Password app won't launch: " Keychain encryption type SSEv2r1 is not available"

When I click on the Passwords icon, the app does not launch and I see the message “unable to complete the request.” this happened with the upgrade to NC 26. The log says:
Fatal passwords Exception: Keychain encryption type SSEv2r1 is not available
Error passwords Error “Keychain encryption type SSEv2r1 is not available” in OCA\Passwords\Controller\Api\SessionApiController::open

I’m using a hosted version of NextCloud (26.0.1) and Passwords version 2023.4.30. I believe the hosting service uses PHP 8.1.

Any ideas if this is a configuration option within the app… or whether it is a server issue?

I checked with the server admins. Although I get the above errors in the application log, they aren’t seeing anything in the server logs.

I’m open to any ideas! :slight_smile:

This error happens because the app tries to load/decrypt a keychain, but the encryption key is not there. Usually the encryption key for the server side encryption is sent to the server by the client during the authentication process.

You can try logging out of Nextcloud an logging back in. If that doesn’t solve it, maybe try restoring a backup from before this happened.
If you are using a master password/encryption password and this happens before you’re asked for that password, this could indicate that the app settings are corrupted. (Usually there is a setting which defines which challenge to use for your account - this challenge is what is used to authenticate you)
If you aren’t using a master password, then there is probably something wrong with your database/ user ids. This error happens because there is a keychain - which requires using a master password.

Thanks, @mdw ! I do have a master password set for the app and the app currently errors out before asking for the password. So apparently my app settings are corrupted…

Can you suggest how to fix? For example should I disable and remove the app – and then re-add? Or, is there a config file I could edit?

Looking through the forums, there is a suggestion that the command
occ config:app:delete apname settingname
will delete a particular setting by name.

If I knew the name of the setting that sets the “authentication challenge” would this deletion potentially get me into the app?

This is a user setting so this command won’t work. Additionally deleting the challenge only makes things worse if you have an encryption password.

Thanks for your reply @mdw !

If I understand correctly, the best path is to restore from the April backup. I’ll look into that.

Your advice is much appreciated.