Issues with Encryption in OC9

[bawatkins]

Steps to reproduce
Uploaded documents to folder, now when I access the files most are okay but a couple I can't access and get a decryption error in the log. I have server side encryption turned on, all files were uploaded at the same time, all are in the same directory but a couple I just can't access anymore, can see them in the file listing but when I goto download it has an error. Mix of documents, some PDF, some excel. Also the owncloud client cannot sync these files. File is not shared.

Expected behaviour
Should be able to download document

Actual behaviour
Can see the document in file listing but can't access document and get error in the log saying it can't be decrypted.

Server configuration
Operating system: Ubuntu 14.04
Web server: Apache
Database: mysql
PHP version: 5.5.9
ownCloud version (see ownCloud admin page): 9.0.0
Updated from an older ownCloud or fresh install: updated from older
ownCloud log (data/owncloud.log):

Special configuration (external storage, external authentication, reverse proxy, server-side-encryption): server-side-encryption

Where did you install ownCloud from:
Manual install, downloaded tar.bz and extracted to directories

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.
No errors have been found.

**List of activated apps:**

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder

**The content of config/config.php:**
<?php
$CONFIG = array (
  'instanceid' => 'ocy3998skspr',
  'passwordsalt' => 
  'secret' => 
  'trusted_domains' => 
  array (
    0 => 'ext.cleverfinance.com.au',
  ),
  'datadirectory' => '/home/ext/public_html/files/data',
  'overwrite.cli.url' => 'https://ext.cleverfinance.com.au/files',
  'dbtype' => 'mysql',
  'version' => '9.0.0.19',
  'dbname' => 'owncloud',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_own_admin',
  'dbpassword' => 
  'installed' => true,
  'forcessl' => true,
  'forceSSLforSubdomains' => true,
  'mail_from_address' => 'owncloud',
  'mail_smtpmode' => 'php',
  'mail_domain' => 'cleverfinance.com.au',
  'theme' => '',
  'maintenance' => false,
  'loglevel' => 2,
  'trashbin_retention_obligation' => 'auto',
);

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

or

Insert your config.php content here
(Without the database password, passwordsalt and secret)

**Are you using external storage, if yes which one:** local/smb/sftp/...
No external storage
**Are you using encryption:** yes/no
Yes
**Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/...
NO
#### LDAP configuration (delete this part if not used)

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM oc_appconfig WHERE appid = 'user_ldap';

Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

### Client configuration
**Browser:**
Firefox of IE11
**Operating system:**
Windows 10
### Logs
#### Web server error log

Insert your webserver log here

#### ownCloud log (data/owncloud.log)

Insert your ownCloud log here

Fatal Webdav

Exception: {"Message":"Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.","Exception":"OC\\Encryption\\Exceptions\\DecryptionFailedException","Code":0,"Trace":"#0 \/home\/ext\/public_html\/files\/lib\/private\/files\/stream\/encryption.php(459): OCA\\Encryption\\Crypto\\Encryption->decrypt('odqYxmQG0bj4KXm...', 0)\n#1 \/home\/ext\/public_html\/files\/lib\/private\/files\/stream\/encryption.php(290): OC\\Files\\Stream\\Encryption->readCache()\n#2 [internal function]: OC\\Files\\Stream\\Encryption->stream_read(8192)\n#3 \/home\/ext\/public_html\/files\/3rdparty\/icewind\/streams\/src\/Wrapper.php(83): fread(Resource id #33, 8192)\n#4 \/home\/ext\/public_html\/files\/3rdparty\/icewind\/streams\/src\/CallbackWrapper.php(91): Icewind\\Streams\\Wrapper->stream_read(8192)\n#5 [internal function]: Icewind\\Streams\\CallbackWrapper->stream_read(8192)\n#6 \/home\/ext\/public_html\/files\/3rdparty\/sabre\/http\/lib\/Sapi.php(78): stream_copy_to_stream(Resource id #36, Resource id #38, '195584')\n#7 \/home\/ext\/public_html\/files\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php(470): Sabre\\HTTP\\Sapi::sendResponse(Object(Sabre\\HTTP\\Response))\n#8 \/home\/ext\/public_html\/files\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php(248): Sabre\\DAV\\Server->invokeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#9 \/home\/ext\/public_html\/files\/apps\/dav\/appinfo\/v1\/webdav.php(55): Sabre\\DAV\\Server->exec()\n#10 \/home\/ext\/public_html\/files\/remote.php(138): require_once('\/home\/ext\/publi...')\n#11 {main}","File":"\/home\/ext\/public_html\/files\/apps\/encryption\/lib\/crypto\/encryption.php","Line":360,"User":"bawatkins"}
#### Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...

