jwe.ts capable of handling compact as well as json serialization with support for ECDH-ES (legacy, decrypt only), ECDH-ES+A256KW, PBES2+A256KW and A256KW, allowing encryption for multiple recipients
add new vault fields to database and DTOs to allow storing a vault.uvf file as well as the public part of a recovery key pair
instead of serializing the masterkey, the recovery key consists of a serialized private key

TODO

bump API level

# Conflicts: # backend/src/test/java/org/cryptomator/hub/api/VaultResourceTest.java

# Conflicts: # backend/src/main/java/org/cryptomator/hub/api/VaultResource.java # backend/src/main/java/org/cryptomator/hub/entities/Vault.java # backend/src/test/java/org/cryptomator/hub/api/VaultResourceIT.java # frontend/src/components/VaultDetails.vue

[ci skip]

in access token

# Conflicts: # backend/src/main/java/org/cryptomator/hub/entities/User.java # backend/src/main/resources/org/cryptomator/hub/flyway/ERM.png # frontend/src/common/crypto.ts # frontend/src/components/CreateVault.vue # frontend/src/components/GrantPermissionDialog.vue # frontend/src/components/InitialSetup.vue # frontend/src/components/ManageSetupCode.vue # frontend/src/components/RecoverVaultDialog.vue # frontend/src/components/RegenerateSetupCodeDialog.vue # frontend/src/components/VaultDetails.vue # frontend/test/common/crypto.spec.ts

# Conflicts: # backend/src/main/resources/org/cryptomator/hub/flyway/ERM.png # frontend/src/common/jwt.ts # frontend/src/components/GrantPermissionDialog.vue # frontend/src/components/VaultDetails.vue # frontend/test/common/crypto.spec.ts

# Conflicts: # frontend/package-lock.json # frontend/package.json # frontend/src/common/jwe.ts # frontend/src/components/AdminSettings.vue # frontend/src/components/GrantPermissionDialog.vue # frontend/src/components/UserProfile.vue # frontend/test/common/crypto.spec.ts # frontend/test/common/jwe.spec.ts

overheadhunter and others added 30 commits March 2, 2024 12:10

add "alg": "A256KW" support for JWEs

2d080ea

uvf metadata (WiP).

d109cff

remove dead code from backend.ts for now

55633f1

disentangle v8 and uvf based vaults

fe7ff3d

move vault format 8 code to separate file

be8803c

move UVF code to separate file

b51cc59

adjust UVF payload to latest spec

a9f12d4

Merge branch 'develop' into feature/uvf

cdf5571

# Conflicts: # backend/src/test/java/org/cryptomator/hub/api/VaultResourceTest.java

new JWE API supporting compact and JSON format

3f77d16

use correct AlgorithmID for Concat KDF

3646379

added tests

f1c14fd

type cleanup

aa1690f

include recovery key in UVF metadata

e6e028a

create UVF-based vault

a85cf3c

store uvf metadata and recovery key in vault table

32f2743

adjusted to DTO model

a63ef34

Merge branch 'develop' into feature/uvf

6ce1569

grant permission to UVF vault

01c8a06

fix autocompletion mistake

36eb79c

use common interfaces for VF8 and UVF

3cf9c8e

fix linter errors

69f0360

experimental implementation of serializePrivateKey()

7bddc62

make config.ts usable during tests

ba05d8b

deduplicate "encrypt for user"

3d1db01

store recovery key among vault key in access token

6b46862

reordered fields

cb4e53a

[ci skip]

store recovery key as PKCS8 instead of words

b294f55

in access token

adjusted parameter order

a3fc184

fix mocha test explorer: document is not defined

aeafffe

overheadhunter and others added 25 commits May 21, 2024 14:59

split up computeDirId and computeDirIdHash

81e9ab4

add dir.uvf file to vault template

9c3ab12

refine test

ec4415d

show also uvf recovery key in vault details

2947b80

fix linter hints

2d03e39

(unfinished) rework recover Vault dialog

bf85c2a

Do not erase uploaded file on failed upload

8d86446

improve error handling

57cfd0a

define event listeners as functions

b1f9fc4

remove unused Error class

a667e0d

set vault type during recovery

871b6de

minor adjustments

3368768

add additional verification to vaultformat 8 module

b43a946

Add negative test for vaultFormat8 verfiy and recover

ea77daf

reduce diff

c2fe768

add doc string

b2cb75d

add tests for simple jwt parsing

64d8ff6

improve error handling

eaaad24

add error translations

597b2cc

more wording/translations

b7a0687

fix display bug

afd370f

use new JWE parser in userdata.ts

917fedc

dedup

847ecc4

adjust DTO to carry both EC keys

26369a5

chenkins mentioned this pull request Jun 6, 2024

Initial version key uvf documentation. cryptomator/docs#55

Draft

overheadhunter added 4 commits July 12, 2024 19:11

Merge branch 'develop' into feature/uvf

e77ca7a

# Conflicts: # backend/src/main/resources/org/cryptomator/hub/flyway/ERM.png # frontend/src/common/jwt.ts # frontend/src/components/GrantPermissionDialog.vue # frontend/src/components/VaultDetails.vue # frontend/test/common/crypto.spec.ts

fixed test

fd0add4

fixed linter warnings

68eb5d9

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

UVF support #274

UVF support #274

overheadhunter commented May 10, 2024 •

edited

Loading

UVF support #274

Are you sure you want to change the base?

UVF support #274

Conversation

overheadhunter commented May 10, 2024 • edited Loading

overheadhunter commented May 10, 2024 •

edited

Loading