Need help recovering an individual file from borg backup

Nextcloud version (eg, 20.0.5): replace me
Operating system and version Ubuntu 22.04 LTS Release: 22.04 Codename: jammy
Apache or nginx version: both nginx -v and apache2 -v show “command not found”
PHP version (eg, 7.4): php --version shows “command not found”

The issue you are facing:

I am an IT professioanl for 30 years and have been using Linus for the past 2 years. I have been using Nextcloud for the past 1.5 years.

I use Nextcloud AIO v7.9.0 HUB 28 in a virtualbox.
I have a vdi file which is used for borg backups.
The borg backups are done through the AIO Interface.
The backups are encrypted.

The backups run successfully and when I restore through the AIO interface, it runs successfully.

I have reported in the past without resolution that sometimes I open a file and it doesn’t look nornal. It looks like I am viewing the encrypted version.

In the past, I have just done a restore from the AIO interface and the unencrypted file comes back.

This time, I opened a file that I havn’t opened in months and I am seeing the encrypted file. I don’t want to do a full restore through the AIO interface because a lot has changed so I need to restore only this file.

I have tried everything I could find on the internet without success.

The most recent post I found was the closest I’ve gotten so far, but still can’t restore the unencrypted file. They are all showing encrypted.

They said to do the following:

Run borg on the nextcloud-aio host and mount borg/ into temp/ borg mount borg/ temp/
Enter your passphrase.
cd into temp/[date]_[time]-nextcloud-aio/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/[username]/files/Documents
Copy out the file however you like. cp [file] /other/dir/

I replied to this post but no one answered.

My reply:

I tried this.
Through a putty connection, when I ran borg mount it asked for my passphrase 3 times. Each time I pasted it in.
I went to the AIO interface and copied the encryption password for backups listed under the Backup & Restore section.
Every file I ran the cat command on only listed the word Putty many times.
Did it ask for the passphrase 3 times because it was the wrong one? If so, then where do I get my passphrase?
I’ve been trying for over 1 week to try to restore 1 file and this is the closest I’ve gotten so far.

Can anyone help me to learn how to restore just 1 file? I’m very frustrated.

Thanks

Mike

The output of your Nextcloud log in Admin > Logging:

MY log is huge. Can't really find the log for this issue. Haven't tried it in days

The output of your config.php file in the /path/to/nextcloud

Where is the `/path/to/nextcloud`? I get conflicting info on the internet.

The output of your Apache/nginx/system log in /var/log/____:

Nothing in this main directory says Apache, nginx or system

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

???

all encrypted files in nextcloud should only be in the nextcloud drive, not my work computer; but that’s not the case here. I have 70GB of files on my work computer that are sync’d into nextcloud.
since encrypted files have the words “encryption_module” in them, I did a search for this to find all the encrypted files in next cloud and found this list.

image918×790 104 KB

I have reported in the past without resolution that sometimes I open a file and it doesn’t look nornal. It looks like I am viewing the encrypted version.

Are you referring to files appearing “encrypted” within Nextcloud itself or only associated with backups/restores?

In the past, I have just done a restore from the AIO interface and the unencrypted file comes back.

Are you saying the underlying reason why you are needing to restore from backup is because files are doing weird things within Nextcloud itself?

If so, let’s figure out why you’re having problems with your data rather than just your backups/restores.

Where have you posted or reported about this in the past?

I went to the AIO interface and copied the encryption password for backups listed under the Backup & Restore section.
Every file I ran the cat command on only listed the word Putty many times.

Can you provide an example? Are these text files?

That depends on what, if any, encryption implementation you’re using.

Are you, by chance, using the non-default End-to-End encryption app? If so, that would explain why you’re confused about backups/restores. Your restored files will still be encrypted because you’re using client-side encryption. The server doesn’t have access to the content of these files.

Are you referring to files appearing “encrypted” within Nextcloud itself or only associated with backups/restores?

 The files are appearing encrypted within nextcloud itself; but not all the files in a given folder.

Are you saying the underlying reason why you are needing to restore from backup is because files are doing weird things within Nextcloud itself?

