1
0

Crypt.php 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Bjoern Schiessle <bjoern@schiessle.org>
  6. * @author Björn Schießle <bjoern@schiessle.org>
  7. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  8. * @author Clark Tomlinson <fallen013@gmail.com>
  9. * @author Joas Schilling <coding@schilljs.com>
  10. * @author Lukas Reschke <lukas@statuscode.ch>
  11. * @author Morris Jobke <hey@morrisjobke.de>
  12. * @author Roeland Jago Douma <roeland@famdouma.nl>
  13. * @author Stefan Weiberg <sweiberg@suse.com>
  14. * @author Thomas Müller <thomas.mueller@tmit.eu>
  15. *
  16. * @license AGPL-3.0
  17. *
  18. * This code is free software: you can redistribute it and/or modify
  19. * it under the terms of the GNU Affero General Public License, version 3,
  20. * as published by the Free Software Foundation.
  21. *
  22. * This program is distributed in the hope that it will be useful,
  23. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  24. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  25. * GNU Affero General Public License for more details.
  26. *
  27. * You should have received a copy of the GNU Affero General Public License, version 3,
  28. * along with this program. If not, see <http://www.gnu.org/licenses/>
  29. *
  30. */
  31. namespace OCA\Encryption\Crypto;
  32. use OC\Encryption\Exceptions\DecryptionFailedException;
  33. use OC\Encryption\Exceptions\EncryptionFailedException;
  34. use OC\ServerNotAvailableException;
  35. use OCA\Encryption\Exceptions\MultiKeyDecryptException;
  36. use OCA\Encryption\Exceptions\MultiKeyEncryptException;
  37. use OCP\Encryption\Exceptions\GenericEncryptionException;
  38. use OCP\IConfig;
  39. use OCP\IL10N;
  40. use OCP\ILogger;
  41. use OCP\IUserSession;
  42. /**
  43. * Class Crypt provides the encryption implementation of the default Nextcloud
  44. * encryption module. As default AES-256-CTR is used, it does however offer support
  45. * for the following modes:
  46. *
  47. * - AES-256-CTR
  48. * - AES-128-CTR
  49. * - AES-256-CFB
  50. * - AES-128-CFB
  51. *
  52. * For integrity protection Encrypt-Then-MAC using HMAC-SHA256 is used.
  53. *
  54. * @package OCA\Encryption\Crypto
  55. */
  56. class Crypt {
  57. public const DEFAULT_CIPHER = 'AES-256-CTR';
  58. // default cipher from old Nextcloud versions
  59. public const LEGACY_CIPHER = 'AES-128-CFB';
  60. // default key format, old Nextcloud version encrypted the private key directly
  61. // with the user password
  62. public const LEGACY_KEY_FORMAT = 'password';
  63. public const HEADER_START = 'HBEGIN';
  64. public const HEADER_END = 'HEND';
  65. /** @var ILogger */
  66. private $logger;
  67. /** @var string */
  68. private $user;
  69. /** @var IConfig */
  70. private $config;
  71. /** @var array */
  72. private $supportedKeyFormats;
  73. /** @var IL10N */
  74. private $l;
  75. /** @var array */
  76. private $supportedCiphersAndKeySize = [
  77. 'AES-256-CTR' => 32,
  78. 'AES-128-CTR' => 16,
  79. 'AES-256-CFB' => 32,
  80. 'AES-128-CFB' => 16,
  81. ];
  82. /** @var bool */
  83. private $supportLegacy;
  84. /**
  85. * @param ILogger $logger
  86. * @param IUserSession $userSession
  87. * @param IConfig $config
  88. * @param IL10N $l
  89. */
  90. public function __construct(ILogger $logger, IUserSession $userSession, IConfig $config, IL10N $l) {
  91. $this->logger = $logger;
