Can't decrypt files

Steps to reproduce

1.Files was uploaded from owncloud client 2.5.4 (ubuntu 18.04) (from user1)
2. After was sync with new pc (from user1)
2. We have trouble with “too many open files”
3. Change password for user1 from db
4. Change password for user1 from web admin -> users -> change password
5. After was sync with new pc by owncloud client 2.5.4 (from user1) multikeydecrypt with share key faild (no start line)

Expected behaviour

We must open files or sync without errors.

Actual behaviour

We can not open files and get the following errors:

  1. 0906D06C:PEM routines:PEM_read_bio:no start line
  2. 0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length
  3. 04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed
  4. 0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error

Server configuration

Operating system: CentOS7 3.10.0-957.12.2.el7.x86_64

Web server: Apache/2.4.6 (CentOS)

Database: 5.5.60-MariaDB MariaDB Server

PHP version: PHP 7.2.19

ownCloud version: 10.0.10 (stable)

Updated from an older ownCloud or fresh install:

Where did you install ownCloud from: official site

List of activated apps:

Default encryption module ( Bjoern Schiessle, Clark Tomlinson )

Are you using encryption: yes

Client configuration

Browser: Firefox 69.0.1

Operating system: Ubuntu 18.04

When you open a topic in the server category, there is a template that needs to be filled out. This is to ensure that no information is missing and we can help you as fast as possible. Please fill out the template and post it here.

Also your error messages are not helpful without context, we need to know what steps you take to get these errors, so we can reproduce it and then tell you what is wrong. But all of this is part of the template, so please fill it out.



I add information to my post

1 Like

Some additional questions:

Where do you see this error message?

Not sure what you mean with “db”? Do you mean LDAP?

Where exactly do you see these messages? WebUI, owncloud sync client, owncloud.log?


We have trouble with “too many open files”

16T15:12:36+00:00",“remoteAddr”:"",“user”:"–",“app”:“PHP”,“method”:"–",“url”:"–",“message”:“fopen(/var/www/disk/data/user1/files/sometime_used/code/php/mm.web/config/AS/AS12476): failed to open stream: Too many open files at /var/www/disk/lib/private/Files/Storage/Local.php#298”}

We solve this problem with editing next config /etc/security/limits.conf

apache soft nofile 500000
apache hard nofile 500000
mysql soft nofile 500000
mysql hard nofile 500000

I mean that we open mariadb then change users password in table oc_users

Change password for user1 from db

I mean that we open mariadb then change users password in table oc_users. Not from WebUI

We can not open files and get the following errors:


In owncloud sync client we see next multikeydecrypt with share key faild (no start line)

So I guess you’re trying to change the user password of a user who has user based encryption enabled.

If the user has lost the password and you don’t have recovery keys enabled you won’t be able to access the files on the server.

If the user still knows the password they can log into the ownCloud WebUI and change the master password of the encryption key, by entering the old AND the new password.

If you have recovery key enabled you can disable user based encryption with it and then re-enable it with a new key and the new password.

More information in the docs:

Please read the docs carefully.

1 Like

Can you tell me how manually
decrypt the file key using
recovery key?

root@ubuntu1804:/var/www/owncloud# occ encryption:decrypt-all --help
  encryption:decrypt-all [options] [--] [<user>]

  user                       User for whom you want to decrypt all files (optional). [default: ""]

  -m, --method[=METHOD]      Use recovery or password. If recovery method is chosen then the recovery password will be used to decrypt files. If password method is chosen then individual user passwords will be used to decrypt files.

You might have to run the occ command on your machine with sudo, php -f and the full path to the occ executable.

1 Like

When use occ, we were able to partially decrypt the files, but a large number of files could not be restored.

We are trying to decrypt the file key and the file itself using the source code of the ownCloud service and the openssl library functions for php.

  1. We managed to get the user’s private key.

  2. When trying to decrypt filekey via function openssl_open using sharedkey
    0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error

  3. We also tried to use a bunch of functions

  • openssl_private_decrypt (to get the RC4 key)

  • openssl_decrypt (to decrypt filekey)

    However, we were not able to get the RC4 key, by a similar error
    0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error

For each file, we have recoverykey, but the method described above for obtaining filekey did not give us results, even when using master private key.

How to decrypt filekey using recovery key, openssl functions, class Crypt (from owncloud source files)?

Can you tell me what I need to add in order to get more information about my problem?

Can anybody help?

Sorry, don’t know. Perhaps there is some openssl support forum/irc somewhere?

Hi, i am hitting the same error. Exactly the same. Would you care telling what happened in your case. My email id is tushar dot sharma dot 9 at gmail dot com

The owncloud community is not able to help in this case.

the error-message
Can’t read file multikeydecrypt with share key failed:error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error
appeared after I added a few new users. Another error-message while trying to open an pdf-file was
Unexpected server response (503) while retrieving PDF path-to-pdf-file
None of the new users was able to access any of the files in the group share, but any older users could.
And i didn’t found anything here in the forum to solve my problem.
Because I think, the real problem, that I didn’t found a solution isn’t, that there isn’t a solution, but that other who solved this/their problem, don’t came back to let others know how they did, here is how I solved it:
In I found this:
For individual shares, un-share and re-share the file. For group shares, share with any individuals who can’t access the share. This updates the encryption, and then the share owner can remove the individual shares..
So I added one of the new users as an individual to the shared folder. After it has been finished, I removed the single user, so the shared folder is again shared only by the group. But now all of the new users have access to the shared folder.
I hope this will help someone in the future.

1 Like