Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Encrypted external WebDAV storage not working in NC 13.0.3, OCP\Encryption\Exceptions\GenericEncryptionException: Missing Signature #9792

Closed
lje opened this issue Jun 7, 2018 · 15 comments · Fixed by #15946
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap bug feature: dav feature: encryption (server-side)

Comments

@lje
Copy link

lje commented Jun 7, 2018

Steps to reproduce

  1. Enable server side encryption module (Default encryption module)
  2. Leave all settings at default (external storage encrypted, local storage not encrypted)
  3. Mount an external WebDAV folder using a normal user, allow sharing for that folder. In my example WebDAV provider is https://webdav.magentacloud.de/

Expected behaviour

Folder should work

Actual behaviour

Upload to the remote folder works, download doesnt work. NC's Error log has lot of entries stating
OCP\Encryption\Exceptions\GenericEncryptionException: Missing Signature (complete error message will be at the end)
Looking directly at the WebDAV storage (using an WebDAV client) reveals that the file was uploaded successfully and is encrypted, but there are no hidden signature files

Server configuration

Operating system:
Linux 2.6.32 x86_64

Web server:
Apache 2.2

Database:
MySQL 5.1.73

PHP version:
7.0.29

Nextcloud version: (see Nextcloud admin page)
13.0.3 (same issue with 13.0.2)

Updated from an older Nextcloud/ownCloud or fresh install:
Updated from 12.x

Where did you install Nextcloud from:
Web based installer https://download.nextcloud.com/server/installer/setup-nextcloud.php

Signing status:

No errors have been found.
Login as admin user into your Nextcloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.

List of activated apps:

All default + encryption module
If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

No sudo (shared host)

Detailled error message:
OCP\Encryption\Exceptions\GenericEncryptionException: Missing Signature

/var/www/virtual/<path>/apps/encryption/lib/Crypto/Crypt.php - line 529: OCA\Encryption\Crypto\Crypt->hasSignature('---------------...', 'AES-256-CTR')
/var/www/virtual/<path>/apps/encryption/lib/Crypto/Crypt.php - line 462: OCA\Encryption\Crypto\Crypt->splitMetaData('---------------...', 'AES-256-CTR')
/var/www/virtual/<path>/apps/encryption/lib/Crypto/Encryption.php - line 380: OCA\Encryption\Crypto\Crypt->symmetricDecryptFileContent('---------------...', 'D\x08!\x8E\x99\x99$\x08`fw\xA8\xDF\xA0H...', 'AES-256-CTR', 1, 0)
/var/www/virtual/<path>/lib/private/Files/Stream/Encryption.php - line 464: OCA\Encryption\Crypto\Encryption->decrypt(*** sensitive parameters replaced ***)
/var/www/virtual/<path>/lib/private/Files/Stream/Encryption.php - line 295: OC\Files\Stream\Encryption->readCache()
[internal function] OC\Files\Stream\Encryption->stream_read(8192)
/var/www/virtual/<path>/apps/files_external/3rdparty/icewind/streams/src/Wrapper.php - line 83: fread(Resource id #55, 8192)
/var/www/virtual/<path>/apps/files_external/3rdparty/icewind/streams/src/CallbackWrapper.php - line 91: Icewind\Streams\Wrapper->stream_read(8192)
[internal function] Icewind\Streams\CallbackWrapper->stream_read(8192)
/var/www/virtual/<path>/3rdparty/sabre/http/lib/Sapi.php - line 80: stream_copy_to_stream(Resource id #58, Resource id #59, '5961980')
/var/www/virtual/<path>/3rdparty/sabre/dav/lib/DAV/Server.php - line 498: Sabre\HTTP\Sapi sendResponse(Object(Sabre\HTTP\Response))
/var/www/virtual/<path>/3rdparty/sabre/dav/lib/DAV/Server.php - line 254: Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/var/www/virtual/<path>/apps/dav/lib/Server.php - line 287: Sabre\DAV\Server->exec()
/var/www/virtual/<path>/apps/dav/appinfo/v2/remote.php - line 35: OCA\DAV\Server->exec()
/var/www/virtual/<path>/remote.php - line 164: require_once('/var/www/virtua...')
{main}
@lje
Copy link
Author

lje commented Jun 26, 2018

Issue still present in Nextcloud 13.0.4

@wiserweb
Copy link

Issue still present in Nextlcoud 13.0.6 and confirming this exact error message occurs with S3 External Storage as well when encryption is enabled.

@nextcloud-bot nextcloud-bot removed the stale Ticket or PR with no recent activity label Oct 11, 2018
@lje
Copy link
Author

lje commented Oct 16, 2018

Issue still present in NC 14.0.3. Apparently, no one cares.

@globalcow
Copy link

Same for me

@globalcow
Copy link

Is there someone who can take a look at this issue or give us any feedback? Perhaps @rullzer ?

@cortopy
Copy link

cortopy commented Nov 25, 2018

Experiencing same issue. All folders work, except for the one I shared. Issue happens when syncing the folder with a device that didn't have that folder. So like others, seems to be about downloading files within shared folder

@J0WI J0WI added feature: encryption (server-side) 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug feature: dav labels Jan 13, 2019
@martink-p
Copy link
Contributor

Please see my post/issue regarding ownCloud here:
owncloud/core#34599
I bet it is the same problem.

@kettnsaeg
Copy link

kettnsaeg commented Mar 12, 2019

Issue is sill present in 15.05.3.

BUT:

I - please note that I am a noob in anything regarding coding - can confirm that martink-p's solution for owncloud as presented at #34599 refers to the same problem and is a fix for this issue in the nextcloud family.

Setup:
Nextcloud 15.0.5.3
fresh install via Web Based Installer, updated,
PHP 7.3.2,
External Storage is a IONOS HiDrive connected via WebDAV,
serverside encryption for the external storage enabled

@micha-09
Copy link

Issue is sill present in 16.00.0

@lje
Copy link
Author

lje commented Jun 11, 2019

So, this bug is unfixed for a year now. Yay...
Should we just give up on Nextcloud encryption?

@martink-p
Copy link
Contributor

Uhm, Why would you give up?! I came up with a solution in February, which was even confirmed by another user (kettnsaeg).
I think you guys should finally merge my code into your project and close that weird bug...

Best regards,
Martin.

@kesselb
Copy link
Contributor

kesselb commented Jun 11, 2019

@martink-p mind to open a pull request with your changes?

@martink-p
Copy link
Contributor

@kesselb done. I've opened a pull request: #15946

@Woosah
Copy link

Woosah commented Aug 18, 2019

Sorry in advance for commenting on a closed issue!

If I'm right, the fix by @martink-p is merged into the master branch for NC17. At the moment I am on NC16.04 (production channel) and I have many users with files on encrypted external storages. Since yesterday, some are now facing several "bad-sig"-errors for about 20-25 random files, and I'd like to know if I can do something NOW to get these decrypted and accessable again?

Any help at the present moment would be appreciated to solve the issue until an update of NC will be available that fixes this once and for all...

Thanks and kind regards!

@wisemonkey
Copy link

With NC 17 and S3 storage as primary, I see following error
OCP\Encryption\Exceptions\GenericEncryptionException: Bad Signature
Are these related? Does NC17 still has issue with encryption with external primary storage?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap bug feature: dav feature: encryption (server-side)
Projects
None yet
Development

Successfully merging a pull request may close this issue.