"Invalid private key for encryption app. Please update your private key password in your personal settings to recover access to your encrypted files"

koolandrew · February 3, 2023, 3:23am

I have seen this topic from years ago but nothing recent when i searched for a solution. I just enabled end-to-end encryption, and i got this message.
NC Personal Security asks for the old log-in password and the current log-in password. Unless you manually type them in, you cannot click on the update private key password. I am able to do so but it says “saving” but it never becomes “saved”.

Note sure if you can see the picture but hopefully there is a simple solution.

vikhou · March 7, 2023, 4:53am

I am facing he same problem, and looking for solution, too.

To whomever it helps: thanks.

Pseudonym77 · April 21, 2023, 2:42pm

Yup, same issue. Looks like there are threads on this going back to 2018, none with a solution.

meonkeys · April 21, 2023, 3:42pm

github.com/nextcloud/server

Invalid private key for encryption app. Please update your private key password in your personal settings to recover access to your encrypted files

opened 05:25PM - 26 Feb 18 UTC

knut-hildebrandt

bug 1. to develop feature: encryption (server-side) pending documentation 25-feedback

### Steps to reproduce 1. enable Default encryption module 2. logout and login again (as recommend) 3. go to Security settings to change password ### Expected behaviour Default encrytion module should be enable and work without problems. No clue why changing password is necessary. ### Actual behaviour At login an error message pops up saying: "Invalid private key for encryption app. Please update your private key password in your personal settings to recover access to your encrypted files" Trying to change the password is not possible, because an old password that could be entered never has been set. This even holds true for fresh accounts that are set up after enabling Default encryption module. See discussion here: https://help.nextcloud.com/t/invalid-private-key-for-encryption-app-please-update-your-private-key-password-in-your-personal-settings-to-recover-access-to-your-encrypted-files/27108/13 ### Server configuration **Operating system**: **Web server:** shared hoster **Database:** mysql 5.6.34 **PHP version:** 5.6 **Nextcloud version:** (see Nextcloud admin page) 13.0.0 **Updated from an older Nextcloud/ownCloud or fresh install:** from 12.0.5 **Where did you install Nextcloud from:** updater **Signing status:** <details> <summary>Signing status</summary> ``` Login as admin user into your Nextcloud and access http://example.com/index.php/settings/integrity/failed paste the results here. "No errors have been found." </details> **List of activated apps:** <details> <summary>App list</summary> Activity 2.6.1 AppOrder 0.4.1 Audio Player 2.2.5 Auditing / Logging 1.3.0 Brute-force settings 1.0.3 Calendar 1.6.0 Collaborative tags 1.3.0 Comments 1.3.0 Contacts 2.1.0 Default encryption module 2.0.0 Deleted files 1.3.0 External storage support 1.4.1 Federation 1.3.0 File sharing 1.5.0 First run wizard 2.2.1 Gallery 18.0.0 Log Reader 2.0.0 Mail 0.7.10 Monitoring 1.3.0 Nextcloud announcements 1.2.0 Notifications 2.1.2 Password policy 1.3.0 PDF viewer 1.2.0 Share by mail 1.3.0 Talk 3.1.0 Tasks 0.9.6 Text editor 2.5.1 Theming 1.4.1 Update notification 1.3.0 Usage survey 1.1.0 Versions 1.6.0 Video player 1.2.0 If you have access to your command line run e.g.: sudo -u www-data php occ app:list from within your Nextcloud installation folder ``` </details> **Nextcloud configuration:** <details> <summary>Config report</summary> ``` If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your Nextcloud installation folder or Insert your config.php content here. Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …) <?php $CONFIG = array ( 'instanceid' => '', 'passwordsalt' => '', 'secret' => '', 'trusted_domains' => array ( 0 => 'nextcloud.domain-name.de', 1 => 'owncloud.domain-name.de', ), 'datadirectory' => '/home/webpages/provider-name/user-name/nextcloud/data', 'overwrite.cli.url' => 'https://nextcloud.domain-name.de', 'dbtype' => 'mysql', 'version' => '13.0.0.14', 'dbname' => 'db_abc_1', 'dbhost' => 'user-name.provider-name-db.de', 'dbtableprefix' => 'oc_', 'dbuser' => 'USERxyc', 'dbpassword' => '', 'logtimezone' => 'UTC', 'installed' => true, 'maintenance' => false, 'theme' => '', 'loglevel' => 2, 'mail_domain' => 'domain-name.de', 'mail_from_address' => 'mail', 'mail_smtpmode' => 'smtp', 'mail_smtpauth' => 1, 'mail_smtpsecure' => 'ssl', 'mail_smtpport' => '465', 'mail_smtphost' => 'mail.provider-name.de', 'mail_smtpname' => 'mail@domain-name.de', 'mail_smtppassword' => '', 'mail_smtpauthtype' => 'PLAIN', 'updater.release.channel' => 'stable', ); </details> **Are you using external storage, if yes which one:** local/smb/sftp/... 3x WebDAV 1 x Unknown: googledrive -> does not work anymore **Are you using encryption:** yes/no no **Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/... no #### LDAP configuration (delete this part if not used) <details> <summary>LDAP config</summary> ``` With access to your command line run e.g.: sudo -u www-data php occ ldap:show-config from within your Nextcloud installation folder Without access to your command line download the data/owncloud.db to your local computer or access your SQL server remotely and run the select query: SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap'; Eventually replace sensitive data as the name/IP-address of your LDAP server or groups. ``` </details> ### Client configuration **Browser:** Firefox 56 **Operating system:** Linux ### Logs #### Web server error log <details> <summary>Web server error log</summary> ``` Insert your webserver log here ``` </details> #### Nextcloud log (data/nextcloud.log) <details> <summary>Nextcloud log</summary> ``` Insert your Nextcloud log here ``` </details> #### Browser log <details> <summary>Browser log</summary> ``` Insert your browser log here, this could for example include: a) The javascript console log b) The network log c) ... ``` </details>

