OCP\Encryption\Exceptions\GenericEncryptionException: Bad Signature

[phi16180]

Steps to reproduce

Install NC
Setup S3 Object Storage as primary storage
enable Encryption
upload files > 10kb
try to retrieve files

Expected behaviour

Files should be retrieved normally.

Actual behaviour

Nextcloud throws 2 errors.

OCP\Encryption\Exceptions\GenericEncryptionException: Bad Signature
Couldn't re-calculate unencrypted size for files/xxx

In a previous NC installation with onlyoffice, files are not saved. When a new file is created it remains under 9KB.

In this current installation, files seem to be saved properly and can also be retrieved without problems. But NC keeps throwing the same errors.

Server configuration detail

Operating system: Linux 5.4.0-1029-aws #30-Ubuntu SMP Tue Oct 20 10:06:38 UTC 2020 x86_64

Webserver: nginx/1.18.0 (fpm-fcgi)

Database: mysql 10.3.25

PHP version:

7.4.3
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, sodium, cgi-fcgi, mysqlnd, PDO, xml, bcmath, bz2, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, igbinary, imagick, intl, json, exif, mysqli, pdo_mysql, Phar, posix, readline, redis, shmop, SimpleXML, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, xmlreader, xmlwriter, xsl, zip, Zend OPcache

Nextcloud version: 20.0.1 - 20.0.1.1

Updated from an older Nextcloud/ownCloud or fresh install:

Where did you install Nextcloud from: unknown

Signing status

Array
(
)

List of activated apps

Enabled:
 - accessibility: 1.6.0
 - activity: 2.13.2
 - bookmarks: 4.0.5
 - bruteforcesettings: 2.0.1
 - calendar: 2.1.2
 - cloud_federation_api: 1.3.0
 - comments: 1.10.0
 - contacts: 3.4.1
 - contactsinteraction: 1.1.0
 - dashboard: 7.0.0
 - dav: 1.16.0
 - deck: 1.1.2
 - encryption: 2.8.1
 - federatedfilesharing: 1.10.1
 - federation: 1.10.1
 - files: 1.15.0
 - files_antivirus: 3.0.0
 - files_pdfviewer: 2.0.1
 - files_rightclick: 0.17.0
 - files_sharing: 1.12.0
 - files_trashbin: 1.10.1
 - files_versions: 1.13.0
 - files_videoplayer: 1.9.0
 - firstrunwizard: 2.9.0
 - groupfolders: 8.1.1
 - issuetemplate: 0.7.0
 - logreader: 2.5.0
 - lookup_server_connector: 1.8.0
 - mail: 1.7.0
 - nextcloud_announcements: 1.9.0
 - notes: 4.0.0
 - notifications: 2.8.0
 - oauth2: 1.8.0
 - onlyoffice: 6.1.0
 - password_policy: 1.10.1
 - passwords: 2020.11.0
 - photos: 1.2.0
 - privacy: 1.4.0
 - provisioning_api: 1.10.0
 - recommendations: 0.8.0
 - serverinfo: 1.10.0
 - settings: 1.2.0
 - sharebymail: 1.10.0
 - spreed: 10.0.1
 - support: 1.3.0
 - survey_client: 1.8.0
 - systemtags: 1.10.0
 - tasks: 0.13.6
 - text: 3.1.0
 - theming: 1.11.0
 - twofactor_backupcodes: 1.9.0
 - twofactor_totp: 5.0.0
 - updatenotification: 1.10.0
 - user_status: 1.0.0
 - viewer: 1.4.0
 - w2g2: 3.0.3
 - weather_status: 1.0.0
 - workflowengine: 2.2.0
Disabled:
 - admin_audit
 - drawio
 - files_external
 - richdocuments
 - user_ldap

Configuration (config/config.php)

{
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "objectstore": {
        "class": "OC\\Files\\ObjectStore\\S3",
        "arguments": {
            "bucket": "***REMOVED SENSITIVE VALUE***",
            "autocreate": true,
            "key": "***REMOVED SENSITIVE VALUE***",
            "secret": "***REMOVED SENSITIVE VALUE***",
            "hostname": "***REMOVED SENSITIVE VALUE***",
            "port": 443,
            "use_ssl": true,
            "region": "us-east-1",
            "use_path_style": false
        }
    },
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "***REMOVED SENSITIVE VALUE***"
    ],
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "dbtype": "mysql",
    "version": "20.0.1.1",
    "overwrite.cli.url": "https:\/\/***REMOVED SENSITIVE VALUE***",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbport": "",
    "dbtableprefix": "oc_",
    "mysql.utf8mb4": true,
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "installed": true,
    "filelocking.enabled": false,
    "memcache.distributed": "\\OC\\Memcache\\Redis",
    "memcache.local": "\\OC\\Memcache\\Redis",
    "memcache.locking": "\\OC\\Memcache\\Redis",
    "redis": {
        "host": "***REMOVED SENSITIVE VALUE***",
        "port": 6379
    },
    "twofactor_enforced": "true",
    "twofactor_enforced_groups": [],
    "twofactor_enforced_excluded_groups": [],
    "mail_smtpmode": "smtp",
    "mail_sendmailmode": "smtp",
    "mail_from_address": "***REMOVED SENSITIVE VALUE***",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpauthtype": "LOGIN",
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpauth": 1,
    "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
    "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpport": "465",
    "mail_smtpsecure": "ssl",
    "app_install_overwrite": [
        "drawio"
    ]
}

Are you using external storage, if yes which one: local/smb/sftp/...

