After password reset - Data not Viewable (invalid private key)

user_management
encryption
9.1.x

#1

Hello OC Community,

i have the problem, that one of my Users has forgot his password, so i have reset his password. After he is logging in he gets the Message "Invalid private key for Encryption App. Please update your private key password in your personal settings to recover access to your encrypted files." and he cant view any of his files. I found that he can update his Private Key Password in his Personal area, but he forgot is Old log.in password, so how can he gain access to his files? Any Ideas?

Steps to reproduce
1. Create User (or use existing one)
2. Reset his password as administrator
3. Try to login the users account and View any files.
4. Massage: "Invalid private key for Encryption App. Please update your private key password in your personal settings to recover access to your encrypted files." appeares.

Expected behaviour
Normally it should work fine to reset a users password and access all files after the login.

Actual behaviour
He cant access the files because of an invalid private key

Server configuration
Operating system: Debian Linux 8
Web server: apache 2.4
Database: MySQL 5.5
PHP version: 5.6
ownCloud version (see ownCloud admin page): 9.1.4
Updated from an older ownCloud or fresh install: Originally installed with 9.1
Special configuration (external storage, external authentication, reverse proxy, server-side-encryption): server-side-encryption with default module

ownCloud log (data/owncloud.log)

Please paste possible errors in the following code block, see https://central.owncloud.org/t/how-to-find-webserver-or-oc-logfile-enable-php-logfile/808 for more info

{"reqId":"nyBAoNjahfDfpvVjX5vJ","remoteAddr":"88.134.177.122","app":"DeleteOrphanedItems","message":"0 orphaned system tag relations deleted","level":0,"time":"2017-03-30T08:17:07+02:00","method":"GET","url":"\/owncloud\/cron.php","user":"--"}
{"reqId":"nyBAoNjahfDfpvVjX5vJ","remoteAddr":"88.134.177.122","app":"DeleteOrphanedItems","message":"0 orphaned user tag relations deleted","level":0,"time":"2017-03-30T08:17:07+02:00","method":"GET","url":"\/owncloud\/cron.php","user":"--"}
{"reqId":"nyBAoNjahfDfpvVjX5vJ","remoteAddr":"88.134.177.122","app":"DeleteOrphanedItems","message":"0 orphaned comments deleted","level":0,"time":"2017-03-30T08:17:07+02:00","method":"GET","url":"\/owncloud\/cron.php","user":"--"}
{"reqId":"nyBAoNjahfDfpvVjX5vJ","remoteAddr":"88.134.177.122","app":"DeleteOrphanedItems","message":"0 orphaned comment read marks deleted","level":0,"time":"2017-03-30T08:17:07+02:00","method":"GET","url":"\/owncloud\/cron.php","user":"--"}
{"reqId":"vGL+O5U4OaVxCnVqdZrh","remoteAddr":"88.134.177.122","app":"no app in context","message":"Could not decrypt the private key from user \"Yusuf\"\" during login. Assume password change on the user back-end. Error message: Bad Signature","level":2,"time":"2017-03-30T08:17:52+02:00","method":"POST","url":"\/owncloud\/index.php\/login?user=Yusuf","user":"Yusuf"}
{"reqId":"\/iJtHIuvg1lckdNQud8t","remoteAddr":"88.134.177.122","app":"DeleteOrphanedSharesJob","message":"0 orphaned share(s) deleted","level":0,"time":"2017-03-30T08:21:05+02:00","method":"GET","url":"\/owncloud\/cron.php","user":"--"}

Integrity status for oC9+

No errors have been found.

I hope you can Help me. Some more Information:

The Files the user accesses is mostly shared by Admin. (we have a "School" Folder for Documents and stuff).
Example:
User "Admin" has shared the folder "School" with read access to multiple users. One of the users, "Yusuf", forgot his password, so i reset it. After he logs in, he says he has the invalid private key message.

I already searcher for a way to create a new private key for the user.
In occ i rescanned all files, and i started a migrate. Not sure if this can solve such a problem.

Thank you very much!

If you have any further question, just ask them.

Greetings, Towerplease!


#2

Dokumentation on how to handle this is available at the documentation [1]. If no recovery key was set and the user forgot the password then the files are lost as explained there.

[1] https://doc.owncloud.org/server/latest/admin_manual/configuration_files/encryption_configuration.html#how-to-enable-users-file-recovery-keys


#3

Thank you very much for your answer.

Is it possible to get access to the shared files when i try to disable the encryption module and decrypt everything?

Greetings!