nextcloud
E2EE Internal Error for iOS, PC/Mac works fine
How to use GitHub
- Please use the 👍 reaction to show that you are affected by the same issue.
- Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
- Subscribe to receive notifications on status change and new comments.
Steps to reproduce
- Enable Serverside Encryption and E2EE
- Enable on either Mac, Linux or Windows to generate a 12 word mnemonic
- Input the 12 word mnemonic into the iOS client when enabling E2EE
Expected behaviour
For E2EE to be enabled. Worked perfectly on my Mac and Windows Client
Actual behaviour
It comes up with "Internal Error" see screenshot below
Logs
Nextcloud https://pastebin.ubuntu.com/p/2vXRgnD2QK/
root@d7b5659d53a7:/# occ app:list
Enabled:
- activity: 4.0.0
- app_api: 5.0.2
- bruteforcesettings: 4.0.0
- circles: 31.0.0-dev.0
- cloud_federation_api: 1.14.0
- comments: 1.21.0
- contactsinteraction: 1.12.0
- dashboard: 7.11.0
- dav: 1.33.0
- encryption: 2.19.0
- end_to_end_encryption: 1.17.0
- federatedfilesharing: 1.21.0
- federation: 1.21.0
- files: 2.3.1
- files_downloadlimit: 4.0.0
- files_external: 1.23.0
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- firstrunwizard: 4.0.0
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- music: 2.1.2
- nextcloud_announcements: 3.0.0
- notifications: 4.0.0
- oauth2: 1.19.1
- password_policy: 3.0.0
- photos: 4.0.0-dev.1
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- recommendations: 4.0.0
- related_resources: 2.0.0
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- support: 3.0.0
- survey_client: 3.0.0
- systemtags: 1.21.1
- text: 5.0.0
- theming: 2.6.1
- twofactor_backupcodes: 1.20.0
- updatenotification: 1.21.0
- user_status: 1.11.0
- viewer: 4.0.0
- weather_status: 1.11.0
- webhook_listeners: 1.2.0
- whiteboard: 1.0.5
- workflowengine: 2.13.0
Disabled:
- admin_audit: 1.21.0
- documentserver_community: 0.1.20 (installed 0.1.20)
- onlyoffice: 9.6.0 (installed 9.6.0)
- richdocuments: 8.6.1 (installed 8.6.1)
- suspicious_login: 9.0.1
- twofactor_nextcloud_notification: 5.0.0
- twofactor_totp: 13.0.0-dev.0
- user_ldap: 1.22.0
iOS Console https://pastebin.ubuntu.com/p/VBBxDT6fP4/
Reasoning or why should it be changed/implemented?
It would be really important for security and privacy reasons
Environment data
iOS version: e.g. iOS 17.6.1 iOS 18.3.1 Nextcloud iOS app version: see More > Settings Nextcloud 6.2.7 Server operating system: Ubuntu Server 24.04.2 LTS Noble Web server: Apache, nginx NGinx version 1.26.2 Database: MariaDB version “11.7.2-MariaDB-ubu2404” PHP version: I don't know, installed via docker compose Nextcloud version: see Nextcloud admin page Nextcloud Hub 10 (31.0.0)
I believe the app is buggy as on my desktop clients it works absolutely fine, and I have tested the E2EE on a web browser on my iPhone and it worked fine as well. I have Tailscale VPN with HTTPS enabled giving me the ability to have a valid LE certificate.
please update to last version of Nextcloud iOS, now 6.4.0, then, if error, please post the iOS Communication.log
Perhaps this is an issue of the MacOS client. I got the same errors over and over on both iOS (6.6.0) and Android (3.31.1) with E2EE set up by the latest MacOS client (3.16.3). I finally set up E2EE with the iOS client, and now, E2EE works (seemingly?) in all three clients.
this problem still exists on latest IOS Client (6.6.2.2). I just deployed a new Hetzner Storage Share. No Serverside Encryption. Installed End-2-End as Admin, enabled for one of my users. Macos Client works fine and sets mnenomic. Afterwards, trying to enable E2E in the IOS App results in error seen in the screenshot above.
