Nextcloud version (eg, 20.0.5): 21.0.3
Operating system and version (eg, Ubuntu 20.04): Gentoo Linux
Apache or nginx version (eg, Apache 2.4.25): nginx 1.20.1
PHP version (eg, 7.4): 7.4.21
The issue you are facing:
After a user did a hard reset of her password her locally (user-key) encrypted files were - as expected - unaccessible.
However, uploading new files using a newly installed desktop client (MacOS X), and sharing a folder to another local user doesn’t work either.
Old files have been marked for deletion and are probably sitting in the trash as of now and are not required anymore, yet a working desktop integration is of importance.
Other users with their passwords still intact are not facing this issue, shared folders and files to the user in question are still accessible.
Is this the first time you’ve seen this error? (Y/N): Y
Steps to replicate it:
- Have a user with user-key encryption enabled (dating back about 5 to 6 years)
- Click on “forgot password”, follow procedure including marking “I know what I’m doing tickbox”
- Try to upload files with a freshly connected desktop client from MacOSX
The output of your Nextcloud log in Admin > Logging:
Fatal webdav Sabre\DAV\Exception\ServiceUnavailable: Encryption not ready: multikeydecrypt with share key failed:error:04065072:rsa routines:rsa_ossl_private_decrypt:padding check failed
/home/cloud/nextcloud/apps/dav/lib/Connector/Sabre/File.php - line 436:
OCA\DAV\Connector\Sabre\File->convertToSabreException()
/home/cloud/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php - line 85:
OCA\DAV\Connector\Sabre\File->get()
/home/cloud/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php - line 89:
Sabre\DAV\CorePlugin->httpGet()
/home/cloud/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 472:
Sabre\DAV\Server->emit()
/home/cloud/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 253:
Sabre\DAV\Server->invokeMethod()
/home/cloud/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 321:
Sabre\DAV\Server->start()
/home/cloud/nextcloud/apps/dav/lib/Server.php - line 332:
Sabre\DAV\Server->exec()
/home/cloud/nextcloud/apps/dav/appinfo/v2/remote.php - line 35:
OCA\DAV\Server->exec()
/home/cloud/nextcloud/remote.php - line 167:
require_once("/home/cloud ... p")
Caused by OCA\Encryption\Exceptions\MultiKeyDecryptException: multikeydecrypt with share key failed:error:04065072:rsa routines:rsa_ossl_private_decrypt:padding check failed
/home/cloud/nextcloud/apps/encryption/lib/KeyManager.php - line 480:
OCA\Encryption\Crypto\Crypt->multiKeyDecrypt("*** sensiti ... *")
/home/cloud/nextcloud/apps/encryption/lib/Crypto/Encryption.php - line 202:
OCA\Encryption\KeyManager->getFileKey()
/home/cloud/nextcloud/lib/private/Files/Stream/Encryption.php - line 287:
OCA\Encryption\Crypto\Encryption->begin()
<<closure>>
OC\Files\Stream\Encryption->stream_open()
/home/cloud/nextcloud/lib/private/Files/Stream/Encryption.php - line 214:
fopen()
/home/cloud/nextcloud/lib/private/Files/Stream/Encryption.php - line 189:
OC\Files\Stream\Encryption::wrapSource()
/home/cloud/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php - line 471:
OC\Files\Stream\Encryption::wrap()
/home/cloud/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php - line 302:
OC\Files\Storage\Wrapper\Encryption->fopen()
/home/cloud/nextcloud/apps/files_sharing/lib/SharedStorage.php - line 297:
OC\Files\Storage\Wrapper\Wrapper->fopen()
/home/cloud/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php - line 302:
OCA\Files_Sharing\SharedStorage->fopen()
/home/cloud/nextcloud/lib/private/Files/View.php - line 1170:
OC\Files\Storage\Wrapper\Wrapper->fopen()
/home/cloud/nextcloud/lib/private/Files/View.php - line 1006:
OC\Files\View->basicOperation()
/home/cloud/nextcloud/apps/dav/lib/Connector/Sabre/File.php - line 434:
OC\Files\View->fopen()
/home/cloud/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php - line 85:
OCA\DAV\Connector\Sabre\File->get()
/home/cloud/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php - line 89:
Sabre\DAV\CorePlugin->httpGet()
/home/cloud/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 472:
Sabre\DAV\Server->emit()
/home/cloud/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 253:
Sabre\DAV\Server->invokeMethod()
/home/cloud/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 321:
Sabre\DAV\Server->start()
/home/cloud/nextcloud/apps/dav/lib/Server.php - line 332:
Sabre\DAV\Server->exec()
/home/cloud/nextcloud/apps/dav/appinfo/v2/remote.php - line 35:
OCA\DAV\Server->exec()
/home/cloud/nextcloud/remote.php - line 167:
require_once("/home/cloud ... p")
The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'instanceid' => 'REDACTED',
'passwordsalt' => 'REDACTED',
'secret' => 'REDACTED',
'trusted_domains' =>
array (
0 => 'REDACTED',
),
'datadirectory' => '/home/cloud-data',
'overwrite.cli.url' => 'https://REDACTED',
'dbtype' => 'mysql',
'version' => '21.0.3.1',
'dbname' => 'cloud',
'dbhost' => 'localhost',
'dbtableprefix' => '',
'dbuser' => 'nextcloud',
'dbpassword' => 'REDACTED',
'logtimezone' => 'UTC',
'installed' => true,
'memcache.local' => '\\OC\\Memcache\\APCu',
'maintenance' => false,
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'ssl',
'mail_smtpauthtype' => 'PLAIN',
'mail_smtpauth' => 1,
'mail_smtphost' => 'REDACTED',
'mail_smtpport' => '465',
'mail_smtpname' => 'REDACTED',
'mail_smtppassword' => 'REDACTED',
'theme' => '',
'loglevel' => 0,
'appstore.experimental.enabled' => true,
'trashbin_retention_obligation' => 'auto',
'mysql.utf8mb4' => true,
'mail_from_address' => 'no-reply',
'mail_sendmailmode' => 'smtp',
'mail_domain' => 'REDACTED',
'data-fingerprint' => 'REDACTED',
'encryption.legacy_format_support' => true,
'encryption.key_storage_migrated' => false,
);
The output of your Apache/nginx/system log in /var/log/____:
Access log:
- - REDACTED [06/Aug/2021:13:18:18 +0200] "GET /remote.php/dav/files/REDACTED/IMG_20170122_153136.jpg HTTP/1.1" 503 720 "-" "Mozilla/5.0 (Macintosh) mirall/3.3.0git (build 6760) (Nextcloud, osx-18.7.0 ClientArchitecture: x86_64 OsArchitecture: x86_64)" "-"
- - REDACTED [06/Aug/2021:13:18:18 +0200] "GET /remote.php/dav/files/REDACTED/MVI_7458.MP4 HTTP/1.1" 503 720 "-" "Mozilla/5.0 (Macintosh) mirall/3.3.0git (build 6760) (Nextcloud, osx-18.7.0 ClientArchitecture: x86_64 OsArchitecture: x86_64)" "-"
Error log:
2021/08/06 13:18:18 [info] 1758#1758: *268532 client REDACTED closed keepalive connection