Migration path for legacy encrypted files

[juliusknorr]

With #22218 we added the ability to disable decryption of files using the legacy cipher. While it allows admins to scan for files where the header is missing, we currently lack a migration path to fully drop the old code path at some point.

For master key encryption we could just re-encrypt those files in an occ command, though for setups where there is no master key we cannot do that so that would basically mean we never can drop it without the possibility to make files inaccessible. Though a migration command for master key setups might still make sense.

[sarunasb]

For master key encryption we could just re-encrypt those files in an occ command,

By ‘re-encrypt’ do you mean occ encryption:encrypt-all? After setting 'encryption.legacy_format_support' => false?

Thanks...

[niclashoyer]

Just ran into this today after a Nextcloud upgrade. Please provide a way forward without a complete reinstallation. I'm currently stuck with legacy encryption as I don't know what to do. The occ encryption:scan:legacy-format commands says that it is ok to turn legacy encryption off, but afterwards I get #8546 and can't access my files, so I had to turn it back on.

Even if there is no feasible solution, please document that and make it clear, so that we aren't stuck in some legacy fashion and reinstall right away.

[whinis]

I just did a fair amount of searching on github and it lead me to error with #33098 . It seems if I set encryption.legacy_format_support to false then I can access all my files fine but any new files uploaded are still in the old format and give me an invalid signature unless I access them first logged in.