Server: Invalid private key for encryption app. Please update your private key password in your personal settings to recover access to your encrypted files.

Created on 3 Dec 2018 · 10Comments · Source: nextcloud/server

Steps to reproduce

This is complicated. I am migrating from nextcloud-snap.

Install Nextcloud as good as possible using the "instructions" here: https://docs.nextcloud.com/server/14/admin_manual/installation/source_installation.html#ubuntu-installation-label
Export Database from snap, import to new server, use this info in the wizard
Rsync contents of data folder
chown -R www-data:www-data /var/www/nextcloud/data

Expected behaviour

You log in and see your files with no error messags

Actual behaviour

You log in and you see this error:

Invalid private key for encryption app. Please update your private key password in your personal settings to recover access to your encrypted files.

Server configuration

Operating system:
16.04

Web server:
Apache2

Database:
mariaDB

PHP version:
7.0

Nextcloud version: (see Nextcloud admin page)
14

Updated from an older Nextcloud/ownCloud or fresh install:
Fresh install, with DB and /data directory migrated from nextcloud-snap

Where did you install Nextcloud from:
What does this mean?

Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

Enabled:
  - activity: 2.7.0
  - cloud_federation_api: 0.0.1
  - comments: 1.4.0
  - dav: 1.6.0
  - encryption: 2.2.0
  - federatedfilesharing: 1.4.0
  - files: 1.9.0
  - files_pdfviewer: 1.3.2
  - files_sharing: 1.6.2
  - files_texteditor: 2.6.0
  - files_trashbin: 1.4.1
  - files_versions: 1.7.1
  - files_videoplayer: 1.3.0
  - firstrunwizard: 2.3.0
  - gallery: 18.1.0
  - logreader: 2.0.0
  - lookup_server_connector: 1.2.0
  - nextcloud_announcements: 1.3.0
  - notifications: 2.2.1
  - oauth2: 1.2.1
  - password_policy: 1.4.0
  - provisioning_api: 1.4.0
  - serverinfo: 1.4.0
  - sharebymail: 1.4.0
  - support: 1.0.0
  - survey_client: 1.2.0
  - systemtags: 1.4.0
  - theming: 1.5.0
  - twofactor_backupcodes: 1.3.1
  - updatenotification: 1.4.1
  - workflowengine: 1.4.0
Disabled:
  - accessibility
  - admin_audit
  - bruteforcesettings
  - federation
  - files_antivirus
  - files_external
  - user_external
  - user_ldap

Nextcloud configuration:

Config report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "nextcloud.securesystemdesign.io"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "14.0.4.2",
        "overwrite.cli.url": "https:\/\/nextcloud.myserver.com\/",
        "htaccess.RewriteBase": "\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "theme": "",
        "loglevel": 2,
        "maintenance": false,
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        }
    }
}

Are you using external storage, if yes which one: local/smb/sftp/...
no

Are you using encryption: yes/no
I was not using it on the snap. The error goes away if I disable "Default Encryption" and comes back if I re-enable it

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
no

Client configuration

Browser:
Chromiium

Operating system:
Ubuntu

Logs

Web server error log

AH01630: client denied by server configuration: /var/www/nextcloud/data/.ocdata

Nextcloud log (data/nextcloud.log)

Nextcloud log

{"file":"\/var\/www\/nextcloud\/lib\/private\/AppFramework\/App.php","line":118,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OC\\Core\\Controller\\LoginController","tryLogin",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"core.login.tryLogin"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteActionHandler","type":"->","args":[{"_route":"core.login.tryLogin"}]},{"file":"\/var\/www\/nextcloud\/lib\/private\/Route\/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\\RouteActionHandler"},{"_route":"core.login.tryLogin"}]},{"file":"\/var\/www\/nextcloud\/lib\/base.php","line":987,"function":"match","class":"OC\\Route\\Router","type":"->","args":["\/login"]},{"file":"\/var\/www\/nextcloud\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"\/var\/www\/nextcloud\/apps\/encryption\/lib\/Crypto\/Crypt.php","Line":487,"Hint":"Bad Signature","CustomMessage":"Could not decrypt the private key from user \"admin\"\" during login. Assume password change on the user back-end."},"userAgent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.110 Safari\/537.36","version":"14.0.4.2"}

I have tried the fixes in https://github.com/nextcloud/server/issues/8546 https://github.com/nextcloud/server/issues/8637 https://github.com/nextcloud/server/issues/5712

Source

stone212

Most helpful comment

It was painful on my fresh installation, I finally fixed it by changing database value
run this sql query as qualified mysql user on nextcloud DB :

update oc_appconfig set configvalue = 'no' where appid = 'encryption' and configkey = 'enabled'

Problem will disappear but be careful if you have encrypted data.

Elfanar on 20 Jan 2019

👍2

All 10 comments

Confirming: seeing that on NC 15, Ubuntu 18.04.1, PHP 7.2

stayen on 16 Dec 2018

👍1

I have the same issue

abadiego on 27 Dec 2018

@abadiego Does it go away if you disable the Default Encryption module?

stone212 on 27 Dec 2018

I have NC 15, Ubuntu 18.04.1, PHP 7.2. Clean install

The problem goes away when disabling the Encryption module and comes back when enabling it.

abadiego on 27 Dec 2018

@abadiego I am starting to think the Issue is that the module should not be "Default" enabled because you get this error if it is.

stone212 on 28 Dec 2018

@stone212 Do you mean to turn off encryption and problem solved?
How about removing Nextcloud and problem also solved!!

abadiego on 28 Dec 2018

I think I will install it with SNAP even if it's gonna take more resources

abadiego on 31 Dec 2018

It was painful on my fresh installation, I finally fixed it by changing database value
run this sql query as qualified mysql user on nextcloud DB :

update oc_appconfig set configvalue = 'no' where appid = 'encryption' and configkey = 'enabled'

Problem will disappear but be careful if you have encrypted data.

Elfanar on 20 Jan 2019

👍2

I have disabled both Default encryption and Server Side encryption but still get the error message. I use Nginx, Nextcloud 15.2 with PHP 7.1

orangethakkali on 1 Feb 2019

I disabled Default Encryption (ignoring the warnings) and the error is gone. The warnings I realize are not a problem because I never used encryption. I like encryption but this server did not have it when I took over the migration.

stone212 on 2 Feb 2019

Was this page helpful?

0 / 5 - 0 ratings