Merge pull request #2378 from nextcloud/e2ee_12

E2ee Version 1.2

Brand/Database.swift

@@ -26,4 +26,4 @@ import Foundation
 // Database Realm
 //
 let databaseName                    = "nextcloud.realm"
-let databaseSchemaVersion: UInt64   = 266
+let databaseSchemaVersion: UInt64   = 268

Nextcloud.xcodeproj/project.pbxproj

@@ -3941,7 +3941,7 @@
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				COPY_PHASE_STRIP = NO;
-				CURRENT_PROJECT_VERSION = 2;
+				CURRENT_PROJECT_VERSION = 3;
 				DEVELOPMENT_TEAM = NKUJUXUJ3B;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_TESTABILITY = YES;
@@ -4004,7 +4004,7 @@
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				COPY_PHASE_STRIP = NO;
-				CURRENT_PROJECT_VERSION = 2;
+				CURRENT_PROJECT_VERSION = 3;
 				DEVELOPMENT_TEAM = NKUJUXUJ3B;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_TESTABILITY = YES;

iOSClient/Data/NCManageDatabase+E2EE.swift

@@ -38,10 +38,9 @@ class tableE2eEncryption: Object {
     @objc dynamic var initializationVector = ""
     @objc dynamic var metadataKey = ""
     @objc dynamic var metadataKeyIndex: Int = 0
-    @objc dynamic var metadataVersion: Int = 1
+    @objc dynamic var metadataVersion: Double = 0
     @objc dynamic var mimeType = ""
     @objc dynamic var serverUrl = ""
-    @objc dynamic var version: Int = 1
 
     override static func primaryKey() -> String {
         return "fileNamePath"

iOSClient/Extensions/UIAlertController+Extension.swift

@@ -38,7 +38,7 @@ extension UIAlertController {
             guard let fileNameFolder = alertController.textFields?.first?.text else { return }
             if markE2ee {
                 Task {
-                    let error = await NCNetworkingE2EECreateFolder.shared.createFolderAndMarkE2EE(fileName: fileNameFolder, serverUrl: serverUrl)
+                    let error = await NCNetworkingE2EECreateFolder.shared.createFolderAndMarkE2EE(fileName: fileNameFolder, serverUrl: serverUrl, account: urlBase.account)
                     if error != .success {
                         NCContentPresenter.shared.showError(error: error)
                     }

iOSClient/Main/Collection Common/NCCollectionViewCommon.swift

@@ -1124,7 +1124,7 @@ class NCCollectionViewCommon: UIViewController, UIGestureRecognizerDelegate, UIS
                     if let metadataFolder = metadataFolder, metadataFolder.e2eEncrypted, CCUtility.isEnd(toEndEnabled: self.appDelegate.account) {
                         NextcloudKit.shared.getE2EEMetadata(fileId: metadataFolder.ocId, e2eToken: nil) { account, e2eMetadata, data, error in
                             if error == .success, let e2eMetadata = e2eMetadata {
-                                if NCEndToEndMetadata().decoderMetadata(e2eMetadata, serverUrl: self.serverUrl, account: self.appDelegate.account, urlBase: self.appDelegate.urlBase, userId: self.appDelegate.userId) {
+                                if NCEndToEndMetadata().decoderMetadata(e2eMetadata, serverUrl: self.serverUrl, account: self.appDelegate.account, urlBase: self.appDelegate.urlBase, userId: self.appDelegate.userId, ownerId: metadataFolder.ownerId) {
                                     self.reloadDataSource()
                                 } else {
                                     let error = NKError(errorCode: NCGlobal.shared.errorDecodeMetadata, errorDescription: "_e2e_error_decode_metadata_")

iOSClient/NCGlobal.swift

@@ -127,8 +127,8 @@ class NCGlobal: NSObject {
     //
     let e2eeMaxFileSize: UInt64                     = 500000000     // 500 MB
     let e2eePassphraseTest                          = "more over television factory tendency independence international intellectual impress interest sentence pony"
-    @objc let e2eeVersion                           = "1.1"
-    
+    @objc let e2eeReadVersions                      = ["1.1", "1.2"]
+
     // Video
     //
     let maxHTTPCache: Int64                         = 10000000000   // 10 GB

iOSClient/Networking/E2EE/NCEndToEndEncryption.h

@@ -35,17 +35,17 @@
 
 - (NSString *)createCSR:(NSString *)userId directory:(NSString *)directory;
 - (NSString *)encryptPrivateKey:(NSString *)userId directory: (NSString *)directory passphrase:(NSString *)passphrase privateKey:(NSString **)privateKey;
-- (NSString *)decryptPrivateKey:(NSString *)privateKeyCipher passphrase:(NSString *)passphrase publicKey:(NSString *)publicKey;
+- (NSData *)decryptPrivateKey:(NSString *)privateKeyCipher passphrase:(NSString *)passphrase publicKey:(NSString *)publicKey;
 
 - (NSData *)encryptAsymmetricString:(NSString *)plain publicKey:(NSString *)publicKey privateKey:(NSString *)privateKey;
-- (NSString *)decryptAsymmetricData:(NSData *)cipherData privateKey:(NSString *)privateKey;
+- (NSData *)decryptAsymmetricData:(NSData *)cipherData privateKey:(NSString *)privateKey;
 
 - (NSString *)encryptEncryptedJson:(NSString *)encrypted key:(NSString *)key;
-- (NSString *)decryptEncryptedJson:(NSString *)encrypted key:(NSString *)key;
+- (NSData *)decryptEncryptedJson:(NSString *)encrypted key:(NSString *)key;
 
 - (void)encryptkey:(NSString **)key initializationVector:(NSString **)initializationVector;
-- (BOOL)encryptFileName:(NSString *)fileName fileNameIdentifier:(NSString *)fileNameIdentifier directory:(NSString *)directory key:(NSString **)key initializationVector:(NSString **)initializationVector authenticationTag:(NSString **)authenticationTag;
-- (BOOL)decryptFileName:(NSString *)fileName fileNameView:(NSString *)fileNameView ocId:(NSString *)ocId key:(NSString *)key initializationVector:(NSString *)initializationVector authenticationTag:(NSString *)authenticationTag;
+- (BOOL)encryptFile:(NSString *)fileName fileNameIdentifier:(NSString *)fileNameIdentifier directory:(NSString *)directory key:(NSString **)key initializationVector:(NSString **)initializationVector authenticationTag:(NSString **)authenticationTag;
+- (BOOL)decryptFile:(NSString *)fileName fileNameView:(NSString *)fileNameView ocId:(NSString *)ocId key:(NSString *)key initializationVector:(NSString *)initializationVector authenticationTag:(NSString *)authenticationTag;
 
