I get encryption error when I update nextcloud 20 I request your help
I think you’ve read the documenation as written in the warning message? If yes, please be more precise and explain what your problem is. Please also see:
Hi All, after a “bumpy” upgrade to NC20, I have cleared all issues except for the one reported here. I have followed the documentation and run the command occ encryption:scan:legacy-format
However, I get an error message that says:
There are no commands defined in the "encryption:scan" namespace.
Did you mean this?
encryption
I’ve searched and googled around but I can’t find a solution. Can anyone help?
Thanks in advance
Could it be possible that the encryption app has been disabled on your server?
Can you please provide the output of “./occ
”.
Hi,
seems I have the same problem. Here the output of occ:
Nextcloud XXXXXXXXX 20.0.3
Usage:
command [options] [arguments]
Options:
-h, --help Display this help message
-q, --quiet Do not output any message
-V, --version Display this application version
--ansi Force ANSI output
--no-ansi Disable ANSI output
-n, --no-interaction Do not ask any interactive question
--no-warnings Skip global warnings, show command output only
-v|vv|vvv, --verbose Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug
Available commands:
check check dependencies of the server environment
help Displays help for a command
list Lists commands
status show some status information
upgrade run upgrade routines after installation of a new release. The release has to be installed before.
activity
activity:send-mails Sends the activity notification mails
app
app:check-code check code to be compliant
app:disable disable an app
app:enable enable an app
app:getpath Get an absolute path to the app directory
app:install install an app
app:list List all available apps
app:remove remove an app
app:update update an app or all apps
background
background:ajax Use ajax to run background jobs
background:cron Use cron to run background jobs
background:webcron Use webcron to run background jobs
broadcast
broadcast:test test the SSE broadcaster
config
config:app:delete Delete an app config value
config:app:get Get an app config value
config:app:set Set an app config value
config:import Import a list of configs
config:list List all configs
config:system:delete Delete a system config value
config:system:get Get a system config value
config:system:set Set a system config value
dav
dav:create-addressbook Create a dav addressbook
dav:create-calendar Create a dav calendar
dav:list-calendars List all calendars of a user
dav:move-calendar Move a calendar from an user to another
dav:remove-invalid-shares Remove invalid dav shares
dav:send-event-reminders Sends event reminders
dav:sync-birthday-calendar Synchronizes the birthday calendar
dav:sync-system-addressbook Synchronizes users to the system addressbook
db
db:add-missing-columns Add missing optional columns to the database tables
db:add-missing-indices Add missing indices to the database tables
db:add-missing-primary-keys Add missing primary keys to the database tables
db:convert-filecache-bigint Convert the ID columns of the filecache to BigInt
db:convert-mysql-charset Convert charset of MySQL/MariaDB to use utf8mb4
db:convert-type Convert the Nextcloud database to the newly configured one
encryption
encryption:change-key-storage-root Change key storage root
encryption:decrypt-all Disable server-side encryption and decrypt all files
encryption:disable Disable encryption
encryption:enable Enable encryption
encryption:encrypt-all Encrypt all files for all users
encryption:list-modules List all available encryption modules
encryption:migrate-key-storage-format Migrate the format of the keystorage to a newer format
encryption:set-default-module Set the encryption default module
encryption:show-key-storage-root Show current key storage root
encryption:status Lists the current status of encryption
federation
federation:sync-addressbooks Synchronizes addressbooks of all federated clouds
files
files:cleanup cleanup filecache
files:recommendations:recommend
files:scan rescan filesystem
files:scan-app-data rescan the AppData folder
files:transfer-ownership All files and folders are moved to another user - shares are moved as well.
files_external
files_external:applicable Manage applicable users and groups for a mount
files_external:backends Show available authentication and storage backends
files_external:config Manage backend configuration for a mount
files_external:create Create a new mount configuration
files_external:delete Delete an external mount
files_external:export Export mount configurations
files_external:import Import mount configurations
files_external:list List configured admin or personal mounts
files_external:notify Listen for active update notifications for a configured external mount
files_external:option Manage mount options for a mount
files_external:verify Verify mount configuration
group
group:add Add a group
group:adduser add a user to a group
group:delete Remove a group
group:list list configured groups
group:removeuser remove a user from a group
integrity
integrity:check-app Check integrity of an app using a signature.
