Recovering SSE files fails
mraspor opened this issue · 8 comments
mraspor commented
Not an issue per se...
Some background:
- Nextcloud 27.1.5
- SSE enabled, default module
- Out of the blue some files started to be unreadable - nothing was installed, changed or upgraded - OS was not touched nor was the Nextcloud installation touched in any way
Log errors show the following (in repeating succession, randomly ordered):
OCA\Encryption\Exceptions\MultiKeyDecryptException: multikeydecrypt with share key failed:error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error
Sabre\DAV\Exception\ServiceUnavailable: Encryption not ready: multikeydecrypt with share key failed:error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error
Issue: multikeydecrypt with share key failed:error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error
Sabre\DAV\Exception\ServiceUnavailable: Encryption not ready: multikeydecrypt with share key failed:error:04065072:rsa routines:rsa_ossl_private_decrypt:padding check failed
multikeydecrypt with share key failed:error:2406F079:random number generator:RAND_load_file:Cannot open file
multikeydecrypt with share key failed:error:0909006C:PEM routines:get_name:no start line
So, I' ve run the Nextcloud's decrypt-all command:
$ sudo -unginx php occ encryption:decrypt-all
$ sudo -unginx php occ encryption:status
- enabled: false
- defaultModule: OC_DEFAULT_MODULE
What I tought decrypted all the files, actually decrypted some:
mysql> select count(1) from oc_filecache where encrypted = 1;
+----------+
| count(1) |
+----------+
| 89152 |
+----------+
mysql> select count(1) from oc_filecache where encrypted = 0;
+----------+
| count(1) |
+----------+
| 838937 |
+----------+
Now I turned to encryption-recovery-tools/server-side-encryption/recover command. I've configured:
- DATADIRECTORY
- SECRET
- INSTANCE ID
and run it against a file which is unreadable (IMG_0327.JPG). This is what I get with DEBUG on:
$ sudo ./recover.php /temp/ /data/nextcloud/nextcloud_storage/jelena/files/IMG_0327.JPG
DEBUG: debug mode enabled
DEBUG: DATADIRECTORY = '/data/nextcloud/nextcloud_storage'
DEBUG: DEBUG_MODE = true
DEBUG: DEBUG_MODE_VERBOSE = true
DEBUG: EXTERNAL_STORAGES = array (
)
DEBUG: INSTANCEID = array (
0 => 'ocy55kvkmj5y',
)
DEBUG: RECOVERY_PASSWORD = array (
)
DEBUG: SECRET = array (
0 => 'JuvKAWYlYS5i/AkZr02gYkG65LH0WFAb7Egfyp6fzUWB8gYY',
)
DEBUG: SUPPORT_MISSING_HEADERS = false
DEBUG: USER_PASSWORDS = array (
)
DEBUG: systemkeys = array (
0 =>
array (
'file' => '/data/nextcloud/nextcloud_storage/files_encryption/OC_DEFAULT_MODULE/master_52ced14c.privateKey',
'id' => 'master_52ced14c',
'name' => 'master_52ced14c',
'passwords' =>
array (
0 => 'JuvKAWYlYS5i/AkZr02gYkG65LH0WFAb7Egfyp6fzUWB8gYY',
),
),
1 =>
array (
'file' => '/data/nextcloud/nextcloud_storage/files_encryption/OC_DEFAULT_MODULE/pubShare_52ced14c.privateKey',
'id' => '',
'name' => 'pubShare_52ced14c',
'passwords' =>
array (
0 => '',
),
),
)
DEBUG: userkeys = array (
)
DEBUG: json = array (