 - (NSData *)generateKey:(int)length;
 - (NSString *)createSHA512:(NSString *)string;

iOSClient/Networking/E2EE/NCEndToEndEncryption.m

@@ -350,12 +350,10 @@
     NSData *ivData = [self generateIV:AES_IVEC_LENGTH];
     NSData *tagData = [NSData new];
     
-    /* ENCODE 64 privateKey JAVA compatibility */
-    NSString *privateKeyBase64 = [_privateKeyData base64EncodedStringWithOptions:0];
-    NSData *privateKeyBase64Data = [privateKeyBase64 dataUsingEncoding:NSUTF8StringEncoding];
-    /* --------------------------------------- */
-    
-    BOOL result = [self encryptData:privateKeyBase64Data cipherData:&privateKeyCipherData keyData:keyData keyLen:AES_KEY_256_LENGTH ivData:ivData tagData:&tagData];
+    NSString *pkEncoded = [_privateKeyData base64EncodedStringWithOptions:0];
+    NSData *pkEncodedData = [pkEncoded dataUsingEncoding:NSUTF8StringEncoding];
+
+    BOOL result = [self encryptData:pkEncodedData cipherData:&privateKeyCipherData keyData:keyData keyLen:AES_KEY_256_LENGTH ivData:ivData tagData:&tagData];
     
     if (result && privateKeyCipherData) {
         
@@ -373,11 +371,10 @@
     }
 }
 
-- (NSString *)decryptPrivateKey:(NSString *)privateKeyCipher passphrase:(NSString *)passphrase publicKey:(NSString *)publicKey
+- (NSData *)decryptPrivateKey:(NSString *)privateKeyCipher passphrase:(NSString *)passphrase publicKey:(NSString *)publicKey
 {
     NSMutableData *privateKeyData = [NSMutableData new];
-    NSString *privateKey = @"";
-    
+
     // Key (data)
     NSMutableData *keyData = [NSMutableData dataWithLength:PBKDF2_KEY_LENGTH/8];
     
@@ -395,7 +392,10 @@
     NSData *tagData = [[NSData alloc] initWithBase64EncodedString:tagBase64 options:0];
     NSData *ivData = [[NSData alloc] initWithBase64EncodedString:privateKeyCipherArray[1] options:0];
     NSData *saltData = [[NSData alloc] initWithBase64EncodedString:privateKeyCipherArray[2] options:0];
-    
+
+    // Remove TAG
+    privateKeyCipherData = [privateKeyCipherData subdataWithRange:NSMakeRange(0, privateKeyCipherData.length - AES_GCM_TAG_LENGTH)];
+
     // Remove all whitespaces from passphrase
     passphrase = [passphrase stringByReplacingOccurrencesOfString:@" " withString:@""];
     
@@ -403,31 +403,11 @@
     
     BOOL result = [self decryptData:privateKeyCipherData plainData:&privateKeyData keyData:keyData keyLen:AES_KEY_256_LENGTH ivData:ivData tagData:tagData];
     
-    if (result && privateKeyData)
-        
-        /* DENCODE 64 privateKey JAVA compatibility */
-        privateKey = [self base64DecodeData:privateKeyData];
-        /* ---------------------------------------- */
-    
-        if (privateKey) {
-        
-            NSData *encryptData = [self encryptAsymmetricString:ASYMMETRIC_STRING_TEST publicKey:publicKey privateKey:nil];
-            if (!encryptData)
-                return nil;
-        
-            NSString *decryptString = [self decryptAsymmetricData:encryptData privateKey:privateKey];
-        
-            if (decryptString && [decryptString isEqualToString:ASYMMETRIC_STRING_TEST])
-                return privateKey;
-            else
-                return nil;
-            
-            return privateKey;
-            
-    } else {
-        
-        return nil;
+    if (result && privateKeyData) {
+        return privateKeyData;
     }
+
+    return nil;
 }
 
 #
@@ -439,19 +419,17 @@
     NSMutableData *cipherData;
     NSData *tagData = [NSData new];
     
-    // ENCODE 64 encrypted JAVA compatibility */
-    NSData *encryptedData = [encrypted dataUsingEncoding:NSUTF8StringEncoding];
-    NSString *encryptedDataBase64 = [encryptedData base64EncodedStringWithOptions:0];
-    NSData *encryptedData64Data = [encryptedDataBase64 dataUsingEncoding:NSUTF8StringEncoding];
-    /* --------------------------------------- */
-    
+    NSData *data = [encrypted dataUsingEncoding:NSUTF8StringEncoding];
+    NSString *data64 = [data base64EncodedStringWithOptions:0];
+    data = [data64 dataUsingEncoding:NSUTF8StringEncoding];
+
     // Key
     NSData *keyData = [[NSData alloc] initWithBase64EncodedString:key options:0];
 
     // IV
     NSData *ivData = [self generateIV:AES_IVEC_LENGTH];
     
-    BOOL result = [self encryptData:encryptedData64Data cipherData:&cipherData keyData:keyData keyLen:AES_KEY_128_LENGTH ivData:ivData tagData:&tagData];
+    BOOL result = [self encryptData:data cipherData:&cipherData keyData:keyData keyLen:AES_KEY_128_LENGTH ivData:ivData tagData:&tagData];
     
     if (cipherData != nil && result) {
         
@@ -465,7 +443,8 @@
     return nil;
 }
 
-- (NSString *)decryptEncryptedJson:(NSString *)encrypted key:(NSString *)key
+
+- (NSData *)decryptEncryptedJson:(NSString *)encrypted key:(NSString *)key
 {
     NSMutableData *plainData;
     NSRange range = [encrypted rangeOfString:IV_DELIMITER_ENCODED];
@@ -475,14 +454,14 @@
             return nil;
         }
     }
-    
+
     // Cipher
     NSString *cipher = [encrypted substringToIndex:(range.location)];
     NSData *cipherData = [[NSData alloc] initWithBase64EncodedString:cipher options:0];
-    
+
     // Key
     NSData *keyData = [[NSData alloc] initWithBase64EncodedString:key options:0];
-    
+
     // IV
     NSString *iv  = [encrypted substringWithRange:NSMakeRange(range.location + range.length, encrypted.length - (range.location + range.length))];
     NSData *ivData = [[NSData alloc] initWithBase64EncodedString:iv options:0];
@@ -490,18 +469,16 @@
     // TAG
     NSString *tag = [cipher substringWithRange:NSMakeRange(cipher.length - AES_GCM_TAG_LENGTH, AES_GCM_TAG_LENGTH)];
     NSData *tagData = [[NSData alloc] initWithBase64EncodedString:tag options:0];
-    
+
+    // REMOVE TAG
+    cipherData = [cipherData subdataWithRange:NSMakeRange(0, cipherData.length - AES_GCM_TAG_LENGTH)];
+
     BOOL result = [self decryptData:cipherData plainData:&plainData keyData:keyData keyLen:AES_KEY_128_LENGTH ivData:ivData tagData:tagData];
-    
+
     if (plainData != nil && result) {
-        
-        /* DENCODE 64 JAVA compatibility            */
-        NSString *plain = [self base64DecodeData:plainData];
-        /* ---------------------------------------- */
-    
-        return plain;
+        return plainData;
     }
-        
+
     return nil;
 }
 
