util->isMasterKeyEnabled()) { $output->writeln('Use master key to decrypt all files'); $user = $this->keyManager->getMasterKeyId(); $password = $this->keyManager->getMasterKeyPassword(); } else { $recoveryKeyId = $this->keyManager->getRecoveryKeyId(); if (!empty($user)) { $output->writeln('You can only decrypt the users files if you know'); $output->writeln('the users password or if they activated the recovery key.'); $output->writeln(''); $questionUseLoginPassword = new ConfirmationQuestion( 'Do you want to use the users login password to decrypt all files? (y/n) ', false ); $useLoginPassword = $this->questionHelper->ask($input, $output, $questionUseLoginPassword); if ($useLoginPassword) { $question = new Question('Please enter the user\'s login password: '); } elseif ($this->util->isRecoveryEnabledForUser($user) === false) { $output->writeln('No recovery key available for user ' . $user); return false; } else { $user = $recoveryKeyId; } } else { $output->writeln('You can only decrypt the files of all users if the'); $output->writeln('recovery key is enabled by the admin and activated by the users.'); $output->writeln(''); $user = $recoveryKeyId; } $question->setHidden(true); $question->setHiddenFallback(false); $password = $this->questionHelper->ask($input, $output, $question); } $privateKey = $this->getPrivateKey($user, $password); if ($privateKey !== false) { $this->updateSession($user, $privateKey); return true; } else { $output->writeln('Could not decrypt private key, maybe you entered the wrong password?'); } return false; } /** * get the private key which will be used to decrypt all files * * @param string $user * @param string $password * @return bool|string * @throws PrivateKeyMissingException */ protected function getPrivateKey($user, $password) { $recoveryKeyId = $this->keyManager->getRecoveryKeyId(); $masterKeyId = $this->keyManager->getMasterKeyId(); if ($user === $recoveryKeyId) { $recoveryKey = $this->keyManager->getSystemPrivateKey($recoveryKeyId); $privateKey = $this->crypt->decryptPrivateKey($recoveryKey, $password); } elseif ($user === $masterKeyId) { $masterKey = $this->keyManager->getSystemPrivateKey($masterKeyId); $privateKey = $this->crypt->decryptPrivateKey($masterKey, $password, $masterKeyId); } else { $userKey = $this->keyManager->getPrivateKey($user); $privateKey = $this->crypt->decryptPrivateKey($userKey, $password, $user); } return $privateKey; } protected function updateSession($user, $privateKey) { $this->session->prepareDecryptAll($user, $privateKey); } }