'key' => 'SEJFR0lOOmNpcGhlcjpBRVMtMjU2LUNUUjprZXlGb3JtYXQ6aGFzaDI6ZW5jb2Rpbmc6YmluYXJ5OkhFTkQlAJi79JnGFkudLMZZM/UFKacE7cfsoTV95qBwQTWNPvxoAhdFW0iBfpsVnWADoNqDhNTiIaFIDudVMuOBwN1hDWoodPDA153UON4+I2+ZI0zpnSL3ZRtcisQP3zXoGs/y8ft76nhlq/63rSzTwHYwk/LZkuNV6pshQCaLJlM4/dW/KKGnuRFFoxwmf6hbla0ObvCKrqRiEyAoaCRRc/FNd1IO+KcKKiRRctjewo213ZVIRPGO4hNM6V+RJRJPqROhfUxDkh+BBFby4P4Ee2Nop94knVrtzsPXTNiXGAY2LPWpw0DxC3Id71b0Y0tSuRFDyotqg/zmyU0c2b2DheE61YggpNhXHvyko1qrbSSlisPAx13uq76sTFamc5pSlOX1/BtlyoVvW4Ow81mOkfakZ+IS5XWaWUGqfDXH0jokpnOzWpKKTCw2j2WB+duPYhmMRidHPGQX2wAReaZfTeZwjA/0R+0Vo7Cjl99QsJhb6+McSeijOKw+hHe153aI+AIwXPMJPtYyALePmlaQ58Avo45mWjzDWU2iNeQSoOMF4vmjgQmOJd2Mw9ixdCMXHMdX6UZhaAusVIw4m63Km+mEx5Vozf/+RzWzFE7yjBO36wIr7ziT8cd+PUv5xtw2rywMEffJp/8ZmOr0DqPblMFd66QTP9Wbqe3sHvHOPgOZOVfAW+9+SZrBVTGNbpd7IFmXnOQqVZnBOJnHU/gkdmepTFCNWwqm+D4wBeD2Kz2B532QoIqZ6JsNT65/jWOTMJtWg5IZ3URHD2fhFMxMBeTbN6eFEdw3CHody5OGkzCKjfTMUVFMZNic+OYyQRmfmpJLuAJ9+xp0Bav/y4I1jyYj6tNhXmBDGoUVGbFeYcK7mhN163Hd/eqhkti06QXrYXmc9hA1aA1xsHFYa+XrqhRxwBftRMMJ6MxNywo+XRul32aJimd6A6iWdpmvFDhU8gWB1i3rNmjXpKESR0+ttQtnip7vxE1md7ICiqkryCtqaESY3SPCbXp4utsOmu/RsMxM4Uf102AOmqkBsWL/XSa9Pl1EtaopoTEFmdXPGESCJeIw7baGxAyG2TWK62EYowZobcLRXJpee3H3fv2GUFzDuzxBJ5XcxBFFEr5rnSlQJkEiyM1Yd3NWe9Z9/AbDOAYIecp7BjQE2OM+lvXaoqb+JWWwqtYl7/F50G5ykZRHeuWwDhPJB3P7Q/X6IFFPlm3JKWMC649vo1TX4JMscmDimRV9ZTcA2iwK6YPhYrzzYACzi42hM3wGBoTymNlQKvlAIwUNgLzqZaTRBtAr2IjT2/ydRkoXnh9ci8J/SUVDinFAKlquBR7dCU32CswLdGar/KqPKl58KaePtPaMuXbGlMHW/ONOQ5orFixQ+0lLXhGrzNQTYNczF2zJwGvjTNuGUE/aD68DBVTRGcj24Ts+FCNTa1SxmDX2X+Cx8lzRlXr51ZtXADwOBGiv/Xlo5YS/4KJrNE7Rqrl9DNHZaDexn6kk4AHofWam71NhMKAG/mwE7Vft5FBHTq7TY78OZm/rMgVyHcKPDGJHsAzrnnucPtUEEH+dmh5S/MP37M6KguK3J3/xLBk4zFmOMjWAmKlC7JEYbuoxgWFgdRe+MsOKUfF039sxfo9cJdXClFd1Su71kjpRLI3t7328NiiN5tcXwDqG+IufjJAifLc2P/zuzgMj0FUpWJf/K/CqCrr1XwRERMrbi0EcmD75GmoYJ4u/hadclukS+AGb3x8rJiaxf1bBEmKr69/x1MOmuIUSHIsfxBZeZ0UYIqXK3hWaO7vbLWLB2QYIC7iHk3RMCavg/eak3GJNClz+3nXZrEMsoUHPgMVN7rc42PrVYRpW/cm+u0So6X64Tre0AmbvMnATFw+v/LAZ6SiZTNbEuUa8BxhNTMsNoLJrRIBFZTl4ve0KfYClXqg/PDjzJXnFYNzsIBc5PaAE2AqAWgaNsH6LX8Aky0senze3us7MUwjr1ytPM3RV7E9a34pELq7eWFEhA7OAdkqWgE8u4O0bMusScydLJLgJ/Igd992sqo1HF2YW6OXW4Y8Cgx3aCJ/mXKL1HUmmAd1ILtNbXdedjFzcbtyw/8X53q23sDGqU3d1E7vhN7Ikr+e/LMskQLi7cr9EBqEX0C5iD4VrBTizll9K+gVAmVFHxknQUcEyCDCRGA5vz9ufdo8HPznk6BqsEdzY8BP7MMjuzYZbtG0wbrVl7ZjdiGTPYu8R+nxzV4sx1ysLB3TpYfOL28o0+/UxlgzUjZ9oqmJaT+HIHnIhYTZF8ivFv6ENu2gGIcgiMg5mVTjhr9lgBsbC2Fj+N4S6aiG/HK9081w4eVxso2SbI/O0UfF68d4Eghx/XbaINet8s5z8b1g4JjirTKiHr9XXO+c7x8bVp6wx+Gqvonjf8XbgHHm4JAkK6FtbljD8F6vmitvT+sTsv2qdNaiZnbNrBSRF9fPCxA/g9gI8eY1P/L7FFW8h5QPd4N/WPpg9PJKxbDhdX5QVO+gr7tk2TGWb5aBS9jgQ+/JeXj9ESwZ4t0Q5mlbU9rYhg3k2BYc/EJsNd1jrym1LIqFLTkiB7xF/m+D2vCR+gAN3WjansH4h3xgfjmsaN5U/K6ZSL36OUARzio+AXV/PhirJBY2ymPiIe2cHPUWl7rEfOZeQudDUQC9z41pduEetmgXdcoXt6o2L+0fAtJE1eHpWCqieh8wVSSxXT+1nHcg+/BBGj8E5xgNuDhcvetvMv2xVBzAXpFJ4gDpRj8j0YiZysWZghoq9kUB5A3w8C/90gy6dSfsnSCTNfn0DIn8F3g3WzO1sq/XZHVHeVbiqcxda4+qZQd6wQT5w65m+9VSjb7L92mtxRqm3lMtYF8k0VEooez1jeSIVTYlESBshHXceX95cqclYCziFau+Kry1CWVKsv29oX2k9OalDIndJ/o3Geo44V1ustQoyB5c0dS+GvFm7oq4gBDMthddMZTM8R2wi8ftQM0ojQQkU2Yessd7BJX0umsFZPeIeB8GxpVy6/fOllI8NRsOVy8JUw2f8Q053e7Mvh2QbVvWsx6f6++UAqDvg6lEE5h/DoZKLT30fKY/l5v+9dDX3pNEeI626db8TJ851h3SX92AFM06/hiSrTgxJCv+anP5BcPUWrsNaHYZ96Q1tqglkMmwwYN9JQ9XlapCyaaUDIXypQE6Vu8NLgyw0QqGQkLvIf9Ca+WsJfEAvgSjoR3fR7nH/hGwFGsDlA9AxE3TZREwqhk3/R11fAoXtB2gcYVKggev8Z7lG4w6q/JrvNXRFfpj0Zqzd+ICGcs6Xg5RnCVSqk2+joolPtivvulBxCfQGCvM0YJ+OYGcFzbZDKIHDQ0Q57J3f1vFHUlcDJAt47Oc5vSnFUb3rMsC4n285P6MVbJ6+ZXJGDWzocjBeYniknlZOqGljVyq7nwEkYR2eRmnLmtKvswFpcT+JvWpHJGNF+OkXrxrc0jAvy+Jzxa77GnrkETiBmEYH03+JbqRpEfeojC1k/xHsDXt9lWPT2bVAQrvkl55rkV/flGvfdVa/hnij6VdP7WIH0YcCzc+JyP2XDLGZG4MeVPKZWdlsYUrDwIVqJNE+T9MA53yYN95OCf3gYi9loW+YRQQlPljtqaINBHbx47pfYNGoYdrlpffUfQBQY3ImSwyzOl+HFqWhQRUHsC8J5J6fC4WQ95cfmlAjjZt48ZALs9TZLNtapret8Bpan/pXF9+5RxoemLssj+0RY2rG0211Y0jOmb7k7wzNxjAUEG+zV1xGNdEncfICiySyEmv+TcNiYskZO0+XAi+dYJ6KOsK+dAJl/5iac8SV2edbpicoKo7/lEBSQalxes6WdP8tdxEmrYfcYtCyOMRgdpoPX43DgkrH8qFIxIygrJFb45wi4M142CpuC+a5FYxAS3AmKxM/Rfk4KiZW1YoaHoVRq7YHgp3gjQUJNURPzprQm/wGuzeixjRUBrkri1FtUcJv5GCCDo8krnR1Cwu5ZmjersFbr45QjmaanajOd8j2Up9e0n4wm5ZRbFBcHp8Eg1jlfmaDs5xtucBz/MKljaIsQySHoFhWB8XBXHSi7vgfhdTSFb8HJaJieyyZl+Gk9Qf86mEWLYR8+H41SNmuzo1+rWEpUXrY76WenOJpwIrwNlyLfIalWtUSfflWnHTm4kZEbfOIOKBJ+nfjjHiYir1GPzRhn3h+ZT+Zkx/ZqAxh8T2hlM+lqASrml4/+AwCVT5O42IFhURGOO1bQpOIXrf7Y9Rgoq1z5mqW+yL4Pog8yUVBAB/cbZx/x5LKGvUeVQh7VImntMOV4xgVNTZwe89bgU6p/QPzGRppp4KwbZBvWD/QbRLwWXYKJN1FJb0j5SuxrjAwaXYwMA9/zumvUlk/0/xBaVNVdi0wMHNpZzAwOWJmYTdkNDJkOGEwMjBjMDI5ZTBkNjA5OTcxZTVhMWY2ZjY1ZDFmMmFiYjM4Y2E0NTFkZjI2MDdlN2NjZDY4MHh4eA==',
'uid' => NULL,
)
DEBUG: header = array (
'cipher' => 'AES-256-CTR',
'encoding' => 'binary',
'keyFormat' => 'hash2',
'oc_encryption_module' => 'OC_DEFAULT_MODULE',
'signed' => 'false',
'useLegacyFileKey' => 'true',
)
DEBUG: meta = array (
'encrypted' => '250098bbf499c6164b9d2cc65933f50529a704edc7eca1357de6a07041358d3e...a9fd03f3191a69a782b06d906f583fd06d12f059760a24dd4525bd23e52bb1ae (3272 bytes)',
'iv' => '0f7fcee9af52593fd3fc41695355762d',
'signature' => '9bfa7d42d8a020c029e0d609971e5a1f6f65d1f2abb38ca451df2607e7ccd680',
)
DEBUG: loaded private key for master_52ced14c
DEBUG: json = array (
'key' => 'SEJFR0lOOmNpcGhlcjpBRVMtMjU2LUNUUjprZXlGb3JtYXQ6aGFzaDI6ZW5jb2Rpbmc6YmluYXJ5OkhFTkRyTfzkKnIbHVQfgf4Zbqx9pR0d8vTD6HGn4Mwm/hJ+M9WYunueVjD3iW97BIxWoR8JoXtXbl8s3XVACN02UiumEIseT8WrMukPUvWWvL+j+jIOFZ0hpTxZHEJ+vPA2FKJU4rXSthOqv9qhfe3JK2mtqcoNr/9ljkMQlE89EWjKNTG88L77nSihQQUWqLfljJ9l6E+w8xOrzNR4QzSJg/rdp3z8Ft1jfGrzGh9xTS2u7YQ1Ovh78bU7LsjD+KTMaz2bujdOUNgX0APxQgKIrk3EdlfoK1u09g1MoWxJ0qgebwgriBIhN85XpBA/OVb1RCeLhoMx4OaHSJ0Bo1vdfaeVTPSSbiLqkXsllln7c97tV7A5KRyHPTnjeKNfLWr7ZDUx1FGLwfM07bQa3dXYDRIinHQBnWPB9qvbXpP8DfC6x2avqLxnHR674y02jtafADnw9LmHyPE9YyhEsKk/TA7llWdTa6PN5KZCDdiQsFH95R/q0DfjmChZQBPnt31zczoo7aNGW6rwoYDVFKtwz7Hiyb0MXHwYM1i+GDZeISP4FC7SBrmtier2Fz8/LtlBn+jUufD6HPxXUiIL5i5Dj0FJcbRd/QFAU8teiukkQwlEF5J9cwltx+DtbLhCbOwdw6tmCDlSfbkrPV41egdXqN7DpLJHj3RdKRM0cU7L1F6bsd/oFviZEDKPL1r00mxwpr3k+PBs8JQCsIHQLs0p6TbzNiYILIL7ZlAUTaVr3KsEcRTLmz4krvZgJdWHSKOIhTWSNA2MBun2De1SqfGB4TbYFjCUCaxNpruN0NbBN52h08OZy1fCU6e2DFKueTPXMhUMh+T6jdiRRUzOUTr5zFjuZbGRCQnRsX8mKkm7MbmaTsXInMw8e7lrZ1Iwi3Bl0r4VHXhQDle7ZQl2Sz3m8LjBaKZk09Dn2dS74jIZv8hMKo8RaWaJp23ogB3QowEH3pLXtmC8HFhfiTbKhVAbhsBlKD2kdQU6F5mroRfbRsRiKbbpPEWF6B9ee8aqn5aq1ey8MXszP/O3lLhfOzSvDGfAG+AM2VK3Ub3PbyqaC7d5FkUvJx85nxwCEKA2QjSHVzFNuRlRq431ID1YaNM3CfCW60tMlNT+xoXQBJQZukAgZqLrPzlQeO1g0z65ro1J0J7ndfzxExbq3rQbOzwoz0WpQ3z1ujnAcUlDk71HcPSRcCjc60omlPRjHzhNSfGjZo9VWZyFVEsgNqovogPqrmdpwcKrUEx3Ch0vOTyMQjvMiIFVEk4aXbfXEQmBcFMAh/7oWi9jKSwJ537G1hc0B8xMTW8TNePDTRq25Q2xaR7CaQfMTZeWcrBhlSXL2RSQrogr4GM6nZXqmStQoMzlFTJI0UWfi+cxwQsnQ+cJvM4ueuwK0RHwnLpKyNqOFRWFdhKpVQV+flJ2YF1aeA17If91nl4/lcDw0ZbsMbVVkmaaaK/qRBZsKqlzKw97uLZRwJg4vZodOmjcpe+r/8oIToLrs3b0DvwnNrDf+bAas1IG8KL4zCnspVHQJ29s3CUOScyiWa1hSPqFPFP87E8duFaH38id+tbBC4d9USNGAy0DLZaj+07V5m90hEyCQe8BAqdML9/b25EQvs0EwVdbhY+w0OaxxN8Ku+z2hmppEnhwORrEcTRaZ2NGCpC9c32SEzHIxwcjyDCxMpm1A5cGWT/go8GUVInzM8gDdmf0PPgEw2JtXBvFqIVgH7FL317z+VuL/lTONUX2uYIWwkliDIFovzfWsJgGKiy6vf62PDRRhuNp5xSF1+BlTbyvG3dkaPr+Zn2gzXWA7Q3/BqdNb47soQ1TLZS51xWPDVBjsMbWMzCIo7OLJ8NVy0rHr6lSzRA6kAYRrFRZ7MMwrYxIMxzulGc+zin1s4VvqQ7OvFip9AVrypBL95FJ6fFVkHtU9GI2SuZTnOWGvfdijKAI6TS3K1BRHo5a2C9cnAgi8gnRRPlrkUy4Iy/QriuTq7trCm9PF2xr1/M8+sU3ETrIBmpsyZ4uL0sD/7q4Zt60kkWKdPJzpwR2Z1uth5xhTai+OibUVyKSKE+K2Iwy3FlSPUpIMmp+64IOIUEmb7G2DaMTAsK9tPLWVKd3i/SJK2NH0pS3T0wwJXS/4WmCjFJ4/dw1ixIm2chu7P4lAoNX3qmX+KOyYL0DLZgRdSvzeIBf6GpMfQPMdeefhAoLc5WxAzSGqZgjQdC4e8osUQ7tdWENJblsd3j6jEFxEe+SbyZUbxPZu2FjiE5tsks6xrxEfyct8AYYUMwMGKEczOEjRTL5rxWj31n3FoH1OumJo51dpHIGuFJxywfg9DqylTKAfMvzAuS3w9y8bLut3xgF8Orl1KwBfeA63rgkhGRcwxzm0XWn2rGu43mwnp7q1gpruce0tERNFiQgsgnC6kG2KGeFq7hUxck4sLYfS8ZfihfDST721Gk+8M43j/kk3HI06q75sTr4R6VKKSu/l+6WmyMFG0fOLirxwxFW4LW3BNHvNQcw8a/xUrpKL8HrB+7yHgDoX05tmGReHoFjd+9Xp77ZzZrGkzkaXUxk1WGRZJpIai+ftHpoWPT21vlRchXdLhh9yDpc0djHnFEyO7YX3ZgpbQakoie6w+AG9hBW9+/icFRntKw9326FXTTo1akd9uPr8Emk4VbUB4KjMMwAzuzwr3ygbxtjECyPuF42oVGvZDXgBnQU22OYfDS0RZNjRXhI6TLgbUikwzLN02m07u8r2eXu3EoNEl/I3rZR5yXMf+mKDwsMiSBgsfEK4asyzh20Dfr09aCTOs2jB5VECj5YMmhWDcMMPAWsqr3JRsaltSyhv1Ybv3AteGYf33mw/vGFASrys+gVR65vQXPiGyCEu0NFD2I/rkMbu54Sq5HZjBCTivA+NqbmYoOZsmbHa0fHG9TrieO85cR2kdFuT6kNxykcEih0+nISyDOxRqkxnj1eEnuid3AA+BfsAQQI8wQQlq5MdFO9uWpmjTTabdWYitx8kf2F9uRW5ryDnfED2uPQSOolrTI1eSiTs4m9Ju4xWrk1H2EYmmAEk9XYloyOLC6owBFODmFt3Cpw8fqrgNxjliG3yiVbWuU/DcMYDon3lUSXpOuX6fLlmjDnbHMIDPfR4I+XJgt05jZ7i20wyx4AXdXJOLCJ1DROTy90CZF3FBxSSIIrSar9PGwfbvHC84+aFHOq93i/w/DYy4xSOO1kBxfAdJjam0E6ec15+Ij2ujYouHuWV1xV1AuREv/a0jK4eJI/e2wo7rVoafmk3PPFOGISE4JMwZrZm8Dj5N5xpTS0duS/ss2vS14fSS3bupef+7y8ny7ODhB+UvHJfNNuy0ldJJsc43H9ClERPciRKMazPnpjBe8/aowKclG3vFEDzBwoD4XPce0Ib2ZqP9ybs2kKiv+I/4ZkoThopDanu5qQtz7zg/Ri/B98xOTW5TvfrZg2WK87KQ6euxA8M6DI8pYP9YI+1MGKFRJasXMGUYzG+M5gD81Fqhmb3gCY5xxO4rmBp/AT89Y3rdTCzHvDtK5wjv9/XaBpaqSlrZEpQFFjo/luhxvQkCrPUoySzMAp025IVcSAaaXZuLPWMGygsM5iQj7j6jZ6vpD1v0DKVM6iWazOGjUuTNggDqtD/D1/LVWfJQ8IJ8gMNvJq+Ul+SpXsVTXLD4kmDgkEc0tkFGwxwa1MdNqYyc6UD/z84O5yi5riuC9zYf8RVPzNKg53rrDGp8znvyhVem6z1KgiV5sZz379oHEC76TG5QYqt/BlNMmMg/uQIEpY/R+McWmhi4/YS0dXjecsqLJ6P3zWDxeeJyPZWv1Mg8yFfM3hzV7lnMgjG/1QmgUlBKeevx9lp/ZZ6n8z6YFaOl7DN1FJYbB2VGbefmM1UPLlSD9lUzhFtjh4fckgw5UMShYuHSoN+cqZsSEzNPK4w/4n+BRM7XAjLIwrb+43fm/uQGYvT9fJ5haT7BbPBwQVZLLroXmgB5xjW88W20