"Private Key missing for user: please try to log-out and log-in again" while resetting password...

[boldandbusted]

Steps to reproduce

homeserver-02 nextcloud # sudo -u apache php occ user:resetpassword <user_admin>
The process control (PCNTL) extensions are required in case you want to interrupt long running commands - see http://php.net/manual/en/book.pcntl.php
Warning: Resetting the password when using encryption will result in data loss!
Do you want to continue?yes
Enter a new password:
Confirm the new password:

[OCA\Encryption\Exceptions\PrivateKeyMissingException]
Private Key missing for user: please try to log-out and log-in again

user:resetpassword [--password-from-env] [--]

Expected behaviour

User password is changed without error.

Actual behaviour

Error thrown, with message proscribing a catch-22 scenario

Server configuration

Operating system:
Gentoo Linux
Web server:
Apache 2
Database:
MySQL
PHP version:
homeserver-02 nextcloud # sudo -u apache php -v
PHP 5.6.23-pl0-gentoo (cli) (built: Jul 8 2016 12:27:41)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.6-

Nextcloud version: (see Nextcloud admin page)
9.0.52
Updated from an older Nextcloud/ownCloud or fresh install:
Updated from Owncloud 8.2.1
Where did you install Nextcloud from:
Gentoo Portage
Signing status:

Signing status

Login as admin user into your Nextcloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.

List of activated apps:

App list

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

The content of config/config.php:

Config report

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

or 

Insert your config.php content here
(Without the database password, passwordsalt and secret)

Are you using external storage, if yes which one: local/smb/sftp/...

Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
no

LDAP configuration (delete this part if not used)

LDAP config

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your Nextcloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

### Client configuration

Browser:

Operating system:

Logs

Web server error log

Web server error log

Insert your webserver log here

#### Nextcloud log (data/nextcloud.log)

Nextcloud log

Insert your Nextcloud log here

#### Browser log

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...

[MorrisJobke]

cc @schiessle

@boldandbusted Did the user ever logged in after the user was added and encryption was enabled?

[jgrete]

Hello,
@MorrisJobke I'm having the same problem on Nextcloud 10 beta. I never activated encryption. The password reset feature is renderd useless by this misbehaviour

[jgrete]

Hi,
the same problem with 10 RC1 !
No solution?
Juergen

[fossxplorer]

I have the same problem on stable9 and it seems on webdav calls from the sync client 2.2.3.
Need to check further whether the web access also causes this.

[mr-bolle]

Hello,

I had the same error message, after I had activated the Addon for the encryption. And would login with a another user account (no Admin).
For this user a private & public key had been (before the activation of the Addon) already exist.

Solution: i delete or rename both keys, and login again
sudo rm /nextcloud/data/USER/files_external/rootcerts.crt
sudo rm /nextcloud/data/USER/files_encryption/OC_DEFAULT_MODULE/USER.privateKey
sudo rm /nextcloud/data/USER/files_encryption/OC_DEFAULT_MODULE/USER.publicKey

br Raiko

[boldandbusted]

@MorrisJobke Nope. Still the same issue, now with NextCloud 10.0.1. UPDATE: Raiko's fix fixed it, but what a hack. :)

[schiessle]

I'm aware if this issue. The Problem is that the keys still exists but of course Nextcloud can no longer decrypt the private key. The idea was that password should give you a basic access to your Nextcloud, e.g. to access your calendar and contacts again but at the same time keep the old keys in case a admin can later recover the users files.

Of course there is also the case where no way to recover the files, if no revovery key is enabled and if the user has no chance to get back the old password. Probably a new UI/OCC command like suggested in #2908 would be needed. I will have a look and suggest a solution.

[djermann]

I have the same problem. It first showed up on version 9.0.51 and it is still there in the newest version 11. The password actually resets, but the error message still pops up. I am using nginx, postgreSQL, debian 8.6, php 5.6.29.
I would be happy if someone could solve this problem, because I have a lot of customers that are contacting me because of this.

[zecke]

Maybe a missing openssl.cnf, e.g. like in #2907?

[djermann]

I do have an openssl.cnf file in /etc/ssl/ . Is this the one you are talking about?

[Razva]

Still active in 12. Any ETA?

[schiessle]

@Razva what do you mean? Did you read my explanation above and the changes we did for 12 (always create a new key on password reset and backup the old one): #2918

Please open a new issue with more details if you think something doesn't work as expected.

[SkyWheel]

@schiessle , I have the same issue: user forgot his password. I have change his password from the user management console. When logged in he cannot access his old files (that's OK, they've been encrypted), but he cannot access NEW files as well.
Only full deletion and creation account with the same username has resolved the issue.

[doliG]

Got the same problem on a shared hosting.

I've installed NC, uploaded my files. Then I've activated encryption module, following these steps.

I have a popin that suggest me to change my pwd

The text is not clear at all. I don't have any "old something", and I don't understand how should I complete this thing.

When I click on submit, I can see 503 error in the devtools, with the message

Error
Private Key missing for user: Guillaume

I've tried to create a new user, and I got the same problem...

Any idea ?

[sualko]

Same issue as described by @doliG on 22.2.6 in conjunction with #8546.

[codingneko]

Same issue here, enabled the basic encryption and it asks to "set my old private key" (whatever that means), which did NOT exist because the module wasn't enabled...