Encrypted S3 primary storage - thumbnails not encrypted

Nextcloud version (eg, 12.0.2): 16.0.5 (Snap)
Operating system and version (eg, Ubuntu 17.04): Ubuntu 18.04

The issue you are facing:
I have set up Nextcloud (Snap install) with S3 as primary storage and turned on encryption (also on home storage, as the S3 storage is my home storage). For each picture uploaded to Nextcloud, 3 files are created in the S3 storage, all of them encrypted.
However, after viewing the files on the web interface, at least 1 additional file is created on the S3 as a thumbnail (a few kB) unencrypted! I have found a similar issue with a text file, after viewing it a thumbnail of it is created on the storage.

How can I prevent this behaviour? Are the other 2 encrypted files not already thumbnails?

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Install Nextcloud with Snap
  2. Setup an S3 object storage as primary storage
  3. Enable encryption (incl. home storage)

The output of your Nextcloud log in Admin > Logging: I’m getting several error messages:

OCP\Encryption\Exceptions\GenericEncryptionException: Bad Signature
Couldn't re-calculate unencrypted size for files
Cannot modify header information - headers already sent by (output started at /snap/nextcloud/16739/htdocs/3rdparty/sabre/http/lib/Sapi.php:80) at /snap/nextcloud/16739/htdocs/3rdparty/sabre/http/lib/Sapi.php#63

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

PASTE HERE -> TODO

The output of your Apache/nginx/system log in /var/log/____:

No Apache log found in /var/log/