OCP\Encryption\Exceptions\GenericEncryptionException: Bad Signature

[baek-sang]

Steps to reproduce

1. Click download file or Photo view

Expected behaviour

No Error

Actual behaviour

OCP\Encryption\Exceptions\GenericEncryptionException: Bad Signature .when file download

Server configuration

Operating system: CentOS 8.4

Web server: Nginx 1.21.0

Database: PostgreSQL 13.3

PHP version: 7.4.19

Nextcloud version: 21.0.2

Updated from an older Nextcloud/ownCloud or fresh install: fresh install on docker

Where did you install Nextcloud from: Docker

Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

Enabled:
  - accessibility: 1.7.0
  - calendar: 2.2.2
  - checksum: 1.1.2
  - cloud_federation_api: 1.4.0
  - comments: 1.11.0
  - contacts: 3.5.1
  - contactsinteraction: 1.2.0
  - dav: 1.17.1
  - encryption: 2.9.0
  - federatedfilesharing: 1.11.0
  - files: 1.16.0
  - files_rightclick: 1.0.0
  - files_trashbin: 1.11.0
  - files_versions: 1.14.0
  - files_videoplayer: 1.10.0
  - logreader: 2.6.0
  - lookup_server_connector: 1.9.0
  - metadata: 0.13.0
  - nextcloud_announcements: 1.10.0
  - notifications: 2.9.0
  - oauth2: 1.9.0
  - password_policy: 1.11.0
  - photos: 1.3.0
  - privacy: 1.5.0
  - provisioning_api: 1.11.0
  - serverinfo: 1.11.0
  - settings: 1.3.0
  - systemtags: 1.11.0
  - tasks: 0.13.6
  - text: 3.2.0
  - theming: 1.12.0
  - twofactor_backupcodes: 1.10.0
  - twofactor_totp: 6.1.0
  - updatenotification: 1.11.0
  - viewer: 1.5.0
  - workflowengine: 2.3.0
Disabled:
  - activity
  - admin_audit
  - dashboard
  - federation
  - files_external
  - files_pdfviewer
  - files_sharing
  - firstrunwizard
  - recommendations
  - sharebymail
  - support
  - survey_client
  - user_ldap
  - user_status
  - weather_status

Nextcloud configuration:

Config report

{
    "system": {
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "objectstore": {
            "class": "\\OC\\Files\\ObjectStore\\S3",
            "arguments": {
                "bucket": "bucket-name",
                "key": "***REMOVED SENSITIVE VALUE***",
                "secret": "***REMOVED SENSITIVE VALUE***",
                "region": "SFO3",
                "hostname": "sfo3.digitaloceanspaces.com",
                "port": "443",
                "objectPrefix": "urn:oid:",
                "autocreate": false,
                "use_ssl": true,
                "use_path_style": false,
                "legacy_auth": false
            }
        },
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "site.domain"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "version": "21.0.2.1",
        "overwrite.cli.url": "http:\/\/localhost",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "ssl",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpauth": 1,
        "mail_smtpport": "465",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "twofactor_enforced": "true",
        "twofactor_enforced_groups": [
            "admin"
        ],
        "twofactor_enforced_excluded_groups": [],
        "default_phone_region": "US",
        "maintenance": false
    }
}

Are you using external storage, if yes which one:

Are you using encryption: yes

Are you using an external user-backend, if yes which one:

LDAP configuration (delete this part if not used)

LDAP config

There are no commands defined in the "ldap" namespace.

Client configuration

Browser: Firefox 90

Operating system: Windows 10

Logs

Web server error log

Web server error log

-

Nextcloud log (data/nextcloud.log)

Nextcloud log

{"reqId":"1PTmEGyVVanvSixwYFNS","level":3,"time":"2021-06-26T07:34:56+00:00","remoteAddr":"123.123.123.123","user":"user_name","app":"no app in context","method":"GET","url":"/remote.php/webdav/config.json?downloadStartSecret=z1k3ruax3s","message":"Couldn't re-calculate unencrypted size for files/config.json","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0","version":"21.0.2.1"}
{"reqId":"1PTmEGyVVanvSixwYFNS","level":3,"time":"2021-06-26T07:34:56+00:00","remoteAddr":"123.123.123.123","user":"user_name","app":"no app in context","method":"GET","url":"/remote.php/webdav/config.json?downloadStartSecret=z1k3ruax3s","message":{"Exception":"OCP\\Encryption\\Exceptions\\GenericEncryptionException","Message":"Bad Signature","Code":0,"Trace":[{"file":"/var/www/html/apps/encryption/lib/Crypto/Crypt.php","line":480,"function":"checkSignature","class":"OCA\\Encryption\\Crypto\\Crypt","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/apps/encryption/lib/Crypto/Encryption.php","line":376,"function":"symmetricDecryptFileContent","class":"OCA\\Encryption\\Crypto\\Crypt","type":"->","args":["*** sensitive parameter replaced ***",null,"AES-256-CTR",1,"*** sensitive parameter replaced ***"]},{"file":"/var/www/html/lib/private/Files/Storage/Wrapper/Encryption.php","line":583,"function":"decrypt","class":"OCA\\Encryption\\Crypto\\Encryption","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Files/Storage/Wrapper/Encryption.php","line":503,"function":"fixUnencryptedSize","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Files/Storage/Wrapper/Encryption.php","line":168,"function":"verifyUnencryptedSize","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Files/Storage/Wrapper/Encryption.php","line":407,"function":"filesize","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"/var/www/html/lib/private/Files/Storage/Wrapper/Wrapper.php","line":302,"function":"fopen","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->","args":["*** sensitive parameter replaced ***","r"]},{"file":"/var/www/html/lib/private/Files/View.php","line":1166,"function":"fopen","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->","args":["*** sensitive parameter replaced ***","r"]},{"file":"/var/www/html/lib/private/Files/View.php","line":1002,"function":"basicOperation","class":"OC\\Files\\View","type":"->","args":["fopen","/config.json",["read"],"r"]},{"file":"/var/www/html/apps/dav/lib/Connector/Sabre/File.php","line":434,"function":"fopen","class":"OC\\Files\\View","type":"->","args":["config.json","r"]},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":85,"function":"get","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->","args":[]},{"file":"/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"httpGet","class":"Sabre\\DAV\\CorePlugin","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":472,"function":"emit","class":"Sabre\\DAV\\Server","type":"->","args":["method:GET",[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/var/www/html/apps/dav/appinfo/v1/webdav.php","line":84,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/var/www/html/remote.php","line":167,"args":["/var/www/html/apps/dav/appinfo/v1/webdav.php"],"function":"require_once"}],"File":"/var/www/html/apps/encryption/lib/Crypto/Crypt.php","Line":505,"Hint":"Bad Signature","CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0","version":"21.0.2.1"}

Browser log

Browser log

N/A

[PVince81]

there will be a new command for fixing these errors when using master key encryption: #27638

is this a single file or a lot of them ? is it a big file ?

[baek-sang]

there will be a new command for fixing these errors when using master key encryption: #27638

is this a single file or a lot of them ? is it a big file ?

I tested it and error occured.
Single file : 1KB / 39KB / 9.7MB / 40MB / 1.5GB

[szaimen]

Duplicate of #22077