 That is correct. The only reason I need to restore individual files is because the copies on my work computer are encrypted.

Where have you posted or reported about this in the past?

 I have spent over 2 weeks now doing research and trying what I find. 
 The only other post I made was in regards to a procedure I found: https://github.com/nextcloud/all-in-one/issues/3971

Can you provide an example? Are these text files?
If you look at the picture I included in my post you will see they are txt and one doc. In the past I have had jpg and pdf files that had this problem, but I’ve deleted those.

Are you, by chance, using the non-default End-to-End encryption app? If so, that would explain why you’re confused about backups/restores. Your restored files will still be encrypted because you’re using client-side encryption. The server doesn’t have access to the content of these files.

 BINGO!!! I think you may have hit the nail on the head.
 I am using the Default encryption module
 When I first installed NExtcloud over 1 year ago I did install and enable end-to-end encryption; but I just looked and I am unable to find it anywhere in the apps section.

“Your restored files will still be encrypted because you’re using client-side encryption”

 This sounds like a very logical reason for my issue. IF this is the case, how would I decrypt these files?
 Unforetunately, if this requires a ket that I may have setup at the beginning, I would have put that in the file "Nextcloud AIO setup.txt" which is now encrypted.

Hold on, after I sent my reply, I look and NOW End-to-End Encryption is showing under my apps. But it is also giving my the Download and enable button.

Extremely confusing since I know I installed it over 1 year ago

shouldnt the borg mount command unencrypt the files from the end-to-end encryption?

After running that command, it asked me for the borg passphrase 3 times. IS that normal or was it asking for the default passphrase then the end-to-end passphrase?
IF that’s tru then why would it ask me for a 3rd passphrase?

Now that I think of it, I don’t see how end-to-end encryption could have caused this problem. I have done 3-5 full restores so far and if end-to-end encryption did cuse it then wouldn’t all my restored files be encrypted instead of only what is shown in my screenshot?

I am reading through the borg mount information.

my nextcloud is on 192.1681.118
The mount point of my borg respoitory is /mnt/borg/borg

I am trying to connect to the borg backup from my linux mint machine which is 192.168.1.200

On my linux mint I have made sure borg and fuse and fuse lib is installed.

I get an error when I try this (and tried with sudo with same result) but cant find info on it from google search:

mike@rusty:~$ borg info ncadmin@192.168.1.118:/mnt/borg/borg
ncadmin@192.168.1.118’s password:
Traceback (most recent call last):

File “/usr/lib/python3/dist-packages/borg/repository.py”, line 1432, in get_fd
ts, fd = self.fds[segment]

File “/usr/lib/python3/dist-packages/borg/lrucache.py”, line 21, in getitem
value = self._cache[key] # raise KeyError if not found

KeyError: 1691

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File “/usr/lib/python3/dist-packages/borg/remote.py”, line 240, in serve
res = f(**args)

File “/usr/lib/python3/dist-packages/borg/remote.py”, line 368, in open
self.repository.enter() # clean exit handled by serve() method

File “/usr/lib/python3/dist-packages/borg/repository.py”, line 200, in enter
self.open(self.path, bool(self.exclusive), lock_wait=self.lock_wait, lock=self.do_lock)

File “/usr/lib/python3/dist-packages/borg/repository.py”, line 461, in open
if segment is not None and self.io.get_segment_magic(segment) == ATTIC_MAGIC:

File “/usr/lib/python3/dist-packages/borg/repository.py”, line 1467, in get_segment_magic
fd = self.get_fd(segment)

File “/usr/lib/python3/dist-packages/borg/repository.py”, line 1434, in get_fd
fd = open_fd()

File “/usr/lib/python3/dist-packages/borg/repository.py”, line 1415, in open_fd
fd = open(self.segment_filename(segment), ‘rb’)

PermissionError: [Errno 13] Permission denied: ‘/mnt/borg/borg/data/1/1691’

