Random files with broken encryption

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:


Or for longer, use three backticks above and below the code snippet:


Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 20.0.5):
Operating system and version (eg, Ubuntu 20.04): Debian GNU/Linux 10
Apache or nginx version (eg, Apache 2.4.25): nginx/1.14.2
PHP version (eg, 7.4): PHP 7.4.21

The issue you are facing:

I’ve been seeing random file decryption issues on my Nextcloud instance (with OC_DEFAULT_MODULE enabled). For a concrete example from earlier today: after a file copy on the web interface by a user (my wife ;)), on first attempting loading the file she (the same user) got an 500 error. In the log the following is visible:

Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.

Mind you, the user is the same, so resharing it does not really make sense.

Additional observations:

  1. What I also noticed is that while the file itself (encrypted version) was present in the folder structure, no corresponding keys were present at all in the corresponding files_encryption/keys folder
  2. As before (with some success), I tried an occ files:scan on the folder containing this file; it did not fix the problem but somehow 6 “ghost” files appeared! Also with no corresponding files_encryptions/keys to them, and also giving the same decryption error on open attempt.
  3. A Redis configuration has been active on this server

Is this the first time you’ve seen this error? (Y/N): N

Steps to replicate it:

Unfortunately I can’t see a pattern for replication; it sometimes appears on file copy, sometimes on upload.

Any help/pointer would be highly appreciated!

The output of your Nextcloud log in Admin > Logging:

{"reqId":"zLk3xkCoFD0Uo9wIfxVH","level":4,"time":"2021-07-07T18:43:21+00:00","remoteAddr":"***sensitive***","user":"***sensitive***","app":"webdav","method":"GET","url":"***filename***","message":{"Exception":"OC\\Encryption\\Exceptions\\DecryptionFailedException","Message":"Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.","Code":0,"Trace":[{"file":"***sensitive***/public_html/lib/private/Files/Stream/Encryption.php","line":520,"function":"decrypt","class":"OCA\\Encryption\\Crypto\\Encryption","type":"->","args":["*** sensitive parameters replaced ***"]},{
","Line":373,"Hint":"Cannot decrypt this file, which is probably a shared file. Please ask the file
 owner to reshare the file with you.","CustomMessage":"--"},"userAgent":"Mozilla/5.0 (X11; Ubuntu; 
Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0","version":""}

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$CONFIG = array (
  'instanceid' => '***removed***',
  'passwordsalt' => '***removed***',
  'secret' => '***removed***',
  'trusted_domains' => 
  array (
  'datadirectory' => '***removed***',
  'tempdirectory' => '***removed***',
  'overwrite.cli.url' => '***removed***',
  'dbtype' => 'mysql',
  'version' => '',
  'dbname' => '***removed***',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => '***removed***',
  'dbpassword' => '***removed***',
  'installed' => true,
  'maintenance' => false,
  'mail_smtpmode' => 'smtp',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_from_address' => 'cloud',
  'mail_domain' => '***removed***',
  'mail_smtphost' => 'localhost',
  'mail_smtpport' => '25',
  'theme' => '',
  'loglevel' => 1,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'mysql.utf8mb4' => true,
  'app_install_overwrite' => 
  array (
    0 => 'apporder',
  'mail_sendmailmode' => 'smtp',
  'has_rebuilt_cache' => true,
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '',
    'port' => 6379,
    'dbindex' => 0,
    'password' => '***removed***',
    'timeout' => 1.5,
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'encryption.legacy_format_support' => true,
  'encryption.key_storage_migrated' => false,
  'default_phone_region' => 'NL',

The output of your Apache/nginx/system log in /var/log/____:

***removed*** - - [07/Jul/2021:20:43:19 +0200] "POST /apps/text/session/sync HTTP/2.0" 200 246 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0"
***removed*** - - [07/Jul/2021:20:43:21 +0200] "GET /remote.php/webdav/***filename*** HTTP/2.0" 500 14820 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0"
***removed*** - - [07/Jul/2021:20:43:24 +0200] "POST /apps/text/session/sync HTTP/2.0" 200 246 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0"