HMAC does not match

Gardakant · July 19, 2019, 2:23pm

Hi, just migrated from a NC server to another.
I had backups made with ownbackup.
I restored the oc_passwords* mysql tables with that backup.
But when I try to acces the Passwords app I get this error:

{“reqId”:“v8Zu5gPhaYYTxQxMpKiE”,“level”:3,“time”:“2019-07-19T14:13:51+00:00”,“remoteAddr”:“xxx.xxx.xxx.xxx”,“user”:“MyUserId”,“app”:“passwords”,“method”:“POST”,“url”:"/index.php/apps/passwords/api/1.0/password/list",“message”:{“Exception”:“Exception”,“Message”:“HMAC does not match.”,“Code”:0,“Trace”:[{“file”:"/var/www/nextcloud/apps/passwords/lib/Encryption/Object/SseV1Encryption.php",“line”:158,“function”:“decrypt”,“class”:“OC\Security\Crypto”,“type”:"->",“args”:["*** sensitive parameters replaced "]},{“file”:"/var/www/nextcloud/apps/passwords/lib/Services/EncryptionService.php",“line”:113,“function”:“decryptObject”,“class”:“OCA\Passwords\Encryption\Object\SseV1Encryption”,“type”:"->",“args”:[" sensitive parameters replaced "]},{“file”:"/var/www/nextcloud/apps/passwords/lib/Helper/ApiObjects/AbstractObjectHelper.php",“line”:111,“function”:“decrypt”,“class”:“OCA\Passwords\Services\EncryptionService”,“type”:"->",“args”:[" sensitive parameters replaced ***"]},{“file”:"/var/www/nextcloud/apps/passwords/lib/Helper/ApiObjects/PasswordObjectHelper.php",“line”:104,“function”:“getRevision”,“class”:“OCA\Passwords\Helper\ApiObjects\AbstractObjectHelper”,“type”:"->",“args”:[{“id”:2,“class”:“OCA\Passwords\Db\Password”},{“hidden”:false,“trashed”:false}]},{“file”:"/var/www/nextcloud/apps/passwords/lib/Controller/Api/AbstractObjectApiController.php",“line”:91,“function”:“getApiObject”,“class”:“OCA\Passwords\Helper\ApiObjects\PasswordObjectHelper”,“type”:"->",“args”:[{“id”:2,“class”:“OCA\Passwords\Db\Password”},“model”,{“hidden”:false,“trashed”:false}]},{“file”:"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",“line”:166,“function”:“list”,“class”:“OCA\Passwords\Controller\Api\AbstractObjectApiController”,“type”:"->",“args”:[“model”]},{“file”:"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",“line”:99,“function”:“executeController”,“class”:“OC\AppFramework\Http\Dispatcher”,“type”:"->",“args”:[{“class”:“OCA\Passwords\Controller\Api\PasswordApiController”},“list”]},{“file”:"/var/www/nextcloud/lib/private/AppFramework/App.php",“line”:126,“function”:“dispatch”,“class”:“OC\AppFramework\Http\Dispatcher”,“type”:"->",“args”:[{“class”:“OCA\Passwords\Controller\Api\PasswordApiController”},“list”]},{“file”:"/var/www/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php",“line”:47,“function”:“main”,“class”:“OC\AppFramework\App”,“type”:"::",“args”:[“PasswordApiController”,“list”,{“class”:“OC\AppFramework\DependencyInjection\DIContainer”},{"_route":“passwords.password_api.listPOST”}]},{“function”:"__invoke",“class”:“OC\AppFramework\Routing\RouteActionHandler”,“type”:"->",“args”:[{"_route":“passwords.password_api.listPOST”}]},{“file”:"/var/www/nextcloud/lib/private/Route/Router.php",“line”:297,“function”:“call_user_func”,“args”:[{“class”:“OC\AppFramework\Routing\RouteActionHandler”},{"_route":“passwords.password_api.listPOST”}]},{“file”:"/var/www/nextcloud/lib/base.php",“line”:975,“function”:“match”,“class”:“OC\Route\Router”,“type”:"->",“args”:["/apps/passwords/api/1.0/password/list"]},{“file”:"/var/www/nextcloud/index.php",“line”:42,“function”:“handleRequest”,“class”:“OC”,“type”:"::",“args”:[]}],“File”:"/var/www/nextcloud/lib/private/Security/Crypto.php",“Line”:131,“CustomMessage”:"–"},“userAgent”:“Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36”,“version”:“16.0.3.0”}

Any idea/help would be greatly appreciated :s)

mdw · July 19, 2019, 3:28pm

The best way to move to another server is to create a backup and then copy the file to the new server and restore it there. See https://git.mdns.eu/nextcloud/passwords/wikis/Administrators/Backups .

You are probably missing the user/server decryption keys.

Gardakant · July 24, 2019, 10:42am

In fact I didn’t know I had such backups (I don’t have a mysql backup from my old NC instance, juste a nextcloud/data/ filesystem backup.
Worked like a charm, with a little subtility:

I took a json backup from the old filesystem, put it in the new appdata_XXXX/passwords/backup/ forlder
listed the available backups, it didn’t show up
move the old json to the name of a listed backup
loaded that backup
worked like a charm, all my passwords where back !

Thanks for the hint @mdw

mdw · July 24, 2019, 12:54pm

In fact I didn’t know I had such backups

Yup. The app just makes backups because usually no one thinks about backups until it is too late.

listed the available backups, it didn’t show up

From the manual:

If you choose to add a backup file, you will have to rescan the app data directory afterwards to make sure it shows up in the backup list:
./occ files:scan-app-data

If you move or add a file, you need to make Nextcloud scan the folder again. Otherwise it won’t show up.

With the upcoming 2019.8.0 version, exporting and importing backups will be easier. You can then follow the server migration guide.