Are you using encryption: 1

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

Client configuration

Browser: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:82.0) Gecko/20100101 Firefox/82.0

Operating system:

Logs

Web server error log

Insert your web server log here 

Nextcloud log

{"reqId":"6TYkxER3ArjXXRM0hLYq","level":3,"time":"2020-11-14T13:12:52+00:00","remoteAddr":"23.21.71.173","user":"user.name","app":"no app in context","method":"GET","url":"/apps/onlyoffice/download?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJkb3dubG9hZCIsImZpbGVJZCI6OTg3LCJ1c2VySWQiOiJjaGllZi50ZWNoMDFpdCJ9.goy3zlhh2Ma_gqCCE0ksPe8ha_HXBQgZXgXr6Fh9lcM","message":"Couldn't re-calculate unencrypted size for files/First Word Document.docx","userAgent":"Node.js/6.13","version":"20.0.1.1"}


{"reqId":"6TYkxER3ArjXXRM0hLYq","level":3,"time":"2020-11-14T13:12:52+00:00","remoteAddr":"23.21.71.173","user":"user.name","app":"no app in context","method":"GET","url":"/apps/onlyoffice/download?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJkb3dubG9hZCIsImZpbGVJZCI6OTg3LCJ1c2VySWQiOiJjaGllZi50ZWNoMDFpdCJ9.goy3zlhh2Ma_gqCCE0ksPe8ha_HXBQgZXgXr6Fh9lcM","message":{"Exception":"OCP\\Encryption\\Exceptions\\GenericEncryptionException","Message":"Bad Signature","Code":0,"Trace":[{"file":"/usr/share/nginx/nextcloud/apps/encryption/lib/Crypto/Crypt.php","line":479,"function":"checkSignature","class":"OCA\\Encryption\\Crypto\\Crypt","type":"->"},{"file":"/usr/share/nginx/nextcloud/apps/encryption/lib/Crypto/Encryption.php","line":376,"function":"symmetricDecryptFileContent","class":"OCA\\Encryption\\Crypto\\Crypt","type":"->"},{"file":"/usr/share/nginx/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php","line":585,"function":"decrypt","class":"OCA\\Encryption\\Crypto\\Encryption","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/nginx/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php","line":505,"function":"fixUnencryptedSize","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/nginx/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php","line":166,"function":"verifyUnencryptedSize","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/usr/share/nginx/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php","line":409,"function":"filesize","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->"},{"file":"/usr/share/nginx/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php","line":222,"function":"fopen","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->"},{"file":"/usr/share/nginx/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php","line":246,"function":"file_get_contents","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->"},{"file":"/usr/share/nginx/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php","line":246,"function":"file_get_contents","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->"},{"file":"/usr/share/nginx/nextcloud/lib/private/Files/View.php","line":1161,"function":"file_get_contents","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->"},{"file":"/usr/share/nginx/nextcloud/lib/private/Files/View.php","line":597,"function":"basicOperation","class":"OC\\Files\\View","type":"->"},{"file":"/usr/share/nginx/nextcloud/lib/private/Files/Node/File.php","line":57,"function":"file_get_contents","class":"OC\\Files\\View","type":"->"},{"file":"/usr/share/nginx/nextcloud/apps/onlyoffice/controller/callbackcontroller.php","line":295,"function":"getContent","class":"OC\\Files\\Node\\File","type":"->"},{"file":"/usr/share/nginx/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":169,"function":"download","class":"OCA\\Onlyoffice\\Controller\\CallbackController","type":"->"},{"file":"/usr/share/nginx/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":100,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/usr/share/nginx/nextcloud/lib/private/AppFramework/App.php","line":152,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/usr/share/nginx/nextcloud/lib/private/Route/Router.php","line":308,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/usr/share/nginx/nextcloud/lib/base.php","line":1009,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/usr/share/nginx/nextcloud/index.php","line":37,"function":"handleRequest","class":"OC","type":"::"}],"File":"/usr/share/nginx/nextcloud/apps/encryption/lib/Crypto/Crypt.php","Line":504,"Hint":"Bad Signature","CustomMessage":"--"},"userAgent":"Node.js/6.13","version":"20.0.1.1"}

Browser log

[solracsf]

Closing as duplicate of #22077 and #11826.
Thanks 👍