[schiessle]

did you uploaded it to a shared folder or to a local folder.

Please check for one of the broken the following directory:

data/<user>/files_encryption/keys/files/<path_to_file>/<filename>/OC_DEFAULT_MODULE/

What does this directory contain? You should have at least a fileKey and a <user>.shareKey. In case of a shared file you should have a <user>.shareKey for every user with access to the file.

[bawatkins]

They were uploaded to shared folders.

For the ones I am having problems with, I get an error trying to open the data//files_encryption/keys/files/<path_to_file>/ folder It says "no such file or directory", I can see the folder for the filename but can't open it.

I had a look at some others which are okay and I can open the filename and see the filekey and user.sharekey files

[bawatkins]

I have another file that I can't access via owncloud web interface. I can see the data//files_encryption/keys/files/<path_to_file>//OC_DEFAULT_MODULE/ and the filekey and user.sharekey for this file in the folder but cant access the file. This was a file I only uploaded a couple of days ago via webdav.

[schiessle]

I have another file that I can't access via owncloud web interface. I can see the data//files_encryption/keys/files///OC_DEFAULT_MODULE/ and the filekey and user.sharekey for this file in the folder but cant access the file. This was a file I only uploaded a couple of days ago via webdav.

Can you monitor your owncloud.log while you try to access this specific file and post the error message here? Thanks!

[bawatkins]

Error no app in context Exception: {"Exception":"OC\HintException","Message":"Bad Signature","Code":0,"Trace":"#0 /home/ext/public_html/files/apps/encryption/lib/crypto/crypt.php(456): OCA\Encryption\Crypto\Crypt->checkSignature('FGdaZ83v8qZybYL...', '?(???????TU?N??...', 'b3c750a490fce11...')\n#1 /home/ext/public_html/files/apps/encryption/lib/crypto/encryption.php(363): OCA\Encryption\Crypto\Crypt->symmetricDecryptFileContent('FGdaZ83v8qZybYL...', '?(???????TU?N??...', 'AES-256-CTR', 1, 0)\n#2 /home/ext/public_html/files/lib/private/files/stream/encryption.php(459): OCA\Encryption\Crypto\Encryption->decrypt('FGdaZ83v8qZybYL...', 0)\n#3 /home/ext/public_html/files/lib/private/files/stream/encryption.php(290): OC\Files\Stream\Encryption->readCache()\n#4 [internal function]: OC\Files\Stream\Encryption->stream_read(8192)\n#5 /home/ext/public_html/files/apps/files_external/3rdparty/icewind/streams/src/Wrapper.php(67): fread(Resource id #38, 8192)\n#6 /home/ext/public_html/files/apps/files_external/3rdparty/icewind/streams/src/CallbackWrapper.php(88): Icewind\Streams\Wrapper->stream_read(8192)\n#7 [internal function]: Icewind\Streams\CallbackWrapper->stream_read(8192)\n#8 /home/ext/public_html/files/lib/private/files/view.php(413): fread(Resource id #41, 8192)\n#9 /home/ext/public_html/files/lib/private/files.php(184): OC\Files\View->readfile('/CFS/Clients/A-...')\n#10 /home/ext/public_html/files/lib/private/files.php(89): OC_Files::getSingleFile(Object(OC\Files\View), '/CFS/Clients/A-...', 'Valuation Decis...', false)\n#11 /home/ext/public_html/files/apps/files/ajax/download.php(53): OC_Files::get('/CFS/Clients/A-...', Array, false)\n#12 /home/ext/public_html/files/lib/private/route/route.php(154) : runtime-created function(1): require_once('/home/ext/publi...')\n#13 [internal function]: __lambda_func(Array)\n#14 /home/ext/public_html/files/lib/private/route/router.php(273): call_user_func('?lambda_714', Array)\n#15 /home/ext/public_html/files/lib/base.php(873): OC\Route\Router->match('/apps/files/aja...')\n#16 /home/ext/public_html/files/index.php(39): OC::handleRequest()\n#17 {main}","File":"/home/ext/public_html/files/apps/encryption/lib/crypto/crypt.php","Line":476}

