Decrypt data on external storage

Hi everyone,

I hope, someone can me help with my problem below.

Nextcloud version: 18.0.6
Operating system and version: CentOS 7
Apache or nginx version (eg, Apache 2.4.25): unknown
PHP version: 7.2

The issue you are facing:

I mount external storage, encryption enabled. Everything works. Data is processed through nextcloud, and stored encrypted on external storage.

For some reason I delete the external mount point. The encrypted data on external storage is still there.

I reconnect the mount point via Nextcloud-Admin-Panel. Connection works, I can see the encrypted data in my nextcloud, but in does not get decrypted when viewed in nextcloud.

So the question is: How to decrypt externally stored data which was encrypted by my nextcloud?

Thanks for any hints on this! :slight_smile:

Have you read the sections about backing up keys?

I’m myself totally new to NextCloud and to encryption, but from reading the docs, my gut feeling is that when you deleted the mountpoint, NextCloud forgot about those keys, and when you mounted it again, it generated brand new keys. So, you would have to find the old keys and get NextCloud (ed: or any other decryption service?) to use them for the new instance of the mount point.

Edit: also, when making the new mountpoint and generating new keys, NextCloud might have encrypted your already encrypted data, so, you need the current key to decrypt them before the old key is of any use. (But, like I said, that’s just my gut feeling, I’m not very proficient at this…)

I wish you good luck. The fear of loosing the keys is exactly why I haven’t dared turn on server-side encryption myself yet…

Hi, thanks for your input. Yes, I read the documentation and I had the same suspicion as you have. But I also think, that the documentation lacks information. But as it is a free project I don’t complain. :slight_smile:

But the idea with backing up the keys and putting them to the right location before re-mounting the external storage is a good hint. I will try something in this direction and see what happens. If I have more information, I will report back here.

For my case, the fear of losing the keys is not as big, because I am a single user and I back up my data on a regular base before it is synced to the cloud. Also I only encrypt data wich is not stored on the nextcloud-server, because everything else does not make sense for me.