Server-side encryption not working on nc with S3 object storage as primary storage

Saniel · March 4, 2019, 4:02pm

With encryption enabled, after files was uploaded, they become unavailable for watching and using, otherwise all ok

Nextcloud version : 15.0.5
Operating system and version : Debian 9
Apache or nginx version : 1.10.3
PHP version : 7.0

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

install nc
setup s3 as primary storage
enable server side encryption
try to upload file and then open/download

The output of your Nextcloud log in Admin > Logging:

Fatal	webdav	OC\Encryption\Exceptions\DecryptionFailedException: Encryption library: Decryption (symmetric) of content failed:
/data/www/nextcloud-15.0.2/apps/encryption/lib/Crypto/Crypt.php - line 473:

OCA\Encryption\Crypto\Crypt->decrypt("*** sensiti ... *")

/data/www/nextcloud-15.0.2/apps/encryption/lib/Crypto/Encryption.php - line 379:

OCA\Encryption\Crypto\Crypt->symmetricDecryptFileContent("*** sensiti ... *", "*** sensiti ... *", "*** sensiti ... *", 1, "*** sensiti ... *")

/data/www/nextcloud-15.0.2/lib/private/Files/Stream/Encryption.php - line 479:

OCA\Encryption\Crypto\Encryption->decrypt("*** sensiti ... *")

/data/www/nextcloud-15.0.2/lib/private/Files/Stream/Encryption.php - line 299:

OC\Files\Stream\Encryption->readCache()

<<closure>>

OC\Files\Stream\Encryption->stream_read(8192)

/data/www/nextcloud-15.0.2/3rdparty/icewind/streams/src/Wrapper.php - line 91:

fread(null, 8192)

/data/www/nextcloud-15.0.2/3rdparty/icewind/streams/src/CallbackWrapper.php - line 98:

Icewind\Streams\Wrapper->stream_read(8192)

<<closure>>

Icewind\Streams\CallbackWrapper->stream_read(8192)

/data/www/nextcloud-15.0.2/3rdparty/sabre/http/lib/Sapi.php - line 80:

stream_copy_to_stream(null, null, "2604939")

/data/www/nextcloud-15.0.2/3rdparty/sabre/dav/lib/DAV/Server.php - line 498:

Sabre\HTTP\Sapi::sendResponse(Sabre\HTTP\Response {})

/data/www/nextcloud-15.0.2/3rdparty/sabre/dav/lib/DAV/Server.php - line 254:

Sabre\DAV\Server->invokeMethod(Sabre\HTTP\R ... "}, Sabre\HTTP\Response {})

/data/www/nextcloud-15.0.2/apps/dav/appinfo/v1/webdav.php - line 80:

Sabre\DAV\Server->exec()

/data/www/nextcloud-15.0.2/remote.php - line 163:

require_once("/data/www/n ... p")

	2019-03-04T16:48:12+0200
Error	no app in context	OCP\Encryption\Exceptions\GenericEncryptionException: Bad Signature
/data/www/nextcloud-15.0.2/apps/encryption/lib/Crypto/Crypt.php - line 467:

OCA\Encryption\Crypto\Crypt->checkSignature("Ha24oU1V6HF ... S", null, "af98b852c81 ... 4")

/data/www/nextcloud-15.0.2/apps/encryption/lib/Crypto/Encryption.php - line 379:

OCA\Encryption\Crypto\Crypt->symmetricDecryptFileContent("*** sensiti ... *", null, "AES-256-CTR", 1, "*** sensiti ... *")

/data/www/nextcloud-15.0.2/lib/private/Files/Storage/Wrapper/Encryption.php - line 581:

OCA\Encryption\Crypto\Encryption->decrypt("*** sensiti ... *")

/data/www/nextcloud-15.0.2/lib/private/Files/Storage/Wrapper/Encryption.php - line 500:

OC\Files\Storage\Wrapper\Encryption->fixUnencryptedSize("*** sensiti ... *")

/data/www/nextcloud-15.0.2/lib/private/Files/Storage/Wrapper/Encryption.php - line 164:

OC\Files\Storage\Wrapper\Encryption->verifyUnencryptedSize("*** sensiti ... *")

/data/www/nextcloud-15.0.2/lib/private/Files/Storage/Wrapper/Encryption.php - line 401:

OC\Files\Storage\Wrapper\Encryption->filesize("*** sensiti ... *")

/data/www/nextcloud-15.0.2/lib/private/Files/Storage/Wrapper/Wrapper.php - line 299:

OC\Files\Storage\Wrapper\Encryption->fopen("*** sensiti ... *", "r")

/data/www/nextcloud-15.0.2/lib/private/Files/View.php - line 1150:

OC\Files\Storage\Wrapper\Wrapper->fopen("*** sensiti ... *", "r")

/data/www/nextcloud-15.0.2/lib/private/Files/View.php - line 986:

OC\Files\View->basicOperation("fopen", "/trailridgeroad.jpg", [ "read"], "r")

/data/www/nextcloud-15.0.2/apps/dav/lib/Connector/Sabre/File.php - line 373:

OC\Files\View->fopen("trailridgeroad.jpg", "r")

/data/www/nextcloud-15.0.2/3rdparty/sabre/dav/lib/DAV/CorePlugin.php - line 85:

OCA\DAV\Connector\Sabre\File->get()

<<closure>>

Sabre\DAV\CorePlugin->httpGet(Sabre\HTTP\R ... "}, Sabre\HTTP\Response {})

/data/www/nextcloud-15.0.2/3rdparty/sabre/event/lib/EventEmitterTrait.php - line 105:

call_user_func_array([ Sabre\DAV\ ... "], [ Sabre\HTTP ... }])

/data/www/nextcloud-15.0.2/3rdparty/sabre/dav/lib/DAV/Server.php - line 479:

Sabre\Event\EventEmitter->emit("method:GET", [ Sabre\HTTP ... }])

/data/www/nextcloud-15.0.2/3rdparty/sabre/dav/lib/DAV/Server.php - line 254:

Sabre\DAV\Server->invokeMethod(Sabre\HTTP\R ... "}, Sabre\HTTP\Response {})

/data/www/nextcloud-15.0.2/apps/dav/appinfo/v1/webdav.php - line 80:

Sabre\DAV\Server->exec()

/data/www/nextcloud-15.0.2/remote.php - line 163:

require_once("/data/www/n ... p")

The output of config.php file:

        "objectstore": {
            "class": "OC\\Files\\ObjectStore\\S3",
            "arguments": {
                "bucket": "nextcloud-prod",
                "region": "eu-central-1",
                "key": "ZZZZZZZZZZ",
                "secret": "ZZZZZZZZZZZZZZZZZZ",
                "use_ssl": true
            }
        },

Saniel · May 14, 2019, 10:00am

No one has similar problem ? That huge bug stopping us to use nc, i really was tried everything