From 9b504039f4e799b8b22a3bed7ab9925660477ff0 Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Wed, 25 Mar 2026 20:00:51 +0100
Subject: [PATCH 1/2] fix: cache validation of system keys

Signed-off-by: Robin Appelman <robin@icewind.nl>
---
 apps/encryption/lib/Users/Setup.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/apps/encryption/lib/Users/Setup.php b/apps/encryption/lib/Users/Setup.php
index f2189d6dab25a..7f50fd8b23e13 100644
--- a/apps/encryption/lib/Users/Setup.php
+++ b/apps/encryption/lib/Users/Setup.php
@@ -9,13 +9,18 @@
 
 use OCA\Encryption\Crypto\Crypt;
 use OCA\Encryption\KeyManager;
+use OCP\ICache;
+use OCP\ICacheFactory;
 
 class Setup {
+	private readonly ICache $cache;
 
 	public function __construct(
 		private Crypt $crypt,
 		private KeyManager $keyManager,
+		ICacheFactory $cacheFactory,
 	) {
+		$this->cache = $cacheFactory->createLocal('encryption-setup');
 	}
 
 	/**
@@ -35,7 +40,10 @@ public function setupUser($uid, $password) {
 	 * make sure that all system keys exists
 	 */
 	public function setupSystem() {
-		$this->keyManager->validateShareKey();
-		$this->keyManager->validateMasterKey();
+		if (!$this->cache->get('keys-validated')) {
+			$this->keyManager->validateShareKey();
+			$this->keyManager->validateMasterKey();
+			$this->cache->set('keys-validated', true);
+		}
 	}
 }

From 1e2f273c092894e8ec821ebd0d49a38d3330a131 Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Thu, 26 Mar 2026 17:09:33 +0100
Subject: [PATCH 2/2] test: adjust tests to caching of key validation

Signed-off-by: Robin Appelman <robin@icewind.nl>
---
 .../tests/Command/FixEncryptedVersionTest.php         |  3 +++
 apps/encryption/tests/EncryptedStorageTest.php        |  3 +++
 apps/encryption/tests/Users/SetupTest.php             | 11 ++++++++++-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/apps/encryption/tests/Command/FixEncryptedVersionTest.php b/apps/encryption/tests/Command/FixEncryptedVersionTest.php
index 8a37aae28067e..478a846bb7aaf 100644
--- a/apps/encryption/tests/Command/FixEncryptedVersionTest.php
+++ b/apps/encryption/tests/Command/FixEncryptedVersionTest.php
@@ -12,6 +12,7 @@
 
 use OC\Files\View;
 use OCA\Encryption\Command\FixEncryptedVersion;
+use OCA\Encryption\KeyManager;
 use OCA\Encryption\Util;
 use OCP\Encryption\IManager;
 use OCP\Files\ISetupManager;
@@ -49,6 +50,8 @@ class FixEncryptedVersionTest extends TestCase {
 
 	public function setUp(): void {
 		parent::setUp();
+		Server::get(KeyManager::class)->validateMasterKey();
+		Server::get(KeyManager::class)->validateShareKey();
 
 		Server::get(IAppConfig::class)->setValueBool('encryption', 'useMasterKey', true);
 
diff --git a/apps/encryption/tests/EncryptedStorageTest.php b/apps/encryption/tests/EncryptedStorageTest.php
index eb1463fcf0d15..8fa5672a747f8 100644
--- a/apps/encryption/tests/EncryptedStorageTest.php
+++ b/apps/encryption/tests/EncryptedStorageTest.php
@@ -11,6 +11,7 @@
 use OC\Files\Storage\Temporary;
 use OC\Files\Storage\Wrapper\Encryption;
 use OC\Files\View;
+use OCA\Encryption\KeyManager;
 use OCP\Files\Mount\IMountManager;
 use OCP\Files\Storage\IDisableEncryptionStorage;
 use OCP\Server;
@@ -30,6 +31,8 @@ class EncryptedStorageTest extends TestCase {
 	use UserTrait;
 
 	public function testMoveFromEncrypted(): void {
+		Server::get(KeyManager::class)->validateMasterKey();
+		Server::get(KeyManager::class)->validateShareKey();
 		$this->createUser('test1', 'test2');
 		$this->setupForUser('test1', 'test2');
 
diff --git a/apps/encryption/tests/Users/SetupTest.php b/apps/encryption/tests/Users/SetupTest.php
index 2d8974aa5d450..1f95425884436 100644
--- a/apps/encryption/tests/Users/SetupTest.php
+++ b/apps/encryption/tests/Users/SetupTest.php
@@ -12,6 +12,8 @@
 use OCA\Encryption\Crypto\Crypt;
 use OCA\Encryption\KeyManager;
 use OCA\Encryption\Users\Setup;
+use OCP\ICache;
+use OCP\ICacheFactory;
 use PHPUnit\Framework\MockObject\MockObject;
 use Test\TestCase;
 
@@ -32,9 +34,16 @@ protected function setUp(): void {
 			->disableOriginalConstructor()
 			->getMock();
 
+		$cache = $this->createMock(ICache::class);
+		$cacheFactory = $this->createMock(ICacheFactory::class);
+		$cacheFactory->method('createLocal')
+			->willReturn($cache);
+
 		$this->instance = new Setup(
 			$this->cryptMock,
-			$this->keyManagerMock);
+			$this->keyManagerMock,
+			$cacheFactory,
+		);
 	}