  92. $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : '"no user given"';
  93. $this->config = $config;
  94. $this->l = $l;
  95. $this->supportedKeyFormats = ['hash2', 'hash', 'password'];
  96. $this->supportLegacy = $this->config->getSystemValueBool('encryption.legacy_format_support', false);
  97. }
  98. /**
  99. * create new private/public key-pair for user
  100. *
  101. * @return array|bool
  102. */
  103. public function createKeyPair() {
  104. $log = $this->logger;
  105. $res = $this->getOpenSSLPKey();
  106. if (!$res) {
  107. $log->error("Encryption Library couldn't generate users key-pair for {$this->user}",
  108. ['app' => 'encryption']);
  109. if (openssl_error_string()) {
  110. $log->error('Encryption library openssl_pkey_new() fails: ' . openssl_error_string(),
  111. ['app' => 'encryption']);
  112. }
  113. } elseif (openssl_pkey_export($res,
  114. $privateKey,
  115. null,
  116. $this->getOpenSSLConfig())) {
  117. $keyDetails = openssl_pkey_get_details($res);
  118. $publicKey = $keyDetails['key'];
  119. return [
  120. 'publicKey' => $publicKey,
  121. 'privateKey' => $privateKey
  122. ];
  123. }
  124. $log->error('Encryption library couldn\'t export users private key, please check your servers OpenSSL configuration.' . $this->user,
  125. ['app' => 'encryption']);
  126. if (openssl_error_string()) {
  127. $log->error('Encryption Library:' . openssl_error_string(),
  128. ['app' => 'encryption']);
  129. }
  130. return false;
  131. }
  132. /**
  133. * Generates a new private key
  134. *
  135. * @return resource
  136. */
  137. public function getOpenSSLPKey() {
  138. $config = $this->getOpenSSLConfig();
  139. return openssl_pkey_new($config);
  140. }
  141. /**
  142. * get openSSL Config
  143. *
  144. * @return array
  145. */
  146. private function getOpenSSLConfig() {
  147. $config = ['private_key_bits' => 4096];
  148. $config = array_merge(
  149. $config,
  150. $this->config->getSystemValue('openssl', [])
  151. );
  152. return $config;
  153. }
  154. /**
  155. * @param string $plainContent
  156. * @param string $passPhrase
  157. * @param int $version
  158. * @param int $position
  159. * @return false|string
  160. * @throws EncryptionFailedException
  161. */
  162. public function symmetricEncryptFileContent($plainContent, $passPhrase, $version, $position) {
  163. if (!$plainContent) {
  164. $this->logger->error('Encryption Library, symmetrical encryption failed no content given',
  165. ['app' => 'encryption']);
  166. return false;
  167. }
  168. $iv = $this->generateIv();
  169. $encryptedContent = $this->encrypt($plainContent,
  170. $iv,
  171. $passPhrase,
  172. $this->getCipher());
  173. // Create a signature based on the key as well as the current version
  174. $sig = $this->createSignature($encryptedContent, $passPhrase.'_'.$version.'_'.$position);
  175. // combine content to encrypt the IV identifier and actual IV
  176. $catFile = $this->concatIV($encryptedContent, $iv);
  177. $catFile = $this->concatSig($catFile, $sig);
  178. return $this->addPadding($catFile);
  179. }
  180. /**
  181. * generate header for encrypted file
  182. *
  183. * @param string $keyFormat (can be 'hash2', 'hash' or 'password')
  184. * @return string
  185. * @throws \InvalidArgumentException
  186. */
  187. public function generateHeader($keyFormat = 'hash2') {
  188. if (in_array($keyFormat, $this->supportedKeyFormats, true) === false) {
