How to change standard password key for account data encryption in Files-plugin.


  • Translator

    According to /etc/kopano/webapp/config-files.php we should change standard password key for account data encryption. The file only documents how many characters and bits should be used (bits and characters…) . It would be better if that file also documented how this should be chanced. Now it just says:
    /**

    • Standard password key for account data encryption. We recommend to change the default value for security reasons
    • and a length of 16 characters. Data is only encrypted when the openssl module is installed
    • IV vector should be 8 bits long
      */

    I used this:
    FILES_PASSWORD_KEY:
    $ head -c 8 /dev/urandom | xxd -ps
    FILES_PASSWORD_IV:
    $ head -c 4 /dev/urandom | xxd -ps

    Thinking about it, I should also been able to use “pwgen -s -y 16 1” and “pwgen -s -y 8 1”, probably better.

    On another note, the file /etc/kopano/webapp/config-files.php is readable by all, wouldn’t it be better if the owner of that file was www-data, and not readable by all? This is on Debian 8.10 with kopano-webapp-plugin-files 2.1.0.222+26.1