Add nextcloud-e2ee-decrypt: standalone CLI tool for offline E2EE folder decryption

[Copilot]

New standalone CLI binary for offline decryption of Nextcloud E2EE folders (V2+ metadata only), usable without a running client or network connection.

Summary

New: src/e2ee_decrypt/

• e2eedecryptor.h/.cpp — OCC::E2eeDecryptor class:

  • Private key decryption: parses base64(ct+tag)|base64(iv)|base64(salt), tries three PBKDF2 variants (SHA-256/600k → SHA-1/600k → SHA-1/1024) via OpenSSL PKCS5_PBKDF2_HMAC, delegates AES-256-GCM unwrap to EncryptionHelper::decryptPrivateKey
  • Metadata key extraction: RSA-OAEP (SHA-256/MGF1) via PKey/PKeyCtx/Bio RAII wrappers; matches user entry by userId or certificate SHA-256 fingerprint
  • Ciphertext decryption: EncryptionHelper::decryptThenUnGzipData → parse files + folders objects
  • File decryption: EncryptionHelper::fileDecryption per entry; directory entries are mkpath'd
  • Version gate: rejects metadata < v2.0 with qCCritical
  • OCS unwrap: handles both ocs.data.meta-data-wrapped and raw inner JSON
  • Exit codes: 0 = success, 1 = fatal error, 2 = partial file failure

• main.cpp — QCoreApplication + QCommandLineParser:

  nextcloud-e2ee-decrypt -m metadata.json -k enc_privkey -c cert.pem \
    -p "my mnemonic" -i encrypted_folder/ -o output_dir/ \
    [--user-id alice@server] [--parent-metadata root_metadata.json]
  

• CMakeLists.txt — links Nextcloud::sync, Qt::Core, Qt::Network, OpenSSL::Crypto; cxx_std_20; ecm_mark_nongui_executable

Modified: src/CMakeLists.txt

• Added add_subdirectory(e2ee_decrypt) under the NOT BUILD_LIBRARIES_ONLY guard alongside cmd

Design constraints followed: no std::iostream (all output via QLoggingCategory nextcloud.e2ee_decrypt), "almost always auto" C++20 style, no Account/FolderMetadata/network dependencies.

Checklist

• Sign-off message is added to all commits.
• The commit history is clean with no merge commits.
  • How to rebase your commits
  • How to squash commits with rebase
• Uploaded screenshots from before and after for UI changes.
• Documentation has been updated or is not required.
• Backports requested where applicable (critical bugfixes).
• Labels added where applicable (bug/enhancement).
• Milestone added for target version.

AI (if applicable)

• The content of this PR was partly or fully generated using AI