Invalid private key for encryption app. Please update your private key password in your personal settings to recover access to your encrypted files

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home users. If you’re running a business, get help on portal.nextcloud.com so we can make sure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Remember, the below information may be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Please delete everything above when creating your topic and provide the following:

Nextcloud version _12.0.5
Operating system and version _ Ubuntu 14.04
Apache or nginx version _ Apache 2.4.7
PHP version _5.6

The issue you are facing:

Is this the first time you’ve seen this error? Y

Steps to replicate it:

  1. Upgrated from 12.0.5 to 13
  2. After log in i see this error.
  3. Trying to change Basic encryption module with my password but it stacks to saving and nothing happens.

The output of your Nextcloud log in Admin > Logging:

PASTE HERE
|Debug|OC\Files\Cache\Scanner|!!! Path '' is not accessible or present !!!|2018-02-08T13:59:01+0200|
|---|---|---|---|
|Debug|cron|Run OCA\Files\BackgroundJob\ScanFiles job with ID 10|2018-02-08T13:59:01+0200|
|Warning|core|Login failed: 'rcloud' (Remote IP: '192.168.x.x')|2018-02-08T13:57:57+0200|
|Warning|core|Login failed: 'rcloud' (Remote IP: '192.168.x.x')|2018-02-08T13:57:57+0200|
|Warning|core|Login failed: 'rcloud' (Remote IP: '192.168.x.x')|2018-02-08T13:57:43+0200|
|Warning|core|Login failed: 'rcloud' (Remote IP: '192.168.x.x')|2018-02-08T13:57:43+0200|
|Debug|cron|Finished OCA\Files_Versions\BackgroundJob\ExpireVersions job with ID 8 in 0 seconds|2018-02-08T13:56:50+0200|
|Debug|cron|Run OCA\Files_Versions\BackgroundJob\ExpireVersions job with ID 8|2018-02-08T13:56:50+0200|
|Debug|cron|Finished OCA\Files_Trashbin\BackgroundJob\ExpireTrash job with ID 7 in 0 seconds|2018-02-08T13:56:45+0200|
|Debug|cron|Run OCA\Files_Trashbin\BackgroundJob\ExpireTrash job with ID 7|2018-02-08T13:56:45+0200|
|Debug|core|/owncloud/settings/css/settings.scss compiled and successfully cached|2018-02-08T13:56:44+0200|
|Debug|webdav|Sabre\DAV\Exception\NotAuthenticated: No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured|2018-02-08T13:55:28+0200|
|Debug|webdav|Sabre\DAV\Exception\NotAuthenticated: No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured|2018-02-08T13:55:28+0200|
|Debug|webdav|Sabre\DAV\Exception\NotAuthenticated: No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured|2018-02-08T13:55:27+0200|
|Debug|cron|Finished OCA\UpdateNotification\ResetTokenBackgroundJob job with ID 28 in 0 seconds|2018-02-08T13:34:38+0200|
|Debug|cron|Run OCA\UpdateNotification\ResetTokenBackgroundJob job with ID 28|2018-02-08T13:34:38+0200|
|Debug|core|/owncloud/core/css/systemtags.scss compiled and successfully cached|2018-02-08T13:34:37+0200|
|Debug|core|/owncloud/apps/files_texteditor/css/merged.scss compiled and successfully cached|2018-02-08T13:34:37+0200|
|Debug|core|/owncloud/apps/files_sharing/css/mergedAdditionalStyles.scss compiled and successfully cached|2018-02-08T13:34:37+0200|
|Debug|core|/owncloud/apps/comments/css/autocomplete.scss compiled and successfully cached|2018-02-08T13:34:37+0200|
|Debug|core|/owncloud/apps/files_trashbin/css/trash.scss compiled and successfully cached|2018-02-08T13:34:36+0200|
|Debug|core|/owncloud/apps/files/css/merged.scss compiled and successfully cached|2018-02-08T13:34:36+0200|
|Debug|core|/owncloud/core/css/jquery.ocdialog.scss compiled and successfully cached|2018-02-08T13:34:36+0200|
|Debug|core|/owncloud/core/css/share.scss compiled and successfully cached|2018-02-08T13:34:36+0200|
|Debug|core|/owncloud/core/css/server.scss compiled and successfully cached|2018-02-08T13:34:36+0200|
|Debug|core|/owncloud/core/css/jquery-ui-fixes.scss compiled and successfully cached|2018-02-08T13:34:34+0200|
|Debug|cron|Finished OCA\Files\BackgroundJob\CleanupFileLocks job with ID 6 in 0 seconds|2018-02-08T13:34:29+0200|
|Debug|cron|Run OCA\Files\BackgroundJob\CleanupFileLocks job with ID 6|2018-02-08T13:34:29+0200|
|Debug|core|Scss is disabled for /var/www/owncloud/core/css/jquery.ocdialog.scss, ignoring|2018-02-08T13:34:29+0200|
|Debug|core|Scss is disabled for /var/www/owncloud/core/css/share.scss, ignoring|2018-02-08T13:34:29+0200|
|Debug|core|Scss is disabled for /var/www/owncloud/core/css/server.scss, ignoring|2018-02-08T13:34:29+0200|
|Debug|core|Scss is disabled for /var/www/owncloud/core/css/jquery-ui-fixes.scss, ignoring|2018-02-08T13:34:29+0200|
|Warning|core|Login failed: 'rcloud' (Remote IP: '192.168.100.101')|2018-02-08T13:34:28+0200|
|Debug|core|Scss is disabled for /var/www/owncloud/core/css/jquery.ocdialog.scss, ignoring|2018-02-08T13:34:19+0200|
|Debug|core|Scss is disabled for /var/www/owncloud/core/css/share.scss, ignoring|2018-02-08T13:34:19+0200|
|Debug|core|Scss is disabled for /var/www/owncloud/core/css/server.scss, ignoring|2018-02-08T13:34:19+0200|
|Debug|core|Scss is disabled for /var/www/owncloud/core/css/jquery-ui-fixes.scss, ignoring|2018-02-08T13:34:19+0200|
|Debug|core|Scss is disabled for /var/www/owncloud/core/css/share.scss, ignoring|2018-02-08T13:34:19+0200|
|Debug|core|Scss is disabled for /var/www/owncloud/core/css/server.scss, ignoring|2018-02-08T13:34:19+0200|
|Debug|core|Scss is disabled for /var/www/owncloud/core/css/jquery-ui-fixes.scss, ignoring|2018-02-08T13:34:19+0200|

