Disable server side encryption, lost recovery key password

Seems I messed things up. My nextcloud installation stems from an old owncloud and has been migrated all up to nc20. It runs on a Debian 10 system with PHP7.4. I have root access on the server.

Obviously I activated server side encryption. In the security settings, “Server side encryption” is showed active, but greyed out. Default encryption module is activated.

I am afraid I lost the recovery key password. occ encryption:decrypt-all failes for this reason. However, the encrypted files in the data directory can be downloaded fine, so nextcloud obviously knows the key.

What can I do to disable encryption without losing data? Can I retrieve the keys or passwords from the database?

I do have a backup of the unencrypted files. Can I somehow force the Server Side Encryption to deactivate and restore the content from backup?

In case that you also still have access to the config/config.php configuration file you can try to use decrypt-all-files.php of the third-party Nextcloud-Tools to rescue your files. Afterwards, you can add the rescued files to your new Nextcloud installation.

There are two possibilities:

  1. You used the user key encryption. To rescue the files you will need the name and the password of the user that can download the files as well as some values from the configuration file.
  2. You used the master key encryption. Then you will need some values from the configuration file.
1 Like

Thank you! Will check this out.

I’m in the same situation. Did you find a solution? Does the workaround work?

In fact I did not try this due to other restrictions. I think I will recreate the cloud from scratch and restore the content from a backup. The downside of this is the users have to be recreated too. But they don’t have private data, and all relevant files are owned (and shared) by me.