Recover encrypted files after lost config.php

Firobe · March 8, 2020, 8:25am

Nextcloud version : 17.0.2
Operating system and version : Arch Linux (latest)
Apache or nginx version : 1.16.1
PHP version : 7.4.3

Hello everyone,

Recently, during an upgrade to Nextcloud 18, my hard drive went out of space, which led to my config.php being lost (I couldn’t recover it by searching in memory), and unfortunately I have no backup of it. In particular, I lost the secret of the instance (and the password salt).

I still have everything else (data directory with files and keys, database). I had server-side encryption enabled, had not disabled master key and not enabled recovery. I still have the username and passwords of every user.

I tried creating a new instance with the same ID and importing the data directory and the database. I could recover non-encrypted data such as calendar, but could not decrypt the files.

Using occ encryption:decrypt-all or occ encryption:decrypt [user], the private master key fails to be decrypted and nothing happens. I skipped the signature check using 'encryption_skip_signature_check` in the config so that is not the problem.

Is there hope of recovering those files ? Via the “public shared” key of the files maybe (I don’t quite get how this part works).

Thank you for your help !

(yes, next time I’ll definitely make backups)

Firobe · March 16, 2020, 2:15pm

First and last bump

Paradox551 · March 16, 2020, 2:20pm

Restore your backup config.php or restore your files from a backup.

You will (AFAIK) not be able to recover those files without the config.php.

peteman52 · March 16, 2020, 4:57pm

I’m not shure if I understood everything. Is your whole data-directory encrypted? If not, you will find there a directory named “updater-xxxxxxxxxx” where “xxxxxxxxx” looks random. In this there is a dir backup with a backup of your three last Nextcloud installations.

Firobe · March 16, 2020, 5:18pm

Thank you for answering.

@Paradox551 Unfortunately I don’t have any backups (yep, I’m a bad admin)
@peteman52 Only the files from the Files application are encrypted. Thus I do have an updater directory, however it is empty. Because there was no more space on the hard drive, I guess.

Paradox551 · March 17, 2020, 2:51pm

Good luck. It’s not possible to decrypt without the config.php to the best of my knowledge.

Stop using the hard drive and pay a data recovery agent to restore the file. If you are still using the drive or it’s an SSD you are SOL.

This is why you take backups.

Firobe · March 17, 2020, 3:04pm

Welp that’s what I feared. This will be a lesson about backups I won’t forget.

KevinFumbles · May 18, 2020, 5:41pm

@peteman52 I just wanted to say thank you. Just like OP, I didn’t have any backups but I never realized that there was a backup of the Nextcloud directory within the data directory. Now to try and recover!

deglin · October 28, 2021, 2:13am

@Firobe Did you ever get anywhere with solving this? I have a similar issue… config.php was corrupted due to a full disk and I lost the Salt and Password.

I had Server-Side Encryption on and I’m trying to find a way to either restore these two items or decrypt the files. I have everything else, I’m just missing these two lines of the Config file.

devnull · October 28, 2021, 9:08am

Perhaps you find an old version of config.php in
data/updater-*******/backups

Read for further use of nextcloud backup and restore.

Note that backup and restore are even more important for encrypted files than for unencrypted files. A file error (e.g. config.php) can destroy all files. Also note that server-side encryption provides little / no security benefit when using primary files directly on the server.