Reset encryption for user

Hey everyone,

I screwed up the encryption for a few users by resetting their passwords and not updating the encryption keys. Now I’m running into the ‘Invalid private key for encryption app.’ message.

None of the accounts actually contains data (so far) but one of them is my admin account. Is there a way to resolve this issue via the web interface (no shell access possible)? Losing data in these accounts is not a problem (as there is no data).

I already set a recovery key but (of course) after I saw that I broke stuff so I guess that’s useless now.

A workaround would be to delete and recreate these accounts. Looking for a better solution anyway :slight_smile:



Each user will need to update the encryption password under their own accounts. This can be done under Personal -> Basic encryption module. Enter in the old login password, and then the new login password to update. This should resolve the error.

Hey, thanks for your reply :slight_smile:

The old passwords are not available any more (overwritten is password store) so I can’t do that.

Is it possible to reset the encryption for a account?

The other options are to use a recovery key or a master key. Both require set up before hand.

Setting up and using recovery/master keys is documented here,

Off topic, but I really advise having ssh access to run the occ commands. Especially if you are going to use encryption. Some features, such as the master key, require it.

Okay, as I understand it is not possible to reinitialize the encryption in my case.

I have a few questions left for better understanding in the future:

I haven’t enabled server side encryption but just home storage encryption. I get the feeling, that this is not really intended since the home storage encryption is always described as an addition to the server side encryption. Do I get this right?

I also consider disabling the encryption because I now see more disadvantages than advantages.
Is the console based deactivation of encryption described in the docs applicable in my case? How are existing files decrypted? I don’t see, that the user password is entered in the process.


Server-side encryption has to be enabled to encrypt anything. The Home storage encryption is on by default, but can be disabled if you don’t want to encrypt local files. If you did not turn on server-side encryption, then nothing has been encrypted, regardless of the home storage setting.

For me personally, the encryption is best used if you are managing data on third party system such as Dropbox. If your not doing that, I recommend leaving it disabled.

Okay, but I don’t understand why I get the above stated encryption error, when nothing has been encrypted?


Enabling the encryption application is what causes the keys to be set. Files are only encrypted if you turn on ‘server-side encryption’ in the admin area. Local files are only encrypted if ‘server-side’, and ‘Encrypt the home storage’ is checked.

The error you have is related to the keys which is part of the encryption application.

Okay, I understand. Is there any way to get rid of the keys?

Personally I don’t have shell access (used to administrate my own instance on my own server, no time any more to keep that up to date) but I guess I can ask my provider to execute things on the command line.

Does disabling the encryption application help?

Disabling the the app indeed help to solve the problem. Just disabled the settings in the admin panel before which didn’t help.

Guess all’s fine now… thanks a lot for your patience :slight_smile: