notes icon indicating copy to clipboard operation
notes copied to clipboard

Published 20 hours ago verified publisher icon nextcloud

Legacy cipher is no longer supported

Open kylespencer opened this issue 1 year ago • 2 comments

Nextcloud Notes (and/or the associated Android app) appears to be generating files using a legacy cipher that Nextcloud no longer supports when server-side encryption is enabled.

After using Notes via both the web and mobile application (with a poor quality Internet connection) some note files are no longer accessible via Nextcloud. Attempts to access or synchronize the affected files (via a device client) fail with the following error:

Legacy cipher is no longer supported!

I have not yet determined the steps to reliably reproduce this problem, but I wanted to share this observation in case others have encountered this problem and can provide more information.

  • Notes app version: 4.1.0 (may have also been the immediate prior version)
  • Nextcloud version: 27.1.4

I am also posting this issue in https://github.com/nextcloud/notes-android/issues/1955 in case the problem stems from the Android application.

kylespencer avatar Dec 14 '23 00:12 kylespencer

I've reproduced this on Nextcloud 28.0.1 using the Nextcloud Notes app 4.1.0.

OffensiveTitle avatar Jan 20 '24 00:01 OffensiveTitle

I seemed to have fixed this by running:

sudo -u www-data ./path_to_nextcloud_root/occ encryption:scan:legacy-format
sudo -u www-data ./path_to_nextcloud/occ php trashbin:cleanup --all-users
sudo -u www-data ./path_to_nextcloud_root/occ versions:cleanup

And setting 'encryption.legacy_format_support' => true, in config.php in nextcloud/config (Tested this as of Jan 19, 2024)

Explanation: Legacy cipher is (for some reason?) used by the Nextcloud Notes app, this does not include headers which the new encryption module does; as a result you get the error Legacy cipher is no longer supported!.

sudo -u www-data run the command as your web user (I'm using Debian, so forks like Ubuntu should have the same name). occ encryption:scan:legacy-format scans your files to find any that do not have proper headers. While running this if anything comes up like: /your_username/random_file.vXXX does not have a proper header This means that you have legacy encrypted files. occ php trashbin:cleanup --all-users this empties the users trashbins which may still hold old legacy files. occ versions:cleanup this cleans and updates the old legacy files.

Setting encryption.legacy_format_support' => true, in config.php in nextcloud/config adds legacy encryption support back. (Otherwise it's probably best to keep it off)

If I've made a mistake please correct me.

OffensiveTitle avatar Jan 20 '24 01:01 OffensiveTitle