I accidentally deleted all of my files from /var/lib/docker on XFS. That means I lost all of the directory structure data and filenames. Currently I am recovering file blobs from fs, but they are encrypted by Nextcloud.
How can I distinguish NC-encrypted file? (magic number?)
I do have several clients logged in in the time of this accident, and my old config.php with secrets but IDK how to get keys out and to decrypt the files
you may use my one of my playbooks https://github.com/ReinerNippes to setup a test environment to check if you can find the answer there. (filename, string “AES-128” as content, or something like this, …)