hvingen · February 14, 2024, 11:44am

Since 2FA has been enabled, I have had that problem too, very annoying. Pfff. . 6 years on, this problem is still not solved.

Nextcloud 27.1.5
Data access is normal but the notification keeps coming up.

What should you enter here? The “Old log-in password” is known and accepted but what is the “Current log-in password” … ? Or should the Encryption be reset?

jtr · February 14, 2024, 12:19pm

Are you trying to use Server-Side Encryption or End to End encryption?

They’re very different things and not at all compatible with each other.

Your screen shot indicate you have both active.

The end_to_end_encryption app isn’t a default app so it would have had to be deliberately installed at some point.

hvingen · February 14, 2024, 12:40pm

No, I don’t use Server-Side Encryption. It’s disabled in Nexcloud.
I know that this is conflicting.

E2EE is fully functional and used for Nextcloud Desktop Clients (version 3.12) on two Macs (macOS 12.7.3 and 14.3.1) So with the same pass phrase on both Macs I have access to all resources.

jtr · February 14, 2024, 1:26pm

E2EE is fully functional and used for Nextcloud Desktop Clients (version 3.12) on two Macs (macOS 12.7.3 and 14.3.1) So with the same pass phrase on both Macs I have access to all resources.

Definitely don’t reset in that case.

I agree it sounds like you have fully functioning E2EE in-place from your description.

Do you still have the encryption app enabled though under Apps? That’s the only way this can happen. That message (Your private key password no longer matches your log-in password) is 100% from the server-side encryption app. It can’t appear unless the app is still enabled.

hvingen · February 14, 2024, 1:42pm

Dear Josh,
That was the ultimate answer. As Admin under Apps, I disabled the Encryption feature. Now the notification has disappeared.

Pretty nice, thank you very much,