@@ -519,7 +496,7 @@
 }
 
 
-- (BOOL)encryptFileName:(NSString *)fileName fileNameIdentifier:(NSString *)fileNameIdentifier directory:(NSString *)directory key:(NSString **)key initializationVector:(NSString **)initializationVector authenticationTag:(NSString **)authenticationTag
+- (BOOL)encryptFile:(NSString *)fileName fileNameIdentifier:(NSString *)fileNameIdentifier directory:(NSString *)directory key:(NSString **)key initializationVector:(NSString **)initializationVector authenticationTag:(NSString **)authenticationTag
 {
     NSMutableData *cipherData;
     NSData *tagData;
@@ -551,7 +528,7 @@
     return false;
 }
 
-- (BOOL)decryptFileName:(NSString *)fileName fileNameView:(NSString *)fileNameView ocId:(NSString *)ocId key:(NSString *)key initializationVector:(NSString *)initializationVector authenticationTag:(NSString *)authenticationTag
+- (BOOL)decryptFile:(NSString *)fileName fileNameView:(NSString *)fileNameView ocId:(NSString *)ocId key:(NSString *)key initializationVector:(NSString *)initializationVector authenticationTag:(NSString *)authenticationTag
 {
     NSMutableData *plainData;
 
@@ -659,7 +636,7 @@
     return outData;
 }
 
-- (NSString *)decryptAsymmetricData:(NSData *)cipherData privateKey:(NSString *)privateKey
+- (NSData *)decryptAsymmetricData:(NSData *)cipherData privateKey:(NSString *)privateKey
 {
     unsigned char *pKey = (unsigned char *)[privateKey UTF8String];
     int status = 0;
@@ -701,13 +678,14 @@
     status = EVP_PKEY_decrypt(ctx, out, &outLen, [cipherData bytes], (int)[cipherData length]);
     if (status <= 0)
         return nil;
-    
-    NSString *outString = [[NSString alloc] initWithBytes:out length:outLen encoding:NSUTF8StringEncoding];
-    
+
+    NSData *outData = [[NSData alloc] initWithBytes:out length:outLen];
+    //NSString *out64 = [outData base64EncodedStringWithOptions:0];
+
     if (out)
         free(out);
     
-    return outString;
+    return outData;
 }
 
 #
@@ -778,11 +756,10 @@
     // Get the tag
     status = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, (int)sizeof(cTag), cTag);
     *tagData = [NSData dataWithBytes:cTag length:sizeof(cTag)];
-    
-    // Add TAG JAVA compatibility
+
+    // Append TAG
     [*cipherData appendData:*tagData];
-    // --------------------------
-    
+
     // Free
     EVP_CIPHER_CTX_free(ctx);
     
@@ -837,10 +814,6 @@
     if (status <= 0)
         return NO;
     
-    // Remove TAG JAVA compatibility
-    cipherData = [cipherData subdataWithRange:NSMakeRange(0, cipherData.length - AES_GCM_TAG_LENGTH)];
-    // -----------------------------
-    
     // Provide the message to be decrypted, and obtain the plaintext output
     *plainData = [NSMutableData dataWithLength:([cipherData length])];
     int cPlainLen = 0;
@@ -957,69 +930,6 @@
     return [NSString stringWithString:hexString];
 }
 
-/*
-- (NSData *)base64Encode:(NSData *)input
-{
-    void *bytes;
-
-    BIO *buffer = BIO_new(BIO_s_mem());
-    BIO *base64 = BIO_new(BIO_f_base64());
-    buffer = BIO_push(base64, buffer);
-    BIO_write(buffer, [input bytes], (int)[input length]);
-    
-    NSUInteger length = BIO_get_mem_data(buffer, &bytes);
-    NSString *string = [[NSString alloc] initWithBytes:bytes length:length encoding:NSUTF8StringEncoding];
-    
-    BIO_free_all(buffer);
-    
-    return [string dataUsingEncoding:NSUTF8StringEncoding];
-}
-*/
-
-- (NSString *)base64DecodeData:(NSData *)input
-{
-    NSMutableData *data = [NSMutableData data];
-
-    BIO *buffer = BIO_new_mem_buf((void *)[input bytes], (int)[input length]);
-    BIO *base64 = BIO_new(BIO_f_base64());
-    buffer = BIO_push(base64, buffer);
-    BIO_set_flags(base64, BIO_FLAGS_BASE64_NO_NL);
-    
-    char chars[input.length];
-    int length = BIO_read(buffer, chars, (int)sizeof(chars));
-    while (length > 0) {
-        [data appendBytes:chars length:length];
-        length = BIO_read(buffer, chars, (int)sizeof(chars));
-    }
-    
-    BIO_free_all(buffer);
-    
-    return [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
-}
-
-- (NSData *)base64DecodeString:(NSString *)input
-{
-    NSMutableData *data = [NSMutableData data];
-    
-    NSData *inputData = [input dataUsingEncoding:NSUTF8StringEncoding];
-
-    BIO *buffer = BIO_new_mem_buf((void *)[inputData bytes], (int)[inputData length]);
-    BIO *base64 = BIO_new(BIO_f_base64());
-    buffer = BIO_push(base64, buffer);
-    BIO_set_flags(base64, BIO_FLAGS_BASE64_NO_NL);
-    
-    char chars[input.length];
-    int length = BIO_read(buffer, chars, (int)sizeof(chars));
-    while (length > 0) {
-        [data appendBytes:chars length:length];
-        length = BIO_read(buffer, chars, (int)sizeof(chars));
-    }
-    
-    BIO_free_all(buffer);
-    
-    return data;
-}
-
 - (NSString *)derToPemPrivateKey:(NSString *)input
 {
     NSInteger substringLength = 65;

iOSClient/Networking/E2EE/NCEndToEndMetadata.swift

@@ -26,38 +26,52 @@ import NextcloudKit
 
 class NCEndToEndMetadata: NSObject {
 
-    struct E2ee: Codable {
+    struct E2eeV1: Codable {
 
         struct Metadata: Codable {
             let metadataKeys: [String: String]
-            let version: Int
+            let version: Double
         }
 
