Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Encryption errors after upgrade to v23.0.3

    Nextcloud
    2
    5
    202
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guyds last edited by

      After Nextcloud was automatically upgraded from v23.0.2 to v23.0.3 we started getting issues with up- and downloading of files and even opening of files in the browser.
      We're using server-side encryption and a Hetzner storage box over sshfs for the data dir.
      Further investigation learned that there was an issue with the encryption/decryption on the server.

      The exact error we got was:

      Encryption not ready: multikeydecrypt with share key failed:error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error

      Apparently some of the keys were changed in our data dir (the mounted external storage). Luckily we found older, correct keys in the original data dir of the cloudron app (i.e. inside yellowtent).
      After replacing the keys on the mounted storage with the older keys from the original data dir everything started working again.

      Since there are a lot of encryption related tickets in the Nextcloud repository I mentioned my issue and resolution as a response on one of the still open, relevant issues: https://github.com/nextcloud/server/issues/8349.

      But I'm also reporting it here in case it's related to the cloudron packaging and/or someone else here is experiencing similar issues.

      M 1 Reply Last reply Reply Quote 2
      • M
        msbt App Dev @guyds last edited by msbt

        @guyds hey, thanks for sharing that, I have the exact same setup and I'm trying to troubleshoot that very same issue since yesterday and I'm close to start from scratch because I'm too far down the try and error road. Can you elaborate which keys/files you replaced? Ah I see the solution in your GH post, that won't work here, since I moved all the original data to the storagebox 😬

        Best, M

        G 1 Reply Last reply Reply Quote 1
        • G
          guyds @msbt last edited by

          @msbt Hey, yes I was lucky that I kept the original data.
          But if you have backups - which I hope you do 😉 - you can probably recover the correct keys from those backups 🤔
          Thing is that you should only restore the keys and nothing else from the backups, otherwise you might get more trouble than you currently have 😟

          M 1 Reply Last reply Reply Quote 1
          • M
            msbt App Dev @guyds last edited by

            @guyds I'm already in the restoring process and will disable encryption in the future, since this kind of encryption isn't secure anyways if someone would have access to the storage... Thanks again for your insights!

            G 1 Reply Last reply Reply Quote 0
            • G
              guyds @msbt last edited by

              @msbt no worries, I'm glad I for once can share my own solution to this great community 😉
              Most of the time it's the other way araound 😆

              Anyway, you have a point that Nextcloud's server-side encryption probably isn't worth it and therefore I'm also experimenting with Seafile, which has the possibility of client-side encrypted libraries. And in my (short) experience so far it is much much faster.
              But unfortunately Seafile isn't currently available on Cloudron.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Powered by NodeBB