"Could not decrypt key" upon login

Nextcloud version (eg, 18.0.2): 20.0.0.9
Operating system and version (eg, Ubuntu 20.04): Arch Linux
Apache or nginx version (eg, Apache 2.4.25): nginx 1.18.0-2
PHP version (eg, 7.1): php 7.4.11-1

The issue you are facing:
After providing my username and password at the login page, I get a fully styled page that reads

Internal Server Error

The server was unable to complete your request.
If this happens again, please send the technical details below to the server administrator.
More details can be found in the server log.

The nextcloud log contains several messages of the form
... "user":"--","app":"contacts","method":"POST","url":"/login","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead."
with the app being “contacts”, “encryption”, “files_external”, and “files_sharing”. This is followed by

{"reqId":"** replaced **","level":3,"time":"2020-10-09T22:16:24+02:00","remoteAddr":"**.**.**.**","user":"my-username","app":"no app in context","method":"POST","url":"/login","message":{"Exception":"OC\\ServerNotAvailableException","Message":"Could not decrypt key","Code":0,"Trace":[{"file":"/usr/share/webapps/nextcloud/lib/private/Encryption/Keys/Storage.php","line":230,"function":"getKey","class":"OC\\Encryption\\Keys\\Storage","type":"->","args":["/my-username/files_encryption/OC_DEFAULT_MODULE/my-username.privateKey"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Encryption/Keys/Storage.php","line":95,"function":"getKeyWithUid","class":"OC\\Encryption\\Keys\\Storage","type":"->","args":["/my-username/files_encryption/OC_DEFAULT_MODULE/my-username.privateKey","*** sensitive parameter replaced ***"]},{"file":"/usr/share/webapps/nextcloud/apps/encryption/lib/KeyManager.php","line":434,"function":"getUserKey","class":"OC\\Encryption\\Keys\\Storage","type":"->","args":["*** sensitive parameter replaced ***","privateKey","OC_DEFAULT_MODULE"]},{"file":"/usr/share/webapps/nextcloud/apps/encryption/lib/KeyManager.php","line":570,"function":"getPrivateKey","class":"OCA\\Encryption\\KeyManager","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"/usr/share/webapps/nextcloud/apps/encryption/lib/Users/Setup.php","line":76,"function":"userHasKeys","class":"OCA\\Encryption\\KeyManager","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"/usr/share/webapps/nextcloud/apps/encryption/lib/Hooks/UserHooks.php","line":180,"function":"setupUser","class":"OCA\\Encryption\\Users\\Setup","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/legacy/OC_Hook.php","line":110,"function":"login","class":"OCA\\Encryption\\Hooks\\UserHooks","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Server.php","line":573,"function":"emit","class":"OC_Hook","type":"::","args":["OC_User","post_login","*** sensitive parameter replaced ***"]},{"function":"OC\\{closure}","class":"OC\\Server","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Hooks/EmitterTrait.php","line":101,"function":"call_user_func_array","args":[{"__class__":"Closure"},["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"/usr/share/webapps/nextcloud/lib/private/Hooks/PublicEmitter.php","line":40,"function":"emit","class":"OC\\Hooks\\BasicEmitter","type":"->","args":["\\OC\\User","postLogin",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"/usr/share/webapps/nextcloud/lib/private/User/Session.php","line":412,"function":"emit","class":"OC\\Hooks\\PublicEmitter","type":"->","args":["\\OC\\User","postLogin",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/CompleteLoginCommand.php","line":44,"function":"completeLogin","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\CompleteLoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/LoggedInCheckCommand.php","line":61,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\LoggedInCheckCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/EmailLoginCommand.php","line":58,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\EmailLoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/UidLoginCommand.php","line":54,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\UidLoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/UserDisabledCheckCommand.php","line":57,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\UserDisabledCheckCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/PreLoginHookCommand.php","line":53,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/Chain.php","line":108,"function":"process","class":"OC\\Authentication\\Login\\PreLoginHookCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/core/Controller/LoginController.php","line":307,"function":"process","class":"OC\\Authentication\\Login\\Chain","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":169,"function":"tryLogin","class":"OC\\Core\\Controller\\LoginController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":100,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"/usr/share/webapps/nextcloud/lib/private/AppFramework/App.php","line":152,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Route/Router.php","line":308,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OC\\Core\\Controller\\LoginController","tryLogin",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"action":"*** sensitive parameter replaced ***","_route":"core.login.tryLogin"}]},{"file":"/usr/share/webapps/nextcloud/lib/base.php","line":1009,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/login"]},{"file":"/usr/share/webapps/nextcloud/index.php","line":37,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/usr/share/webapps/nextcloud/lib/private/Encryption/Keys/Storage.php","Line":287,"Previous":{"Exception":"Exception","Message":"Authenticated ciphertext could not be decoded.","Code":0,"Trace":[{"file":"/usr/share/webapps/nextcloud/lib/private/Encryption/Keys/Storage.php","line":285,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Encryption/Keys/Storage.php","line":230,"function":"getKey","class":"OC\\Encryption\\Keys\\Storage","type":"->","args":["/my-username/files_encryption/OC_DEFAULT_MODULE/my-username.privateKey"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Encryption/Keys/Storage.php","line":95,"function":"getKeyWithUid","class":"OC\\Encryption\\Keys\\Storage","type":"->","args":["/my-username/files_encryption/OC_DEFAULT_MODULE/my-username.privateKey","*** sensitive parameter replaced ***"]},{"file":"/usr/share/webapps/nextcloud/apps/encryption/lib/KeyManager.php","line":434,"function":"getUserKey","class":"OC\\Encryption\\Keys\\Storage","type":"->","args":["*** sensitive parameter replaced ***","privateKey","OC_DEFAULT_MODULE"]},{"file":"/usr/share/webapps/nextcloud/apps/encryption/lib/KeyManager.php","line":570,"function":"getPrivateKey","class":"OCA\\Encryption\\KeyManager","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"/usr/share/webapps/nextcloud/apps/encryption/lib/Users/Setup.php","line":76,"function":"userHasKeys","class":"OCA\\Encryption\\KeyManager","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"/usr/share/webapps/nextcloud/apps/encryption/lib/Hooks/UserHooks.php","line":180,"function":"setupUser","class":"OCA\\Encryption\\Users\\Setup","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/legacy/OC_Hook.php","line":110,"function":"login","class":"OCA\\Encryption\\Hooks\\UserHooks","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Server.php","line":573,"function":"emit","class":"OC_Hook","type":"::","args":["OC_User","post_login","*** sensitive parameter replaced ***"]},{"function":"OC\\{closure}","class":"OC\\Server","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Hooks/EmitterTrait.php","line":101,"function":"call_user_func_array","args":[{"__class__":"Closure"},["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"/usr/share/webapps/nextcloud/lib/private/Hooks/PublicEmitter.php","line":40,"function":"emit","class":"OC\\Hooks\\BasicEmitter","type":"->","args":["\\OC\\User","postLogin",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"/usr/share/webapps/nextcloud/lib/private/User/Session.php","line":412,"function":"emit","class":"OC\\Hooks\\PublicEmitter","type":"->","args":["\\OC\\User","postLogin",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/CompleteLoginCommand.php","line":44,"function":"completeLogin","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\CompleteLoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/LoggedInCheckCommand.php","line":61,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\LoggedInCheckCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/EmailLoginCommand.php","line":58,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\EmailLoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/UidLoginCommand.php","line":54,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\UidLoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/UserDisabledCheckCommand.php","line":57,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\UserDisabledCheckCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/PreLoginHookCommand.php","line":53,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/Chain.php","line":108,"function":"process","class":"OC\\Authentication\\Login\\PreLoginHookCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/core/Controller/LoginController.php","line":307,"function":"process","class":"OC\\Authentication\\Login\\Chain","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/usr/share/webapps/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":169,"function":"tryLogin","class":"OC\\Core\\Controller\\LoginController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":100,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"/usr/share/webapps/nextcloud/lib/private/AppFramework/App.php","line":152,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Route/Router.php","line":308,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OC\\Core\\Controller\\LoginController","tryLogin",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"action":"*** sensitive parameter replaced ***","_route":"core.login.tryLogin"}]},{"file":"/usr/share/webapps/nextcloud/lib/base.php","line":1009,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/login"]},{"file":"/usr/share/webapps/nextcloud/index.php","line":37,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/usr/share/webapps/nextcloud/lib/private/Security/Crypto.php","Line":122},"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0","version":"20.0.0.9"}

This may have started with the upgrade to NC 20. Unfortunately, I cannot say this for certain because of the way the machine is administered.