-        /*
-        Version 2
-        struct Sharing: Codable {
-            let recipient: [String: String]
+        struct Encrypted: Codable {
+            let key: String
+            let filename: String
+            let mimetype: String
+        }
+
+        struct Files: Codable {
+            let initializationVector: String
+            let authenticationTag: String?
+            let metadataKey: Int
+            let encrypted: String
+        }
+
+        let metadata: Metadata
+        let files: [String: Files]?
+    }
+
+    struct E2eeV12: Codable {
+
+        struct Metadata: Codable {
+            let metadataKey: String
+            let version: Double
         }
-        */
 
         struct Encrypted: Codable {
             let key: String
             let filename: String
             let mimetype: String
-            let version: Int
         }
 
         struct Files: Codable {
             let initializationVector: String
             let authenticationTag: String?
-            let metadataKey: Int
             let encrypted: String
         }
 
         struct Filedrop: Codable {
             let initializationVector: String
             let authenticationTag: String?
-            let metadataKey: Int
             let encrypted: String
         }
 
@@ -67,18 +81,18 @@ class NCEndToEndMetadata: NSObject {
     }
 
     // --------------------------------------------------------------------------------------------
-    // MARK: Encode JSON Metadata
+    // MARK: Encode JSON Metadata V1.2
     // --------------------------------------------------------------------------------------------
 
     func encoderMetadata(_ items: [tableE2eEncryption], account: String, serverUrl: String) -> String? {
 
         let encoder = JSONEncoder()
-        var metadataKeys: [String: String] = [:]
-        let metadataVersion: Int = 1
-        var files: [String: E2ee.Files] = [:]
-        var filesCodable: [String: E2ee.Files]?
-        var filedrop: [String: E2ee.Filedrop] = [:]
-        var filedropCodable: [String: E2ee.Filedrop]?
+        var metadataKey: String = ""
+        let metadataVersion = 1.2
+        var files: [String: E2eeV12.Files] = [:]
+        var filesCodable: [String: E2eeV12.Files]?
+        var filedrop: [String: E2eeV12.Filedrop] = [:]
+        var filedropCodable: [String: E2eeV12.Filedrop]?
         let privateKey = CCUtility.getEndToEndPrivateKey(account)
 
         for item in items {
@@ -88,21 +102,20 @@ class NCEndToEndMetadata: NSObject {
             //
             if let metadatakey = (item.metadataKey.data(using: .utf8)?.base64EncodedString()),
                let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricString(metadatakey, publicKey: nil, privateKey: privateKey) {
-                let metadataKeyEncryptedBase64 = metadataKeyEncrypted.base64EncodedString()
-                metadataKeys["\(item.metadataKeyIndex)"] = metadataKeyEncryptedBase64
+                metadataKey = metadataKeyEncrypted.base64EncodedString()
             }
 
             //
             // files
             //
             if item.blob == "files" {
-                let encrypted = E2ee.Encrypted(key: item.key, filename: item.fileName, mimetype: item.mimeType, version: item.version)
+                let encrypted = E2eeV12.Encrypted(key: item.key, filename: item.fileName, mimetype: item.mimeType)
                 do {
                     // Create "encrypted"
                     let json = try encoder.encode(encrypted)
                     let encryptedString = String(data: json, encoding: .utf8)
                     if let encrypted = NCEndToEndEncryption.sharedManager().encryptEncryptedJson(encryptedString, key: item.metadataKey) {
-                        let record = E2ee.Files(initializationVector: item.initializationVector, authenticationTag: item.authenticationTag, metadataKey: 0, encrypted: encrypted)
+                        let record = E2eeV12.Files(initializationVector: item.initializationVector, authenticationTag: item.authenticationTag, encrypted: encrypted)
                         files.updateValue(record, forKey: item.fileNameIdentifier)
                     }
                 } catch let error {
@@ -115,14 +128,14 @@ class NCEndToEndMetadata: NSObject {
             // filedrop
             //
             if item.blob == "filedrop" {
-                let encrypted = E2ee.Encrypted(key: item.key, filename: item.fileName, mimetype: item.mimeType, version: item.version)
+                let encrypted = E2eeV12.Encrypted(key: item.key, filename: item.fileName, mimetype: item.mimeType)
                 do {
                     // Create "encrypted"
                     let json = try encoder.encode(encrypted)
                     let encryptedString = (json.base64EncodedString())
                     if let encryptedData = NCEndToEndEncryption.sharedManager().encryptAsymmetricString(encryptedString, publicKey: nil, privateKey: privateKey) {
                         let encrypted = encryptedData.base64EncodedString()
-                        let record = E2ee.Filedrop(initializationVector: item.initializationVector, authenticationTag: item.authenticationTag, metadataKey: 0, encrypted: encrypted)
+                        let record = E2eeV12.Filedrop(initializationVector: item.initializationVector, authenticationTag: item.authenticationTag, encrypted: encrypted)
                         filedrop.updateValue(record, forKey: item.fileNameIdentifier)
                     }
                 } catch let error {
@@ -133,10 +146,10 @@ class NCEndToEndMetadata: NSObject {
         }
 
         // Create Json
-        let metadata = E2ee.Metadata(metadataKeys: metadataKeys, version: metadataVersion)
+        let metadata = E2eeV12.Metadata(metadataKey: metadataKey, version: metadataVersion)
         if !files.isEmpty { filesCodable = files }
         if !filedrop.isEmpty { filedropCodable = filedrop }
-        let e2ee = E2ee(metadata: metadata, files: filesCodable, filedrop: filedropCodable)
+        let e2ee = E2eeV12(metadata: metadata, files: filesCodable, filedrop: filedropCodable)
         do {
             let data = try encoder.encode(e2ee)
             data.printJson()
@@ -149,10 +162,33 @@ class NCEndToEndMetadata: NSObject {
     }
 
     // --------------------------------------------------------------------------------------------
-    // MARK: Decode JSON Metadata
+    // MARK: Decode JSON Metadata Bridge
+    // --------------------------------------------------------------------------------------------
+
+    func decoderMetadata(_ json: String, serverUrl: String, account: String, urlBase: String, userId: String, ownerId: String?) -> Bool {
+        guard let data = json.data(using: .utf8) else { return false }
+
+        let versionE2EE = NCManageDatabase.shared.getCapabilitiesServerString(account: account, elements: NCElementsJSON.shared.capabilitiesE2EEApiVersion) ?? ""
+        data.printJson()
+
+        let decoder = JSONDecoder()
+
+        if (try? decoder.decode(E2eeV1.self, from: data)) != nil {
+            return decoderMetadataV1(json, serverUrl: serverUrl, account: account, urlBase: urlBase, userId: userId)
+        } else if (try? decoder.decode(E2eeV12.self, from: data)) != nil {
+            return decoderMetadataV12(json, serverUrl: serverUrl, account: account, urlBase: urlBase, userId: userId, ownerId: ownerId)
+        } else {
+            let error = NKError(errorCode: NCGlobal.shared.errorInternalError, errorDescription: "Server E2EE version " + versionE2EE + ", not compatible")
+            NCContentPresenter.shared.showError(error: error)
+            return false
+        }
+    }
+
+    // --------------------------------------------------------------------------------------------
+    // MARK: Decode JSON Metadata V1
     // --------------------------------------------------------------------------------------------
 
