Recovering Server-side encrypted data - Help needed

I have a broken 25.0.13 instance, used by only me, with server-side encryption enabled.
There I have data that I need to recover.
The instance is on a hosting provider, which does not give me ssh access.
I have all the data files, database and passwords for the instance.
What I would like to do is to either get the instance back up running, preferably through transferring the data to a new installation, or decrypt the data on my computer.
I tried doing both on my own, transferring the data folder and using the decrypt tool, but I had no luck in recovering anything.

Any help would be greatly appreciated

1 Like

I would try to create the Nextcloud locally 1:1, possibly with a different name. I think there is then an occ-command to decrypt the Nextcloud. Or maybe you have direct access.

Where did it fail? What happened when you tried? We need more details. :slight_smile:

Were these the two processes you followed?

Migrating to a new server: Migrating to a different server — Nextcloud latest Administration Manual latest documentation

Recovering: encryption-recovery-tools/server-side-encryption/README.md at master · nextcloud/encryption-recovery-tools · GitHub

well, how would I do that? I would need to run a database, webserver etc all with the same configs and passwords. I can try the occ on the local copy, if it works, I’ll report here.

EDIT: OCC errors due to no DB connectivity

I did not do the migration like that, I copied the data folder, then in the config i changed the secret and instance ID, leaving the password salt, since I thought it might make it impossible to log in.

The recovery I tried used the tool and I had set the environment variables, like the secret, data path and user password. It always errored out with “can’t decrypt any private keys” or similar message

You can read here. There you find e.g. the command for decrypt. But i think you need a copy with shell access.

sudo -u www-data php /path/to/nextcloud/occ encryption:decrypt-all

Using the recovery tools will likely be your best option if you aren’t going to bring up a working Nextcloud Server and migrate everything.

You should not need (nor do you want) to provide USER_PASSWORDS to the recovery tool (unless you explicitly overrode the default behavior, which uses a master key not per-use keys, when you first set up encryption – or if you set it up many many years ago when the default was different).

@redo11 Please open an issue here if you have any problems with the encryption-recovery-tools. :pray:

1 Like

i have the same problem with tools rescue
root@servercloud:/home/pavo/recuperar/encryption-recovery-tools/end-to-end-encryption# ./recover.php /home/pavo/recuperar/recuperado /home/pavo/recuperar ERROR: MANDATORY ZLIB EXTENSION IS NOT LOADED