core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon owncloud

I cant disable encryption

Open joancefet opened this issue 4 years ago • 20 comments

image

Steps to reproduce

sudo -u www-data php occ maintenance:singleuser --on sudo -u www-data php occ encryption:decrypt-all sudo -u www-data php occ encryption:disable

Expected behaviour

Disable Encryption

Actual behaviour

The system still have encrypted files. Please decrypt them all before disabling encryption.

Server configuration

Operating system: Ubuntu 20.04.2 LTS

Web server: Apache 2.4.41

Database: 10.3.25-MariaDB-0ubuntu0.20.04.1 Ubuntu 20.04

PHP version: 7.4.3

ownCloud version: (see ownCloud admin page) version | 10.6.0.5 versionstring | 10.6.0 edition | Community

Technical information

The following list covers which files have failed the integrity check. Please read the previous linked documentation to learn more about the errors and how to fix them.

Results

  • nordestao
    • EXCEPTION
      • OC\IntegrityCheck\Exceptions\MissingSignatureException
      • Signature data not found.

Raw output

Array ( [nordestao] => Array ( [EXCEPTION] => Array ( [class] => OC\IntegrityCheck\Exceptions\MissingSignatureException [message] => Signature data not found. )

    )

)

joancefet avatar Mar 27 '21 13:03 joancefet

any help?

joancefet avatar Apr 08 '21 12:04 joancefet

Gonna sound stupid but did you try rebooting the server?

dotlineX avatar Apr 15 '21 20:04 dotlineX

Gonna sound stupid but did you try rebooting the server?

Hi, Thanks for your answer!

Do you speak the operating system or just the apache/owncload server?

I have restarted apache/owncload several times, but the OS has not yet, I will try this.

joancefet avatar Apr 15 '21 20:04 joancefet

The OS has been restarted, but the problem persists.

joancefet avatar Apr 16 '21 21:04 joancefet

Didn't expect much, but hey you tried. Did you check if everything was indeed decrypted? Maybe the server gets stuck somewhere and spits out this error. Don't know really I'm not a programmer.

dotlineX avatar Apr 16 '21 22:04 dotlineX

@joancefet could you share owncloud.log file after running decrypt-all command?

karakayasemi avatar Apr 16 '21 23:04 karakayasemi

@joancefet could you share owncloud.log file after running decrypt-all command?

Yes sure. Thank you for your help.

owncloudprincipals.log

joancefet avatar Apr 17 '21 15:04 joancefet

Sorry, could not see any error log about encryption.

karakayasemi avatar Apr 18 '21 12:04 karakayasemi

Closing for now, If this is still an issue, please reopen

AlexAndBear avatar Sep 29 '21 12:09 AlexAndBear

I have the same issue. all files could be decrypted successfully!

Still The system still have encrypted files. Please decrypt them all before disabling encryption.

See: https://i.postimg.cc/yxtSCXsK/owncloud.png

When I disable maintenance mode, I am able to browse my files. In the settings I see, that the default encryption module is still enabled.

I went back to maintenance mode for now and added no files.

Maybe interesting. My owncloud.log is full of: {"reqId":"XXXXXXXXXXXXXXXXXXXX","level":2,"time":"2021-10-12T19:57:21+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"--","url":"--","message":"Encryption module \"\" not found, file will be stored unencrypted (Default encryption module not loaded)"}




Edit: Ignore the following. Still was in single user mode.

In addition, my files are not accessible any more. No folder/data structure in my Files section. See: https://i.postimg.cc/FHsYzHs8/owncloud2.png

jank04 avatar Oct 12 '21 20:10 jank04

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 10 days if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Apr 11 '22 01:04 github-actions[bot]

Version: 10.9.1.2 - Problem still exists. Encryption can not be turned off.

all files could be decrypted successfully!

and then:

The system still has encrypted files. Please decrypt them all before disabling encryption.

Screenshot 1 Screenshot 2

jank04 avatar Apr 17 '22 15:04 jank04

Version: 10.9.1.2 - Problem still exists. Encryption can not be turned off.

all files could be decrypted successfully!

and then:

The system still has encrypted files. Please decrypt them all before disabling encryption.

Screenshot 1 Screenshot 2

Version: 10.9.1.2 - I had the same problem with my ownCloud instance.

I found a tricky solution that could be useful for you.

EDIT: Works only for user-key based encryption

Prerequisite:

  1. Access to occ via terminal
  2. Recovery key or every user password for each account (if user-key is used)
  3. (OPTIONAL BUT RECOMMENDED) Make a backup of your owncloud DB and data directory
  4. (EDIT) User-key based encryption enabled

If you meet the prerequisites, follow the following steps:

  1. Put the server in single user mode in order to prevent user to access their files using sudo -u www-data php occ maintenance:singleuser --on
  2. Launch sudo -u www-data php occ encryption:decrypt-all username for EVERY user in your ownCloud instance (where username is the username of the user to decrypt)
  3. Make sure that all user had their files decrypted (maybe via manual inspection or something else)
  4. Now the tricky part, since sudo -u www-data php occ encryption:disable does not work, launch sudo -u www-data php occ encryption-decrypt all
  5. Reach the point where the server asks for the first user password and then do CTRL+C to terminate the command
  6. The encryption will be disabled

Bonus part: Since encryption is now disabled you need to clean the file-system and the DB from the old encryption data.