-    func decoderMetadata(_ json: String, serverUrl: String, account: String, urlBase: String, userId: String) -> Bool {
+    func decoderMetadataV1(_ json: String, serverUrl: String, account: String, urlBase: String, userId: String) -> Bool {
         guard let data = json.data(using: .utf8) else { return false }
 
         let decoder = JSONDecoder()
@@ -160,22 +196,21 @@ class NCEndToEndMetadata: NSObject {
 
         do {
             data.printJson()
-            let json = try decoder.decode(E2ee.self, from: data)
+            let json = try decoder.decode(E2eeV1.self, from: data)
 
             let metadata = json.metadata
             let files = json.files
-            let filedrop = json.filedrop
             var metadataKeys: [String: String] = [:]
-            let metadataVersion: Int = metadata.version
+            let metadataVersion = metadata.version
 
             //
             // metadata
             //
             for metadataKey in metadata.metadataKeys {
-                if let metadataKeyData: NSData = NSData(base64Encoded: metadataKey.value, options: NSData.Base64DecodingOptions(rawValue: 0)),
-                   let metadataKeyBase64 = NCEndToEndEncryption.sharedManager().decryptAsymmetricData(metadataKeyData as Data?, privateKey: privateKey),
-                   let metadataKeyBase64Data = Data(base64Encoded: metadataKeyBase64, options: NSData.Base64DecodingOptions(rawValue: 0)),
-                   let key = String(data: metadataKeyBase64Data, encoding: .utf8) {
+                let data = Data(base64Encoded: metadataKey.value)
+                if let decrypted = NCEndToEndEncryption.sharedManager().decryptAsymmetricData(data, privateKey: privateKey),
+                   let keyData = Data(base64Encoded: decrypted) {
+                    let key = String(data: keyData, encoding: .utf8)
                     metadataKeys[metadataKey.key] = key
                 }
             }
@@ -186,7 +221,7 @@ class NCEndToEndMetadata: NSObject {
             if let files = files {
                 for files in files {
                     let fileNameIdentifier = files.key
-                    let files = files.value as E2ee.Files
+                    let files = files.value as E2eeV1.Files
 
                     let encrypted = files.encrypted
                     let authenticationTag = files.authenticationTag
@@ -194,10 +229,10 @@ class NCEndToEndMetadata: NSObject {
                     let metadataKeyIndex = files.metadataKey
                     let initializationVector = files.initializationVector
 
-                    if let encrypted = NCEndToEndEncryption.sharedManager().decryptEncryptedJson(encrypted, key: metadataKey),
-                       let encryptedData = encrypted.data(using: .utf8) {
+                    if let decrypted = NCEndToEndEncryption.sharedManager().decryptEncryptedJson(encrypted, key: metadataKey),
+                       let decryptedData = Data(base64Encoded: decrypted) {
                         do {
-                            let encrypted = try decoder.decode(E2ee.Encrypted.self, from: encryptedData)
+                            let encrypted = try decoder.decode(E2eeV1.Encrypted.self, from: decryptedData)
 
                             if let metadata = NCManageDatabase.shared.getMetadata(predicate: NSPredicate(format: "account == %@ AND fileName == %@", account, fileNameIdentifier)) {
 
@@ -216,7 +251,108 @@ class NCEndToEndMetadata: NSObject {
                                 object.metadataVersion = metadataVersion
                                 object.mimeType = encrypted.mimetype
                                 object.serverUrl = serverUrl
-                                object.version = encrypted.version
+
+                                // If exists remove records
+                                NCManageDatabase.shared.deleteE2eEncryption(predicate: NSPredicate(format: "account == %@ AND fileNamePath == %@", object.account, object.fileNamePath))
+                                NCManageDatabase.shared.deleteE2eEncryption(predicate: NSPredicate(format: "account == %@ AND fileNameIdentifier == %@", object.account, object.fileNameIdentifier))
+
+                                // Write file parameter for decrypted on DB
+                                NCManageDatabase.shared.addE2eEncryption(object)
+
+                                // Update metadata on tableMetadata
+                                metadata.fileNameView = encrypted.filename
+
+                                let results = NextcloudKit.shared.nkCommonInstance.getInternalType(fileName: encrypted.filename, mimeType: metadata.contentType, directory: metadata.directory)
+
+                                metadata.contentType = results.mimeType
+                                metadata.iconName = results.iconName
+                                metadata.classFile = results.classFile
+
+                                NCManageDatabase.shared.addMetadata(metadata)
+                            }
+
+                        } catch let error {
+                            print("Serious internal error in decoding files (" + error.localizedDescription + ")")
+                            return false
+                        }
+                    }
+                }
+            }
+        } catch let error {
+            print("Serious internal error in decoding metadata (" + error.localizedDescription + ")")
+            return false
+        }
+
+        return true
+    }
+
+    // --------------------------------------------------------------------------------------------
+    // MARK: Decode JSON Metadata V12
+    // --------------------------------------------------------------------------------------------
+
+    func decoderMetadataV12(_ json: String, serverUrl: String, account: String, urlBase: String, userId: String, ownerId: String?) -> Bool {
+        guard let data = json.data(using: .utf8) else { return false }
+
+        let decoder = JSONDecoder()
+        let privateKey = CCUtility.getEndToEndPrivateKey(account)
+
+        do {
+            data.printJson()
+            let json = try decoder.decode(E2eeV12.self, from: data)
+
+            let metadata = json.metadata
+            let files = json.files
+            let filedrop = json.filedrop
+            var metadataKey = ""
+            let metadataVersion = metadata.version
+
+            //
+            // metadata
+            //
+            let data = Data(base64Encoded: metadata.metadataKey)
+            if let decrypted = NCEndToEndEncryption.sharedManager().decryptAsymmetricData(data, privateKey: privateKey),
+                let keyData = Data(base64Encoded: decrypted),
+                let key = String(data: keyData, encoding: .utf8) {
+                metadataKey = key
+            } else {
+                print("Serious internal error in decoding metadataKey")
+                return false
+            }
+
+            //
+            // files
+            //
+            if let files = files {
+                for files in files {
+                    let fileNameIdentifier = files.key
+                    let files = files.value as E2eeV12.Files
+
+                    let encrypted = files.encrypted
+                    let authenticationTag = files.authenticationTag
+                    let initializationVector = files.initializationVector
+
+                    if let decrypted = NCEndToEndEncryption.sharedManager().decryptEncryptedJson(encrypted, key: metadataKey),
+                       let decryptedData = Data(base64Encoded: decrypted) {
+                        do {
+                            decryptedData.printJson()
+                            let encrypted = try decoder.decode(E2eeV12.Encrypted.self, from: decryptedData)
+
+                            if let metadata = NCManageDatabase.shared.getMetadata(predicate: NSPredicate(format: "account == %@ AND fileName == %@", account, fileNameIdentifier)) {
+
+                                let object = tableE2eEncryption()
+
+                                object.account = account
+                                object.authenticationTag = authenticationTag ?? ""
+                                object.blob = "files"
+                                object.fileName = encrypted.filename
+                                object.fileNameIdentifier = fileNameIdentifier
+                                object.fileNamePath = CCUtility.returnFileNamePath(fromFileName: encrypted.filename, serverUrl: serverUrl, urlBase: urlBase, userId: userId, account: account)
+                                object.key = encrypted.key
+                                object.initializationVector = initializationVector
+                                object.metadataKey = metadataKey
+                                object.metadataVersion = metadataVersion
+                                object.mimeType = encrypted.mimetype
+                                object.serverUrl = serverUrl
 