I8GrIo4sx0XyF42wSpPIXln3tWFIupnFeXvz3iG0FT+FGHhy1lowOCCbH3Dya9vZmsy4KNJe8YGSoRM38MThSb4RMoRCqBCSpXK3RxyDGox23iRQZFy1AJOBjEuPvI4J6CpYbVyzch+i+Y0ER7f9Lc24OFF54GLGSRumJS55gLTReje27eIrVsvESkpsFMTPBL+7ItQCkmu6mqGEL5/SNO+CUrDdSbLTF42TgPXzHBigOX1nTfF9h68LKzLT8IJuiaWGi5MgIAZxBSIh7sFFZPaUZ8vIwN4eBnqMaapsN8+5G2WE/8GFLhB4XICCV36yiWXoOeLZBBK3xC70p3glRsa9MDPdwdJkGI/ey5ui66RRKqC+CZzEk66uynTfTOWzAwaXYwMEvX4SBTdtaH0GFwk9jJTN8wMHNpZzAwNmRjN2ViNGE4ZDliZjE2YWY4ZGY3NjI5YzRjYjQyOTBjYTk3ZTQzNGE0MWFjMjk4NDkyODBmYjQzZDU1OGJhMXh4eA==',
'uid' => NULL,
)
DEBUG: header = array (
'cipher' => 'AES-256-CTR',
'encoding' => 'binary',
'keyFormat' => 'hash2',
'oc_encryption_module' => 'OC_DEFAULT_MODULE',
'signed' => 'false',
'useLegacyFileKey' => 'true',
)
DEBUG: meta = array (
'encrypted' => '724dfce42a721b1d541f81fe196eac7da51d1df2f4c3e871a7e0cc26fe127e33...6c6bd3033ddc1d264188fdecb9ba2eba4512aa0be099cc493aeaeca74df4ce5b (3272 bytes)',
'iv' => '4bd7e1205376d687d0617093d8c94cdf',
'signature' => '6dc7eb4a8d9bf16af8df7629c4cb4290ca97e434a41ac29849280fb43d558ba1',
)
DEBUG: loaded private key for pubShare_52ced14c
DEBUG: sources = array (
'' . "\0" . '0' => '/data/nextcloud/nextcloud_storage/jelena/files/IMG_0327.JPG',
)
DEBUG: filename = /data/nextcloud/nextcloud_storage/jelena/files/IMG_0327.JPG
DEBUG: targetname = /temp/jelena/files/IMG_0327.JPG
DEBUG: parsed = array (
'file' => '/data/nextcloud/nextcloud_storage/jelena/files/IMG_0327.JPG',
'name' => 'IMG_0327.JPG',
'name_raw' => 'IMG_0327.JPG',
'trashbin' => false,
'trashbin_time' => '',
'username' => 'jelena',
'version' => false,
'version_number' => '',
)
DEBUG: filekeys = array (
)
DEBUG: sharekeys = array (
'master_52ced14c' =>
array (
0 => '/data/nextcloud/nextcloud_storage/jelena/files_encryption/keys/files/IMG_0327.JPG/OC_DEFAULT_MODULE/master_52ced14c.shareKey',
1 => '/data/nextcloud/nextcloud_storage/jelena/files_encryption/keys/files/IMG_0327.JPG.decrypted.1711644712/OC_DEFAULT_MODULE/master_52ced14c.shareKey',
),
'pubShare_52ced14c' =>
array (
),
)
DEBUG: json = array (
'key' => 'ieAvEffqdlor0sPtWCNmCypvlONDMQFQ/Rzk6TDeBcAGn+6CvIUWv0ttqdEvap1iwXJoHYvbRtN3oBGoBh5kbHwnPKSmS/bc25jg2xzu7P7xs+2HqCZPH2xMQKLmWGzkmhUhoQdQW8YmwI5Suj0shKBSzDsmAbxJ702wtmr8dBuiL3XL4tzmqDct17upyI+lpBjwv8/iXSkwY48U4D52YemWLtkm7kJTbkep1NriTDiNuqMuOm4NP2XMrkWSJxUQOk+aX2gUwg153lAFm824tfTH1I4Vk9+3Nrn5IuIezp/+53zcdDXpaX0tbOHl5cP624dQaH/AK4iR1wO0iu8Ith55eYRAQpgf6sQ/3dbffns9EtFmYtyK37i+wZr0FChidFB4OoK4jXqu+mSvwhlOYaGVqWQlnEF+tGKH9+XBViam+K7fKgsej6B+v+u0nx6wub1iv45xs5oAfv5RDm9ADqHJownqUzq7lvXPZsk+vqFxsCCadXjk9kBctnPIDWDKmfbQnThvKidW1hmdTfehU71NXQ3UOSqWF1eVyN7tH2j5j/koiVLPULsJltM6xGsVquBhuhesixeJkxCB8fnUm44mw2rvAv8ci9Ykx/lZCW10/8VMIqzyW6Ycph6MSh5U5Ftm/OvrKQo86HyL1VQ4YimgJi7eGSEdEIzNiVr8U38=',
)
DEBUG: openssl_private_decrypt() failed: error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error
DEBUG: sharekey could not be decrypted as intermediate key...
DEBUG: openssl_private_decrypt() failed: error:04065072:rsa routines:rsa_ossl_private_decrypt:padding check failed
DEBUG: sharekey could not be decrypted as secret key...