EDIT:
Doing it the other way around works! Start E2E in IOS and re-use the mneomic in macos = no error. start in mac and try to use in IOS = error
EDIT:
Doing it the other way around works! Start E2E in IOS and re-use the mneomic in macos = no error. start in mac and try to use in IOS = error
Can confirm, reset key, and initiate from iOS, thank you AlectoTheFirst and eastwindow 👊
Doing it the other way around works! Start E2E in IOS and re-use the mneomic in macos = no error. start in mac and try to use in IOS = error
I can not confirm that this fixes it. I created the mnemonic passphrase through the iOS app but I'm still struggeling with the issue
The issue still exists in the current version of the iOS client 6.6.6.0. It should work no matter where the key was created, so are there any ideas how to fix this?
for whatever reason security and user experience does not seem to have any priority...
I updated it to the recent version, it activates but when I access my files, it just shows alphanumerical sequences and blank files instead of my documents. And then says internal error? It worked before I'm really confused what happened in-between haha
{"reqId":"18YIwOpdqeqDDXBM3Nrd","level":0,"time":"2025-07-15T23:03:34+00:00","remoteAddr":"IP Address","user":"Myname","app":"bruteForce","method":"GET","url":"/ocs/v1.php/cloud/capabilities","message":"The loading of lazy AppConfig values have been triggered by app \"bruteForce\"","userAgent":"Mozilla/5.0 (iOS) Nextcloud-iOS/7.0.2","version":"31.0.7.1","exception":{"Exception":"RuntimeException","Message":"The loading of lazy AppConfig values have been triggered by app \"bruteForce\"","Code":0,"Trace":[{"file":"/app/www/public/lib/private/AppConfig.php","line":1193,"function":"loadConfig","class":"OC\\AppConfig","type":"->"},{"file":"/app/www/public/lib/private/AppConfig.php","line":106,"function":"loadConfigAll","class":"OC\\AppConfig","type":"->"},{"file":"/app/www/public/lib/private/Security/Ip/BruteforceAllowList.php","line":39,"function":"getKeys","class":"OC\\AppConfig","type":"->"},{"file":"/app/www/public/lib/private/Security/Bruteforce/Throttler.php","line":86,"function":"isBypassListed","class":"OC\\Security\\Ip\\BruteforceAllowList","type":"->"},{"file":"/app/www/public/lib/private/Security/Bruteforce/Throttler.php","line":112,"function":"isBypassListed","class":"OC\\Security\\Bruteforce\\Throttler","type":"->"},{"file":"/app/www/public/lib/private/Security/Bruteforce/Throttler.php","line":129,"function":"getAttempts","class":"OC\\Security\\Bruteforce\\Throttler","type":"->"},{"file":"/app/www/public/lib/private/Security/Bruteforce/Capabilities.php","line":29,"function":"getDelay","class":"OC\\Security\\Bruteforce\\Throttler","type":"->"},{"file":"/app/www/public/lib/private/CapabilitiesManager.php","line":61,"function":"getCapabilities","class":"OC\\Security\\Bruteforce\\Capabilities","type":"->"},{"file":"/app/www/public/core/Controller/OCSController.php","line":70,"function":"getCapabilities","class":"OC\\CapabilitiesManager","type":"->"},{"file":"/app/www/public/lib/private/AppFramework/Http/Dispatcher.php","line":200,"function":"getCapabilities","class":"OC\\Core\\Controller\\OCSController","type":"->"},{"file":"/app/www/public/lib/private/AppFramework/Http/Dispatcher.php","line":114,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/app/www/public/lib/private/AppFramework/App.php","line":161,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/app/www/public/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/app/www/public/ocs/v1.php","line":49,"function":"match","class":"OC\\Route\\Router","type":"->"}],"File":"/app/www/public/lib/private/AppConfig.php","Line":1208,"message":"The loading of lazy AppConfig values have been triggered by app \"bruteForce\"","exception":{},"CustomMessage":"The loading of lazy AppConfig values have been triggered by app \"bruteForce\""}}