                                 // If exists remove records
                                 NCManageDatabase.shared.deleteE2eEncryption(predicate: NSPredicate(format: "account == %@ AND fileNamePath == %@", object.account, object.fileNamePath))
@@ -251,22 +387,25 @@ class NCEndToEndMetadata: NSObject {
             if let filedrop = filedrop {
                 for filedrop in filedrop {
                     let fileNameIdentifier = filedrop.key
-                    let filedrop = filedrop.value as E2ee.Filedrop
+                    let filedrop = filedrop.value as E2eeV12.Filedrop
 
                     let encrypted = filedrop.encrypted
                     let authenticationTag = filedrop.authenticationTag
-                    guard let metadataKey = metadataKeys["\(filedrop.metadataKey)"] else { continue }
-                    let metadataKeyIndex = filedrop.metadataKey
                     let initializationVector = filedrop.initializationVector
 
+                    /*
                     if let encryptedData = NSData(base64Encoded: encrypted, options: NSData.Base64DecodingOptions(rawValue: 0)),
                        let encryptedBase64 = NCEndToEndEncryption.sharedManager().decryptAsymmetricData(encryptedData as Data?, privateKey: privateKey),
                        let encryptedBase64Data = Data(base64Encoded: encryptedBase64, options: NSData.Base64DecodingOptions(rawValue: 0)),
                        let encrypted = String(data: encryptedBase64Data, encoding: .utf8),
                        let encryptedData = encrypted.data(using: .utf8) {
+                     */
 
+                    let data = Data(base64Encoded: encrypted)
+                    if let decrypted = NCEndToEndEncryption.sharedManager().decryptAsymmetricData(data, privateKey: privateKey),
+                       let decryptedData = Data(base64Encoded: decrypted) {
                         do {
-                            let encrypted = try decoder.decode(E2ee.Encrypted.self, from: encryptedData)
+                            let encrypted = try decoder.decode(E2eeV1.Encrypted.self, from: decryptedData)
 
                             if let metadata = NCManageDatabase.shared.getMetadata(predicate: NSPredicate(format: "account == %@ AND fileName == %@", account, fileNameIdentifier)) {
 
@@ -281,11 +420,9 @@ class NCEndToEndMetadata: NSObject {
                                 object.key = encrypted.key
                                 object.initializationVector = initializationVector
                                 object.metadataKey = metadataKey
-                                object.metadataKeyIndex = metadataKeyIndex
                                 object.metadataVersion = metadataVersion
                                 object.mimeType = encrypted.mimetype
                                 object.serverUrl = serverUrl
-                                object.version = encrypted.version
 
                                 // If exists remove records
                                 NCManageDatabase.shared.deleteE2eEncryption(predicate: NSPredicate(format: "account == %@ AND fileNamePath == %@", object.account, object.fileNamePath))

iOSClient/Networking/E2EE/NCNetworkingE2EE.swift

@@ -31,6 +31,17 @@ class NCNetworkingE2EE: NSObject {
         return instance
     }()
 
+    func isE2EEVersionWriteable(account: String) -> NKError? {
+
+        let versionE2EE = NCManageDatabase.shared.getCapabilitiesServerString(account: account, elements: NCElementsJSON.shared.capabilitiesE2EEApiVersion) ?? ""
+
+        if NCGlobal.shared.e2eeReadVersions.last == versionE2EE {
+            return nil
+        }
+        
+        return NKError(errorCode: NCGlobal.shared.errorInternalError, errorDescription: "_e2e_error_not_versionwriteable_")
+    }
+
     func generateRandomIdentifier() -> String {
 
         var UUID = NSUUID().uuidString

iOSClient/Networking/E2EE/NCNetworkingE2EECreateFolder.swift

@@ -32,7 +32,11 @@ class NCNetworkingE2EECreateFolder: NSObject {
         return instance
     }()
 
-    func createFolderAndMarkE2EE(fileName: String, serverUrl: String) async -> NKError {
+    func createFolderAndMarkE2EE(fileName: String, serverUrl: String, account: String) async -> NKError {
+
+        if let error = NCNetworkingE2EE.shared.isE2EEVersionWriteable(account: account) {
+            return error
+        }
 
         let serverUrlFileName = serverUrl + "/" + fileName
         var error = NKError()
@@ -63,6 +67,10 @@ class NCNetworkingE2EECreateFolder: NSObject {
 
     func createFolder(fileName: String, serverUrl: String, account: String, urlBase: String, userId: String, withPush: Bool) async -> (NKError) {
 
