Issue with occ encryption:scan:legacy-format command


Just updated a Nextcloud install from 19.0.7 to 20.0.5, everything went smoothly but for a warning message “The old server-side encryption format is enabled. We recommend disabling this. For more detail see Documentation”.

First I must mention that we never used server-side or end-to-end encryption on this server.

If I go to documentation, it tells to run “occ encryption:scan:legacy-format” which I tried … answer is “There are no commands defined in the “encryption:scan” namespace. / Did you mean this? / encryption” … ??

If I run “occ encryption”, it seems obvious that this command doesnt exist in my Nextcloud …

If I look in my config.php, I have a “‘encryption.legacy_format_support’ => true” and a “‘encryption.key_storage_migrated’ => false,”

If I run a “occ encryption:status” it tells me “enabled: false” which confirms that I am not using server-side encryption.

I just replaced “‘encryption.legacy_format_support’ => true” by “‘encryption.legacy_format_support’ => false” and everything seems to be working ok but I cannot help wondering why doesn’t “occ encryption:scan:legacy-format” work, how did that “‘encryption.legacy_format_support’ => true” appear in my config.php although I am not using any encryption and what should I do about “‘encryption.key_storage_migrated’ => false,” …

Am I at risk somewhere ? I read quite some threads about this problem but I guess mostly from people that were using server-side encryption so this message had some legitimity.

Also I checked, the “Default encryption module” is not enabled, one more proof to the fact that I am not using server-side encryption.

Thanks. Pierre

I had the same situation, and currently, with
‘encryption.legacy_format_support’ => false,
‘encryption.key_storage_migrated’ => false

everything is fine.

I think the warning applies only if you had server-side encryption enabled, which makes things confusing for those who hadn’t enabled it.