Unable to remove old E2E key

[viendocraz]

⚠️ Before submitting, please verify the following: ⚠️

• [X] This is a bug, not a question or a configuration issue.
• [X] This issue is not already reported on Github (I've searched it).
• [X] Nextcloud Server and Desktop Client are up to date. See Server Maintenance and Release Schedule and Desktop Releases for supported versions.
• [X] I agree to follow Nextcloud's Code of Conduct

Bug description

The E2E key (12 word mnemonic) is different between Android client and Desktop client. No matter what I try to do to refresh I cannot use the same key on both Android and Desktop. This causes the Android app to crash if get the key from the Desktop app first. If I get the key from the Android app first then I cannot access those files and I get an error.

Steps to reproduce

Try to create an encrypted folder on either Android app or Desktop app. A mnemonic will be provided.
The mnemonic is different on each device.
Causes sync problems.

Expected behavior

If the encrypted app is produced on the Desktop, that mnemonic should be used on the Android app and vice versa.

Which files are affected by this bug

/var/www/nextcloud-data/appdata_/end_to_end_encryption

Operating system

Windows

Which version of the operating system you are running.

Windows 10

Package

Appimage

Nextcloud Server version

26.0.1

Nextcloud Desktop Client version

3.8.1

Is this bug present after an update or on a fresh install?

Fresh desktop client install

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

Are you using an external user-backend?

• [X] Default internal user-backend
• [ ] LDAP/ Active Directory
• [ ] SSO - SAML
• [ ] Other

Nextcloud Server logs

The only thing I can see is the following but I'm pretty sure it's unrelated:  

Symfony\Component\Routing\Exception\RouteNotFoundException: Unable to generate a URL for the named route "ocs.password_policy.API.validate" as such route does not exist.

### Additional info

I tried refreshing the e2e situation using the button `Reset end-to-end encryption` in Personal Settings/Security in the browser ui for the server. I also tried following the steps here https://github.com/nextcloud/end_to_end_encryption/releases/tag/v1.5.2-beta1 and deleted everything in `/var/www/nextcloud-data/appdata_<ID>/end_to_end_encryption`. I also tried deleting all app data on Windows and on the Android app. Still two different mnemonics and no ability for it to work between devices.

[viendocraz]

This is no longer an issue. I am not sure what did or didn't make a difference but leaving some further info in case it helps anyone.

I think this occurred because I moved to a different server but kept the same domain. I also upgraded the desktop client (Windows 10) from v3.4.2 to v3.8.1. I am pretty sure I deleted the data folder here too: C:\Users\<USER NAME>\AppData\Roaming\Nextcloud. On Android I cleared cache and data before uninstalling and reinstalling the app to whatever the latest version on Fdroid was. I think I should have known there was a problem because the mnemonic on the desktop was the same as with the previous server. In hindsight I should have expected a new mnemonic as it was a new server installation. Something must have hung around on my desktop to make the client think this was the correct mnemonic.

All of this seems to have caused the problem described above.

What I did subsequently is..

• Backed up the Nextcloud data folder on the server.
• Dropped/Deleted and then recreated the Nextcloud database (MariaDB in my case).
• Backed up the config file at <PATH TO NEXTCLOUD>/config/config.php and then deleted the nextcloud directory.
• Downloaded the latest Nextcloud version and extracted to re-create the nextclouddirectory.
• Basically went through everything to reinstall on the server.
• Added the End-to-end encryption app.
• On the desktop I uninstalled v3.8.1 and then deleted the following dirs:
  • C:\Users\<USER NAME>\AppData\Roaming\Nextcloud; and
  • C:\Users\<USER NAME>\AppData\Local\Nextcloud
• Reinstalled version v3.4.2 on the Desktop instead of the latest version (restarting the machine after uninstalling and installing) (again, I'm not sure what made or didn't make a difference, perhaps the latest version works fine)
• On Android clearing cache/data and then uninstalling/reinstalling from Fdroid.
• On the desktop where I had a copy of the files I am trying to encrypt/sync, I cut the ones that need to be encrypted and pasted them somewhere safe. This is because you need an empty directory in order to right-click and encrypt it in the client. Then later you can paste the files back in the correct place once you are sure everything is working.
• Once the server re-installation was all set and users re-created I kept the top bit of the config.php file that had been newly generated from the installation (as it has some bits that are unique to a new installation like instanceid, passwordsalt, secret etc.) and pasted in all my usual config below it from the backed up version.
• I also pasted all my user files I had backed up into the Nextcloud data directory. Not the encrypted folders though, just the unencrypted ones. The encrypted ones will need to be regenerated locally with a new key and then synced to the server
• Now I started the client on the Desktop and it detected that encryption was available and gave me a new mnemonic. Then I could create the directories I wanted and encrypt them. I added some test data to see if that was encrypted and synced to the server.
• On Android I opened the app and checked that it asked for the mnemonic just given to me on the Desktop in order to access any encrypted folders. It did.
• Only at that point did I copy all my files on the Desktop which had been backed up and pasted them into the encrypted folders and it synced to the server and they were available on the Android app.

Hope this helps..

[viendocraz]

Re-opening as the issue has appeared on a different device (Windows PC). Again it used to access the old server location. Therefore before trying to access with the Nextcloud Desktop client I deleted the app data folders (named Nextcloud in local and roaming). I did not uninstall. On starting the client and setting everything up again, the old mnemonic from the old server was still present. Therefore this is still a problem.

How can I reset the situation on the server so that the old mnemonic./key no longer shows?
What can I do on the Desktop client to delete all traces of the mnemonic/key when moving server?

[viendocraz]

Leaving this here as it may help others.

The Nextcloud client stores your keys on your computer, so even if you re-install the client and delete the app roaming folder, it will still try to encrypt/decrypt using the old key.

To get over this go to control panel, then Credential Manager and delete all generic credentials with Nextcloud as a name under the Windows Credentials tab (this is for Windows but I presume an equivalent solution is available for other operating systems).

Next time you open the client it should ask you for your mnemonic and then you can enter the updated one.

Hope this helps someone as it took me a while to find this info.