E2EE not working on NC28 and v1.14.0

[eibex]

How to use GitHub

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.

Steps to reproduce

1. Upgrade (or install?) from NC27 and then update E2EE to v1.14.0
2. Try to load E2EE folders in Windows or iOS
3. E2EE folders are not recognised/decrypted

Expected behaviour

E2EE folders should be recognised and decrypted

Actual behaviour

The Windows app does not recognise the encrypted folders nor does it allow to encrypt new ones. The iOS app asks for the passphrase prompt but contents are not decrypted. The prompt is asked every time and not saved.

Server configuration

Operating system:

Web server: Apache

Database: Postgres 15

PHP version: 8.2

Nextcloud version: 28.0.0

Updated from an older Nextcloud/ownCloud or fresh install: updated

Where did you install Nextcloud from: nextcloud/docker (migrated from bare metal)

Signing status:

Signing status

``` No errors have been found. ```

List of activated apps:

App list

``` Enabled: - activity: 2.20.0 - bruteforcesettings: 2.8.0 - calendar: 4.6.0 - cloud_federation_api: 1.11.0 - comments: 1.18.0 - contacts: 5.5.0 - dav: 1.29.1 - end_to_end_encryption: 1.14.0 - federatedfilesharing: 1.18.0 - files: 2.0.0 - files_pdfviewer: 2.9.0 - files_reminders: 1.1.0 - files_sharing: 1.20.0 - files_trashbin: 1.18.0 - files_versions: 1.21.0 - firstrunwizard: 2.17.0 - logreader: 2.13.0 - lookup_server_connector: 1.16.0 - maps: 1.3.1 - nextcloud_announcements: 1.17.0 - notifications: 2.16.0 - notify_push: 0.6.6 - oauth2: 1.16.3 - password_policy: 1.18.0 - photos: 2.4.0 - previewgenerator: 5.4.0 - privacy: 1.12.0 - provisioning_api: 1.18.0 - recommendations: 2.0.0 - related_resources: 1.3.0 - serverinfo: 1.18.0 - settings: 1.10.0 - sharebymail: 1.18.0 - snappymail: 2.31.0 - support: 1.11.0 - systemtags: 1.18.0 - tasks: 0.15.0 - text: 3.9.1 - theming: 2.3.0 - twofactor_backupcodes: 1.17.0 - twofactor_totp: 10.0.0-beta.2 - updatenotification: 1.18.0 - user_status: 1.8.1 - viewer: 2.2.0 - workflowengine: 2.10.0 Disabled: - admin_audit: 1.18.0 - circles: 28.0.0-dev (installed 27.0.1) - contactsinteraction: 1.9.0 (installed 1.2.0) - dashboard: 7.8.0 (installed 7.3.0) - encryption: 2.16.0 - external: 5.3.1 (installed 5.3.1) - federation: 1.18.0 (installed 1.9.0) - files_external: 1.20.0 - survey_client: 1.16.0 (installed 1.4.0) - suspicious_login: 6.0.0 (installed 5.0.0) - user_ldap: 1.19.0 - weather_status: 1.8.0 (installed 1.0.0) ```

Nextcloud configuration:

Config report

``` If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your Nextcloud installation folder or Insert your config.php content here. Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …) ```

Are you using external storage, if yes which one: no

Are you using encryption: only E2EE

Are you using an external user-backend, if yes which one: no

Client configuration

Browser:

Operating system:

Logs

Web server error log

Web server error log

``` n.a. ```

Nextcloud log (data/nextcloud.log)

Nextcloud log

``` no errors are reported ```

Browser log

Browser log

``` n.a. ```

[JP95Git]

Happens to me too.

Even with the latest client Nextcloud-3.11.0-x64.msi E2E is no longer detected. I also created a new user, but no E2E is detected.

[tigernero79]

idem same bug nextcloud 28

[mpsd]

Same with me - Brocken after Upgrade to 1.14 in Windows Desktop Client

Android App ist at least able to read but can not write to E2EE folder

[eibex]

Issue persists on Nextcloud 28.0.1

[japiojas]

Same issue here, quick solution I found is downgrading the E2EE app to version 1.13.1 (https://github.com/nextcloud-releases/end_to_end_encryption/releases/download/v1.13.1/end_to_end_encryption-v1.13.1.tar.gz). This is done by replacing the 1.14.0 files in the folder called apps (in the same subfolder as your nextcloud config) to the 1.13.1 version, you just downloaded. After replacing the files make sure the permissions and the folder/file owner is correct for your setup. Then go to your cloud website and it will prompt that the app needs an update, click on begin update. If every is correctly done everything should be working again, be sure not to update the E2EE app until a fix has been found (if this last note was to late, repeat the steps before and this time don't update :).

[joshtrichards]

Since no one posted logs, does that mean none of you are seeing any errors in the server-side logs?

In that case, can one of you share debug logs from one of the clients you're using that isn't functioning?

[mpsd]

At least I can not find something in the server log file (Server 28.0.1 with E2EE app 1.14.0). Neither I can find something in the Windows Desktop Client - the windows client (3.11.0) is fully ignoring the E2EE when viewing folder but is showing (the encrypted) folders as normal (unencrypted) folder and the respective (encrypted) files as normal files. Download of files is done as if those files would be unencrypted (but they are encrypted and stay encrypted throughout download).

Seems somehow that E2EE server app is not giving a hint to the Desktop clients, that those folders and files are encrypted and thus need additional handling by the clients.

[eibex]

Also on iOS the logs do not show errors. The PROPFIND and other calls are made as if the folders were not encrypted.

[mawumag]

I believe it is the api-version field in Capabilities.php, line 54:

1.13.2: 'api-version' => '1.2' 1.14.0: 'api-version' => '2'

My linux desktop client complains about there not being a minor version:

[ warning nextcloud.sync.server.capabilities ./src/libsync/capabilities.cpp:158 ]: Didn't understand version scheme (minor), E2EE disabled "2"

I believe changing "2" to "2.0" will solve the issue. Can't test know because Christmas :)

And of course Merry Christmas everyone ;)

---

EDIT:

Changing to 2.0 is no help because of this snippet in the desktop client src/libsync/capabilities.cpp:

    const auto capabilityAvailable = (major == 1 && minor >= 1);
    if (!capabilityAvailable) {
        qCInfo(lcServerCapabilities) << "Incompatible E2EE API version:" << version;
    }
    return capabilityAvailable;

I changed api-version to 1.2 and the desktop client recognizes encryption again!

[eibex]

I changed api-version to 1.2 and the desktop client recognizes encryption again!

Worked for me too, thanks! I can also confirm this fixes the issue on iOS.

[tigernero79]

@mawumag

It worked for me too, but the annoying problem remains that on Android the delete item does not appear in the e2e folder menu if you want to delete an encrypted file.
which instead works on iOS

[mpsd]

@mawumag Thanks, changing the API Version ist fixing E2EE for me too.

Thank you for this.

[joshtrichards]

I'm not clear why the api-version was bumped to 2.0 without coordination with the client apps. I believe Android assumes <= 1.2 as well. Once we firm up why the bump happened, it'll be clearer whether the clients need to be adjusted or the server app.

Cc: @nextcloud/encryption

[maggiojoe2]

I don't see a release with this patch. Am I missing something? Or are things still broken for others?

[mawumag]

I got an update on my server to 1.14.1, things are now working on my end. It is true that the github release page does not show it though.