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

PASTE HERE

<?php
$CONFIG = array (
  'instanceid' => 'xxxxx',
  'passwordsalt' => 'xxxxxxxxxxxxxxxxxxxxxxx',
  'trusted_domains' => 
  array (
    0 => 'xxxxxxxxx',
    1 => 'xxxxxxxxxx',
    2 => 'xxxxxxxxxxxx',
    3 => 'xxxxxxxxxxxx',
    4 => 'xxxxxxxxx',
    5 => 'xxxxxxxxxx',
    6 => 'xxxxxxxxx',
    7 => 'xxxxxxxxxxxx',
  ),
  'datadirectory' => '/var/www/owncloud/data',
  'overwrite.cli.url' => 'http://192.168.x.x/owncloud',
  'dbtype' => 'mysql',
  'version' => '13.0.0.14',
  'installed' => true,
  'dbname' => 'rcloud',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_rcloud',
  'dbpassword' => 'xxxxxxxxxxxxxx',
  'forcessl' => true,
  'loglevel' => 0,
  'mail_smtpmode' => 'smtp',
  'mail_from_address' => 'xxxxxxxx',
  'mail_domain' => 'rxxxxxr',
  'mail_smtphost' => 'xxxxxxxxxx',
  'mail_smtpport' => '465',
  'mail_smtpauthtype' => 'LOGIN',
  'theme' => '',
  'maintenance' => false,
  'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxx',
  'trashbin_retention_obligation' => 'auto',
  'updatechecker' => false,
  'mail_smtpauth' => 1,
  'mail_smtpname' => 'xxxxxxx',
  'mail_smtppassword' => 'xxxxxxxxxxx',
  'mail_smtpsecure' => 'ssl',
  'updater.release.channel' => 'stable',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'updater.secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
);

The output of your Apache/nginx/system log in /var/log/____:

