DocsTroubleshooting & FAQEncryption & Decryption Errors

Encryption & Decryption Errors

Fix issues when items fail to encrypt, decrypt, or verify integrity. Common causes include out-of-date clients, device authorization problems, corrupted cache blocks, clock skew, or mismatched keys.

Quick Checklist

  • Confirm you’re on the latest app version (signed update installed).
  • Ensure the vault is unlocked and you’re using the correct profile/vault path.
  • Verify system time sync (automatic date & time enabled).
  • Check device authorization in Settings → Security → Devices.
  • Run Integrity check on the affected item and retry.

“Key mismatch” / “Invalid MAC/AEAD tag”

  • Unlock with the correct master password; wrong keys lead to authentication failures.
  • Re-authorize this device in Settings → Security → Devices → Approve.
  • If the item was shared, ask the owner to re-share (rotates the item key for you).
  • On multi-device edits, restore a known-good Version history snapshot and retry.

“Decryption failed: corrupted block/chunk”

  • Run Integrity check → the client re-fetches damaged chunks automatically.
  • Ensure stable network; disable aggressive proxy/AV that tampers with temp files.
  • Clear previews/cache for the item in Settings → Storage and re-open.

Windows

  • Add app/cache folders to AV/Ransomware allow-list.
  • Check Time settings → Sync now to fix clock skew for TOTP/keys.
  • Run as standard user; avoid conflicting “data protection” overlays.

macOS

  • Re-enable Keychain/biometrics in System Settings → Privacy & Security.
  • Gatekeeper blocked update? Reinstall signed DMG and retry decryption.
  • Use spctl --assess if verifying a manual build.

Linux

  • Ensure glibc/libfuse meet minimums.
  • Check file perms/SELinux/AppArmor profiles aren’t blocking the cache.
  • Verify hardware clock and NTP sync (timedatectl).

Recovery Steps

  1. Refresh keys: Lock → Unlock vault with master password; confirm profile.
  2. Re-authorize device: Settings → Security → DevicesApprove or Remove & Re-add.
  3. Integrity check: Right-click item → Integrity check (re-download bad blocks).
  4. Version restore: Open item → Version history → restore a good version.
  5. Clear cache: Settings → Storage → Clear previews/cache (does not delete encrypted data).
  6. Reinstall (last resort): Install latest signed build; do Restore existing vault from recovery seed/key file.

Shared Items & Teams

  • If a member lost access, re-issue the share to rotate the item key for them.
  • Role changes may revoke decryption rights; confirm space/vault permissions.
  • For join failures, have the admin resend the invite and verify the recipient account.

Best Practices

  • Enable auto-updates for crypto patches and compatibility.
  • Keep offline backups of recovery seed/key file.
  • Avoid killing the app during large encrypt/decrypt operations.
  • Test restore on a second device quarterly.

Safe Support

Never share master password, recovery seed, or key files. If logs are needed, encrypt them with our PGP key.

System Status

Check incidents or maintenance.

Live Chat

Real-time triage for key issues.

Submit a Ticket

Attach timestamps & item IDs.

Previous

File Management Issues

Next

Performance & Sync Issues