Connect to your DB and launch the following query into your owncloud DB: DELETE FROM oc_appconfig WHERE appid LIKE 'encryption'

Now reach your ownCloud data dir and delete the files_encryption folder and repeat this process for every user sub-folder.

Success! You have disabled encryption successfully!

Tested on my owncloud instance without problems.

Simi5599 avatar Apr 25 '22 16:04 Simi5599

Launch sudo -u www-data php occ encryption:decrypt-all username for EVERY user in your ownCloud instance (where username is the username of the user to decrypt)

I have done this, but still: all files could be decrypted successfully! Server side encryption remains enabled

Reach the point where the server asks for the first user password and then do CTRL+C to terminate the command

The server doesn't ask for a password, because the master key encryption is enabled, not the user specific.

Output:

sudo -u www-data php occ encryption:decrypt all Disable server side encryption... done. You are about to start to decrypt all files stored in all's account. It will depend on the encryption module and your setup if this is possible. Depending on the number and size of your files this can take some time Please make sure that no user accesses their files during this process! Do you really want to continue? (y/n) ^C

Settings on website are still reporting, that is is anabled.

Make sure that all user had their files decrypted (maybe via manual inspection or something else)

By random browsing trough the file system I can see all data unencrypted

I deleted the file_encryption folder in the user folder, also in the main data folder. But if I try to sudo -u www-data php occ encryption:disable the file_encryption folder comes back (including contents).

Maybe I should issue your sql query first, then delete the file_encryption folder and then run sudo -u www-data php occ encryption:disable?

jank04 avatar May 13 '22 13:05 jank04

You don't have to do sudo -u www-data php occ encryption:disable because it is already disabled. To check this you can do sudo -u www-data php occ encryption:status. Keep in mind that this is a work-around.

Simi5599 avatar May 13 '22 13:05 Simi5599

Okey, but sadly this workaround is not working for me.

root@www /var/www/owncloud # sudo -u www-data php occ encryption:decrypt all
Disable server side encryption... done.


You are about to start to decrypt all files stored in all's account.
It will depend on the encryption module and your setup if this is possible.
Depending on the number and size of your files this can take some time
Please make sure that no user accesses their files during this process!

Do you really want to continue? (y/n) ^C
root@www /var/www/owncloud #  sudo -u www-data php occ encryption:status
  - enabled: true
  - defaultModule: OC_DEFAULT_MODULE
root@www /var/www/owncloud #

jank04 avatar May 13 '22 13:05 jank04

Try by typing 'y' and doing crtl+c after while decrypting (you shouldn't lose any files because they are already decrypted but make a backup copy first). Sadly i used user-key encryption so this work-around worked for me

Simi5599 avatar May 13 '22 13:05 Simi5599

Makes no difference. Still enabled: true

But thanks for your contribution.

jank04 avatar May 13 '22 14:05 jank04

sorry it could not be useful for you, i am editing my original post specifying it works only for user-key based encryption

Simi5599 avatar May 13 '22 14:05 Simi5599

I finally got it! I am on version 10.10.0.3 now.

At first, make sure that there are indeed no more encrypted files! Even though all files in the browser, the OC client and on the server itself were accessable (unencrypted) there were some more hidden. Some were in the trashbin and even in the file versions! But these files were not identified by the encryption:decrypt-all output.

I was able to determine the files by querying the databse with SELECT * FROM oc_filecacheWHEREencrypted = '1'; There I found out, that there were some files left in trashbin and file-versions. I cleared the trashbin via webpage and the file versions with sudo -u www-data ./occ versions:cleanup.

I also deleted the files_encryption folders from every user folder in /data.

After that and sudo -u www-data php ./occ encryption:disable I got

root@www /var/www/owncloud #  sudo -u www-data php ./occ encryption:status
  - enabled: false
  - defaultModule: OC_DEFAULT_MODULE

I checked it also on the admin webpage, and indeed encryption is now disabled. Hope it helps.

I took a snapshot before I did this, might be useful, if you delete some files unintended. A backup is also never a bad idea.

jank04 avatar Jul 07 '22 20:07 jank04

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 10 days if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Jan 04 '23 01:01 github-actions[bot]

I finally got it! I am on version 10.10.0.3 now.

At first, make sure that there are indeed no more encrypted files! Even though all files in the browser, the OC client and on the server itself were accessable (unencrypted) there were some more hidden. Some were in the trashbin and even in the file versions! But these files were not identified by the encryption:decrypt-all output.

I was able to determine the files by querying the databse with SELECT * FROM oc_filecacheWHEREencrypted = '1'; There I found out, that there were some files left in trashbin and file-versions. I cleared the trashbin via webpage and the file versions with sudo -u www-data ./occ versions:cleanup.

I also deleted the files_encryption folders from every user folder in /data.

After that and sudo -u www-data php ./occ encryption:disable I got

root@www /var/www/owncloud #  sudo -u www-data php ./occ encryption:status
  - enabled: false
  - defaultModule: OC_DEFAULT_MODULE

I checked it also on the admin webpage, and indeed encryption is now disabled. Hope it helps.

I took a snapshot before I did this, might be useful, if you delete some files unintended. A backup is also never a bad idea.

Solved the issue! I used these commands after doing ./occ encryption:decrypt-all: ./occ versions:cleanup ./occ trashbin:cleanup

then:

./occ encryption:disable

And finally encryption has been disabled

MrRojano97 avatar Jan 11 '23 14:01 MrRojano97