  189. throw new \InvalidArgumentException('key format "' . $keyFormat . '" is not supported');
  190. }
  191. $cipher = $this->getCipher();
  192. $header = self::HEADER_START
  193. . ':cipher:' . $cipher
  194. . ':keyFormat:' . $keyFormat
  195. . ':' . self::HEADER_END;
  196. return $header;
  197. }
  198. /**
  199. * @param string $plainContent
  200. * @param string $iv
  201. * @param string $passPhrase
  202. * @param string $cipher
  203. * @return string
  204. * @throws EncryptionFailedException
  205. */
  206. private function encrypt($plainContent, $iv, $passPhrase = '', $cipher = self::DEFAULT_CIPHER) {
  207. $encryptedContent = openssl_encrypt($plainContent,
  208. $cipher,
  209. $passPhrase,
  210. false,
  211. $iv);
  212. if (!$encryptedContent) {
  213. $error = 'Encryption (symmetric) of content failed';
  214. $this->logger->error($error . openssl_error_string(),
  215. ['app' => 'encryption']);
  216. throw new EncryptionFailedException($error);
  217. }
  218. return $encryptedContent;
  219. }
  220. /**
  221. * return Cipher either from config.php or the default cipher defined in
  222. * this class
  223. *
  224. * @return string
  225. */
  226. public function getCipher() {
  227. $cipher = $this->config->getSystemValue('cipher', self::DEFAULT_CIPHER);
  228. if (!isset($this->supportedCiphersAndKeySize[$cipher])) {
  229. $this->logger->warning(
  230. sprintf(
  231. 'Unsupported cipher (%s) defined in config.php supported. Falling back to %s',
  232. $cipher,
  233. self::DEFAULT_CIPHER
  234. ),
  235. ['app' => 'encryption']);
  236. $cipher = self::DEFAULT_CIPHER;
  237. }
  238. // Workaround for OpenSSL 0.9.8. Fallback to an old cipher that should work.
  239. if (OPENSSL_VERSION_NUMBER < 0x1000101f) {
  240. if ($cipher === 'AES-256-CTR' || $cipher === 'AES-128-CTR') {
  241. $cipher = self::LEGACY_CIPHER;
  242. }
  243. }
  244. return $cipher;
  245. }
  246. /**
  247. * get key size depending on the cipher
  248. *
  249. * @param string $cipher
  250. * @return int
  251. * @throws \InvalidArgumentException
  252. */
  253. protected function getKeySize($cipher) {
  254. if (isset($this->supportedCiphersAndKeySize[$cipher])) {
  255. return $this->supportedCiphersAndKeySize[$cipher];
  256. }
  257. throw new \InvalidArgumentException(
  258. sprintf(
  259. 'Unsupported cipher (%s) defined.',
  260. $cipher
  261. )
  262. );
  263. }
  264. /**
  265. * get legacy cipher
  266. *
  267. * @return string
  268. */
  269. public function getLegacyCipher() {
  270. if (!$this->supportLegacy) {
  271. throw new ServerNotAvailableException('Legacy cipher is no longer supported!');
  272. }
  273. return self::LEGACY_CIPHER;
  274. }
  275. /**
  276. * @param string $encryptedContent
  277. * @param string $iv
  278. * @return string
  279. */
  280. private function concatIV($encryptedContent, $iv) {
  281. return $encryptedContent . '00iv00' . $iv;
  282. }
  283. /**
  284. * @param string $encryptedContent
  285. * @param string $signature
  286. * @return string
  287. */
  288. private function concatSig($encryptedContent, $signature) {
  289. return $encryptedContent . '00sig00' . $signature;
  290. }
  291. /**
  292. * Note: This is _NOT_ a padding used for encryption purposes. It is solely
  293. * used to achieve the PHP stream size. It has _NOTHING_ to do with the
  294. * encrypted content and is not used in any crypto primitive.
