search

nextcloud / notes

✎ Distraction-free notes and writing
https://apps.nextcloud.com/apps/notes
GNU Affero General Public License v3.0
604 stars 132 forks source link

Legacy cipher is no longer supported #1181

Open kylespencer opened 8 months ago

kylespencer commented 8 months ago

Nextcloud Notes (and/or the associated Android app) appears to be generating files using a legacy cipher that Nextcloud no longer supports when server-side encryption is enabled.

After using Notes via both the web and mobile application (with a poor quality Internet connection) some note files are no longer accessible via Nextcloud. Attempts to access or synchronize the affected files (via a device client) fail with the following error:

Legacy cipher is no longer supported!

I have not yet determined the steps to reliably reproduce this problem, but I wanted to share this observation in case others have encountered this problem and can provide more information.

I am also posting this issue in https://github.com/nextcloud/notes-android/issues/1955 in case the problem stems from the Android application.

OffensiveTitle commented 7 months ago

I've reproduced this on Nextcloud 28.0.1 using the Nextcloud Notes app 4.1.0.

OffensiveTitle commented 7 months ago

I seemed to have fixed this by running: 

sudo -u www-data ./path_to_nextcloud_root/occ encryption:scan:legacy-format
sudo -u www-data ./path_to_nextcloud/occ php trashbin:cleanup --all-users
sudo -u www-data ./path_to_nextcloud_root/occ versions:cleanup

And setting 'encryption.legacy_format_support' => true, in config.php in nextcloud/config (Tested this as of Jan 19, 2024)

Explanation: Legacy cipher is (for some reason?) used by the Nextcloud Notes app, this does not include headers which the new encryption module does; as a result you get the error Legacy cipher is no longer supported!.

sudo -u www-data run the command as your web user (I'm using Debian, so forks like Ubuntu should have the same name). occ encryption:scan:legacy-format scans your files to find any that do not have proper headers. While running this if anything comes up like: /your_username/random_file.vXXX does not have a proper header This means that you have legacy encrypted files. occ php trashbin:cleanup --all-users this empties the users trashbins which may still hold old legacy files. occ versions:cleanup this cleans and updates the old legacy files.

Setting encryption.legacy_format_support' => true, in config.php in nextcloud/config adds legacy encryption support back. (Otherwise it's probably best to keep it off)

If I've made a mistake please correct me.