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. visit server login page
  2. provide username and password
  3. press Log in

The output of your config.php file

<?php
$CONFIG = array (
  'instanceid' => '****',
  'passwordsalt' => '***',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => 'cloud.mydomain.com',
  ),
  'datadirectory' => '/home/owncloud/data',
  'files_external_allow_create_new_local' => 'true',
  'dbtype' => 'mysql',
  'dbhost' => 'localhost',
  'dbname' => '****',
  'dbuser' => '****',
  'dbpassword' => '****',
  'dbtableprefix' => 'oc_',
  'default_language' => 'en',
  'force_language' => 'false',
  'defaultapp' => 'files',
  'auth.bruteforce.protection.enabled' => true,
  'lost_password_link' => 'disabled',
  'mail_domain' => 'mydomain.com',
  'mail_from_address' => 'noreply',
  'mail_smtpdebug' => false,
  'mail_smtpmode' => 'smtp',
  'mail_smtphost' => '127.0.0.1',
  'appcodechecker' => true,
  'updatechecker' => true,
  'updater.release.channel' => 'stable',
  'check_for_working_webdav' => true,
  'check_for_working_wellknown_setup' => true,
  'check_for_working_htaccess' => true,
  'check_data_directory_permissions' => true,
  'config_is_read_only' => true,
  'logfile' => '/home/owncloud/nextcloud.log',
  'loglevel' => 0,
  'syslog_tag' => 'Nextcloud',
  'logtimezone' => 'Europe/Berlin',
  'appstoreenabled' => false,
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/usr/share/webapps/nextcloud/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/home/owncloud/apps',
      'url' => '/wapps',
      'writable' => true,
    ),
  ),
  'enable_previews' => true,
  'preview_max_x' => 4096,
  'preview_max_y' => 4096,
  'enabledPreviewProviders' => 
  array (
    0 => 'OC\\Preview\\PNG',
    1 => 'OC\\Preview\\JPEG',
    2 => 'OC\\Preview\\GIF',
    3 => 'OC\\Preview\\BMP',
    4 => 'OC\\Preview\\XBitmap',
    5 => 'OC\\Preview\\MP3',
    6 => 'OC\\Preview\\TXT',
    7 => 'OC\\Preview\\MarkDown',
  ),
  'redis' => 
  array (
    'host' => 'localhost',
    'port' => 6379,
    'timeout' => 0.0,
    'password' => '',
    'dbindex' => 0,
  ),
  'mysql.utf8mb4' => true,
  'tempdirectory' => '/home/owncloud/nextcloudtemp',
  'mount_file' => '/usr/share/webapps/nextcloud/data/mount.json',
  'secret' => '****',
  'forwarded_for_headers' => 
  array (
    0 => 'HTTP_X_FORWARDED',
    1 => 'HTTP_FORWARDED_FOR',
  ),
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'filelocking.debug' => false,
  'upgrade.disable-web' => false,
  'debug' => false,
  'gs.enabled' => false,
  'gs.federation' => 'internal',
  'version' => '20.0.0.9',
  'dbport' => '',
  'installed' => true,
  'maintenance' => false,
  'overwrite.cli.url' => 'https://cloud.mydomain.com',
  'theme' => '',
  'mail_sendmailmode' => 'smtp',
);

PHP should have access to the relevant directories as per the arch wiki.

1 Like

I’m getting the same issue. It started after upgrade to Nextcloud 20. I run Archlinux with Apache and Postgresql, PHP 7.4.

