Open
Description
⚠️ This issue respects the following points: ⚠️
- This is a bug, not a question or a configuration/webserver/proxy issue.
- This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
- Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- I agree to follow Nextcloud's Code of Conduct.
Bug description
I have installed the default encryption module, and have enabled server side encryption. I am able to log in with multiple users via the web interface, and the folder sync is working just fine with my mac. When I try to log in via the IOS app, at the part where I'm asked to grant the app access to my account, I get the error, "Encryption app is enabled, but your keys are not initialized. Please log-out and log-in again.". If I click "grant access" anyway, it just takes me back to the log in screen.
Steps to reproduce
1.Install Default Encryption Module App within NextCloud App menu.
2.Enable server-side encryption within Admin Settings
3.Log out and log back in again to generate keys
4.Run "occ encryption:encrypt-all" within shell to encrypt all existing files.
5.Download IOS app on iphone (Version 6.6.2)
6.Attempt to login via the IOS App.
Expected behavior
I expect to be able to login via the IOS app without any issues, after encryption is enabled.
Nextcloud Server version
31
Operating system
Debian/Ubuntu
PHP engine version
PHP 8.3
Web server
Apache (supported)
Database engine version
MariaDB
Is this bug present after an update or on a fresh install?
Fresh Nextcloud Server install
Are you using the Nextcloud Server Encryption module?
Encryption is Enabled
What user-backends are you using?
- Default user-backend (database)
- LDAP/ Active Directory
- SSO - SAML
- Other
Configuration report
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"cloud.techzilla.cloud"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "31.0.5.1",
"overwrite.cli.url": "https:\/\/nextcloud.techzilla.cloud",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"maintenance": false,
"memcache.local": "\\OC\\Memcache\\APCu",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"memories.db.triggers.fcu": true,
"memories.exiftool": "\/var\/www\/html\/apps\/memories\/bin-ext\/exiftool-amd64-glibc",
"memories.vod.path": "\/var\/www\/html\/apps\/memories\/bin-ext\/go-vod-amd64",
"enabledPreviewProviders": [
"OC\\Preview\\Image",
"OC\\Preview\\HEIC",
"OC\\Preview\\TIFF",
"OC\\Preview\\Movie"
],
"memories.gis_type": 1,
"memories.vod.disable": false,
"memories.vod.ffmpeg": "\/usr\/bin\/ffmpeg",
"memories.vod.ffprobe": "\/usr\/bin\/ffprobe",
"memories.vod.vaapi": true,
"memories.vod.nvenc": true
}
}List of activated Apps
Enabled:
- activity: 4.0.0
- admin_audit: 1.21.0
- app_api: 5.0.2
- bruteforcesettings: 4.0.0
- calendar: 5.2.4
- camerarawpreviews: 0.8.7
- circles: 31.0.0
- cloud_federation_api: 1.14.0
- comments: 1.21.0
- contacts: 7.1.1
- contactsinteraction: 1.12.0
- dashboard: 7.11.0
- dav: 1.33.0
- encryption: 2.19.0
- end_to_end_encryption: 1.17.0
- facerecognition: 0.9.70
- federatedfilesharing: 1.21.0
- federation: 1.21.0
- files: 2.3.1
- files_downloadlimit: 4.0.0
- files_external: 1.23.0
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- firstrunwizard: 4.0.0
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- mail: 5.1.0
- memories: 7.5.2
- nextcloud_announcements: 3.0.0
- notes: 4.12.0
- notifications: 4.0.0
- oauth2: 1.19.1
- password_policy: 3.0.0
- photos: 4.0.0-dev.1
- previewgenerator: 5.8.0
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- recognize: 9.0.1
- recommendations: 4.0.0
- related_resources: 2.0.0
- richdocuments: 8.6.5
- richdocumentscode: 24.4.1303
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- spreed: 21.0.4
- support: 3.0.0
- survey_client: 3.0.0
- suspicious_login: 9.0.1
- systemtags: 1.21.1
- text: 5.0.0
- theming: 2.6.1
- twofactor_backupcodes: 1.20.0
- twofactor_totp: 13.0.0-dev.0
- updatenotification: 1.21.0
- user_status: 1.11.0
- viewer: 4.0.0
- weather_status: 1.11.0
- webhook_listeners: 1.2.0
- workflowengine: 2.13.0
Disabled:
- twofactor_nextcloud_notification: 5.0.0
- user_ldap: 1.22.0Nextcloud Signing status
No errors have been found.Nextcloud Logs