integrity:check-core Check integrity of core code using a signature.
integrity:sign-app Signs an app using a private key.
integrity:sign-core Sign core using a private key.
l10n
l10n:createjs Create javascript translation files for a given app
log
log:file manipulate logging backend
log:manage manage logging configuration
log:tail Tail the nextcloud logfile
log:watch Watch the nextcloud logfile
mail
mail:account:create creates IMAP account
mail:account:diagnose Diagnose a user's IMAP connection
mail:account:export Exports a user's IMAP account(s)
mail:account:export-threads Exports a user's account threads
mail:account:sync Synchronize an IMAP account
mail:account:train Train the classifier of new messages
mail:clean-up clean up all orphaned data
mail:thread Build threads from the exported data of an account
maintenance
maintenance:data-fingerprint update the systems data-fingerprint after a backup is restored
maintenance:mimetype:update-db Update database mimetypes and update filecache
maintenance:mimetype:update-js Update mimetypelist.js
maintenance:mode set maintenance mode
maintenance:repair repair this installation
maintenance:theme:update Apply custom theme changes
maintenance:update:htaccess Updates the .htaccess file
migrations
migrations:execute Execute a single migration version manually.
migrations:generate
migrations:generate-from-schema
migrations:migrate Execute a migration to a specified version or the latest available version.
migrations:status View the status of a set of migrations.
news
news:feed:add Add a feed
news:feed:delete Remove a feed
news:feed:list List all feeds
news:folder:add Add a folder
news:folder:delete Remove a folder
news:folder:list List all folders
news:generate-explore Prints a JSON string which represents the given feed URL and votes, e.g.: {"title":"Feed - Title","favicon":"www.web.com\/favicon.ico","url":"www.web.com","feed":"www.web.com\/rss.xml","description":"description is here","votes":100}
news:opml:export Print OPML file
news:show-feed Prints a JSON string which represents the given feed as it would be in the DB.
news:updater:after-update removes old read articles which are not starred
news:updater:all-feeds DEPRECATED: use news:feed:list instead.
Prints a JSON string which contains all feed ids and user ids, e.g.: {"feeds": [{"id": 39, "userId": "john"}, // etc ]}
news:updater:before-update This is used to clean up the database. It deletes folders and feeds that are marked for deletion
news:updater:update-feed Console API for updating a single user's feed
notification
notification:generate Generate a notification for the given user
notification:test-push Generate a notification for the given user
preview
preview:repair distributes the existing previews into subfolders
richdocuments
richdocuments:activate-config Activate config changes
richdocuments:convert-bigint Convert the ID columns of the richdocuments tables to BigInt
richdocuments:update-empty-templates Update empty template files
security
security:bruteforce:reset resets bruteforce attemps for given IP address
security:certificates list trusted certificates
security:certificates:import import trusted certificate
security:certificates:remove remove trusted certificate
sharing
sharing:cleanup-remote-storages Cleanup shared storage entries that have no matching entry in the shares_external table
sharing:expiration-notification Notify share initiators when a share will expire the next day.
