Files encrypted on client Directory


i have a Nextcloud 25.0.13 on Debian 11. I made now a new installation on Bookworm with 28.0.1. I took my backup from my client, and resynct it. When checking the data, I realized, that a lot of files are encryptet. They all contain the following string: “HBEGIN:oc_encryption_module”
In all my backups, from the server directory and the client directorys these files are encryptet. I did not realized early enough, and do not know, when it happend.
I tried the decrypt-all-filles.php, entered my secret from the config.php, and my InstanceID, as well as the usernames and passwords. It did not decrypt the files. I have for all the encrypted files the keys in data/user/files_encryption/keys. What can I do, to decrypt the files?



I am not familiar with client-side encryption as I do not use it. However, if you have used the client-side encryption offered by Nextcloud, the app End-to-End Encryption must be installed. Check that out.

If you are using the client-side Nextcloud encryption, the files should be visible unencrypted in the Nextcloud client application (e.g. Windows). Copy them to a storage area outside Nextcloud. They should now also be unencrypted here. Now you can use the files.

That does not help. Please differ between client-side encryption and server-side-encryption.

Nextcloud encryption and hardening

1.) Encrypted data transfer → HTTPS → not your problem
2.) Encrypt data at rest → i think not your problem
3.) Encrypt from client to client → i think this is your problem

That only belongs to 3.) or a manual encryption.

i have a Nextcloud 25.0.13 on Debian 11. I made now a new installation on Bookworm with 28.0.1.

I’m unclear what you did here. You built a new server. Okay. Then what?

  • How did you migrate your data to your new server precisely?

It almost sounds like you did not move your data from your old server and instead placed your backup on one of your clients and just starting syncing from that client I guess?

  • How did you adjust your client to point at the new server?

I’m guessing you didn’t follow the approach in the Admin Manual, correct?[1]

[1] Migrating to a different server — Nextcloud latest Administration Manual latest documentation