+        if let error = NCNetworkingE2EE.shared.isE2EEVersionWriteable(account: account) {
+            return error
+        }
+        
         var fileNameFolder = CCUtility.removeForbiddenCharactersServer(fileName)!
         var serverUrlFileName = ""
         var fileNameIdentifier = ""
@@ -112,7 +120,7 @@ class NCNetworkingE2EECreateFolder: NSObject {
         // Get last metadata
         let getE2EEMetadataResults = await NextcloudKit.shared.getE2EEMetadata(fileId: fileIdLock, e2eToken: e2eToken)
         if getE2EEMetadataResults.error == .success, let e2eMetadata = getE2EEMetadataResults.e2eMetadata {
-            if !NCEndToEndMetadata().decoderMetadata(e2eMetadata, serverUrl: serverUrl, account: account, urlBase: urlBase, userId: userId) {
+            if !NCEndToEndMetadata().decoderMetadata(e2eMetadata, serverUrl: serverUrl, account: account, urlBase: urlBase, userId: userId, ownerId: nil) {
                 return NKError(errorCode: NCGlobal.shared.errorInternalError, errorDescription: NSLocalizedString("_e2e_error_encode_metadata_", comment: ""))
             }
             method = "PUT"
@@ -136,7 +144,6 @@ class NCNetworkingE2EECreateFolder: NSObject {
         }
         object.mimeType = "httpd/unix-directory"
         object.serverUrl = serverUrl
-        object.version = 1
         NCManageDatabase.shared.addE2eEncryption(object)
 
         // Rebuild metadata for send it

iOSClient/Networking/E2EE/NCNetworkingE2EEDelete.swift

@@ -34,6 +34,10 @@ class NCNetworkingE2EEDelete: NSObject {
 
     func delete(metadata: tableMetadata) async -> (NKError) {
 
+        if let error = NCNetworkingE2EE.shared.isE2EEVersionWriteable(account: metadata.account) {
+            return error
+        }
+
         var error = NKError()
 
         func sendE2EMetadata(e2eToken: String, fileId: String) async -> (NKError) {
@@ -43,7 +47,7 @@ class NCNetworkingE2EEDelete: NSObject {
 
             // Get last metadata
             let getE2EEMetadataResults = await NextcloudKit.shared.getE2EEMetadata(fileId: fileId, e2eToken: e2eToken)
-            guard getE2EEMetadataResults.error == .success, let e2eMetadata = getE2EEMetadataResults.e2eMetadata, NCEndToEndMetadata().decoderMetadata(e2eMetadata, serverUrl: metadata.serverUrl, account: metadata.account, urlBase: metadata.urlBase, userId: metadata.userId) else {
+            guard getE2EEMetadataResults.error == .success, let e2eMetadata = getE2EEMetadataResults.e2eMetadata, NCEndToEndMetadata().decoderMetadata(e2eMetadata, serverUrl: metadata.serverUrl, account: metadata.account, urlBase: metadata.urlBase, userId: metadata.userId, ownerId: metadata.ownerId) else {
                     return NKError(errorCode: NCGlobal.shared.errorInternalError, errorDescription: NSLocalizedString("_e2e_error_encode_metadata_", comment: ""))
             }
 

iOSClient/Networking/E2EE/NCNetworkingE2EERename.swift

@@ -34,13 +34,17 @@ class NCNetworkingE2EERename: NSObject {
 
     func rename(metadata: tableMetadata, fileNameNew: String) async -> (NKError) {
 
+        if let error = NCNetworkingE2EE.shared.isE2EEVersionWriteable(account: metadata.account) {
+            return error
+        }
+        
         var error = NKError()
 
         func sendE2EMetadata(e2eToken: String, fileId: String) async -> (NKError) {
 
             // Get last metadata
             let getE2EEMetadataResults = await NextcloudKit.shared.getE2EEMetadata(fileId: fileId, e2eToken: e2eToken)
-            guard getE2EEMetadataResults.error == .success, let e2eMetadata = getE2EEMetadataResults.e2eMetadata, NCEndToEndMetadata().decoderMetadata(e2eMetadata, serverUrl: metadata.serverUrl, account: metadata.account, urlBase: metadata.urlBase, userId: metadata.userId) else {
+            guard getE2EEMetadataResults.error == .success, let e2eMetadata = getE2EEMetadataResults.e2eMetadata, NCEndToEndMetadata().decoderMetadata(e2eMetadata, serverUrl: metadata.serverUrl, account: metadata.account, urlBase: metadata.urlBase, userId: metadata.userId, ownerId: metadata.ownerId) else {
                 return NKError(errorCode: NCGlobal.shared.errorInternalError, errorDescription: NSLocalizedString("_e2e_error_encode_metadata_", comment: ""))
             }
 

iOSClient/Networking/E2EE/NCNetworkingE2EEUpload.swift

@@ -44,6 +44,12 @@ class NCNetworkingE2EEUpload: NSObject {
 
     func upload(metadata: tableMetadata, uploadE2EEDelegate: uploadE2EEDelegate? = nil) async -> (NKError) {
 
+        if let error = NCNetworkingE2EE.shared.isE2EEVersionWriteable(account: metadata.account) {
+            NCManageDatabase.shared.deleteMetadata(predicate: NSPredicate(format: "ocId == %@", metadata.ocId))
+            NCContentPresenter.shared.showError(error: error)
+            return error
+        }
+
         var metadata = tableMetadata.init(value: metadata)
         let ocIdTemp = metadata.ocId
         let errorCreateEncrypted = NKError(errorCode: NCGlobal.shared.errorInternalError, errorDescription: "_e2e_error_create_encrypted_")
@@ -133,14 +139,14 @@ class NCNetworkingE2EEUpload: NSObject {
         let fileNameLocalPath = CCUtility.getDirectoryProviderStorageOcId(metadata.ocId, fileNameView: metadata.fileName)!
         var method = "POST"
 
-        if NCEndToEndEncryption.sharedManager()?.encryptFileName(metadata.fileNameView, fileNameIdentifier: metadata.fileName, directory: CCUtility.getDirectoryProviderStorageOcId(metadata.ocId), key: &key, initializationVector: &initializationVector, authenticationTag: &authenticationTag) == false {
+        if NCEndToEndEncryption.sharedManager()?.encryptFile(metadata.fileNameView, fileNameIdentifier: metadata.fileName, directory: CCUtility.getDirectoryProviderStorageOcId(metadata.ocId), key: &key, initializationVector: &initializationVector, authenticationTag: &authenticationTag) == false {
             return NKError(errorCode: NCGlobal.shared.errorInternalError, errorDescription: "_e2e_error_create_encrypted_")
         }
 
         // Get last metadata
         let getE2EEMetadataResults = await NextcloudKit.shared.getE2EEMetadata(fileId: fileId, e2eToken: e2eToken)
         if getE2EEMetadataResults.error == .success, let e2eMetadata = getE2EEMetadataResults.e2eMetadata {
-            if !NCEndToEndMetadata().decoderMetadata(e2eMetadata, serverUrl: metadata.serverUrl, account: metadata.account, urlBase: metadata.urlBase, userId: metadata.userId) {
+            if !NCEndToEndMetadata().decoderMetadata(e2eMetadata, serverUrl: metadata.serverUrl, account: metadata.account, urlBase: metadata.urlBase, userId: metadata.userId, ownerId: metadata.ownerId) {
                 return NKError(errorCode: NCGlobal.shared.errorInternalError, errorDescription: NSLocalizedString("_e2e_error_encode_metadata_", comment: ""))
             }
             method = "PUT"
@@ -167,7 +173,6 @@ class NCNetworkingE2EEUpload: NSObject {
         objectE2eEncryption.initializationVector = initializationVector! as String
         objectE2eEncryption.mimeType = metadata.contentType
         objectE2eEncryption.serverUrl = metadata.serverUrl
-        objectE2eEncryption.version = 1
         NCManageDatabase.shared.addE2eEncryption(objectE2eEncryption)
 
