In a testing project I try to enable encryption for a small Owncloud server.
The Owncloud server is version 9.0.3. The server contains 20 users with around 4000 files all together. Most files are shared with multiple users. I copied files and database to a new installation for testing. I verified, that absolute paths, secrets, salts etc. where setup correctly in the Owncloud copy. Since I had a lot of trouble with "Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you. " messages after enabling encryption and testing users one-by-one, I started again with automatic encryption process "occ encryption:encrypt-all" on Owncloud command line. Encryption process was working some hours, but now I it stops very often with errors. Currently it stops with the message [OCP\Lock\LockedException] "files/f30b197da4af15a81b43e1f80d574302" is locked I also saw "out of memory" errors and "bad signature" errors. I tried to recover the errors by manually deleting conflicting files in filesystem and in the Owncloud MySQL tables. But doing this again and again would cost me days or weeks. Are there any hints for successful automatic encryption of an existing Owncloud installation? This was my process: 1) ./occ app:enable encryption 2) ./occ encryption:list-modules 3) ./occ encryption:enable 4) Login as admin in Owncloud web and encryption recovery generation 5) ./occ encryption:encrypt-all 6) recovering from errors 7) starting again from 5) My second question: Could someone explain, what ./occ encryption:enable-master-key exactly does and why it can be useful. The help text "Enable the master key. Only available for fresh installations with no existing encrypted data! There is also no way to disable it again." and the documentation (https://doc.owncloud.org/server/8.2/admin_manual/configuration_files/encryption_configuration.html) "Create a new master key. Use this when you have a single-sign on infrastructure. Use this only on fresh installations with no existing data, or on systems where encryption has not already been enabled. It is not possible to disable it:" are not very precise. Why it should help in single-sign on infrastructures. And why Owncloud creates additional keys even after enabling the master key? Does a master key help me as an administrator, if users forgot their passwords? Greetings, Björn _______________________________________________ User mailing list [email protected] http://mailman.owncloud.org/mailman/listinfo/user
