Creating Public (Web) Shared Folder Link - Cannot Decrypt/Read/Download Files But Can See Directory Listing

ℹ️ Support
, ,
1

Nextcloud version : 28.0.6
Operating system and version : Ubuntu 22.04.4 LTS
Apache or nginx version : Apache/2.4.59
PHP version : PHP 8.1.29

The issue you are facing:

Server side encryption is enabled with the Default Encryption Module.

Home store encryption is enabled.

A fresh user creates a shared folder within their Dashboard. When sharing this link to 3rd parties, the 3rd parties can view the list of files in their browsers.

However, clicking a file to view it does not load it.

Trying to download a file results in an error in the browser.

Cannot download file
multikeydecrypt with share key failed:error:02000079:rsa routines::oaep decoding error

Previously, such shared folders worked correctly.

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Take any already publicly shared folders, or create a new folder and share it.
  2. Place files in the folder.
  3. Use the link in a browser.
  4. Try to view or download the files, or a ZIP of the files.

The output of your Nextcloud log in Admin > Logging:

[no app in context] Error: Exception thrown: OCA\Encryption\Exceptions\MultiKeyDecryptException
	GET /s/L7q56J8WcKyX9ri/download?path=%2F&files=End.mp4&downloadStartSecret=izbr88mhk9
	from 185.248.85.38 by -- at Jun 13, 2024, 8:27:01 AM

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'REMOVED',
  'passwordsalt' => 'REMOVED',
  'secret' => 'removed',
  'trusted_domains' => 
  array (
    0 => 'REMOVED',
  ),
  'datadirectory' => '/mnt/nxtcld150/nxtclddata',
  'logfile' => '/var/www/html/nextcloud/data/nextcloud.log',
  'overwriteprotocol' => 'https',
  'overwrite.cli.url' => 'REMOVED',
  'dbtype' => 'mysql',
  'version' => '28.0.6.1',
  'dbname' => 'REMOVED',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_nextadmin',
  'dbpassword' => 'REMOVED',
  'logtimezone' => 'UTC',
  'mysql.utf8mb4' => true,
  'installed' => true,
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'filelocking.enabled' => true,
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '/run/redis/redis-server.sock',
    'port' => 0,
    'timeout' => 0.0,
  ),
  'enable_previews' => true,
  'enabledPreviewProviders' => 
  array (
    0 => 'OC\\Preview\\PNG',
    1 => 'OC\\Preview\\JPEG',
    2 => 'OC\\Preview\\GIF',
    3 => 'OC\\Preview\\HEIC',
    4 => 'OC\\Preview\\BMP',
    5 => 'OC\\Preview\\XBitmap',
    6 => 'OC\\Preview\\MP3',
    7 => 'OC\\Preview\\TXT',
    8 => 'OC\\Preview\\MarkDown',
    9 => 'OC\\Preview\\Movie',
    10 => 'OC\\Preview\\Image',
    11 => 'OC\\Preview\\TIFF',
  ),
  'maintenance' => false,
  'maintenance_window_start' => 1,
  'theme' => '',
  'loglevel' => 1,
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'ssl',
  'mail_from_address' => 'REMOVED',
  'mail_domain' => 'REMOVED',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'REMOVED',
  'mail_smtpport' => '465',
  'mail_smtpname' => 'REMOVED',
  'mail_smtppassword' => 'REMOVED',
  'mail_smtpauthtype' => 'LOGIN',
  'updater.release.channel' => 'stable',
  'check_for_working_htaccess' => true,
  'default_phone_region' => 'GB',
  'trashbin_retention_obligation' => 'auto, 15',
  'encryption.legacy_format_support' => false,
  'encryption.key_storage_migrated' => false,
  'mail_sendmailmode' => 'smtp',
  'memories.db.triggers.fcu' => true,
  'memories.exiftool' => '/var/www/html/nextcloud/apps/memories/bin-ext/exiftool-aarch64-glibc',
  'memories.vod.path' => '/var/www/html/nextcloud/apps/memories/bin-ext/go-vod-aarch64',
  'memories.vod.ffmpeg' => '/usr/bin/ffmpeg',
  'memories.vod.ffprobe' => '/usr/bin/ffprobe',
  'preview_max_x' => 1024,
  'preview_max_y' => 1024,
  'memories.gis_type' => 1,
  'updater.secret' => 'REMOVED',
);

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

{"reqId":"EwbJoawn7vQQ80Bp6QjQ","level":3,"time":"2024-06-13T07:38:40+00:00","remoteAddr":"185.248.85.38","user":"--","app":"no app in context","method":"GET","url":"/s/3RpEWHFJcHFFPyQ/download?path=&files=End.mp4","message":"Exception thrown: OCA\\Encryption\\Exceptions\\MultiKeyDecryptException","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15","version":"28.0.6.1","exception":{"Exception":"OCA\\Encryption\\Exceptions\\MultiKeyDecryptException","Message":"multikeydecrypt with share key failed:error:02000079:rsa routines::oaep decoding error","Code":0,"Trace":[{"file":"/var/www/html/nextcloud/apps/encryption/lib/KeyManager.php","line":419,"function":"multiKeyDecrypt","class":"OCA\\Encryption\\Crypto\\Crypt","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/nextcloud/apps/encryption/lib/Crypto/Encryption.php","line":478,"function":"getFileKey","class":"OCA\\Encryption\\KeyManager","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php","line":354,"function":"isReadable","class":"OCA\\Encryption\\Crypto\\Encryption","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php","line":182,"function":"isReadable","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/Files/View.php","line":1161,"function":"isReadable","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/Files/View.php","line":488,"function":"basicOperation","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/Files/Filesystem.php","line":529,"function":"isReadable","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/legacy/OC_Files.php","line":343,"function":"isReadable","class":"OC\\Files\\Filesystem","type":"::"},{"file":"/var/www/html/nextcloud/lib/private/legacy/OC_Files.php","line":122,"function":"getSingleFile","class":"OC_Files","type":"::"},{"file":"/var/www/html/nextcloud/apps/files_sharing/lib/Controller/ShareController.php","line":482,"function":"get","class":"OC_Files","type":"::"},{"file":"/var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":230,"function":"downloadShare","class":"OCA\\Files_Sharing\\Controller\\ShareController","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":137,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/AppFramework/App.php","line":184,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/html/nextcloud/lib/base.php","line":1069,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/html/nextcloud/index.php","line":39,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/nextcloud/apps/encryption/lib/Crypto/Crypt.php","Line":638,"Hint":"multikeydecrypt with share key failed:error:02000079:rsa routines::oaep decoding error","CustomMessage":"Exception thrown: OCA\\Encryption\\Exceptions\\MultiKeyDecryptException"}}