The Basics
- Nextcloud Server version (e.g., 29.x.x):
29.0.8
- Operating system and version (e.g., Ubuntu 24.04):
Ubuntu 24.04
- PHP version (e.g, 8.3):
8.3.6
Summary of the issue you are facing:
I am trying to decrypt a Nextcloud installation using occ encryption:decrypt-all and realized that files in files_versions are not getting decrypted.
This is a duplicate of Occ encryption:decrypt-all leaves file versions encrypted, which was inexplicably closed recently without being resolved for more than four years.
In that previous post, @yahesh suggested using the server-side encryption recovery script (now part of encryption-recovery-tools), but that only recovers the files outside of Nextcloud.
QUESTION: Is there a way for me to easily import those decrypted files_versions files back into Nextcloud, i.e. can I just replace the encrypted files_versions files with the unencrypted files_versions files and make appropriate changes to the database? (Ironically, this might be preferable as decryption is very much faster using the recovery script than using occ encryption:decrypt-all.)
As far as I can tell, the entries for the 'encrypted' (12th) field in oc_filecache would have to be changed from their current non-zero value to 0. Is that correct, or are there any other considerations?
I’d appreciate some confirmation on this and possible help with sample and/or pseudo code as I don’t want to screw this up.
fwiw, I am using PostgreSQL.
Further, I believe that occ encryption:decrypt-all should also decrypt all files in files_trashbin, including versions:
files/
files_versions/
files_trashbin/files/
files_trashbin/versions/
So please consider this a support request as well.
Otherwise, this should be documented, and users should be warned before enabling encryption.
Steps to replicate it (hint: details matter!):
- Run
occ encryption:decrypt-all - Files are all decrypted, but file versions are still encrypted.