Encryption Issue on Nextcloud 24

Hello,

We recently upgraded our Nextcloud Version 23 to Version 24 but now some of the files are not opening and seems to be encrypted with below message shown on the document

HBEGIN:oc_encryption_module:OC_DEFAULT_MODULE:cipher:AES-256-CTR:signed:true:HEND-

We did not delete or try to modify anything to nextcloud but just upgraded nextcloud version to 24 and this encryption issue is occurring. Some files are opening while some are giving above encryption error. We tried to decrypt them manually from cli without any luck. Please help

Do you still have the whole data folder and the config file? Then you could try to decrypt the files outside of Nextcloud with the following standalone script: https://github.com/syseleven/nextcloud-tools/blob/master/rescue/decrypt-all-files.php

Same problem - at least I’ll reply to your solution - does not work to decrypt the files so encrypted. Copies them as-is into the new location meant for decrypted files and/or skips them entirely/

But thank you for responding - perhaps the script is the right direction and it just needs more changes to be useful here.

And a bit ridiculous that given the nature of this problem (akin to ransomware) - there is not a posted solution.

Files are encrypted: HBEGIN:oc_encryption_module:OC_DEFAULT_MODULE:cipher:AES-256-CTR:signed:true:HEND - 3 years ago.

— Update —

In my case, encryption-recovery-tools/server-side-encryption/recover.php at master · nextcloud/encryption-recovery-tools · GitHub worked. Note that SECRET though the example value is “” needs to be an array. Originally I was just copying the value from config.php in to the quotes. After noticing the PHP errors, I changed it to [“base” => “valueFromConfig.php” ] - then it proceeded to decrypt files.

I’m not sure what encryption I had temporarily enabled somewhere, but I had random files encrypted (some years old, some new), and there were no “.fileKey” files anywhere in UserData. There were “master.XYZ.sharedKey” files.