[bawatkins]

Exception: {"Message":"Bad Signature","Exception":"OC\HintException","Code":0,"Trace":"#0 /home/ext/public_html/files/apps/encryption/lib/crypto/crypt.php(456): OCA\Encryption\Crypto\Crypt->checkSignature('FGdaZ83v8qZybYL...', '?(???????TU?N??...', 'b3c750a490fce11...')\n#1 /home/ext/public_html/files/apps/encryption/lib/crypto/encryption.php(363): OCA\Encryption\Crypto\Crypt->symmetricDecryptFileContent('FGdaZ83v8qZybYL...', '?(???????TU?N??...', 'AES-256-CTR', 1, 0)\n#2 /home/ext/public_html/files/lib/private/files/stream/encryption.php(459): OCA\Encryption\Crypto\Encryption->decrypt('FGdaZ83v8qZybYL...', 0)\n#3 /home/ext/public_html/files/lib/private/files/stream/encryption.php(290): OC\Files\Stream\Encryption->readCache()\n#4 [internal function]: OC\Files\Stream\Encryption->stream_read(8192)\n#5 /home/ext/public_html/files/apps/files_external/3rdparty/icewind/streams/src/Wrapper.php(67): fread(Resource id #36, 8192)\n#6 /home/ext/public_html/files/apps/files_external/3rdparty/icewind/streams/src/CallbackWrapper.php(88): Icewind\Streams\Wrapper->stream_read(8192)\n#7 [internal function]: Icewind\Streams\CallbackWrapper->stream_read(8192)\n#8 /home/ext/public_html/files/3rdparty/sabre/http/lib/Sapi.php(78): stream_copy_to_stream(Resource id #39, Resource id #41, '47661')\n#9 /home/ext/public_html/files/3rdparty/sabre/dav/lib/DAV/Server.php(470): Sabre\HTTP\Sapi::sendResponse(Object(Sabre\HTTP\Response))\n#10 /home/ext/public_html/files/3rdparty/sabre/dav/lib/DAV/Server.php(248): Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))\n#11 /home/ext/public_html/files/apps/dav/appinfo/v1/webdav.php(55): Sabre\DAV\Server->exec()\n#12 /home/ext/public_html/files/remote.php(138): require_once('/home/ext/publi...')\n#13 {main}","File":"/home/ext/public_html/files/apps/encryption/lib/crypto/crypt.php","Line":476,"User":"bawatkins"}

[schiessle]

Hm, the signature issue indicates that you modified the file (or reverted a version) after the upgrade to 9.0 because the signature was introduced in this version. Can you post the entry for this file in the file cache table.

cc @LukasReschke any idea?

[bawatkins]

This is a file I only uploaded a day ago and there has been no changes to owncloud versions. Although I uploaded it a day ago I now can't access it.. Where do I find the file cache table?

[schiessle]

@bawatkins

Where do I find the file cache table?

it is the oc_filecache table in your database

[bawatkins]

Can't get any further info on this one as I had to downgrade to 8.2.2 Any new files I added to the 9.0.1 install were then not accessible and couldn't continue with that so took the step to go back.

[schiessle]

@bawatkins any chance to setup a copy of your server as test instance, check if you can re-produce it and provide the additional information. Otherwise I can't do much.

[schiessle]

Closing it for now... Feel free to re-open it if someone experience the same problem and can help to debug it.

[joeyjy]

Hi @schiesbn , I met the same problem after enable the encryption app, I store file in openstack objectStore swift(Ceph)，I can successfully upload any file but can not download them, debugged by myself, I found encrypted=0 in oc_filecache for all files, update them and set encrypted to 1 then I can download them, any idea?

[joeyjy]

@schiesbn v9.0.2

[joeyjy]

after I set encrypted=1, I can download and open them successfully but it says 'Couldn't re-calculate unencrypted size for files/Documents......' and bad signature error in the log

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.