PASTE HERE

[Mon Feb 05 07:45:44.809832 2018] [mpm_prefork:notice] [pid 1807] AH00163: Apache/2.4.7 (Ubuntu) OpenSSL/1.0.1f configured -- resuming normal operations
[Mon Feb 05 07:45:44.809856 2018] [core:notice] [pid 1807] AH00094: Command line: '/usr/sbin/apache2'
mkstemp("/var/www/.execooorpogBj") failed: Permission denied
:1: parser error : Document is empty
ࡱá
^
mkstemp("/var/www/.execoooz5nKFX") failed: Permission denied
[Wed Feb 07 16:27:47.044228 2018] [authz_core:error] [pid 30329] [client hidden772] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 16:45:12.183725 2018] [authz_core:error] [pid 30306] [client hidden798] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 16:45:22.738365 2018] [authz_core:error] [pid 30306] [client hidden806] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 16:53:56.949064 2018] [authz_core:error] [pid 10337] [client hidden891] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 16:54:04.972370 2018] [authz_core:error] [pid 9823] [client hidden896] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 16:54:16.486730 2018] [authz_core:error] [pid 2653] [client hidden904] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 16:54:44.748336 2018] [authz_core:error] [pid 2632] [client hidden909] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 16:54:47.235875 2018] [authz_core:error] [pid 25814] [client hidden912] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 16:54:53.376544 2018] [authz_core:error] [pid 2408] [client hidden910] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 16:54:56.100864 2018] [authz_core:error] [pid 2671] [client hidden923] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 16:55:05.238449 2018] [authz_core:error] [pid 2671] [client hidden923] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 16:55:12.372702 2018] [authz_core:error] [pid 2671] [client hidden923] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 16:56:16.282481 2018] [authz_core:error] [pid 2408] [client hidden944] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 16:57:17.234628 2018] [authz_core:error] [pid 2671] [client hidden955] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 16:57:28.936667 2018] [authz_core:error] [pid 2724] [client hidden960] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 16:59:54.890562 2018] [authz_core:error] [pid 2653] [client hidden987] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:00:06.979350 2018] [authz_core:error] [pid 2738] [client hidden985] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:00:28.410026 2018] [authz_core:error] [pid 30306] [client hidden001] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:00:40.266249 2018] [authz_core:error] [pid 2632] [client hidden014] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:01:11.897930 2018] [authz_core:error] [pid 25814] [client hidden026] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:01:18.230704 2018] [authz_core:error] [pid 2671] [client hidden030] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:01:49.222896 2018] [authz_core:error] [pid 2724] [client hidden040] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:01:54.096063 2018] [authz_core:error] [pid 2738] [client hidden042] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:02:01.818002 2018] [authz_core:error] [pid 2738] [client hidden042] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:03:16.653393 2018] [:error] [pid 2632] [client hidden059] PHP Fatal error:  Call to a member function getUID() on null in /var/www/owncloud/apps/calendar/controller/settingscontroller.php on line 59
[Wed Feb 07 17:03:17.886846 2018] [:error] [pid 25814] [client hidden057] PHP Fatal error:  Call to a member function getUID() on null in /var/www/owncloud/apps/calendar/controller/settingscontroller.php on line 59
[Wed Feb 07 17:03:40.872988 2018] [:error] [pid 30304] [client hidden070] PHP Fatal error:  Call to a member function getUID() on null in /var/www/owncloud/apps/calendar/controller/settingscontroller.php on line 59
[Wed Feb 07 17:04:25.522024 2018] [authz_core:error] [pid 2832] [client hidden090] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:09:40.652483 2018] [authz_core:error] [pid 2632] [client hidden:56308] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:09:50.616358 2018] [authz_core:error] [pid 30304] [client hidden:56324] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:10:23.848535 2018] [authz_core:error] [pid 2920] [client hidden:56342] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:10:27.381018 2018] [authz_core:error] [pid 3190] [client hidden:56332] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:11:35.811947 2018] [authz_core:error] [pid 3003] [client hidden:56398] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:11:47.448047 2018] [authz_core:error] [pid 3190] [client hidden:56408] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:12:16.791127 2018] [authz_core:error] [pid 3114] [client hidden:56420] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:14:30.637784 2018] [mpm_prefork:notice] [pid 1807] AH00169: caught SIGTERM, shutting down
[Wed Feb 07 17:15:35.856556 2018] [mpm_prefork:notice] [pid 1771] AH00163: Apache/2.4.7 (Ubuntu) OpenSSL/1.0.1f configured -- resuming normal operations
[Wed Feb 07 17:15:35.857853 2018] [core:notice] [pid 1771] AH00094: Command line: '/usr/sbin/apache2'
[Wed Feb 07 17:19:54.611963 2018] [authz_core:error] [pid 2838] [client hidden:56502] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:20:04.113532 2018] [authz_core:error] [pid 2260] [client hidden:56504] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:20:16.346116 2018] [authz_core:error] [pid 1859] [client hidden:56508] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:20:31.545889 2018] [authz_core:error] [pid 2838] [client hidden:56514] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:25:13.612686 2018] [authz_core:error] [pid 2838] [client hidden:56656] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:25:15.425575 2018] [authz_core:error] [pid 2836] [client hidden:56646] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Wed Feb 07 17:36:05.949814 2018] [mpm_prefork:notice] [pid 1771] AH00169: caught SIGTERM, shutting down
[Thu Feb 08 13:33:39.527002 2018] [mpm_prefork:notice] [pid 1774] AH00163: Apache/2.4.7 (Ubuntu) OpenSSL/1.0.1f configured -- resuming normal operations
[Thu Feb 08 13:33:39.572260 2018] [core:notice] [pid 1774] AH00094: Command line: '/usr/sbin/apache2'
[Thu Feb 08 13:56:45.691241 2018] [authz_core:error] [pid 1830] [client hidden292] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Thu Feb 08 13:56:50.922030 2018] [authz_core:error] [pid 1828] [client hidden288] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
[Thu Feb 08 13:59:01.521426 2018] [authz_core:error] [pid 1830] [client hidden311] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata

any suggestion on this?

