Hello, what shall I do with the files encrypt:scan:legacy-format finds, which doesn’t have a proper header, and are located in files_version and files_trashbin? It found 56 files. I guess they all may came with a header like this:
root@nextcloud:/usr/local/www/nextcloud # od -A x -t x1c -v "data/floogy/files_versions/Documents/1.pdf.v1613570625" | head
0000000 48 42 45 47 49 4e 3a 6f 63 5f 65 6e 63 72 79 70
H B E G I N : o c _ e n c r y p
0000010 74 69 6f 6e 5f 6d 6f 64 75 6c 65 3a 4f 43 5f 44
t i o n _ m o d u l e : O C _ D
0000020 45 46 41 55 4c 54 5f 4d 4f 44 55 4c 45 3a 63 69
E F A U L T _ M O D U L E : c i
0000030 70 68 65 72 3a 41 45 53 2d 32 35 36 2d 43 54 52
p h e r : A E S - 2 5 6 - C T R
0000040 3a 73 69 67 6e 65 64 3a 74 72 75 65 3a 48 45 4e
: s i g n e d : t r u e : H E N
Therefore I issuesd the command above. But the docs are not very verbose on what to do if it will NOT tell you if “you can remove the legaxcy encryption mode” and how to do that.
See also:
Further i wanted initially get rid of all Errors and Warnings in overview AND the message “Bitte aktiviere server-seitige Verschlüsselung in den Administrator-Einstellungen um das Verschlüsselungsmodul nutzen zu können” which reads in english: “Please enable server side encryption in the admin settings in order to use the encryption module.” this is a sort of tool tipp poppin up on every new load of any screen.
Eventually I would be fine with disable or get rid of any encryption at all.
root@nextcloud:/usr/local/www/nextcloud # ~/occ.sh encrypt:scan:legacy-format
Scanning all files for legacy encryption
Scanning all files for admin
Scanning all files for gerhard
All scanned files are properly encrypted. You can disable the legacy compatibility mode.
Also the message “Bitte aktiviere server-seitige Verschlüsselung in den Administrator-Einstellungen um das Verschlüsselungsmodul nutzen zu können” is still poppin up and nags me.
Is it save now to disable the APP Default encryption module 2.9.0?
It says under apps>Default encryption module
In order to use this encryption module you need to enable server-side encryption in the admin settings. Once enabled this module will encrypt all your files transparently. The encryption is based on AES 256 keys. The module won’t touch existing files, only new files will be encrypted after server-side encryption was enabled. It is also not possible to disable the encryption again and switch back to a unencrypted system. Please read the documentation to know all implications before you decide to enable server-side encryption.
What about encrypt user directory? Is it save for me to untick and then remove the default encryption module under apps to get rid of the nag screen and the encryption at all, without loss of data (encrypted without the possibility to decrypt?)?
Okay, I unticked “Benutzerverzeichnis verschlüsseln” (encrypt user directory) and disabled the “default encryption module” (official) under apps. Now everything is fine. It seems, it didn’t harm the existing files, regardless on the warnings and my earlier experience. I feared to lose files, but it didn’t seem to be the case. So I’ll mark this as solution.