  295. *
  296. * @param string $data
  297. * @return string
  298. */
  299. private function addPadding($data) {
  300. return $data . 'xxx';
  301. }
  302. /**
  303. * generate password hash used to encrypt the users private key
  304. *
  305. * @param string $password
  306. * @param string $cipher
  307. * @param string $uid only used for user keys
  308. * @return string
  309. */
  310. protected function generatePasswordHash(string $password, string $cipher, string $uid = '', int $iterations = 600000): string {
  311. $instanceId = $this->config->getSystemValue('instanceid');
  312. $instanceSecret = $this->config->getSystemValue('secret');
  313. $salt = hash('sha256', $uid . $instanceId . $instanceSecret, true);
  314. $keySize = $this->getKeySize($cipher);
  315. return hash_pbkdf2(
  316. 'sha256',
  317. $password,
  318. $salt,
  319. $iterations,
  320. $keySize,
  321. true
  322. );
  323. }
  324. /**
  325. * encrypt private key
  326. *
  327. * @param string $privateKey
  328. * @param string $password
  329. * @param string $uid for regular users, empty for system keys
  330. * @return false|string
  331. */
  332. public function encryptPrivateKey($privateKey, $password, $uid = '') {
  333. $cipher = $this->getCipher();
  334. $hash = $this->generatePasswordHash($password, $cipher, $uid);
  335. $encryptedKey = $this->symmetricEncryptFileContent(
  336. $privateKey,
  337. $hash,
  338. 0,
  339. 0
  340. );
  341. return $encryptedKey;
  342. }
  343. /**
  344. * @param string $privateKey
  345. * @param string $password
  346. * @param string $uid for regular users, empty for system keys
  347. * @return false|string
  348. */
  349. public function decryptPrivateKey($privateKey, $password = '', $uid = '') {
  350. $header = $this->parseHeader($privateKey);
  351. if (isset($header['cipher'])) {
  352. $cipher = $header['cipher'];
  353. } else {
  354. $cipher = $this->getLegacyCipher();
  355. }
  356. if (isset($header['keyFormat'])) {
  357. $keyFormat = $header['keyFormat'];
  358. } else {
  359. $keyFormat = self::LEGACY_KEY_FORMAT;
  360. }
  361. if ($keyFormat === 'hash') {
  362. $password = $this->generatePasswordHash($password, $cipher, $uid, 100000);
  363. } elseif ($keyFormat === 'hash2') {
  364. $password = $this->generatePasswordHash($password, $cipher, $uid, 600000);
  365. }
  366. // If we found a header we need to remove it from the key we want to decrypt
  367. if (!empty($header)) {
  368. $privateKey = substr($privateKey,
  369. strpos($privateKey,
  370. self::HEADER_END) + strlen(self::HEADER_END));
  371. }
  372. $plainKey = $this->symmetricDecryptFileContent(
  373. $privateKey,
  374. $password,
  375. $cipher,
  376. 0
  377. );
  378. if ($this->isValidPrivateKey($plainKey) === false) {
  379. return false;
  380. }
  381. return $plainKey;
  382. }
  383. /**
  384. * check if it is a valid private key
  385. *
  386. * @param string $plainKey
  387. * @return bool
  388. */
  389. protected function isValidPrivateKey($plainKey) {
  390. $res = openssl_get_privatekey($plainKey);
  391. if (is_resource($res)) {
  392. $sslInfo = openssl_pkey_get_details($res);
  393. if (isset($sslInfo['key'])) {
  394. return true;
  395. }
  396. }
  397. return false;
  398. }
  399. /**
  400. * @param string $keyFileContents
  401. * @param string $passPhrase
  402. * @param string $cipher
  403. * @param int $version
  404. * @param int|string $position
  405. * @return string
  406. * @throws DecryptionFailedException
  407. */
  408. public function symmetricDecryptFileContent($keyFileContents, $passPhrase, $cipher = self::DEFAULT_CIPHER, $version = 0, $position = 0) {
  409. if ($keyFileContents == '') {
  410. return '';
  411. }
  412. $catFile = $this->splitMetaData($keyFileContents, $cipher);
  413. if ($catFile['signature'] !== false) {
  414. try {
  415. // First try the new format
