chacha20poly1305: message authentication failed

Hi there,

today I tried to restore some files from an encrypted node. It’s a test for an emergency scenario, but unfortunately it didn’t work and now takes away some of my confidence. The error is “chacha20poly1305: message authentication failed”. I think it only occurs with one file, at least the error in the logs only occurs once and the remaining thousand files were probably recovered.

Processing "N.syncthing-enc\\U2\\89NB1AIJABM8P703HPVRC9K9U1VJPDDS8U82HJVK937VLMUTQ8VJM4Q0JK5O3PHB007PPJDVBOCFO0LIK06PU8KV0GO610S9OR62VU8HFC7UE9AQ8NU9FQNH5NOAKSSLNGQ2JNGIKDDN7O07KNQ653Q4K4F9SAJN9OKO3CK5CP1LP6I56BJHM0BF4VG3SVS4FBE2GU5K\\.syncthing.35448674d242448efa4bfd90159faf466bdc300fcfabd9b78b6333610b110486.tmp"
Plaintext filename is "oraclerestore/0.syncthing-enc/CS/U1FVK8G5LGRUJMIV617IU799Q4L8FVFGP7IAT24OUELTT860JKDTTSB1C66IMITV3FBJFE557PTQ29UL2B879J47CA7ESQVNQQF9P23DQRAGR7ONLB43ITVI24EN838BKH1TQJROOIACL15LLK08H0J2DQCS1L3A6CBJAR9517S56GJNSAMSBUDSG"
Warning: N.syncthing-enc\U2\89NB1AIJABM8P703HPVRC9K9U1VJPDDS8U82HJVK937VLMUTQ8VJM4Q0JK5O3PHB007PPJDVBOCFO0LIK06PU8KV0GO610S9OR62VU8HFC7UE9AQ8NU9FQNH5NOAKSSLNGQ2JNGIKDDN7O07KNQ653Q4K4F9SAJN9OKO3CK5CP1LP6I56BJHM0BF4VG3SVS4FBE2GU5K\.syncthing.35448674d242448efa4bfd90159faf466bdc300fcfabd9b78b6333610b110486.tmp: oraclerestore/0.syncthing-enc/CS/U1FVK8G5LGRUJMIV617IU799Q4L8FVFGP7IAT24OUELTT860JKDTTSB1C66IMITV3FBJFE557PTQ29UL2B879J47CA7ESQVNQQF9P23DQRAGR7ONLB43ITVI24EN838BKH1TQJROOIACL15LLK08H0J2DQCS1L3A6CBJAR9517S56GJNSAMSBUDSG: encrypted block 0 (1064 bytes): chacha20poly1305: message authentication failed

Can anyone help me? Is there a “fix encryption” function? I don’t even know which file it was, because the filename is still encrypted…

Thanks fresh

It should be possible to narrow down the list of files by looking at the size of the encrypted file which is slightly larger than the original.

Another option is to decrypt the folder via the following command-line syntax:

syncthing decrypt --to <plaintext-destination> --password <your-password> <encrypted-folder-path>

(See the Untrusted (Encrypted) Devices page for more details.)

After decrypting, compare the decrypted folder against the original folder to find the damaged file.

A major difficulty with file encryption is that any filesystem corruption makes things much more difficult to recover from compared to when files aren’t encrypted, so it’s generally a good idea to have a proper backup of the unencrypted files. It’s also very helpful to run diagnostics on the storage device and the filesystem volume to detect and repair errors as early as possible.

The error shown in OPs post comes from the syncthing decrypt command. It can’t decrypt the file since the authentication is broken, which is obviously checked by the decrypt command.

Based on the first “processing” message, it appears that it tries to decrypt a temp file from syncthing. This temp file may be a leftover, or an indication that sync was ongoing while you ran the decrypt. In any case, this temp file doesn’t appear to be an “actual” file. The decrypted filename also doesn’t seem to relate to an actual file on your filesystem.

I would check whether you’re actually missing files and if not, you can just ignore that error. It doesn’t appear to be related to anything real.

This.

I did a docker compose down before decrypt. Works. Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.