DEBUG: json = array (
'key' => 'ieAvEffqdlor0sPtWCNmCypvlONDMQFQ/Rzk6TDeBcAGn+6CvIUWv0ttqdEvap1iwXJoHYvbRtN3oBGoBh5kbHwnPKSmS/bc25jg2xzu7P7xs+2HqCZPH2xMQKLmWGzkmhUhoQdQW8YmwI5Suj0shKBSzDsmAbxJ702wtmr8dBuiL3XL4tzmqDct17upyI+lpBjwv8/iXSkwY48U4D52YemWLtkm7kJTbkep1NriTDiNuqMuOm4NP2XMrkWSJxUQOk+aX2gUwg153lAFm824tfTH1I4Vk9+3Nrn5IuIezp/+53zcdDXpaX0tbOHl5cP624dQaH/AK4iR1wO0iu8Ith55eYRAQpgf6sQ/3dbffns9EtFmYtyK37i+wZr0FChidFB4OoK4jXqu+mSvwhlOYaGVqWQlnEF+tGKH9+XBViam+K7fKgsej6B+v+u0nx6wub1iv45xs5oAfv5RDm9ADqHJownqUzq7lvXPZsk+vqFxsCCadXjk9kBctnPIDWDKmfbQnThvKidW1hmdTfehU71NXQ3UOSqWF1eVyN7tH2j5j/koiVLPULsJltM6xGsVquBhuhesixeJkxCB8fnUm44mw2rvAv8ci9Ykx/lZCW10/8VMIqzyW6Ycph6MSh5U5Ftm/OvrKQo86HyL1VQ4YimgJi7eGSEdEIzNiVr8U38=',
)
DEBUG: openssl_private_decrypt() failed: error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error
DEBUG: sharekey could not be decrypted as intermediate key...
DEBUG: openssl_private_decrypt() failed: error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error
DEBUG: sharekey could not be decrypted as secret key...
DEBUG: secretkey = unavailable
DEBUG: cannot decrypt this file...
DEBUG: trying to copy file...
DEBUG: header = array (
'cipher' => 'AES-256-CTR',
'encoding' => 'binary',
'keyFormat' => 'password',
'oc_encryption_module' => 'OC_DEFAULT_MODULE',
'signed' => 'true',
'useLegacyFileKey' => 'false',
)
DEBUG: copying the file failed...
DEBUG: success = false
ERROR: /data/nextcloud/nextcloud_storage/jelena/files/IMG_0327.JPG FAILED
ERROR: AN ERROR OCCURED DURING THE DECRYPTION
DEBUG: exiting
And this file is readable:
/data/nextcloud/nextcloud_storage/jelena/files_encryption/keys/files/IMG_0327.JPG/OC_DEFAULT_MODULE$ ls -l
total 4
-rw-r--r-- 1 nginx nginx 1604 Dec 8 13:41 master_52ced14c.shareKey
Anything you think I might try to solve this puzzle? As said nothing was changed and worked 10 days ago.
yahesh commented
@mraspor Thanks for this extensive report. 🙏
What I can see from this so far:
- The master and pubShare private keys are loaded successfully.
- The script couldn't find any filekey files so this could potentially be a new file that was created/updated after the updated encryption scheme was introduced with Nextcloud 27.
- When looking at the content of the sharekey files then these are identical.
- I had a look at the sharekey files and they contain a 512 byte-sized binary blob which is indicative of content that has been encrypted with an RSA-4096 key. So this could either be new or old sharekey files.
- New sharekey files are RSA-encrypted with OAEP padding. I tried to decrypt the sharekey files by hand and this failed (as expected with OAEP padding).
- Old sharekey files were RSA-encrypted with PKCS 1.5 padding. I tried to decrypt the sharekey files by hand and this succeeded (as expected with PKCS 1.5 padding). However, the result should have been a 32 byte-sized random blob, but I got a 376 byte-sized random blob, which is indicative of a failed decryption.
My current assumption is that the master_52ced14c.privateKey privatekey file is not the one that was used to encrypt the IMG_0327.JPG content file but that the private key was replaced at some point.
Could you please check the timestamps of the following files:
/data/nextcloud/nextcloud_storage/jelena/files/IMG_0327.JPG/data/nextcloud/nextcloud_storage/files_encryption/OC_DEFAULT_MODULE/master_52ced14c.privateKey/data/nextcloud/nextcloud_storage/jelena/files_encryption/keys/files/IMG_0327.JPG/OC_DEFAULT_MODULE/master_52ced14c.shareKey
Furthermore, could you please tell me which files are located in these folders:
/data/nextcloud/nextcloud_storage/files_encryption/OC_DEFAULT_MODULE//data/nextcloud/nextcloud_storage/jelena/files_encryption/keys/files/IMG_0327.JPG/OC_DEFAULT_MODULE//data/nextcloud/nextcloud_storage/jelena/files_encryption/keys/files/IMG_0327.JPG.decrypted.1711644712/OC_DEFAULT_MODULE/
mraspor commented
@yahesh thank you for your help and taking the time to look at this - any data you might additionally need, I would be willing to provide.
/data/nextcloud/nextcloud_storage/jelena/files
$ stat IMG_1410.JPG | grep 00000
Access: 2024-02-20 13:04:31.000000000 +0100
Modify: 2024-02-20 13:04:31.000000000 +0100
Change: 2024-02-20 13:04:31.000000000 +0100
/data/nextcloud/nextcloud_storage/files_encryption/OC_DEFAULT_MODULE
$ stat master_52ced14c.privateKey | grep 0000
Access: 2022-10-03 11:29:50.000000000 +0200
Modify: 2024-03-27 23:46:56.000000000 +0100
Change: 2024-03-27 23:46:56.000000000 +0100
$ stat master_52ced14c.publicKey | grep 0000
Access: 2022-10-03 11:29:49.000000000 +0200
Modify: 2022-10-03 11:29:49.000000000 +0200
Change: 2022-10-03 11:29:49.000000000 +0200
$ stat pubShare_52ced14c.privateKey | grep 0000
Access: 2022-10-03 11:29:48.000000000 +0200
Modify: 2024-03-28 05:55:00.000000000 +0100
Change: 2024-03-28 05:55:00.000000000 +0100
$ stat pubShare_52ced14c.publicKey | grep 0000
Access: 2022-10-03 11:29:48.000000000 +0200
Modify: 2022-10-03 11:29:48.000000000 +0200
Change: 2022-10-03 11:29:48.000000000 +0200
/data/nextcloud/nextcloud_storage/jelena/files_encryption/keys/files/IMG_0327.JPG/OC_DEFAULT_MODULE
$ stat master_52ced14c.shareKey | grep 0000
Access: 2023-12-08 13:41:28.000000000 +0100
Modify: 2023-12-08 13:41:28.000000000 +0100
Change: 2023-12-08 13:41:28.000000000 +0100
/data/nextcloud/nextcloud_storage/files_encryption/OC_DEFAULT_MODULE/
-rw-r--r-- 1 nginx nginx 9540 Mar 27 23:46 master_52ced14c.privateKey
-rw-r--r-- 1 nginx nginx 2372 Oct 3 2022 master_52ced14c.publicKey
-rw-r--r-- 1 nginx nginx 9476 Mar 28 05:55 pubShare_52ced14c.privateKey
-rw-r--r-- 1 nginx nginx 2372 Oct 3 2022 pubShare_52ced14c.publicKey
/data/nextcloud/nextcloud_storage/jelena/files_encryption/keys/files/IMG_0327.JPG/OC_DEFAULT_MODULE
-rw-r--r-- 1 nginx nginx 1604 Dec 8 13:41 master_52ced14c.shareKey
/data/nextcloud/nextcloud_storage/jelena/files_encryption/keys/files/IMG_0327.JPG.decrypted.1711644712/OC_DEFAULT_MODULE
-rw-r--r-- 1 nginx nginx 1604 Mar 28 17:51 master_52ced14c.shareKey
yahesh commented
@mraspor For whatever reason the master_52ced14c.privateKey and pubShare_52ced14c.privateKey files were updated on March 27th/28th, 2024 (while the public key files were not updated). These are files that shouldn't be updated in typical use. The IMG_1410.JPG file (and probably all other files that currently cannot be decrypted) was last updated before that date and thus could belong to the master_52ced14c.privateKey file from before the modification that happened on March 27th, 2024.