{"reqId":"lLUIsVYg9T0RiPq4bbjO","level":3,"time":"2020-10-10T12:53:23+00:00","remoteAddr":"10.0.0.254","user":"jan","app":"index","method":"POST","url":"/index.php/login","message":{"Exception":"OC\\ServerNotAvailableException","Message":"Could not decrypt key","Code":0,"Trace":[{"file":"/usr/share/webapps/nextcloud/lib/private/Encryption/Keys/Storage.php","line":230,"function":"getKey","class":"OC\\Encryption\\Keys\\Storage","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Encryption/Keys/Storage.php","line":95,"function":"getKeyWithUid","class":"OC\\Encryption\\Keys\\Storage","type":"->"},{"file":"/usr/share/webapps/nextcloud/apps/encryption/lib/KeyManager.php","line":434,"function":"getUserKey","class":"OC\\Encryption\\Keys\\Storage","type":"->"},{"file":"/usr/share/webapps/nextcloud/apps/encryption/lib/KeyManager.php","line":570,"function":"getPrivateKey","class":"OCA\\Encryption\\KeyManager","type":"->"},{"file":"/usr/share/webapps/nextcloud/apps/encryption/lib/Users/Setup.php","line":76,"function":"userHasKeys","class":"OCA\\Encryption\\KeyManager","type":"->"},{"file":"/usr/share/webapps/nextcloud/apps/encryption/lib/Hooks/UserHooks.php","line":180,"function":"setupUser","class":"OCA\\Encryption\\Users\\Setup","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/legacy/OC_Hook.php","line":110,"function":"login","class":"OCA\\Encryption\\Hooks\\UserHooks","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Server.php","line":573,"function":"emit","class":"OC_Hook","type":"::"},{"function":"OC\\{closure}","class":"OC\\Server","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Hooks/EmitterTrait.php","line":101,"function":"call_user_func_array"},{"file":"/usr/share/webapps/nextcloud/lib/private/Hooks/PublicEmitter.php","line":40,"function":"emit","class":"OC\\Hooks\\BasicEmitter","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/User/Session.php","line":412,"function":"emit","class":"OC\\Hooks\\PublicEmitter","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/CompleteLoginCommand.php","line":44,"function":"completeLogin","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\CompleteLoginCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/LoggedInCheckCommand.php","line":61,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\LoggedInCheckCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/EmailLoginCommand.php","line":58,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\EmailLoginCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/UidLoginCommand.php","line":54,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\UidLoginCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/UserDisabledCheckCommand.php","line":57,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\UserDisabledCheckCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/PreLoginHookCommand.php","line":53,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/Chain.php","line":108,"function":"process","class":"OC\\Authentication\\Login\\PreLoginHookCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/core/Controller/LoginController.php","line":307,"function":"process","class":"OC\\Authentication\\Login\\Chain","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":169,"function":"tryLogin","class":"OC\\Core\\Controller\\LoginController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":100,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/AppFramework/App.php","line":152,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Route/Router.php","line":308,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/usr/share/webapps/nextcloud/lib/base.php","line":1009,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/usr/share/webapps/nextcloud/index.php","line":37,"function":"handleRequest","class":"OC","type":"::"}],"File":"/usr/share/webapps/nextcloud/lib/private/Encryption/Keys/Storage.php","Line":287,"Previous":{"Exception":"Exception","Message":"Authenticated ciphertext could not be decoded.","Code":0,"Trace":[{"file":"/usr/share/webapps/nextcloud/lib/private/Encryption/Keys/Storage.php","line":285,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Encryption/Keys/Storage.php","line":230,"function":"getKey","class":"OC\\Encryption\\Keys\\Storage","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Encryption/Keys/Storage.php","line":95,"function":"getKeyWithUid","class":"OC\\Encryption\\Keys\\Storage","type":"->"},{"file":"/usr/share/webapps/nextcloud/apps/encryption/lib/KeyManager.php","line":434,"function":"getUserKey","class":"OC\\Encryption\\Keys\\Storage","type":"->"},{"file":"/usr/share/webapps/nextcloud/apps/encryption/lib/KeyManager.php","line":570,"function":"getPrivateKey","class":"OCA\\Encryption\\KeyManager","type":"->"},{"file":"/usr/share/webapps/nextcloud/apps/encryption/lib/Users/Setup.php","line":76,"function":"userHasKeys","class":"OCA\\Encryption\\KeyManager","type":"->"},{"file":"/usr/share/webapps/nextcloud/apps/encryption/lib/Hooks/UserHooks.php","line":180,"function":"setupUser","class":"OCA\\Encryption\\Users\\Setup","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/legacy/OC_Hook.php","line":110,"function":"login","class":"OCA\\Encryption\\Hooks\\UserHooks","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Server.php","line":573,"function":"emit","class":"OC_Hook","type":"::"},{"function":"OC\\{closure}","class":"OC\\Server","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Hooks/EmitterTrait.php","line":101,"function":"call_user_func_array"},{"file":"/usr/share/webapps/nextcloud/lib/private/Hooks/PublicEmitter.php","line":40,"function":"emit","class":"OC\\Hooks\\BasicEmitter","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/User/Session.php","line":412,"function":"emit","class":"OC\\Hooks\\PublicEmitter","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/CompleteLoginCommand.php","line":44,"function":"completeLogin","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\CompleteLoginCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/LoggedInCheckCommand.php","line":61,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\LoggedInCheckCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/EmailLoginCommand.php","line":58,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\EmailLoginCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/UidLoginCommand.php","line":54,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\UidLoginCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/UserDisabledCheckCommand.php","line":57,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\UserDisabledCheckCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/PreLoginHookCommand.php","line":53,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Authentication/Login/Chain.php","line":108,"function":"process","class":"OC\\Authentication\\Login\\PreLoginHookCommand","type":"->"},{"file":"/usr/share/webapps/nextcloud/core/Controller/LoginController.php","line":307,"function":"process","class":"OC\\Authentication\\Login\\Chain","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":169,"function":"tryLogin","class":"OC\\Core\\Controller\\LoginController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/webapps/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":100,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/AppFramework/App.php","line":152,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Route/Router.php","line":308,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/usr/share/webapps/nextcloud/lib/base.php","line":1009,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/usr/share/webapps/nextcloud/index.php","line":37,"function":"handleRequest","class":"OC","type":"::"}],"File":"/usr/share/webapps/nextcloud/lib/private/Security/Crypto.php","Line":122},"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36","version":"20.0.0.9"}

