add skipped integrity checking to README (#65)

Author: weizenspreu

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## v??.?.? (????-??-??)
+
+* [add skipped integrity checking to README (#65)](https://github.com/nextcloud/encryption-recovery-tools/pull/65)
+* [Fix swapped GMP and ZLIB error messages (#64)](https://github.com/nextcloud/encryption-recovery-tools/pull/64)
+
 ## v31.0.0 (2025-03-16)
 
 * [add E2E improvements and Nextcloud31 test (#62)](https://github.com/nextcloud/encryption-recovery-tools/pull/62)
@@ -35,7 +40,7 @@
 * [Move testdata (#16)](https://github.com/nextcloud/encryption-recovery-tools/pull/16)
 * [improve decryptPrivateKey (#17)](https://github.com/nextcloud/encryption-recovery-tools/pull/17)
 * [support decryption infix #(18)](https://github.com/nextcloud/encryption-recovery-tools/pull/18)
-* [support several values for INSTANCEID, SECRET, RECOVERY_PASSWORD and USER_PASSWORDS (#19)](https://github.com/nextcloud/encryption-recovery-tools/pull/19)
+* [support several values for INSTANCEID, SECRET, RECOVERY\_PASSWORD and USER\_PASSWORDS (#19)](https://github.com/nextcloud/encryption-recovery-tools/pull/19)
 * [fix typo (#21)](https://github.com/nextcloud/encryption-recovery-tools/pull/21)
 * [introduce end-to-end encryption support (#23)](https://github.com/nextcloud/encryption-recovery-tools/pull/23)
 * [Fix default (#24)](https://github.com/nextcloud/encryption-recovery-tools/pull/24)

README.md

@@ -13,6 +13,11 @@ It supports the master-key encryption, the user-key encryption and can even use
 
 For further information have a look at the [**README**](./server-side-encryption/README.md) of the script.
 
+## Security Warning
+
+The main goal of the Nextcloud Encryption Recovery Tools is to recover the contents of encrypted files in case there is a catastrophic failure.
+For that reason, the recovery scripts **do not** cryptographically verify the integrity of the files while processing them in order to be able to recover the contents of as many encrypted files as possible.
+
 ## Testing
 
 The compatibility with Nextcloud releases is tested with [PHPUnit](https://phpunit.de).

end-to-end-encryption/README.md

@@ -4,6 +4,12 @@
 
 This script can recover your precious files if you encrypted them with the **Nextcloud End-to-End Encryption** and still have access to the data directory and the user mnemonics.
 
+## Security Warning
+
+The main goal of the Nextcloud Encryption Recovery Tools is to recover the contents of encrypted files in case there is a catastrophic failure.
+For that reason, the recovery scripts **do not** cryptographically verify the integrity of the files while processing them in order to be able to recover the contents of as many encrypted files as possible.
+_(On the contrary, the recovery script intentionally decrypts the AES-GCM protected files in AES-CTR mode to skip the integrity check of the Galois/Counter Mode.)_
+
 ## Configuration
 
 In order to use the script you have to configure the given values below:

end-to-end-encryption/recover.php

@@ -1472,7 +1472,7 @@ function decryptFile($filename, $metadata, $targetname) {
 					if (false !== $tmp) {
 						$buffer .= $tmp;
 
-					while (BLOCKSIZE <= strlen($buffer)) {
+						while (BLOCKSIZE <= strlen($buffer)) {
 							$block  = substr($buffer, 0, BLOCKSIZE);
 							$buffer = substr($buffer, BLOCKSIZE);
 

server-side-encryption/README.md

@@ -5,6 +5,11 @@
 This script can recover your precious files if you encrypted them with the **Nextcloud Server-Side Encryption** and still have access to the data directory and the Nextcloud configuration file (`config/config.php`).
 It supports the master-key encryption, the user-key encryption and can even use the rescue key if it had been enabled as well as the public sharing key for files that had been publicly shared.
 
+## Security Warning
+
+The main goal of the Nextcloud Encryption Recovery Tools is to recover the contents of encrypted files in case there is a catastrophic failure.
+For that reason, the recovery scripts **do not** cryptographically verify the integrity of the files while processing them in order to be able to recover the contents of as many encrypted files as possible.
+
 ## Configuration
 
 In order to use the script you have to configure the given values below: