I can’t get into NC when the encryption app is in the apps directory(/nextcloud/apps/) because NC generates an internal error.
I enabled encryption in the old NC settings. It’s not server-side encryption. I have disabled it. I enabled Encryption and now get an internal error when I switch NC screens. This is an internal error message after the login screen.
The only workaround I know of is to remove the encryption folder from the apps directory.
I expect that modifying the MariaDB database directly will solve the problem. I look at the database and the only table that contains “encryption” is “oc_e2e_encryption_lock”. Probably not this one.
Is there any way to disable the encryption settings when the encryption app is not in apps directory?
How can I prevent NC from generating an internal error even if the Encryption app exists in the apps folder?
Return to your Admin page to see the Nextcloud Default Encryption Module added to the module selector, and automatically selected. Now you must log out and then log back in to initialize your encryption keys.
I’m aware that the encryption key is initialized when the user logs out and logs back in. However, when the user logs out and logs back in, it generates an internal error.
Is there another way to initialize the “encryption key”?
I tried deleting the “files_encryption” directory in each user directory(
NC/data/USERNAME/files_encryption ). Then I put the encryption app in /NC/apps directory and tried to log in. The user was then able to successfully login without any internal errors.
However, a new problem has arisen. There is a problem with the default encryption module section in the security section of the admin user settings.
I tried to change the password for the recovery key, but the password does not seem to be recognized correctly. I can type any character in the password input field, even if it is blank, I can press the button and the system will not behave in any way. I’m not warned if I deliberately type in the wrong password.
I can change my web browser or operating system to manipulate it, but it doesn’t change anything. How can I deactivate or change the recovery key?
I’m trying to find a solution for the Default encryption module.
A very basic question: what is a “Master key”?
Is it different from a recovery key? The Master key is not indicated anywhere in the NC web UI.
When the administrator user opens the Users menu, a popup appears saying “Password change is disabled because the master key is disabled”.
“Encrypt the home storage” in the NC WEB UI is enabled.
*The various password fields are not functioning without any response.
I have disabled server-side encryption. I check with the OCC command and if I run it without “encryption:disable-master-key” specified, it shows that it is already disabled.
I have specified “NC/data/keys” with the command occ encryption:change-key-storage-root to clarify the location of the key. The “.oc_key_storage” exists in that directory.
*I have deleted the “files_encryption” directory under “NC/data/USERNAME/”. Because when I ran the command encryption:change-key-storage-root and tried to reset it to the default location, I got an error that the “files_encryption” directory existed somewhere.
I’m too afraid to run it. If I run “oc encryption:enable-master-key”, which items in NC will change?
I updated to NC23.0.3 and now I get some kind of response in each password field. For example, when I enter the password to disable the recovery key in the Disable recovery key section, it says “Saving…” to the right of “Disable recovery key” appears on the screen. But as a result the key is not disabled.
Sorry i do not really understand your problem. Are the files in data/username/files encrypted or not encrypted? Also i only know this video for decryption. Have you execute this command?
‘Encrypt the home storage’ status unknown
I left that checkbox in the disabled state and when I reloaded the page, it was in the enabled state. This is no longer reproduced in NC 23.0.3.
→ How do I know if it is encrypted?
Recovery key is not recognized.
For example, I can intentionally enter the wrong key into a form even in NC 23.0.3 and it will not point out that it is the wrong key. I cannot disable or change the recovery key.
→ How do I get NC to recognize the recovery key?
Can you direct read the content of the files or not?
Yes, I can read.
Have you watch the video and execute the command at some point in the past or not?
I have never enabled ‘server-side encryption’. Am I making a grand mistake? Does the recovery key mean anything if I don’t have server-side encryption enabled? However I was once able to set and change my recovery key.
occ encryption:decrypt-all
Server side encryption not enabled. Nothing to do.
I would like to try activating the “master key” but again I am afraid to do so. I have a desire to verify if activating the master key will help to balance the books of configuration discrepancies in the system.
I currently have the master key disabled. I do not recall if I have enabled this since NC12. At least I have never manipulated the master key with OCC commands.
What problems might arise from activating the master key? My biggest fear is that the data will be encrypted and unreadable.
Or would the default encryption module have nothing to do with the master key at all?
The server-side encryption Nextcloud has two different modes:
master key encryption
user key encryption
With the master key encryption one central “master key” is used as a basis to encrypt all files. In contrast, with user keys, an individual key per user is used as a basis for the encryption. In the past, user key encryption has been the default and one had to actively switch to the weaker master key encryption. However, due to numerous problems user-individual keys protected by the users’ passwords (which could be lost/forgotten) Nextcloud switches to the master key encryption as the default later on.