Server: Decrypt Files Without Server

Nextcloud encryption is a mess. I highly suggest that anyone reading this does not use it. Save yourself before it's too late!

Please use the issue template and make sure that your bug report is not already covered by one of these topics:
https://github.com/nextcloud/server/issues/8644
https://github.com/nextcloud/server/issues/8311
https://github.com/nextcloud/server/issues/8299
https://github.com/nextcloud/server/issues/7284
https://github.com/nextcloud/server/issues/6543
https://github.com/nextcloud/server/issues/6202

For full information, there is also a topic in the forum: https://help.nextcloud.com/t/decrypt-my-files/30354

@Engineer-of-Stuff did you find a way to fix your problem? I am having a similar issue that I can't decrypt thousands of files because the signature doesn't match.

@suntorytimed no I didn't. I gave up and started over. I don't trust the encryption, and since the keys are stored on the server its kinda useless.

I did find a way to turn off the signature check by adding return true; to the checkSignature() in apps/encryption/lib/Crypto/Crypt.php. I added it in the if clause right before the exception is thrown. But switching it off isn’t enough.

The reason is that the server reports a different filesize to the client and breaks off the download too early. The client therefore thinks that the connection was lost and reports an error. But the file is already downloaded successfully (f.e. in Chrome you just have to remove .crdownload at the end of the downloaded file). I have written a small Python 3 script that can download the files via WebDav. It is a dirty hack, but at least I could recover my files.

You can find the script including an explanation in my gitea repository:
https://gitea.hibiki.eu/suntorytimed/nc-downloader

(Sorry for repeating this post so often, but there are many forum entries and issues that people looking for a solution might find via Google :smile:)
After checking the downloads I discovered that while the JPEGs open without any problem my RAW files didn't. Looking closer at the JPEGs I could see that in the last pixel line there were some blocks missing. So the download wasn't finished. Following up on the error message that gets displayed in Nextcloud in the hasSignature() call of splitMetaData() I discovered that the encrypted data field was empty and therefore there can't be a signature in the file. To bypass this I have added following if clause into the function symmetricDecryptFileContent() in apps/encryption/lib/Crypto/Crypt.php:

            if ($keyFileContents == '') {
                    return '';
            }

I have put this code as the first command in the symmetricDecryptFileContent(). Together with disabling the signature check (putting return true; in the checkSignature() function in the same file):

    private function checkSignature($data, $passPhrase, $expectedSignature) {
            $signature = $this->createSignature($data, $passPhrase);
            if (!hash_equals($expectedSignature, $signature)) {
                    return true;
                    throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature'));
            }
    }

I can now see the previews in the web interface and download all files decrypted and even download the folders as zip-files. My script is not necessary anymore :grinning:

@Engineer-of-Stuff I don't know if this is still relevant for you but we've written such a tool: decrypt-file.php

@Engineer-of-Stuff I don't know if this is still relevant for you but we've written such a tool: decrypt-file.php

Not anymore, but that's really cool and it might save someone's data someday.

Not anymore, but that's really cool and it might save someone's data someday.

Yup, just saved my bacon.

@yahesh @Eeems @Engineer-of-Stuff
I have the same problem, I need to decrypt my files. I tried to use your tool @yahesh but I am new to programming. I have my nextcloud installed on a shared-hosting account so I uploaded your tool to the same diractory where I have nextcloud and I added the nedded info from the nextcloud config file and followed the instractions on this page https://github.com/syseleven/nextcloud-tools
But I do not know how to call the tool and start decrypting
I do not know what to do with this code " php ./rescue/decrypt-all-files.php "
Can you please explain how should I do ?

@Apses98

To execute the script you have to call it in the following way:

php ./rescue/decrypt-all-files.php

<targetdir> - defines the target directory where the decrypted files get stored, the target directory has to already exist and it has to be empty, make sure that there is enough space to store all files decrypted files in the target directory

As per the instructions, run that in a console/terminal window.

@Apses98 To use the script you have to call it through a shell/terminal/console. Furthermore, you have to have the PHP CLI installed on the system. Calling the script through the webserver is not supported as it may run quite a while and could timeout in the meantime. Please also take note that the script is written with macOS and Linux in mind. It should work under Windows when paths are written with slashes instead of bashslashes (e.g. c:/your/path/to/the/data/directory/), but this is not actively tested as I lack a Windows machine. So your possibility here is to download your data folder to your local machine and execute the script there (don't forget to change the path of the data folder to its location on your local machine).

@Eeems
Thank you for helping.
I did everything but now I am getting an error.
Am I doing anything wrong ?

I added my nextcloud info here

define("DATADIRECTORY", "/xxxxx/xxxxxxxxxxx/xxxx/xxx/data"); define("INSTANCEID", "xxxxxxxxx"); define("SECRET", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");

and this is the code i wrote to call the php decryption file
php xxxxxxx/xxxxxxx/decrypt-all-files.php xxxxxx/xxxxxxx/decrypted-data

This is the error that i am getting (in the PuTTY terminal)

'ERROR: /xxxxx/xcloud/data/mohammad/files/Documents/Nextcloud flyer.pdf FAILED
ERROR: /xxxxxx/xcloud/data/mohammad/files/Documents/Readme.md FAILED
ERROR: /xxxxxxx/xcloud/data/mohammad/files/Documents/Welcome to Nextcloud Hub.docx FAILED
ERROR: /xxxxxx/xcloud/data/mohammad/files/Nextcloud Manual.pdf FAILED
ERROR: /xxxxxx/xcloud/data/mohammad/files/Nextcloud intro.mp4 FAILED
ERROR: /xxxxxx/xcloud/data/mohammad/files/Nextcloud.png FAILED
ERROR: /xxxxx/xcloud/data/mohammad/files/Photos/Birdie.jpg FAILED
ERROR: /xxxxxx/xcloud/data/mohammad/files/Photos/Frog.jpg FAILED
ERROR: /xxxxxx/xcloud/data/mohammad/files/Photos/Gorilla.jpg FAILED
ERROR: /xxxxxxxx/xcloud/data/mohammad/files/Photos/Library.jpg FAILED
ERROR: /xxxxxxx/xcloud/data/mohammad/files/Photos/Nextcloud community.jpg FAILED
ERROR: /xxxxxx/xcloud/data/mohammad/files/Photos/Readme.md FAILED
ERROR: /xxxxxxxx/xcloud/data/mohammad/files/Photos/Steps.jpg FAILED
ERROR: /xxxxxxxx/xcloud/data/mohammad/files/Photos/Toucan.jpg FAILED'

@Apses98 It's probably better to open an issue on https://github.com/syseleven/nextcloud-tools to ask for help instead of replying to this thread. You likely will need to do some digging into the source of the tool to get more information as for why it's failing.

@Eeems
Ok I will do that.
Thanx

@Apses98 Opening an issue there would indeed be helpful so that I can have a closer look why the script doesn't work out for you. :)