Nextcloud Encryption Recovery Tools: The Next Level

30.08.2023 yahe publicity security

Some years ago I had an extensive look into the server-side encryption and also published a paper about several cryptographic vulnerabilities that I found in the implementation. Since then it has become a bit quiet about the developed scripts...

...until now. In the spring of 2023 the former Nextcloud-Tools moved under the umbrella of the Nextcloud project and have been renamed to the Nextcloud Encryption Recovery Tools. This change has kicked off some major improvements that have been lingering for years:

• The manual decryption scripts have been removed from the repository. There is now only the recover.php script left that tries to automate the decryption as much as possible. Through this change it should be easier for users to identify the script that they are supposed to use.
• The Nextcloud Encryption Recovery Tools now also support the Nextcloud End-to-End Encryption alongside the Nextcloud Server-Side Encryption. To decrypt the files you need the data directory from the server and the user mnemonic that has been created when enabling the encryption in the Nextcloud Client.
• To stabilize the development and ensure the proper support of previous Nextcloud versions, I introduced elaborate test suites for the recovery scripts. For this I collected dozens of test file sets in the corresponding End-to-End Encryption Testdata and Server-Side Encryption Testdata repositories.

In the last couple of years I talked to about a dozen of users ranging from single persons to companies and NGOs who saved millions of files that could have been lost otherwise. Hopefully, these changes and improvements will help even more Nextcloud users to restore their precious files in cases where they encrypted them and lost their working Nextcloud installation. 🙂