Borg server: Platform: Linux nextcloud 5.15.0-91-generic #101-Ubuntu SMP Tue Nov 14 13:30:08 UTC 2023 x86_64
Borg server: Linux: Unknown Linux
Borg server: Borg: 1.2.0 Python: CPython 3.10.12 msgpack: 1.0.3 fuse: pyfuse3 3.2.0 [pyfuse3,llfuse]
Borg server: PID: 209847 CWD: /home/ncadmin
Borg server: sys.argv: [‘/usr/bin/borg’, ‘serve’]
Borg server: SSH_ORIGINAL_COMMAND: None
Platform: Linux rusty 6.2.0-39-generic #40~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Nov 16 10:53:04 UTC 2 x86_64
Linux: Unknown Linux
Borg: 1.2.0 Python: CPython 3.10.12 msgpack: 1.0.3 fuse: pyfuse3 3.2.0 [pyfuse3,llfuse]
PID: 155543 CWD: /home/mike
sys.argv: [‘/usr/bin/borg’, ‘info’, ‘ncadmin@192.168.1.118:/mnt/borg/borg’]
SSH_ORIGINAL_COMMAND: None

mike@rusty:~$ ip a | grep 192
inet 192.168.1.200/24 brd 192.168.1.255 scope global dynamic noprefixroute eno1
mike@rusty:~$

I don’t know what else to do.

I installed a new nextcloud-aio virtialbox for testing encryption.

During the process of enabling encryption it never once asked me to create an encryption passphrase. I did get an error in the admin accoun that said “Invalid private key for encryption app. Please update your private key password in your personal settings to recover access to your encrypted files.”

I created 1 user names snoopy.
When logged into snoopy I did not get that error.
I created 1 odt file through the web interface and did a borg backup.
I mounted the borg backup to temp and tried borg mount.
It asked for the passphrase 3 times then failed.
I tried the original admin passwrd 3a8db271dab274db9f8140cb9a02218d086b3a8e4499d1eb
I tried the AIO pw icky overrate stubbed hastily reversal recycling visiting wired
I tried snoopy’s password helloworld
nothing worked.
More research showed me that the borg password is located in configuration.json
I found it, copied it and tried borg mount again
I pasted the password I found in and it did not ask a 2nd time and it mounted.
I did a cp of the file to /hom/ncadmin then tried to open it. it was still encrypted.

Please tell me how I can decrypt a single file with borg backup?

Hi, it looks like you are using server side encryption (SSE). That is why files that are backed up via borg and then decrypted via borg mount still look encrypted. Because SSE encrypts them on the server and then borg backs up these encrypted files into its encrypted archive. Thus if you use borg mount to show them, they are still encrypted via SSE.

Thank you for the explaination.
In this situation how can I decrypt individual files?

I think you would need to use something like GitHub - nextcloud/encryption-recovery-tools: This project contains tools to recover files that have been encrypted with the Nextcloud End-to-End Encryption or Nextcloud Server-Side Encryption. on top of the borg mount command…

Interesting…
I came acorss this link once before but wasn’t sure if this is what I needed.
I’m configuring the script now. It’s pretty self-explanatory how ever I have 2 questions:

config(“RECOVERY_PASSWORD”, “”);
Did a search in config.php for recovery and password (upper and lowercase)
but could not find this. What do I do with this part of the script?

external storage definition,
replace “storage” with the actual external storage names

config(“EXTERNAL_STORAGES”, [“storage” => “/mountpath”,
what does it mean by “actual external storage names”? Where do i find that?

I fear I cannot help with the script as I am not familiar with it.

When testing server-side encryption with a new VM of nextcloud I found that enabling it did not ask me to create a passkey.

Upon further research I found that a passkey can only be created through the borg cli command and I found that although restoring individual files through borg is possilbe without encryption by using borg mount, it is next to impossible to restore individual files if server-side encrpytion is enabled because all decryption happens through Nextcloud itself.

Since having my data encrpyted on my NAS is a must I was considering to look at other options, but then I discovered versioning.
With my past epxereince I feel that this is an acceptable solution for me. If I discover a file is encrpyted then I can go into past versions, view them through the web interface and if I find a non encrypted copy I can download it.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.