documentation icon indicating copy to clipboard operation
documentation copied to clipboard
verified publisher icon nextcloud

Encryption Migration - "occ encryption:scan:legacy-format" No Longer Available?

Open b0ssi opened this issue 5 years ago • 11 comments

Nextcloud Server Version: 20.0.3

After a recent upgrade to 20.0.3 I attempted to follow advise given in Settings -> Administration -> Overview -> Security & Setup Warnings:

The old server-side-encryption format is enabled. We recommend disabling this. For more details see the documentation.

The linked docs refer to a command that doesn't seem to be available (any more?):

occ encryption:scan:legacy-format

b0ssi avatar Dec 15 '20 15:12 b0ssi

That command works fine. The docs don't explain how to migrate, however.

thomwiggers avatar Dec 21 '20 11:12 thomwiggers

(note that you should run ./occ encryption:scan:legacy-format, and not run ./occ occ encryption:scan:legacy-format which was a mistake I made)

thomwiggers avatar Dec 21 '20 11:12 thomwiggers

It doesn't work for me:

$ php occ encryption:scan:legacy-format

There are no commands defined in the "encryption:scan" namespace.

Did you mean this? encryption

Nextcloud-20.0.4 php-7.3

Am I missing anything obvious?

b0ssi avatar Dec 21 '20 11:12 b0ssi

It turns out that if you don't have the encryption plugin enabled, this message is present.

thomwiggers avatar Dec 21 '20 12:12 thomwiggers

See https://github.com/nextcloud/server/issues/24681

thomwiggers avatar Dec 21 '20 12:12 thomwiggers

Good observation, thanks. It's not intuitive but makes sense technically and I can reproduce that behavior on my end. It might be of help to add a note about this detail to that documentation page.

b0ssi avatar Dec 21 '20 13:12 b0ssi

@b0ssi @thomwiggers From the documentation I gather I should a) check if I can remove the legacy encryption mode b) if I can, remove it by editing config.php

To be able to check, should I activate (again) the End-to-End Encryption app (or is it another app)? And/Or, do you know if I do not need to check, and can I just safely proceed with b (editing config.php)?

keunes avatar Feb 10 '21 19:02 keunes

@keunes iirc it's the Default encryption module (built-in I believe) that @thomwiggers is also referring to. Turned out it needs to be enabled to run the check in the subject of this issue (otherwise getting said error - cmd unavailable).

b0ssi avatar Feb 11 '21 03:02 b0ssi

@b0ssi Thanks for the reply. The thing is: I was wondering whether the End-to-End Encryption app I linked to earlier - which I found in my installation's app store - is actually is the same as the encryption app that @thomwiggers referred to - which, given it's deprecated, might not be in my installation's app store any-more.

I'm hesitant to install the above 'End-to-End Encryption' app linked above because I'm not sure it's the same as what was installed before (thus what I'd need to activate again), and I don't want to accidentally create additional (potential future) issues.

EDIT

Still don't know if if both apps I referred to above are the same. But I just ran occ app:enable encryption and then occ encryption:scan:legacy-format and all seems fine, so I deactivated legacy support. Sorry for the tags, and thanks again for chipping in!

keunes avatar Feb 17 '21 22:02 keunes

Hi @keunes, not a problem. I don't think you'd need to worry about the End-to-End Encryption app. It's distinct from the Encryption app, which is server-side only (I'm fairly certain, but if maybe someone from the team can confirm). For me, just enabling the Encryption app again temporarily to run the scan worked just fine. Hope it helped!

b0ssi avatar Feb 18 '21 01:02 b0ssi

It''s a bit weird, see my comment here, bug or not?

https://github.com/nextcloud/server/issues/24681#issuecomment-823560046

shelterx avatar Apr 20 '21 20:04 shelterx