Encrypt:scan:legacy-format finds files which doesn't have a proper header in files_version and files_trashbin

Hello, what shall I do with the files encrypt:scan:legacy-format finds, which doesn’t have a proper header, and are located in files_version and files_trashbin? It found 56 files. I guess they all may came with a header like this:

root@nextcloud:/usr/local/www/nextcloud # od -A  x -t x1c -v  "data/floogy/files_versions/Documents/1.pdf.v1613570625" | head
0000000    48  42  45  47  49  4e  3a  6f  63  5f  65  6e  63  72  79  70
           H   B   E   G   I   N   :   o   c   _   e   n   c   r   y   p
0000010    74  69  6f  6e  5f  6d  6f  64  75  6c  65  3a  4f  43  5f  44
           t   i   o   n   _   m   o   d   u   l   e   :   O   C   _   D
0000020    45  46  41  55  4c  54  5f  4d  4f  44  55  4c  45  3a  63  69
           E   F   A   U   L   T   _   M   O   D   U   L   E   :   c   i
0000030    70  68  65  72  3a  41  45  53  2d  32  35  36  2d  43  54  52
           p   h   e   r   :   A   E   S   -   2   5   6   -   C   T   R
0000040    3a  73  69  67  6e  65  64  3a  74  72  75  65  3a  48  45  4e
           :   s   i   g   n   e   d   :   t   r   u   e   :   H   E   N

I get this message in properties>Amanagement>overview: “The old server-side-encryption format is enabled. We recommend disabling this. For more details see the documentation.”
It links to this documentation: Encryption migration — Nextcloud latest Administration Manual latest documentation

Therefore I issuesd the command above. But the docs are not very verbose on what to do if it will NOT tell you if “you can remove the legaxcy encryption mode” and how to do that.

See also:

Further i wanted initially get rid of all Errors and Warnings in overview AND the message “Bitte aktiviere server-seitige Verschlüsselung in den Administrator-Einstellungen um das Verschlüsselungsmodul nutzen zu können” which reads in english: “Please enable server side encryption in the admin settings in order to use the encryption module.” this is a sort of tool tipp poppin up on every new load of any screen.

Eventually I would be fine with disable or get rid of any encryption at all.

I now followed all steps descriebed here:
https://github.com/nextcloud/server/issues/24240#issuecomment-748991084

root@nextcloud:/usr/local/www/nextcloud # ~/occ.sh encrypt:scan:legacy-format
Scanning all files for legacy encryption
Scanning all files for admin
Scanning all files for gerhard
All scanned files are properly encrypted. You can disable the legacy compatibility mode.

But it shows:

root@nextcloud:/usr/local/www/nextcloud # ~/occ.sh encrypt:status
  - enabled: false
  - defaultModule: OC_DEFAULT_MODULE

What to do with legacy-encryption?

Also the message “Bitte aktiviere server-seitige Verschlüsselung in den Administrator-Einstellungen um das Verschlüsselungsmodul nutzen zu können” is still poppin up and nags me.

Is it save now to disable the APP Default encryption module 2.9.0?

It says under apps>Default encryption module

In order to use this encryption module you need to enable server-side encryption in the admin settings. Once enabled this module will encrypt all your files transparently. The encryption is based on AES 256 keys. The module won’t touch existing files, only new files will be encrypted after server-side encryption was enabled. It is also not possible to disable the encryption again and switch back to a unencrypted system. Please read the documentation to know all implications before you decide to enable server-side encryption.

What about encrypt user directory? Is it save for me to untick and then remove the default encryption module under apps to get rid of the nag screen and the encryption at all, without loss of data (encrypted without the possibility to decrypt?)?

Okay, I unticked “Benutzerverzeichnis verschlüsseln” (encrypt user directory) and disabled the “default encryption module” (official) under apps. Now everything is fine. It seems, it didn’t harm the existing files, regardless on the warnings and my earlier experience. I feared to lose files, but it didn’t seem to be the case. So I’ll mark this as solution.

No new files will be encrypted though…