Encryption recovery of file in external storage "Dropbox"

Nextcloud version: 12
Operating system and version: Ubuntu 17.04
Apache or nginx version: Apache 2.4.25):
PHP version: 7.0.15:

The issue we are facing:
We have the backed up users file encryption files (private and public keys).

We had an external storage attached to Dropbox. The server crashed and was re-installed from scratch.

We would like to restore the backed up users file encryption files (private and public keys).
so we can reconnect to the external Dropbox storage “App” and recover the encrypted files that are stored there.

Is this possible and what are the steps that we can take to decrypt this Dropbox file that is encrypted in Dropbox?
The private key has been hashed with a password that we know.
Is there a tool to decrypt this hash of the private key?


Found this:

Way how one would be decrypting his data with the Nextcloud 11.0.1 (stable) with the Default encryption module 1.4.1.

Will give it a try:

This procedure worked perfectly for us:

Username: admin
Password: password
Ciphersuite: HBEGIN:cipher:AES-256-CTR
Salt: PBKDF2, sha256 100000 times (can be looked up here https://github.com/nextcloud/server/blob/master/apps/encryption/lib/Crypto/Crypt.php )

The instanceid and secret is available at /nextcloud/config/config.php file

instanceid: ockoa0vm1m34
secret: 63Ca9s0LIJCf7ctbgFP3QrkMZkD8kzLhwXfMgsFFvor2T6Qg

User’s encrypted RSA private key:

User’s file you want to decrypt:

User’s file shareKey:

User’s file key:

‘instanceid’ => ‘ockoa0vm1m34’,
‘passwordsalt’ => ‘HwNI0u8r0vHRdnHON86Rbl5x4Jcgiu’,
‘secret’ => ‘63Ca9s0LIJCf7ctbgFP3QrkMZkD8kzLhwXfMgsFFvor2T6Qg’,

Decrypt user’s RSA private key

openssl enc -AES-256-CTR -d -base64 -A -nosalt -K $( php -r “echo hash_pbkdf2(‘sha256’, ‘password’, hash(‘sha256’, ‘admin’.‘ockoa0vm1m34’.‘63Ca9s0LIJCf7ctbgFP3QrkMZkD8kzLhwXfMgsFFvor2T6Qg’, true), 100000, 32, true);” | xxd -p -c 999999 ) -iv $(perl -pne ‘s/^HBEGIN.00iv00//;s/00sig00.xxx$//’ “/admin/files_encryption/OC_DEFAULT_MODULE/admin.privateKey” | xxd -p -c 999999 ) -in <( perl -pne 's/^HBEGIN:.+:HEND-//;s/(00iv00.)?00iv00.*xxx$/\1/’ “/admin/files_encryption/OC_DEFAULT_MODULE/admin.privateKey” ) > myrsa.pem

Decrypt a shareKey using decrypted RSA private key

openssl rsautl -decrypt -inkey <(cat “myrsa.pem”) -in “/admin/files_encryption/keys/files/ssh-manual.txt/OC_DEFAULT_MODULE/admin.shareKey” > mysharekey

Decrypt a fileKey using decrypted shareKey

openssl rc4 -d -in “/admin/files_encryption/keys/files/ssh-manual.txt/OC_DEFAULT_MODULE/fileKey” -iv 0 -K $(xxd -p -c 999999 mysharekey) > myfilekey

Decrypt the file using decrypted fileKey

export BLOCKSIZE=8192
export COUNTER=1
export FILE="/admin/files/ssh-manual.txt"
export FILESIZE=$(stat -c%s $FILE)
export LASTCHUNK=$[FILESIZE-(BLOCKS*BLOCKSIZE)] # haven’t tested case when LASTCHUNK=0
while [ $COUNTER -lt $[BLOCKS+1] ]; do
PAYLOAD="$(dd bs=$BLOCKSIZE skip=$COUNTER count=1 if="$FILE" status=noxfer 2>/dev/null | dd bs=$PAYLOADSIZE count=1 status=noxfer 2>/dev/null )“
IV=”$(dd bs=$BLOCKSIZE skip=$COUNTER count=1 if="$FILE" status=noxfer 2>/dev/null | dd bs=$SHIFT skip=1 count=1 status=noxfer 2>/dev/null | dd bs=16 count=1 status=noxfer 2>/dev/null | xxd -p -c 999)"
echo -e “SHIFT =\t\t” $SHIFT >&2
echo -e “IV =\t\t” $IV >&2
openssl enc -AES-256-CTR -d -nosalt -base64 -A -K $(xxd -p -c 9999 myfilekey) -iv “$IV” -in <(echo -ne “$PAYLOAD”)
done > decryptedFile

sha256sum decryptedFile