I’ve got the same problem after an update to version 13. :confused:
I did the update today. After the processing, everything looked fine until my first login. I’ve got the message “Invalid private key for encryption app. Please update your private key password in your personal settings to recover access to your encrypted files”

I couldn’t fix it but it is important because I can’t access my files anymore.
What did I wrong?

Will it work again when I’ve go back to the earlier version 12.0.4.3?

Unfortunately Nextcloud personnel has so many issues to resolve that it is
approx impossible this to be fixed. Your best lack is to install it again
or have a backup.

I am searching for a better more stable solution and as i see seafile is
one of them.

I’ve fixed it with a complete re-upload of all data (luck I had a full backup) for my user and have to do it for the other users as well. I’ll try to avoid to update in the future or will not use the encryption anymore. For long-term, I think about to use another solution as nextcloud. The risk is too high to lose all data. :cold_sweat:

1 Like

One of the biggest problem NC has is the update/upgrade procedure. I understand the difficulties but for the solution to be used with trust from the beginner until the pros it must be flawless and with an easy way to revert back.

As i see seafile is one option. Will test it as soon as possible.

Hm, are you using the docker process or the tar file process for upgrades? IMHO the web updater will never work properly. And Linux packages will also have their own issues … besides that there are no official once.

No not docker. Web updater and cli to update the instance.
Will try seafile very soon but one of my concerns is that its not 100% open source.

Got the annoying message after the upgrade on my FreeBSD VM: Invalid private key for encryption app. Please update your private key password in your personal settings to recover access to your encrypted files.

Stupid me can’t find where to set it or turn it off… No impact to file access, just the message on the web interface.

Same here. Enabled the “Default encryption module” and “End-to-End Encryption” module after installing NC13 but can’t use them. I get above mentioned error message and in “Security” settings I’m asked to enter my old password:

Your private key password no longer matches your log-in password.
Set your old private key password to your current log-in password:

No clue, what they mean by old password. Can’t remember any and I’m sure i did not change my password at all. But I even get this message for newly set-up accounts. Thus I suppose this is a bug. Hope a solution will come soon.

Correct. It appears on new account I just created for my daughter. I’ve never enabled encryption on mine. Have you saw any bug ticket on this? Don’t want to duplicate.

Honestly, I didn’t even know where to post bug reports. Was hoping Nextcloud developers would read this and fix the problem. But just had a look and found the issue tracker on Github. Entering the error message displayed in the title of this thread did not bring up anything. Posted a bug report here:

Thanks. I’ll hold off on mine.

Slightly OT:
If memory serves me correct that was supposed to be fixed in 12.0.2 (?).
@LukasReschke feel free to correct me.

Both of those choices would be … bold. Not updating and potentially get pwned by a long fixed vulnerability.
So what’s your threat model? Why do you use encryption in the first place?
I’m all for it, but the server side encryption bit me in the ass a couple of times. I abandoned it long ago.

Privacy for a multi user Nextcloud instance or protection against someone physically reading from your drives?

Kudos for that. Everyone should, most people don’t.
Consider duplicity or rclone for encrypted off-site backups. Don’t invoke the wrath of lady luck.

well NC will we have any solution for this problem?
Its affecting many users and you should be paying attention to it.

I would like to inform future users of NC to NOT use the encryption because NC needs still a lot job to be done to use it in production and be stable and easy do correct any problems.

Waiting for your solution,
Thank you.

2 Likes

Hi! Same with my nextcloud "Falscher privater Schlüssel für die Verschlüsselungs-App. Bitte aktualisiere Deinen privaten Schlüssel in Deinen persönlichen Einstellungen um wieder Zugriff auf die verschlüsselten Dateien zu erhalten."
I’d really like to get rid of this.
Does someone know a solution? Or a workaround?
I really would like to read and test.

No, no solution or responces. I have left it that way and continue work it
like that. No affection at all with my installation. But wheeeen i find
time i will do a new install and move everything there if until then I
don’t find another more stable solution :wink::grin:

Same problem with a complete new installation auf nextcloud 13.0.1

Same, new install of NC -13.0.1- when I put the passwords in, the status changes to “Saving” but will not actually update, so this can’t be resolved.

Same here with a new install of Nextcloud 13.0.2…