Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Decrypt Files Without Server #9196

Closed
Engineer-of-Stuff opened this issue Apr 16, 2018 · 15 comments
Closed

Decrypt Files Without Server #9196

Engineer-of-Stuff opened this issue Apr 16, 2018 · 15 comments

Comments

@Engineer-of-Stuff
Copy link

Engineer-of-Stuff commented Apr 16, 2018

I have lost my Nextcloud server install, but I have recovered my encrypted files and keys (master, public, and recovery with password).

I need to decrypt my files. How would decrypt them without the server?

@Engineer-of-Stuff
Copy link
Author

Nextcloud encryption is a mess. I highly suggest that anyone reading this does not use it. Save yourself before it's too late!

@tflidd
Copy link
Contributor

tflidd commented Apr 16, 2018

Please use the issue template and make sure that your bug report is not already covered by one of these topics:
#8644
#8311
#8299
#7284
#6543
#6202

For full information, there is also a topic in the forum: https://help.nextcloud.com/t/decrypt-my-files/30354

@suntorytimed
Copy link
Contributor

@Engineer-of-Stuff did you find a way to fix your problem? I am having a similar issue that I can't decrypt thousands of files because the signature doesn't match.

@Engineer-of-Stuff
Copy link
Author

@suntorytimed no I didn't. I gave up and started over. I don't trust the encryption, and since the keys are stored on the server its kinda useless.

@suntorytimed
Copy link
Contributor

I did find a way to turn off the signature check by adding return true; to the checkSignature() in apps/encryption/lib/Crypto/Crypt.php. I added it in the if clause right before the exception is thrown. But switching it off isn’t enough.

The reason is that the server reports a different filesize to the client and breaks off the download too early. The client therefore thinks that the connection was lost and reports an error. But the file is already downloaded successfully (f.e. in Chrome you just have to remove .crdownload at the end of the downloaded file). I have written a small Python 3 script that can download the files via WebDav. It is a dirty hack, but at least I could recover my files.

You can find the script including an explanation in my gitea repository:
https://gitea.hibiki.eu/suntorytimed/nc-downloader

@suntorytimed
Copy link
Contributor

suntorytimed commented Aug 21, 2018

(Sorry for repeating this post so often, but there are many forum entries and issues that people looking for a solution might find via Google 😄)
After checking the downloads I discovered that while the JPEGs open without any problem my RAW files didn't. Looking closer at the JPEGs I could see that in the last pixel line there were some blocks missing. So the download wasn't finished. Following up on the error message that gets displayed in Nextcloud in the hasSignature() call of splitMetaData() I discovered that the encrypted data field was empty and therefore there can't be a signature in the file. To bypass this I have added following if clause into the function symmetricDecryptFileContent() in apps/encryption/lib/Crypto/Crypt.php:

            if ($keyFileContents == '') {
                    return '';
            }

I have put this code as the first command in the symmetricDecryptFileContent(). Together with disabling the signature check (putting return true; in the checkSignature() function in the same file):

    private function checkSignature($data, $passPhrase, $expectedSignature) {
            $signature = $this->createSignature($data, $passPhrase);
            if (!hash_equals($expectedSignature, $signature)) {
                    return true;
                    throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature'));
            }
    }

I can now see the previews in the web interface and download all files decrypted and even download the folders as zip-files. My script is not necessary anymore 😀

@yahesh
Copy link
Member

yahesh commented Aug 7, 2019

@Engineer-of-Stuff I don't know if this is still relevant for you but we've written such a tool: decrypt-file.php

@Engineer-of-Stuff
Copy link
Author

@Engineer-of-Stuff I don't know if this is still relevant for you but we've written such a tool: decrypt-file.php

Not anymore, but that's really cool and it might save someone's data someday.

@Eeems
Copy link

Eeems commented Jun 5, 2020

Not anymore, but that's really cool and it might save someone's data someday.

Yup, just saved my bacon.

@Eeems
Copy link

Eeems commented Oct 12, 2020

@Apses98

To execute the script you have to call it in the following way:

php ./rescue/decrypt-all-files.php

<targetdir> - defines the target directory where the decrypted files get stored, the target directory has to already exist and it has to be empty, make sure that there is enough space to store all files decrypted files in the target directory

As per the instructions, run that in a console/terminal window.

@yahesh
Copy link
Member

yahesh commented Oct 13, 2020

@Apses98 To use the script you have to call it through a shell/terminal/console. Furthermore, you have to have the PHP CLI installed on the system. Calling the script through the webserver is not supported as it may run quite a while and could timeout in the meantime. Please also take note that the script is written with macOS and Linux in mind. It should work under Windows when paths are written with slashes instead of bashslashes (e.g. c:/your/path/to/the/data/directory/), but this is not actively tested as I lack a Windows machine. So your possibility here is to download your data folder to your local machine and execute the script there (don't forget to change the path of the data folder to its location on your local machine).

@Apses98
Copy link

Apses98 commented Oct 13, 2020

@Eeems
Thank you for helping.
I did everything but now I am getting an error.
Am I doing anything wrong ?

I added my nextcloud info here

define("DATADIRECTORY", "/xxxxx/xxxxxxxxxxx/xxxx/xxx/data"); define("INSTANCEID", "xxxxxxxxx"); define("SECRET", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");

and this is the code i wrote to call the php decryption file
php xxxxxxx/xxxxxxx/decrypt-all-files.php xxxxxx/xxxxxxx/decrypted-data

This is the error that i am getting (in the PuTTY terminal)

'ERROR: /xxxxx/xcloud/data/mohammad/files/Documents/Nextcloud flyer.pdf FAILED
ERROR: /xxxxxx/xcloud/data/mohammad/files/Documents/Readme.md FAILED
ERROR: /xxxxxxx/xcloud/data/mohammad/files/Documents/Welcome to Nextcloud Hub.docx FAILED
ERROR: /xxxxxx/xcloud/data/mohammad/files/Nextcloud Manual.pdf FAILED
ERROR: /xxxxxx/xcloud/data/mohammad/files/Nextcloud intro.mp4 FAILED
ERROR: /xxxxxx/xcloud/data/mohammad/files/Nextcloud.png FAILED
ERROR: /xxxxx/xcloud/data/mohammad/files/Photos/Birdie.jpg FAILED
ERROR: /xxxxxx/xcloud/data/mohammad/files/Photos/Frog.jpg FAILED
ERROR: /xxxxxx/xcloud/data/mohammad/files/Photos/Gorilla.jpg FAILED
ERROR: /xxxxxxxx/xcloud/data/mohammad/files/Photos/Library.jpg FAILED
ERROR: /xxxxxxx/xcloud/data/mohammad/files/Photos/Nextcloud community.jpg FAILED
ERROR: /xxxxxx/xcloud/data/mohammad/files/Photos/Readme.md FAILED
ERROR: /xxxxxxxx/xcloud/data/mohammad/files/Photos/Steps.jpg FAILED
ERROR: /xxxxxxxx/xcloud/data/mohammad/files/Photos/Toucan.jpg FAILED'

@Eeems
Copy link

Eeems commented Oct 13, 2020

@Apses98 It's probably better to open an issue on https://github.com/syseleven/nextcloud-tools to ask for help instead of replying to this thread. You likely will need to do some digging into the source of the tool to get more information as for why it's failing.

@Apses98
Copy link

Apses98 commented Oct 13, 2020

@Eeems
Ok I will do that.
Thanx

@yahesh
Copy link
Member

yahesh commented Oct 14, 2020

@Apses98 Opening an issue there would indeed be helpful so that I can have a closer look why the script doesn't work out for you. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

7 participants