Nextcloud version (eg, 20.0.5): 23.0.4
Operating system and version (eg, Ubuntu 20.04): Debian Buster
Apache or nginx version (eg, Apache 2.4.25): nginx 1.14.2
PHP version (eg, 7.4): 7.3
Encryption mode was enabled on this server some time ago. Because of issues it caused, it was disabled. Unfortunately, it appears that some of the files are still encrypted, when they shouldn’t be. This results in it being impossible to open them.
I see this in the logs when I try:
2022/05/03 12:28:26 [error] 15092#15092: *8727526 FastCGI sent in stderr: "PHP message: {"reqId":"z0oq8DXCdc0DrKRIXrwU","level":3,"time":"2022-05-03T19:28:26+00:00","remoteAddr":"1xxx","user":"xxx","app":"no app in context","method":"GET","url":"/core/preview?fileId=438397&c=7d9a7345b372ee0f337c91bcdda1bbac&x=250&y=250&forceIcon=0&a=0","message":"Cannot decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0","version":"23.0.4.1"}" while reading response header from upstream, client: xxx, server: xxx, request: "GET /core/preview?fileId=438397&c=7d9a7345b372ee0f337c91bcdda1bbac&x=250&y=250&forceIcon=0&a=0 HTTP/2.0", upstream: "fastcgi://unix:/run/php7.3-fpm.sock:", host:
I searched around in issues and I found that the process for properly disabling encryption is to do the following:
occ maintenance:mode --on
occ encryption:disable
occ encryption:decrypt-all
I do not know if the decrypt-all
was run when encryption was disabled, but only some of the files are still encrypted.
If I run the above now, I get this:
# sudo -u www-data php occ maintenance:mode --on
Maintenance mode enabled
# sudo -u www-data php occ encryption:disable
Nextcloud is in maintenance mode, hence the database isn't accessible.
Cannot perform any command except 'maintenance:mode --off'
Encryption is already disabled
# sudo -u www-data php occ encryption:decrypt-all
Nextcloud is in maintenance mode, hence the database isn't accessible.
Cannot perform any command except 'maintenance:mode --off'
Maintenance mode must be disabled when starting decryption,
in order to load the relevant encryption modules correctly.
Your instance will automatically be put to maintenance mode
during the actual decryption of the files.
# sudo -u www-data php occ maintenance:mode --off
Maintenance mode disabled
# sudo -u www-data php occ encryption:decrypt-all
Server side encryption not enabled. Nothing to do.
# sudo -u www-data php occ encryption:disable
Encryption is already disabled
# sudo -u www-data php occ encryption:decrypt-all
Server side encryption not enabled. Nothing to do.
How can I decrypt these files?
Is this the first time you’ve seen this error? (Y/N): N
Steps to replicate it:
- Attempt to open certain files, and then I will get an error
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'instanceid' => 'xxx',
'passwordsalt' => 'xxxx',
'secret' => 'xx/xxx/xx+xxx+',
'trusted_domains' =>
array (
0 => 'xxx.xxxx.net',
1 => 'nc.xxx.net',
2 => 'xxx.xxx',
),
'enable_previews' => true,
'preview_max_x' => 1024,
'preview_max_y' => 768,
'preview_max_scale_factor' => 1,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\BMP',
4 => 'OC\\Preview\\XBitmap',
5 => 'OC\\Preview\\Movie',
6 => 'OC\\Preview\\PDF',
7 => 'OC\\Preview\\MP3',
8 => 'OC\\Preview\\TXT',
9 => 'OC\\Preview\\MarkDown',
),
'filesystem_check_changes' => 0,
'activity_expire_days' => 14,
'knowledgebaseenabled' => false,
'auth.bruteforce.protection.enabled' => true,
'blacklisted_files' =>
array (
0 => '.htaccess',
1 => 'Thumbs.db',
2 => 'thumbs.db',
),
'cron_log' => true,
'datadirectory' => '/srv/nextcloud_data',
'overwrite.cli.url' => 'http://nc.xx.net/nextcloud',
'htaccess.RewriteBase' => '/nextcloud',
'dbtype' => 'mysql',
'maintenance' => false,
'mail_smtpdebug' => true,
'version' => '23.0.4.1',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextcloud',
'dbpassword' => 'xxx',
'installed' => true,
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'filelocking.enabled' => 'true',
'redis' =>
array (
'host' => '/run/redis/redis.sock',
'port' => 0,
'timeout' => 0.0,
),
'logfile' => '/var/log/nextcloud/nextcloud.log',
'loglevel' => 2,
'mail_smtpmode' => 'smtp',
'mail_smtpauthtype' => 'PLAIN',
'mail_smtpsecure' => 'ssl',
'mail_from_address' => 'nc',
'mail_domain' => 'xxx.net',
'mail_smtpauth' => 1,
'mail_smtphost' => 'mail.xxx.net',
'mail_smtpport' => '465',
'mail_smtpname' => 'nc',
'mail_smtppassword' => 'xxx',
'mysql.utf8mb4' => true,
'theme' => '',
'trashbin_retention_obligation' => 'auto, 7',
'updater.release.channel' => 'stable',
'twofactor_enforced' => 'false',
'twofactor_enforced_groups' =>
array (
0 => 'test2fa',
1 => 'admin',
),
'twofactor_enforced_excluded_groups' =>
array (
),
'config_is_read_only' => 'True',
'encryption.legacy_format_support' => false,
'encryption.key_storage_migrated' => false,
'app_install_overwrite' =>
array (
0 => 'onlyoffice',
),
);