{"reqId":"a3XVQuAKOUPLe5pAEiG9","level":3,"time":"2025-05-21T04:42:11+00:00","remoteAddr":"72.158.4.177","user":"--","app":"core","method":"GET","url":"/index.php/apps/theming/theme/dark-highcontrast.css?plain=1&v=51c1a7fa","message":"Renewing session token failed: Token does not exist: token does not exist","userAgent":"iPhone (Nextcloud iOS)","version":"31.0.5.1","exception":{"Exception":"OC\\Authentication\\Exceptions\\InvalidTokenException","Message":"Token does not exist: token does not exist","Code":0,"Trace":[{"file":"/var/www/html/lib/private/Authentication/Token/PublicKeyTokenProvider.php","line":232,"function":"getToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/public/AppFramework/Db/TTransactional.php","line":45,"function":"OC\\Authentication\\Token\\{closure}","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Authentication/Token/PublicKeyTokenProvider.php","line":231,"function":"atomic","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->"},{"file":"/var/www/html/lib/private/Authentication/Token/Manager.php","line":155,"function":"renewSessionToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->"},{"file":"/var/www/html/lib/private/User/Session.php","line":883,"function":"renewSessionToken","class":"OC\\Authentication\\Token\\Manager","type":"->"},{"file":"/var/www/html/lib/base.php","line":1122,"function":"loginWithCookie","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/base.php","line":1029,"function":"handleLogin","class":"OC","type":"::"},{"file":"/var/www/html/index.php","line":24,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/lib/private/Authentication/Token/PublicKeyTokenProvider.php","Line":165,"Previous":{"Exception":"OCP\\AppFramework\\Db\\DoesNotExistException","Message":"token does not exist","Code":0,"Trace":[{"file":"/var/www/html/lib/private/Authentication/Token/PublicKeyTokenProvider.php","line":157,"function":"getToken","class":"OC\\Authentication\\Token\\PublicKeyTokenMapper","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Authentication/Token/PublicKeyTokenProvider.php","line":232,"function":"getToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/public/AppFramework/Db/TTransactional.php","line":45,"function":"OC\\Authentication\\Token\\{closure}","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Authentication/Token/PublicKeyTokenProvider.php","line":231,"function":"atomic","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->"},{"file":"/var/www/html/lib/private/Authentication/Token/Manager.php","line":155,"function":"renewSessionToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->"},{"file":"/var/www/html/lib/private/User/Session.php","line":883,"function":"renewSessionToken","class":"OC\\Authentication\\Token\\Manager","type":"->"},{"file":"/var/www/html/lib/base.php","line":1122,"function":"loginWithCookie","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/base.php","line":1029,"function":"handleLogin","class":"OC","type":"::"},{"file":"/var/www/html/index.php","line":24,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/lib/private/Authentication/Token/PublicKeyTokenMapper.php","Line":81},"message":"Renewing session token failed: Token does not exist: token does not exist","user":"DirtyMike","exception":{},"CustomMessage":"Renewing session token failed: Token does not exist: token does not exist"}}Additional info
I discovered a work around, albeit it's not convenient in a brown field environment. The work around works for me because I'm on a fresh install as a single user and haven't uploaded any files yet. The work around is detailed below:
- Disable encryption via "occ encryption:decrypt-all" (This may take a very long time depending on how much data you have in your nextcloud instance). Verify encryption is turned off in the admin settings.
- Disable the default encryption module within the Apps menu.
- Logging in via the IOS app will now work
- Re-enable the encryption module within the Apps menu
- Re-enable server side encryption within the admin settings. Note that this will only encrypt any new files uploaded to the server. To encrypt existing files, run the command "occ encryption:encrypt-all" in the shell of the server.
I was able to verify that within the server, the files are indeed encrypted and I am still able to access them from the IOS App decrypted. The only issue is if you ever have to log back in again, or if you want to create a new user for someone, you'll have to do this all over again which isn't reasonable in a brown field scenario.