  416. $this->checkSignature($catFile['encrypted'], $passPhrase . '_' . $version . '_' . $position, $catFile['signature']);
  417. } catch (GenericEncryptionException $e) {
  418. // For compatibility with old files check the version without _
  419. $this->checkSignature($catFile['encrypted'], $passPhrase . $version . $position, $catFile['signature']);
  420. }
  421. }
  422. return $this->decrypt($catFile['encrypted'],
  423. $catFile['iv'],
  424. $passPhrase,
  425. $cipher);
  426. }
  427. /**
  428. * check for valid signature
  429. *
  430. * @param string $data
  431. * @param string $passPhrase
  432. * @param string $expectedSignature
  433. * @throws GenericEncryptionException
  434. */
  435. private function checkSignature($data, $passPhrase, $expectedSignature) {
  436. $enforceSignature = !$this->config->getSystemValue('encryption_skip_signature_check', false);
  437. $signature = $this->createSignature($data, $passPhrase);
  438. $isCorrectHash = hash_equals($expectedSignature, $signature);
  439. if (!$isCorrectHash && $enforceSignature) {
  440. throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature'));
  441. } elseif (!$isCorrectHash && !$enforceSignature) {
  442. $this->logger->info("Signature check skipped", ['app' => 'encryption']);
  443. }
  444. }
  445. /**
  446. * create signature
  447. *
  448. * @param string $data
  449. * @param string $passPhrase
  450. * @return string
  451. */
  452. private function createSignature($data, $passPhrase) {
  453. $passPhrase = hash('sha512', $passPhrase . 'a', true);
  454. return hash_hmac('sha256', $data, $passPhrase);
  455. }
  456. /**
  457. * remove padding
  458. *
  459. * @param string $padded
  460. * @param bool $hasSignature did the block contain a signature, in this case we use a different padding
  461. * @return string|false
  462. */
  463. private function removePadding($padded, $hasSignature = false) {
  464. if ($hasSignature === false && substr($padded, -2) === 'xx') {
  465. return substr($padded, 0, -2);
  466. } elseif ($hasSignature === true && substr($padded, -3) === 'xxx') {
  467. return substr($padded, 0, -3);
  468. }
  469. return false;
  470. }
  471. /**
  472. * split meta data from encrypted file
  473. * Note: for now, we assume that the meta data always start with the iv
  474. * followed by the signature, if available
  475. *
  476. * @param string $catFile
  477. * @param string $cipher
  478. * @return array
  479. */
  480. private function splitMetaData($catFile, $cipher) {
  481. if ($this->hasSignature($catFile, $cipher)) {
  482. $catFile = $this->removePadding($catFile, true);
  483. $meta = substr($catFile, -93);
  484. $iv = substr($meta, strlen('00iv00'), 16);
  485. $sig = substr($meta, 22 + strlen('00sig00'));
  486. $encrypted = substr($catFile, 0, -93);
  487. } else {
  488. $catFile = $this->removePadding($catFile);
  489. $meta = substr($catFile, -22);
  490. $iv = substr($meta, -16);
  491. $sig = false;
  492. $encrypted = substr($catFile, 0, -22);
  493. }
  494. return [
  495. 'encrypted' => $encrypted,
  496. 'iv' => $iv,
  497. 'signature' => $sig
  498. ];
  499. }
  500. /**
  501. * check if encrypted block is signed
  502. *
  503. * @param string $catFile
  504. * @param string $cipher
  505. * @return bool
  506. * @throws GenericEncryptionException
  507. */
  508. private function hasSignature($catFile, $cipher) {
  509. $skipSignatureCheck = $this->config->getSystemValue('encryption_skip_signature_check', false);
  510. $meta = substr($catFile, -93);
  511. $signaturePosition = strpos($meta, '00sig00');
  512. // If we no longer support the legacy format then everything needs a signature
  513. if (!$skipSignatureCheck && !$this->supportLegacy && $signaturePosition === false) {
  514. throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature'));
  515. }
  516. // enforce signature for the new 'CTR' ciphers