There are two options here:
-
In the best case you have a backup of the private key files (and the
INSTANCEID/SECRETvalue of theconfig.phpfile) from before March 27th, 2024. If so then you could try to replace the private key files with the backed-up copies (keep the updated files as well). -
If you don't have a backup of the private key files then you could maybe provide the content of the public keys in this ticket. They have not been modified since October 3rd, 2022. I could then at least check if the updated private keys belong to the unaltered public keys. (If they do not belong together then this would have to be opened as a Nextcloud Server issue to find out why the private key files were altered.)
mraspor commented
Thank you. Yeah, unfortunately, I don't have the master_52ced14c.privateKey file from before this weird modification happened. I actually updated Nextcloud from v27.1.4 to 27.1.5 on 14 Dec 2023. So, what is so special with 27/28 March 2024 I have no idea - as I said, nothing was done in or around that timeframe.
So, from
/data/nextcloud/nextcloud_storage/jelena/files_encryption/keys/files/IMG_0327.JPG/OC_DEFAULT_MODULE and
/data/nextcloud/nextcloud_storage/jelena/files_encryption/keys/files/IMG_0327.JPG.decrypted.1711644712/OC_DEFAULT_MODULE
master_52ced14c.shareKey(file is the same in both of the directories)
and from /data/nextcloud/nextcloud_storage/files_encryption/OC_DEFAULT_MODULE/
-
master_52ced14c.privateKey -
master_52ced14c.publicKey -
pubShare_52ced14c.privateKey
-
pubShare_52ced14c.privateKey
also attached IMG_0327.JPG
Files renamed to .txt versions to be able to upload to github.
master_52ced14c.shareKey.txt
pubShare_52ced14c.publicKey.txt
pubShare_52ced14c.privateKey.txt
master_52ced14c.publicKey.txt
master_52ced14c.privateKey.txt
yahesh commented
@mraspor I now had a look and I can say that the (modified) private keys and the (unmodified) public keys do not belong to each other.
This is the result I got:
# master_52ced14c
$ openssl rsa -noout -modulus -in ./master_52ced14c.priv -out ./master_52ced14c.priv.mod
$ openssl rsa -pubin -noout -modulus -in ./master_52ced14c.pub -out ./master_52ced14c.pub.mod
$ diff ./master_52ced14c.priv.mod ./master_52ced14c.pub.mod
1c1
< Modulus=AD2F08224F938F91EB3E65A2982D4F3BF2D4275E0FE6A5471237E1BF1CE95A457F6B25E451D8CC2C2BDABE7C70B39765629A301D33CB05E9AAB3A63A483C5E4581FE166269D7317DC5AA2FAC2A67F7C71102A601CD9C9728DF83554C349690B44A1258E80E304D05041C7E3EC31C7139F5F5FB7B3313130695EA14F9D275A6FB33DAD4F623BBEBC4B36C42D6F48467169AFDF27DBE5E0FDEC2DEBC10C56F60FF4344219FDAC37991B7C5B1FF3C5ADEDD7ED9BF765ED216C0119EAA6390DB9F3DFA72DC15EC3A4396F2458E0E823A91F2883FE9CA5AA233270CEF2325A6C3FF1DD03E9562D3CE02CE7DCE993AF92F8201DDD60E5406DAB7985502BC86FE6FB78CA2F0BDA9CC3041C4BDF07A7E9947E084CA92F9FC35B7B5777A667E4C446E7917F85FE9BB7DF471A6688E542EDB90B0E5262F35CEA0544509301B1783A4882C067CFB42D57EA253F097BBC8C7938525F96274781D9913EBBCE378CAB476503589D00AF36D4A9BBFACA7F16CA03C7B564C0D872BB9022246B1AC1483A55328895F6EFB08BE82BB48E71C35841A012FB7F8846E016EF19DD096FFE69D7AE9635BFCF2F0C5AA0B7978F4FD0EF82B36A89A654F7076F1A2885B89225E2FFE11840E4F8A724C50A21D814C32114895FE48AFE0321957438F89521D394CD16F6BE919E34680D0E24B1C68C96BBA397C5C7097AE0692D6FEE80A207AC8279B92F9E105A3
---
> Modulus=B21722150F312F0823A099E7322E3D91DB012C3049DC4BC730EA5FB22B9F2145B65C262938FC8B3EF83CBA236455F1218326620C0BBB7F7923D8A8BB945853B6A4322F6800B23FD9A227C229711CB0E8C4FBD9A828F57BA11D458B90E5C182C4FD5DADA6982601A9EF9CC5A0E57CE620ADD8C0490F89608BFBCD3B5716F3DD9CF286086E1B0B55CEB777BFFA9E6205177A04138792515BAD8AF9D6D63EBA7377D2A5FC250AA42C7970FFC947E2E2D1183F97AF90EF03A2C567700245DFEDDA0BC8223847A1170DC6C46E22B284671DEFDFB309ACF44C130FC699B1B8CE2901EF00069C5E43D91F0E0F8201F0530036E2FCEA707A3092DEF7642EF5C6F42B0ADB5A2B1EEA33ACF59C810DD6F9B93835444ED705F7D28F1B6B5B3BDC521886E449D8DED5AC1B57346AEAD097E601D16B07826D7950418C57A864FF3D59A8B41A1DB11FC2295129EBFEAB18BB7C9CDC9F271CB65A703E44840DE0C58D30D3E0C7EC9C3B9D14EA6148FAAE56BBB06516BD7B8663EA4FD9DB22B594B36E06A3974D6C3467A43E0B148732B20AB3348173DD48C0872ABA66DFF2CD4C44501B0C8F2002C636DFAC3E4B74344697CA9EAD8090A18B482889ED825FF34F8FF3BB7B5AF66F73349178F8C5D1C5E145A83EE8440B205FAA5C355F07FB801C05F558522D2C52934ABAE04832F33D82B94CBA51B8CC335E18C48DFFB41D9CAD8A643609F7E2EB
$ echo $?