talk
talk:poll Simple polls for Nextcloud Talk
talk:poll:vote Vote on a simple poll
text
text:reset Reset a text document
theming
theming:config Set theming app config values
trashbin
trashbin:cleanup Remove deleted files
trashbin:expire Expires the users trashbin
trashbin:size Configure the target trashbin size
twofactorauth
twofactorauth:cleanup Clean up the two-factor user-provider association of an uninstalled/removed provider
twofactorauth:disable Disable two-factor authentication for a user
twofactorauth:enable Enable two-factor authentication for a user
twofactorauth:enforce Enabled/disable enforced two-factor authentication
twofactorauth:gateway:configure
twofactorauth:gateway:remove
twofactorauth:gateway:status
twofactorauth:gateway:test
twofactorauth:state Get the two-factor authentication (2FA) state of a user
update
update:check Check for server and app updates
user
user:add adds a user
user:delete deletes the specified user
user:disable disables the specified user
user:enable enables the specified user
user:info show user info
user:lastseen shows when the user was logged in last time
user:list list configured users
user:report shows how many users have access
user:resetpassword Resets the password of the named user
user:setting Read and modify user settings
versions
versions:cleanup Delete versions
versions:expire Expires the users file versions
workflows
workflows:list Lists configured workflows
In my config.php I have following:
<?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'instanceid' => 'AAAAAAAAAAA',
'passwordsalt' => 'BBBBBBBBBB',
'secret' => 'CCCCCCCCCCC',
'trusted_domains' =>
array (
0 => 'bla.blub.blo',
1 => 'blo.bla.bli',
),
'datadirectory' => 'PATH',
'overwrite.cli.url' => 'URL',
'dbtype' => 'mysql',
'version' => '20.0.3.2',
'dbname' => 'DB',
'dbhost' => 'DB_HOST',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'DB_USER',
'dbpassword' => 'DB_PASSWD',
'logtimezone' => 'UTC',
'installed' => true,
'loglevel' => 0,
'maintenance' => false,
'mail_smtpmode' => 'smtp',
'mail_smtpauthtype' => 'LOGIN',
'mail_from_address' => 'ADDRESS',
'mail_domain' => 'DOMAIN',
'mail_smtpauth' => 1,
'mail_smtphost' => 'SMTP',
'mail_smtpport' => 'PORT',
'mail_smtpname' => 'ADDRESS',
'mail_smtppassword' => 'PASSWD',
'theme' => '',
'updater.release.channel' => 'stable',
'ldapIgnoreNamingRules' => false,
'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
'mysql.utf8mb4' => true,
'has_rebuilt_cache' => true,
'app_install_overwrite' =>
array (
0 => 'groupfolders',
),
'updater.secret' => 'SECRET',
'encryption.legacy_format_support' => true,
'encryption.key_storage_migrated' => false,
);
Do you have an idea?
Hi,
the end to end encryption is disabled at my machine and I want not to change this. I also checked this:
# sudo -u www-data php /var/www/html/nextcloud/occ encryption:status
- enabled: false
- defaultModule: OC_DEFAULT_MODULE
Nevertheless, I told occ to migrate the keys:
# sudo -u www-data php /var/www/html/nextcloud/occ encryption:migrate-key-storage-format
Updating key storage format
Start to update the keys:
13 [============================]Key storage format successfully updated
Thereafter I remove the entry for encryption.legacy_format_support and everything seems to be o.k…
bests
Sascha
I did these operations, the problem continues,
I searched google but could not find a source
@j-ed, thanks for the reply, sorry I didn’t answer I was distracted on to other topics for a few days.
My issue was exactly the same as @fermat2a… Now solved. Thanks to all!
Can you tell me how you did it? My problem continues.
sudo -u www-data php /var/www/nextcloud/occ encryption:status
- enabled: true
- defaultModule: OC_DEFAULT_MODULE
@idriskoc: The solution for me was, exactly what fermat2a did.
Let me try to summarize it:
occ maintenance:mode --on
occ encryption:migrate-key-storage-format
The output should look like
Updating key storage format
Start to update the keys:
22 [============================]Key storage format successfully updated
Then delete the complete line
'encryption.legacy_format_support' => true,
from
/var/www/nextcloud/config/config.php
occ maintenance:mode --off
Done.
occ encryption:status
then gives
- enabled: false
- defaultModule: OC_DEFAULT_MODULE
In all the above occ needs to be replaced depending on your installation.
On Ubuntu based installations it frequently is:
sudo -u www-data php /var/www/html/nextcloud/occ
On my Fedora based installation it is:
sudo -u apache php /var/www/nextcloud/occ
Hi there,
I know this is not exactly related, but maybe anyone may still be able to help me here:
I’m confronted with the informational message in the admin backend saying I should use occ encryption:scan:legacy-format
to scan for encrypted files in legacy format and that the command would return whether I can safely upgrade to the new format or not.
Actually it only outputs it’s status, saying that it has scanned files of users but doesn’t say anything about the possibility to safely change encryption format.
How is the positive output supposed to look like?
Thank you very much for your help
problem solved