         // Rebuild metadata

iOSClient/Networking/NCNetworking.swift

@@ -385,7 +385,7 @@ class NCNetworking: NSObject, NKCommonDelegate {
                 NCManageDatabase.shared.addLocalFile(metadata: metadata)
 #if !EXTENSION
                 if let result = NCManageDatabase.shared.getE2eEncryption(predicate: NSPredicate(format: "fileNameIdentifier == %@ AND serverUrl == %@", metadata.fileName, metadata.serverUrl)) {
-                    NCEndToEndEncryption.sharedManager()?.decryptFileName(metadata.fileName, fileNameView: metadata.fileNameView, ocId: metadata.ocId, key: result.key, initializationVector: result.initializationVector, authenticationTag: result.authenticationTag)
+                    NCEndToEndEncryption.sharedManager()?.decryptFile(metadata.fileName, fileNameView: metadata.fileNameView, ocId: metadata.ocId, key: result.key, initializationVector: result.initializationVector, authenticationTag: result.authenticationTag)
                 }
                 CCUtility.setExif(metadata) { _, _, _, _, _ in }
 #endif

iOSClient/Settings/NCEndToEndInitialize.swift

@@ -153,18 +153,19 @@ class NCEndToEndInitialize: NSObject {
 
                     let publicKey = CCUtility.getEndToEndCertificate(self.appDelegate.account)
 
-                    guard let privateKey = (NCEndToEndEncryption.sharedManager().decryptPrivateKey(privateKeyChiper, passphrase: passphrase, publicKey: publicKey)) else {
+                    if let privateKeyData = (NCEndToEndEncryption.sharedManager().decryptPrivateKey(privateKeyChiper, passphrase: passphrase, publicKey: publicKey)),
+                       let keyData = Data(base64Encoded: privateKeyData) {
+                        let privateKey = String(data: keyData, encoding: .utf8)
+                        CCUtility.setEndToEndPrivateKey(self.appDelegate.account, privateKey: privateKey)
+                    } else {
+
                         let error = NKError(errorCode: NCGlobal.shared.errorInternalError, errorDescription: "Serious internal error to decrypt Private Key")
                         NCContentPresenter.shared.messageNotification("E2E decrypt privateKey", error: error, delay: NCGlobal.shared.dismissAfterSecond, type: NCContentPresenter.messageType.error, priority: .max)
 
                         return
                     }
 
-                    // privateKey
-                    print(privateKey)
-
                     // Save to keychain
-                    CCUtility.setEndToEndPrivateKey(self.appDelegate.account, privateKey: privateKey)
                     CCUtility.setEndToEndPassphrase(self.appDelegate.account, passphrase: passphrase)
 
                     // request server publicKey

iOSClient/Settings/NCSettings.m

@@ -120,7 +120,7 @@
     BOOL isE2EEEnabled = [[NCManageDatabase shared] getCapabilitiesServerBoolWithAccount:appDelegate.account elements:NCElementsJSON.shared.capabilitiesE2EEEnabled exists:false];
     NSString *versionE2EE = [[NCManageDatabase shared] getCapabilitiesServerStringWithAccount:appDelegate.account elements:NCElementsJSON.shared.capabilitiesE2EEApiVersion];
 
-    if (isE2EEEnabled == YES && [versionE2EE isEqual:[[NCGlobal shared] e2eeVersion]]) {
+    if (isE2EEEnabled == YES && [NCGlobal.shared.e2eeReadVersions containsObject:versionE2EE]) {
 
         section = [XLFormSectionDescriptor formSectionWithTitle:NSLocalizedString(@"_e2e_settings_title_", nil)];
         [form addFormSection:section];

iOSClient/Supporting Files/en.lproj/Localizable.strings

@@ -721,6 +721,7 @@
 "_e2e_error_mark_folder_"           = "Encrypt folder";
 "_e2e_error_directory_not_empty_"   = "The directory is not empty";
 "_e2e_error_not_move_"              = "It is not possible move files to encrypted directory";
+"_e2e_error_not_versionwriteable_"  = "The server e2ee version is not compatible with this client";
 "_scans_document_"                  = "Scan document";
 "_scanned_images_"                  = "Scanned images";
 "_scan_document_pdf_page_"          = "Page";

iOSClient/Utility/CCUtility.m

@@ -372,12 +372,9 @@
     NSString *privateKey = [self getEndToEndPrivateKey:account];
     NSString *passphrase = [self getEndToEndPassphrase:account];
             
-    if (passphrase.length > 0 && privateKey.length > 0 && certificate.length > 0 && publicKey.length > 0 && isE2EEEnabled && [versionE2EE isEqual:[[NCGlobal shared] e2eeVersion]]) {
-       
+    if (passphrase.length > 0 && privateKey.length > 0 && certificate.length > 0 && publicKey.length > 0 && isE2EEEnabled && [NCGlobal.shared.e2eeReadVersions containsObject:versionE2EE]) {
         return YES;
-        
     } else {
-        
         return NO;
     }
 }

iOSClient/Viewer/NCViewerMedia/NCPlayer/NCPlayer.swift

@@ -453,7 +453,7 @@ class NCPlayer: NSObject {
                 NCManageDatabase.shared.addLocalFile(metadata: self.metadata)
                 if isEncrypted {
                     if let result = NCManageDatabase.shared.getE2eEncryption(predicate: NSPredicate(format: "fileNameIdentifier == %@ AND serverUrl == %@", self.metadata.fileName, self.metadata.serverUrl)) {
-                        NCEndToEndEncryption.sharedManager()?.decryptFileName(self.metadata.fileName, fileNameView: self.metadata.fileNameView, ocId: self.metadata.ocId, key: result.key, initializationVector: result.initializationVector, authenticationTag: result.authenticationTag)
+                        NCEndToEndEncryption.sharedManager()?.decryptFile(self.metadata.fileName, fileNameView: self.metadata.fileNameView, ocId: self.metadata.ocId, key: result.key, initializationVector: result.initializationVector, authenticationTag: result.authenticationTag)
                     }
                 }
                 let urlVideo = NCKTVHTTPCache.shared.getVideoURL(metadata: self.metadata)