Upgrading to Nextcloud 13 breaks users' encrypted files

[RandieM]

Steps to reproduce

1. Upgrade a Nextcloud 12 installation, with file encryption enabled, to Nextcloud 13.

Expected behaviour

Files should remain encrypted and accessible.

Actual behaviour

An increasing number of user files get broken and totally inaccessible/unusable.

Server configuration

Operating system: Debian 8

Web server: NGINX 1.14.0

Database: MariaDB 10.0.35

PHP version: 5.6

Nextcloud version: 13.0.1.1

Updated from an older Nextcloud/ownCloud or fresh install: updated from NC 12

Where did you install Nextcloud from: NC website

Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

  - admin_audit: 1.3.0
  - bookmarks: 0.11.0
  - bruteforcesettings: 1.0.3
  - calendar: 1.6.1
  - comments: 1.3.0
  - contacts: 2.1.5
  - data_request: 1.0.1
  - dav: 1.4.6
  - encryption: 2.0.0
  - federatedfilesharing: 1.3.1
  - files: 1.8.0
  - files_pdfviewer: 1.2.1
  - files_sharing: 1.5.0
  - files_texteditor: 2.5.1
  - files_trashbin: 1.3.0
  - files_versions: 1.6.0
  - files_videoplayer: 1.2.0
  - firstrunwizard: 2.2.1
  - gallery: 18.0.0
  - logreader: 2.0.0
  - lookup_server_connector: 1.1.0
  - mail: 0.8.1
  - nextcloud_announcements: 1.2.0
  - notes: 2.3.2
  - notifications: 2.1.2
  - oauth2: 1.1.0
  - passman: 2.1.4
  - password_policy: 1.3.0
  - provisioning_api: 1.3.0
  - qownnotesapi: 17.5.0
  - serverinfo: 1.3.0
  - sharebymail: 1.3.0
  - tasks: 0.9.6
  - theming: 1.4.5
  - twofactor_backupcodes: 1.2.3
  - twofactor_totp: 1.4.1
  - updatenotification: 1.3.0
  - workflowengine: 1.3.0

Nextcloud configuration:

Config report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "13.0.1.1",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "logtimezone": "Europe\/Berlin",
        "installed": true,
        "enable_previews": true,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "enable_avatars": false,
        "logdateformat": "Y-m-d_H:i:s",
        "updatechecker": false,
        "log_type": "errorlog",
        "logfile": "",
        "loglevel": 2,
        "customclient_desktop": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "trashbin_retention_obligation": "auto,90",
        "activity_expire_days": 90,
        "preview_max_scale_factor": 1,
        "preview_max_filesize_image": 10,
        "skeletondir": "\/var\/www\/nextcloud\/themes\/***REMOVED SENSITIVE VALUE***\/skeleton",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "php",
        "mail_smtpauthtype": "LOGIN",
        "mail_domain": "***REMOVED SENSITIVE VALUE***"
    }
}

Are you using external storage, if yes which one: local

Are you using encryption: yes

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Not relevant

Operating system: Not relevant

Logs

Web server error log

Web server error log

***REMOVED SENSITIVE INFO*** - ***REMOVED SENSITIVE INFO*** [13/Aug/2018:15:24:29 +0200] "PUT /remote.php/dav/files/***REMOVED SENSITIVE INFO***/Personal/***REMOVED SENSITIVE INFO*** HTTP/1.1" 503 328 "-" "Mozilla/5.0 (Windows) mirall/2.3.3 (build 1) (Nextcloud)"
***REMOVED SENSITIVE INFO*** - ***REMOVED SENSITIVE INFO*** [13/Aug/2018:15:24:30 +0200] "PUT /remote.php/dav/files/***REMOVED SENSITIVE INFO***/Personal/***REMOVED SENSITIVE INFO***.xlsx HTTP/1.1" 503 328 "-" "Mozilla/5.0 (Windows) mirall/2.3.3 (build 1) (Nextcloud)"
***REMOVED SENSITIVE INFO*** - ***REMOVED SENSITIVE INFO*** [13/Aug/2018:15:24:31 +0200] "PUT /remote.php/dav/files/***REMOVED SENSITIVE INFO***/Personal/***REMOVED SENSITIVE INFO***.xlsx HTTP/1.1" 503 328 "-" "Mozilla/5.0 (Windows) mirall/2.3.3 (build 1) (Nextcloud)"
***REMOVED SENSITIVE INFO*** - ***REMOVED SENSITIVE INFO*** [13/Aug/2018:15:24:32 +0200] "PUT /remote.php/dav/files/***REMOVED SENSITIVE INFO***/Personal/***REMOVED SENSITIVE INFO***.xlsx HTTP/1.1" 503 328 "-" "Mozilla/5.0 (Windows) mirall/2.3.3 (build 1) (Nextcloud)"

Nextcloud log (data/nextcloud.log)

Nextcloud log

2018/08/13 15:24:32 [error] 23796#23796: *6267139 FastCGI sent in stderr: "PHP message: [owncloud][webdav][4] Exception: {"Exception":"Sabre\\DAV\\Exception\\ServiceUnavailable","Message":"Encryption not ready: multikeydecrypt with share key failed:error:0906D06C:PEM routines:PEM_read_bio:no start line","Code":0,"Trace":"#0 \/var\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/File.php(188): OCA\\DAV\\Connector\\Sabre\\File->convertToSabreException(Object(OCA\\Encryption\\Exceptions\\MultiKeyDecryptException))\n#1 \/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php(1130): OCA\\DAV\\Connector\\Sabre\\File->put(Resource id #21)\n#2 \/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/CorePlugin.php(513): Sabre\\DAV\\Server->updateFile('files\/***REMOVED SENSITIVE INFO***...', Resource id #21, NULL)\n#3 [internal function]: Sabre\\DAV\\CorePlugin->httpPut(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#4 \/var\/www\/nextcloud\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\n#5 \/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/l" while reading response header from upstream, client: ***REMOVED SENSITIVE INFO***, server: ***REMOVED SENSITIVE INFO***, request: "PUT /remote.php/dav/files/***REMOVED SENSITIVE INFO***/Personal/***REMOVED SENSITIVE INFO***.xlsx HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "***REMOVED SENSITIVE INFO***"

[nextcloud-bot]

GitMate.io thinks possibly related issues are #4908 (Problem upgrading NextCloud), #9911 (Nextcloud upgrade to 13.0.4 Failed), #5056 (nextcloud 12 upgrade error), #2206 (Nextcloud update cause encryption files not opened anymore or being encrypted.), and #8367 (Command-line clients fail to download files after upgrade to Nextcloud 13).

[RandieM]

Anyone with ideas on this? The issues mentioned above do not seem particularly relevant to me.

[RandieM]

Unfortunately, upgrading NC server does not solve the problem.
May be somebody could look into this, now that the NC conference is finished.
Many thanks in advance for any help provided!

[tqtx]

I have the same problem，When I open the file, I report the following error: multikeydecrypt with share key failed:error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02

[szaimen]

I'm closing this issue due to inactivity. If this is still happening please make sure to upgrade to the latest version. After that, feel free to reopen.