  517. if (!$skipSignatureCheck && $signaturePosition === false && stripos($cipher, 'ctr') !== false) {
  518. throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature'));
  519. }
  520. return ($signaturePosition !== false);
  521. }
  522. /**
  523. * @param string $encryptedContent
  524. * @param string $iv
  525. * @param string $passPhrase
  526. * @param string $cipher
  527. * @return string
  528. * @throws DecryptionFailedException
  529. */
  530. private function decrypt($encryptedContent, $iv, $passPhrase = '', $cipher = self::DEFAULT_CIPHER) {
  531. $plainContent = openssl_decrypt($encryptedContent,
  532. $cipher,
  533. $passPhrase,
  534. false,
  535. $iv);
  536. if ($plainContent) {
  537. return $plainContent;
  538. } else {
  539. throw new DecryptionFailedException('Encryption library: Decryption (symmetric) of content failed: ' . openssl_error_string());
  540. }
  541. }
  542. /**
  543. * @param string $data
  544. * @return array
  545. */
  546. protected function parseHeader($data) {
  547. $result = [];
  548. if (substr($data, 0, strlen(self::HEADER_START)) === self::HEADER_START) {
  549. $endAt = strpos($data, self::HEADER_END);
  550. $header = substr($data, 0, $endAt + strlen(self::HEADER_END));
  551. // +1 not to start with an ':' which would result in empty element at the beginning
  552. $exploded = explode(':',
  553. substr($header, strlen(self::HEADER_START) + 1));
  554. $element = array_shift($exploded);
  555. while ($element !== self::HEADER_END) {
  556. $result[$element] = array_shift($exploded);
  557. $element = array_shift($exploded);
  558. }
  559. }
  560. return $result;
  561. }
  562. /**
  563. * generate initialization vector
  564. *
  565. * @return string
  566. * @throws GenericEncryptionException
  567. */
  568. private function generateIv() {
  569. return random_bytes(16);
  570. }
  571. /**
  572. * Generate a cryptographically secure pseudo-random 256-bit ASCII key, used
  573. * as file key
  574. *
  575. * @return string
  576. * @throws \Exception
  577. */
  578. public function generateFileKey() {
  579. return random_bytes(32);
  580. }
  581. /**
  582. * @param $encKeyFile
  583. * @param $shareKey
  584. * @param $privateKey
  585. * @return string
  586. * @throws MultiKeyDecryptException
  587. */
  588. public function multiKeyDecrypt($encKeyFile, $shareKey, $privateKey) {
  589. if (!$encKeyFile) {
  590. throw new MultiKeyDecryptException('Cannot multikey decrypt empty plain content');
  591. }
  592. if (openssl_open($encKeyFile, $plainContent, $shareKey, $privateKey)) {
  593. return $plainContent;
  594. } else {
  595. throw new MultiKeyDecryptException('multikeydecrypt with share key failed:' . openssl_error_string());
  596. }
  597. }
  598. /**
  599. * @param string $plainContent
  600. * @param array $keyFiles
  601. * @return array
  602. * @throws MultiKeyEncryptException
  603. */
  604. public function multiKeyEncrypt($plainContent, array $keyFiles) {
  605. // openssl_seal returns false without errors if plaincontent is empty
  606. // so trigger our own error
  607. if (empty($plainContent)) {
  608. throw new MultiKeyEncryptException('Cannot multikeyencrypt empty plain content');
  609. }
  610. // Set empty vars to be set by openssl by reference
  611. $sealed = '';
  612. $shareKeys = [];
  613. $mappedShareKeys = [];
  614. if (openssl_seal($plainContent, $sealed, $shareKeys, $keyFiles)) {
  615. $i = 0;
  616. // Ensure each shareKey is labelled with its corresponding key id
  617. foreach ($keyFiles as $userId => $publicKey) {
  618. $mappedShareKeys[$userId] = $shareKeys[$i];
  619. $i++;
  620. }
  621. return [
  622. 'keys' => $mappedShareKeys,
  623. 'data' => $sealed
  624. ];
  625. } else {
  626. throw new MultiKeyEncryptException('multikeyencryption failed ' . openssl_error_string());
  627. }
  628. }
  629. }