1
# pubShare_52ced14c
$ openssl rsa -noout -modulus -in ./pubShare_52ced14c.priv -out ./pubShare_52ced14c.priv.mod
$ openssl rsa -pubin -noout -modulus -in ./pubShare_52ced14c.pub -out ./pubShare_52ced14c.pub.mod
$ diff ./pubShare_52ced14c.priv.mod ./pubShare_52ced14c.pub.mod
1c1
< Modulus=9AD4A719796DF7AF1641EB185C923E09FCA1885306C508D7B154D7F9D33C47B0AC0D48EC0C244A60ED853F55EA0B64AB52AEB5D2BBEEA475060385D62007A3276377EA88BB3DAAB5F925EBE0D24B021DECDD105566A0F9B31828423893A0DDEDB29E6F0687EBBE9BCC0C47D80A04CB1D906A500C8CD30C2B0070FE4B21313E6AEB65318FEC2510BEBCAC62B0998D064E46661B748FC7D95CB11DB983E11606FC132685C3CF9904CD0883559880069DD705C4674942AA7C37A441455EFE7F30E8A58E27E64B44A1FD5513531AA68FAD4703F78F1247ED5B47B408D51746BD8BCD88BFEDAB6B088E62F19192221122E3808D6370D39F67BA16ECBD885AD760B2C597CE0EFDCC5CEE949C8CCBCD5D943C4279639D7E17E1C8738076AF0912C3445031A589CF9422A76E4F27854C35A86250E568F1E517DE40E6B80A6C92F87A6B3DC2ABD217DC3E80BEC51265A95F3B87BEDD7FAE1F6C493626751415DAFCA816E0D532F66DF07E5619200A4DA5BB250F21CD2EA3F34F974B9D0C438535F3BEE58C414CBD0E77F58EA9A76BF118AFE4F261487FEAD39715AB938F8FCC65CBF3A127116D9EBBD55378D669AD93800D5F14D2547740099FEA0CB2690F8164456E26163A36D4635CA6216BC16EA14A8F4960CBD5EBCAA924D9E43C3786D36F90F8F1394A768BFBCD27C4011D4F8C8AA691EB16BDDF1E49C5AFE414AB0736E9305A582F
---
> Modulus=CB159735C80AB407E875B6E235EC3BEC578D7ED5B9D3C28035B468AAC2883DAF3B166C5F44D68B6355512F8A9456576BE7A36B0DC5C9D1EC7FDEC67A53438D2F50F81148450164ACF57F6540E7B3A21B1B1F7EBFA27F5418CD727AFC7F886AF8106060E7EA0EF259CB2CCDD7DDFC579F48EBA64EDC1039524602CE4341B61B674FD88BF7598BB700B4C7FDB1EEA49CD44A6035166B3AC0E91860320B7DFA6BC5A929E650DF3B92036DDAD79C21B616C54F8A6D10BE7FE8DE51B0655A0C152AC809CE6FFA178E9B04E519CCC863421D2D6BCB119F4FFA90245C4025CA8BEF2B422463EF6FDDBF360882C5BE4F50DE79BC9501C85DFD6DB170A04044994A6100A94CDB3088FBDC59515F2850DBAFBE4D075106E6E86F81B369C575060AD75932F04CF47924306FDD6A2C7A66D31E73F833F9F30638F976C456E075AB8ADE7B8C99DC82F96B3A63DCE5D7541E8599C0A5496A1048703CDBD67B60C2E8CF9140657884C9F315FB3871AC87F5B6996A74E899AB10FC7CCF01C765B05F1F7065E0D42718BB6D7DB340667F90FC78C2B9DD24AEDFACD16E3ABEEB9893E680032F0E7B0E97C13D62A5A88F7683BFDE2A9BBFF03DB0C854333EADC3DEDD99C33F786512CCEB85AF6376188C2B1133AD0C1268DEF9D37BF4BB754B9C7BC89E50B7B84912D52DB1B8EEF148DB0D6DEBC8EF89DDE83E7F8E471AC524FE2355216021EF952CC9
$ echo $?
1And this is how this should look like:
$ openssl genrsa -out ./priv.pem 4096
$ openssl rsa -in ./priv.pem -outform PEM -pubout -out ./pub.pem
writing RSA key
$ openssl rsa -noout -modulus -in ./priv.pem -out ./priv.mod
$ openssl rsa -pubin -noout -modulus -in ./pub.pem -out ./pub.mod
$ diff ./priv.mod ./pub.mod
$ echo $?
0Please find your decrypted public and private keys attached:
yahesh commented
@mraspor If you don't have more questions then I would close this ticket here. Unfortunately, the recovery scripts cannot help if the necessary key material isn't available.
P.S.: Maybe one last hint. To find encrypted files in the oc_filecache table the correct SQL statement would be SELECT COUNT(*) FROM oc_filecache WHERE encrypted > 0;. The encrypted field is actually an int that is used to denote the version number of the encrypted file. Therefore files with multiple version would have a value that is greater than one.