Steps to reproduce
sudo -u apache php ./occ encryption:enable
sudo -u apache php ./occ encryption:decrypt-all
Expected behaviour
I’d expect all files to be decrypted
Actual behaviour
I’m sure this is old… the files seem to be base64 encoded rather than the newer binary which seems to have been decoded.
It seems the file is ignored and considered as being succesfully decrypted.
These did not get decoded
HBEGIN:cipher:AES-256-CFB:HEND
These got decoded:
HBEGIN:oc_encryption_module:OC_DEFAULT_MODULE:cipher:AES-256-CTR:signed:true:encoding:binary:HEND
Both have ----- padding 'till the 8192 mark.
$ file IMG_4180.JPG
IMG_4180.JPG: ASCII text, with very long lines (65536), with no line terminators
$ sha256sum IMG_4180.JPG
5ae05120363e8b5ab48b2993e4577495632f59d0f7fdaeaa7e027641e87e6abb IMG_4180.JPG
$ sudo -u apache php ./occ encryption:enable
Encryption enabled
Default module: OC_DEFAULT_MODULE
$ sudo -u apache php ./occ encryption:decrypt-all
Disable server side encryption... done.
You are about to start to decrypt all files stored in your ownCloud.
It will depend on the encryption module and your setup if this is possible.
Depending on the number and size of your files this can take some time
Please make sure that no user accesses their files during this process!
Do you really want to continue? (y/n) y
prepare encryption modules...
done.
%message%
[>---------------------------]
Prepare "Default encryption module"
Configuring encryption module for decryption with user based keys
decrypt files for user dexter (1 of 1): /dexter/files/Photos/XXXREDACTEDXXX/IMG_4181.JPG
[-------------->-------------]
starting to decrypt files... finished
[============================]
all files could be decrypted successfully!
$ sha256sum IMG_4180.JPG
5ae05120363e8b5ab48b2993e4577495632f59d0f7fdaeaa7e027641e87e6abb IMG_4180.JPG
$ file IMG_4180.JPG
IMG_4180.JPG: ASCII text, with very long lines (65536), with no line terminators
$ dd if=IMG_4180.JPG bs=8192 count=1
HBEGIN:cipher:AES-256-CFB:HEND--------------.....
Server configuration
Operating system: Gentoo
Web server: Apache 2.4.52
Database: mariadb 10.5.13
PHP version: 7.4
ownCloud version: 10.9.1
Updated from an older ownCloud or fresh install: always updated since a loooong time ago
Where did you install ownCloud from: tar.gz
The content of config/config.php:
{
"system": {
"loglevel": 2,
"instanceid": "oceb871cbff2",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"updatechecker": false,
"knowledgebaseenabled": false,
"trusted_domains": [
"XXX"
],
"appstoreenabled": true,
"appstoreurl": "https:\/\/marketplace.owncloud.com\/",
"datadirectory": "\/var\/www\/XXX\/htdocs\/owncloud\/data",
"dbtype": "mysql",
"version": "10.9.1.2",
"dbname": "owncloud",
"files_external_allow_create_new_local": "true",
"dbhost": "localhost",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"forcessl": true,
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauth": 1,
"mail_smtpauthtype": "LOGIN",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"theme": "",
"secret": "***REMOVED SENSITIVE VALUE***",
"trashbin_retention_obligation": "180, auto",
"overwrite.cli.url": "\/owncloud",
"maintenance": false,
"cache_path": "",
"filelocking.enabled": true,
"memcache.locking": "\\OC\\Memcache\\Redis",
"memcache.local": "\\OC\\Memcache\\Redis",
"redis": {
"host": "\/var\/run\/redis\/redis.sock",
"port": 0,
"timeout": 0,
"dbindex": 0
},
"apps_paths": [
{
"path": "\/var\/www\/XXX\/htdocs\/owncloud\/apps",
"url": "\/apps",
"writable": true
}
],
"htaccess.RewriteBase": "\/owncloud",
"mail_smtpport": "587",
"mail_smtpsecure": "tls",
"singleuser": false,
"allow_user_to_change_mail_address": ""
}
}
List of activated apps:
Enabled:
- dav:
- Version: 0.7.0
- Path: /var/www/XXX/htdocs/owncloud/apps/dav
- encryption:
- Version: 1.5.1
- Path: /var/www/XXX/htdocs/owncloud/apps/encryption
- federatedfilesharing:
- Version: 0.5.0
- Path: /var/www/XXX/htdocs/owncloud/apps/federatedfilesharing
- federation:
- Version: 0.1.0
- Path: /var/www/XXX/htdocs/owncloud/apps/federation
- files:
- Version: 1.5.2
- Path: /var/www/XXX/htdocs/owncloud/apps/files
- files_external:
- Version: 0.8.0
- Path: /var/www/XXX/htdocs/owncloud/apps/files_external
- files_mediaviewer:
- Version: 1.0.5
- Path: /var/www/XXX/htdocs/owncloud/apps/files_mediaviewer
- files_pdfviewer:
- Version: 1.0.1
- Path: /var/www/XXX/htdocs/owncloud/apps/files_pdfviewer
- files_sharing:
- Version: 0.14.0
- Path: /var/www/XXX/htdocs/owncloud/apps/files_sharing
- files_versions:
- Version: 1.3.0
- Path: /var/www/XXX/htdocs/owncloud/apps/files_versions
- gallery:
- Version: 16.1.2
- Path: /var/www/XXX/htdocs/owncloud/apps/gallery
- market:
- Version: 0.6.2
- Path: /var/www/XXX/htdocs/owncloud/apps/market
- notifications:
- Version: 0.5.4
- Path: /var/www/XXX/htdocs/owncloud/apps/notifications
- provisioning_api:
- Version: 0.5.0
- Path: /var/www/XXX/htdocs/owncloud/apps/provisioning_api
- systemtags:
- Version: 0.3.0
- Path: /var/www/XXX/htdocs/owncloud/apps/systemtags
- updatenotification:
- Version: 0.2.1
- Path: /var/www/XXX/htdocs/owncloud/apps/updatenotification
Disabled:
- calendar:
- Path: /var/www/XXX/htdocs/owncloud/apps/calendar
- comments:
- Path: /var/www/XXX/htdocs/owncloud/apps/comments
- configreport:
- Path: /var/www/XXX/htdocs/owncloud/apps/configreport
- contacts:
- Path: /var/www/XXX/htdocs/owncloud/apps/contacts
- external:
- Path: /var/www/XXX/htdocs/owncloud/apps/external
- files_texteditor:
- Path: /var/www/XXX/htdocs/owncloud/apps/files_texteditor
- files_trashbin:
- Path: /var/www/XXX/htdocs/owncloud/apps/files_trashbin
- firstrunwizard:
- Path: /var/www/XXX/htdocs/owncloud/apps/firstrunwizard
- user_external:
- Path: /var/www/XXX/htdocs/owncloud/apps/user_external
Are you using external storage, if yes which one: NO
Are you using encryption: yes
Are you using an external user-backend, if yes which one: NO
Client configuration
Browser:
Any
Operating system:
Any
Logs
Nothing