Decrypt-all fails OC 10.6

Steps to reproduce

  • Login to server backend,and go to /var/www/owncloud folder
  • execute command “sudo -u www-data php occ maintenance:singleuser --on”
  • execute command “sudo -u www-data php occ encryption:decrypt-all --continue=yes --method=recovery ”

Expected behaviour

Tell us what should happen: Decrypts all files

Actual behaviour

Tell us what happens instead:

Disable server side encryption… done.

You are about to start to decrypt all files stored in your ownCloud.
It will depend on the encryption module and your setup if this is possible.
Depending on the number and size of your files this can take some time
Please make sure that no user access his files during this process!

prepare encryption modules…

Prepare “Default encryption module”

Configuring encryption module for decryption with user based keys
Attempting to use recovery key from environment: OC_RECOVERY_PASSWORD

In DecryptAll.php line 204:

Invalid credentials provided

encryption:decrypt-all [-m|–method [METHOD]] [-c|–continue [CONTINUE]] [–] []

Server configuration

Operating system: Linux Gentoo

Web server: Apache 2.4.46

Database: mysql 8.0.22

PHP version: 7.3

ownCloud version: (see ownCloud admin page)

Updated from an older ownCloud or fresh install: Updated

Where did you install ownCloud from:

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
paste the results into and puth the link here.

The content of config/config.php:

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.


If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.

“system”: {
“instanceid”: “ocexnod811re”,
“passwordsalt”: “REMOVED SENSITIVE VALUE”,
“datadirectory”: “/mnt/data/owncloud_data”,
“token_auth_enforced”: false,
“dbtype”: “mysql”,
“version”: “”,
“dbname”: “owncloud”,
“dbhost”: “localhost”,
“dbtableprefix”: “oc_”,
“logtimezone”: “UTC”,
“installed”: true,
“memcache.local”: “\OC\Memcache\Redis”,
“redis”: {
“host”: “localhost”,
“port”: 6379
“memcache.locking”: “\OC\Memcache\Redis”,
“mail_from_address”: “REMOVED SENSITIVE VALUE”,
“mail_smtpmode”: “smtp”,
“maintenance”: false,
“loglevel”: 3,
“singleuser”: true,
“data-fingerprint”: “6f83826b2ca129ae48ed4c6700357df7”,
“theme”: “”,
“mail_smtpauthtype”: “LOGIN”,
“mail_smtpauth”: 1,
“mail_smtphost”: “REMOVED SENSITIVE VALUE”,
“mail_smtpport”: “587”,
“mail_smtpname”: “REMOVED SENSITIVE VALUE”,
“mail_smtppassword”: “REMOVED SENSITIVE VALUE”,
“mail_smtpsecure”: “tls”

List of activated apps:

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.


  • audioplayer: 2.8.4
  • brute_force_protection: 1.1.0
  • calendar: 1.6.4
  • comments: 0.3.0
  • configreport: 0.2.0
  • contacts: 1.5.5
  • dav: 0.6.0
  • encryption: 1.4.0
  • federatedfilesharing: 0.5.0
  • federation: 0.1.0
  • files: 1.5.2
  • files_external: 0.7.1
  • files_mediaviewer: 1.0.4
  • files_sharing: 0.14.0
  • files_versions: 1.3.0
  • firstrunwizard: 1.2.0
  • gallery: 16.1.1
  • impersonate: 0.5.0
  • market: 0.6.0
  • music: 0.17.3
  • notes: 2.0.6
  • notifications: 0.5.2
  • search_elastic: 1.0.0
  • activity
  • admin_audit
  • announcementcenter
  • customgroups
  • enterprise_key
  • external
  • files_antivirus
  • files_classifier
  • files_external_dropbox
  • files_external_ftp
  • files_ldap_home
  • files_lifecycle
  • files_pdfviewer
  • files_texteditor
  • files_trashbin
  • firewall
  • graphapi
  • guests
  • oauth2
  • openidconnect
  • password_policy
  • provisioning_api
  • ransomware_protection
  • sharepoint
  • systemtags
  • systemtags_management
  • templateeditor
  • theme-enterprise
  • updatenotification
  • user_external
  • user_ldap
  • user_shibboleth
  • windows_network_drive
  • wopi
  • workflow

Are you using external storage, if yes which one: none

Are you using encryption: yes

Are you using an external user-backend, if yes which one: none

Client configuration


Operating system:


Web server error log

Insert your webserver log here

ownCloud log (data/owncloud.log)

Insert your ownCloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...

Hello Chris,

The error message says that you have provided invalid credentials.

Can you check if you entered the correct credentials ?