{"reqId":"69oC250XysdKoI73wxwH","level":0,"time":"2025-07-15T23:03:34+00:00","remoteAddr":"IP Address","user":"Myname","app":"bruteForce","method":"GET","url":"/ocs/v1.php/cloud/capabilities","message":"The loading of lazy AppConfig values have been triggered by app \"bruteForce\"","userAgent":"Mozilla/5.0 (iOS) Nextcloud-iOS/7.0.2","version":"31.0.7.1","exception":{"Exception":"RuntimeException","Message":"The loading of lazy AppConfig values have been triggered by app \"bruteForce\"","Code":0,"Trace":[{"file":"/app/www/public/lib/private/AppConfig.php","line":1193,"function":"loadConfig","class":"OC\\AppConfig","type":"->"},{"file":"/app/www/public/lib/private/AppConfig.php","line":106,"function":"loadConfigAll","class":"OC\\AppConfig","type":"->"},{"file":"/app/www/public/lib/private/Security/Ip/BruteforceAllowList.php","line":39,"function":"getKeys","class":"OC\\AppConfig","type":"->"},{"file":"/app/www/public/lib/private/Security/Bruteforce/Throttler.php","line":86,"function":"isBypassListed","class":"OC\\Security\\Ip\\BruteforceAllowList","type":"->"},{"file":"/app/www/public/lib/private/Security/Bruteforce/Throttler.php","line":112,"function":"isBypassListed","class":"OC\\Security\\Bruteforce\\Throttler","type":"->"},{"file":"/app/www/public/lib/private/Security/Bruteforce/Throttler.php","line":129,"function":"getAttempts","class":"OC\\Security\\Bruteforce\\Throttler","type":"->"},{"file":"/app/www/public/lib/private/Security/Bruteforce/Capabilities.php","line":29,"function":"getDelay","class":"OC\\Security\\Bruteforce\\Throttler","type":"->"},{"file":"/app/www/public/lib/private/CapabilitiesManager.php","line":61,"function":"getCapabilities","class":"OC\\Security\\Bruteforce\\Capabilities","type":"->"},{"file":"/app/www/public/core/Controller/OCSController.php","line":70,"function":"getCapabilities","class":"OC\\CapabilitiesManager","type":"->"},{"file":"/app/www/public/lib/private/AppFramework/Http/Dispatcher.php","line":200,"function":"getCapabilities","class":"OC\\Core\\Controller\\OCSController","type":"->"},{"file":"/app/www/public/lib/private/AppFramework/Http/Dispatcher.php","line":114,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/app/www/public/lib/private/AppFramework/App.php","line":161,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/app/www/public/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/app/www/public/ocs/v1.php","line":49,"function":"match","class":"OC\\Route\\Router","type":"->"}],"File":"/app/www/public/lib/private/AppConfig.php","Line":1208,"message":"The loading of lazy AppConfig values have been triggered by app \"bruteForce\"","exception":{},"CustomMessage":"The loading of lazy AppConfig values have been triggered by app \"bruteForce\""}}
{"reqId":"xhGFL3V4uJmBxWZTTclr","level":0,"time":"2025-07-15T23:03:37+00:00","remoteAddr":"IP Address","user":"Myname","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/end_to_end_encryption/api/v2/meta-data/00041948ocrs2djv6w7x","message":"OCA\\EndToEndEncryption\\Controller\\MetaDataController::getMetaData uses the @NoAdminRequired annotation and should use the #[OCP\\AppFramework\\Http\\Attribute\\NoAdminRequired] attribute instead","userAgent":"Mozilla/5.0 (iOS) Nextcloud-iOS/7.0.2","version":"31.0.7.1","data":[]}
{"reqId":"xhGFL3V4uJmBxWZTTclr","level":0,"time":"2025-07-15T23:03:37+00:00","remoteAddr":"IP Address","user":"Myname","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/end_to_end_encryption/api/v2/meta-data/00041948ocrs2djv6w7x","message":"OCA\\EndToEndEncryption\\Controller\\MetaDataController::getMetaData uses the @NoAdminRequired annotation and should use the #[OCP\\AppFramework\\Http\\Attribute\\NoAdminRequired] attribute instead","userAgent":"Mozilla/5.0 (iOS) Nextcloud-iOS/7.0.2","version":"31.0.7.1","data":[]}
That's basically code in my log relating to anything recently regarding E2EE
The only solution is to create a 12-word passphrase on iOS for those who have this phone. Then import the passphrase on Android and Mac/Windows. Everything works except on iOS, which generates another error when accessing the folder. 98004 error
As highlighted in this GitHub issue.
https://github.com/nextcloud/ios/issues/3587
and
https://github.com/nextcloud/ios/issues/3622
The thing I hate is that this feature could be convenient, but they don't do cross-platform verification tests with every update. How stupid!
