Moved my Nextcloud instance and Collectives don't decrypt

Joe_Burmeister · January 10, 2025, 9:18am

I’ve moved a long standing Nextcloud install to a new machine, and it all seams to have worked fine, until I went to Collections. All the old entries are encrypted still and show.

HBEGIN:oc_encryption_module:OC_DEFAULT_MODULE:cipher:AES-256-CTR:signed:true:useLegacyFileKey:false:encoding:binary:HEND

I’ve tried recover.php from encryption-recovery-tools/server-side-encryption but see “skipping this file because the filename structure is unknown…”

I’ve also tried “occ encryption:decrypt-all”

It seams the same as : New collectives are encrypted, but not decrypted But there is no solution there.

Any ideas?

Andi29 · January 10, 2025, 10:21am

I´d think, you habe to download your collective and extract it to the new directry. My expertice. I love the collective-app! Try and give an comment!

Joe_Burmeister · January 10, 2025, 10:30am

I don’t really have the old instance readily to hand. I’d have to rebuild the install from backups. The old server was about a decade old moved between many machines and grown a lot of legacy. I finally got it all replaced and dismantled for the end of the year. I’m trying to avoid restoring it even in a VM (lots of disks). I didn’t notice this issue until too late.

I see there is keys for the files in nextcloud_data/files_encryption/keys/files/Collectives/

I had only just started using Collectives, so there is only a few pages, but they were useful. Surely there is a way to get these decrypted. I have the files and the database, everything should be there right?

Andi29 · January 10, 2025, 12:14pm

My best expirience → make a new instance, try to transfer your data.

Joe_Burmeister · January 21, 2025, 10:49am

For future reference of others with this issue, I’ve fixed this issue.

The problem is the in table oc_appconfig. Some how the entry:

appid: "external"
configkey: "jwt_token_privkey_es256".

Had changed. However the “jwt_token_pubkey_es256” bit hadn’t. Anyway, makes sense, different key meant it couldn’t decrypt files encrypted with the old key.

I found this comparing old database dumps with new.

Anyway this seams to have been the issue and I got all my data back.

Susanne_K · March 26, 2025, 9:11pm

hello, we have an issue with encrypted files, inaccessible. but I do not understand how to solve the problem, I don’t know anything about keys… how does this happen and how can a non technical person resolve it? my only option seems to be to find these data on an old computer and leave nextcloud to go to somewhere else?? any help possible here? thanks in advance and happy for you that you could solve it

Joe_Burmeister · March 27, 2025, 7:16pm

Did you get you’re self sorted? If not, for reference for others:

oc_appconfig is a table in the database.
To find the value changed for me it was:

select configvalue from oc_appconfig where appid=‘external’ AND configkey = ‘jwt_token_privkey_es256’

The configvalue is backend was different than the live. I just put it back and it all worked.