Regarding the IBootstrap warning: It is not the cause:

The other message seems to be the right one. You have some kind of problem with decryption. Do you use end-to-end encryption?

I’m not sure… I’m using ssl certificates on Apach for my nextcloud site

SSL certificates are a different thing. Check Admin->Security->Server-side encryption and whether it is on. But yeah, I am not familiar with this feature. Hopefully someone else can help. Good luck!

So I changed my account password and the issue is resolved, it’s working now…

Glad it was that easy.

Stupid question … how do I change my password if I cannot log in? Also, does that mean that all users (a good half dozen in my case) have to change their password?

You can use occ user commands.

$ sudo -u http php /usr/share/webapps/nextcloud/occ user:resetpassword my-username
Warning: Resetting the password when using encryption will result in data loss!
Do you want to continue?y
Enter a new password: 
Confirm the new password: 
Could not decrypt key

I checked beforehand to confirm that encryption is disabled.

So, it appears that I can create new users who can log in successfully but I cannot reset the password of existing users because I get the same “Could not decrypt key” message as a result of occ user:resetpassword.
Does anybody have an idea how to remedy this situation? I badly need to get all my existing users back to a working state.

FWIW, existing users have private key files in username/files_encryption/OC_DEFAULT_MODULE/username.privateKey which are 4433 bytes long and start with HBEGIN:cipher:AES-256-CFB:keyFormat:hash: while the same file for new users is 12260 bytes long and has no such prefix.

This kind of sounds like Nextcloud change the key storage scheme without updating existing keys. Sound familiar to anybody?

On a whim, I tried deleting (renaming, really) the username/files_encryption/OC_DEFAULT_MODULE directories. This allows me to log in again and I have not yet found any negative side effects.
NB: I assume that this hack will not work if you have encryption enabled. It would be good to get some insights into the matter from the Nextcloud developers.

1 Like

After update from 19.0.4 to 20.0.1.1, I can’t access Nextcloud via webdav or NC clients :

{"reqId":"h34ansb6LbMCBLvevn9L","level":4,"time":"28/10/2020 13:10:28","remoteAddr":"93.23.14.24","user":"user","app":"webdav","method":"PROPFIND","url":"/remote.php/webdav/", "message":{"Exception":"Sabre\\DAV\\Exception\\ServiceUnavailable","Message":"OC\\ServerNotAvailableException: Could not decrypt key","Code":0,"Trace":[{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","line":192,"function":"check","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","line":144,"function":"check","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":458,"function":"emit","class":"Sabre\\DAV\\Server","type":"->","args":["beforeMethod:PROPFIND",[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":251,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":319,"function":"start","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/var/www/nextcloud/apps/dav/appinfo/v1/webdav.php","line":84,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/var/www/nextcloud/remote.php","line":167,"args":["/var/www/nextcloud/apps/dav/appinfo/v1/webdav.php"],"function":"require_once"}],"File":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php","Line":163,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Windows) mirall/3.0.2stable-Win64 (build 20200924) (Nextcloud)","version":"20.0.1.1"}

This also works for me.

Thanks, you saved my day

This will get rid of encryption, won’t it? That defeats the purpose…