How to restore master key encrypted files?

Hello everyone,

I’m running an ownCloud 10.1 instance with master key encryption. My use case is as follow:

  • A user has deleted a directory user/files/TEST/ and has no backup in his trashbin.
  • I have a full backup of the files and the database.

If I do a full restoration it works fine but I lose all data between the restoration date and now.

Now I’d like to restore only the files that have been lost. So I tried restoring using rsync the files from:

  • user/files_encryption/keys/files/TEST/
  • user/files/TEST/

Then I go to the ownCloud instance and I do a scan with the repair flag:

occ files:scan --repair <user>

The scan works well.

Finally I open the ownCloud client and I got bad signature errors from the files I’ve tried to restore.

Am I missing something ? Is it possible to restore some master key encrypted files from a backup ?
I’m guessing I could start a new ownCloud instance and import the full backup. Then decrypt all files and re-import them to the other instance, but it’s hassle.

Server configuration

Operating system: Devuan 2.0

Web server: NGinx 1.14.2

Database: MySQL 5.7.25

PHP version: PHP7.2

ownCloud version: 10.1.0

Updated from an older ownCloud or fresh install: fresh install

Where did you install ownCloud from:

Downloaded the tar.gz and installed with occ maintenance.

Signing status (ownCloud 9.0 and above):

It’s fine.

List of config.php:

    "system": {
        "datadirectory": "\/var\/owncloud\/data",
        "version.hide": true,
        "logtimezone": "UTC",
        "installed": true,
        "upgrade.disable-web": true,
        "upgrade.automatic-app-update": false,
        "updatechecker": false,
        "maintenance": false,
        "loglevel": 2,
        "log_type": "syslog",
        "singleuser": false,
        "filelocking.enabled": true,
        "memcache.local": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "localhost",
            "port": 6379
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "apps_paths": [
                "path": "\/var\/owncloud\/apps_orig",
                "url": "\/apps_orig",
                "writable": false
                "path": "\/var\/owncloud\/apps",
                "url": "\/apps",
                "writable": false
        "mail_smtpmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***"
        "overwrite.cli.url": "http:\/\/localhost",
        "dbtype": "mysql",
        "version": "",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "instanceid": "***REMOVED SENSITIVE VALUE***"

Are you using external storage, if yes which one: local

Are you using encryption: yes, master key

Are you using an external user-backend, if yes which one: none