Encryption fails on file-move

[aignerat]

Steps to reproduce

1. Use encryption
2. share a file with a user
3. user moves the file from the shared-folder to his root-directory

Expected behaviour

Move the file or throw warning/error and do nothing.

Actual behaviour

The file has 0 byte and gets moved to recycle bin. If recycle bin is not active the file is lost.

Server configuration

Operating system:
centOS7

Web server:
Tested on Apache 2.4.18 and Nginx in Docker
Database:
Postgres 9.6
PHP version:
PHP 7.1.26
Nextcloud version: (see Nextcloud admin page)
Nextcloud 15.0.3
Nextcloud 13.0.1
Tested on both

Updated from an older Nextcloud/ownCloud or fresh install:
Fresh 15.0.3 and updated from 13.0.1/14.0.2
Fresh 13.0.1 and updated from 11.x+12.x

Where did you install Nextcloud from:
Own repository + Docker (multiple tests)

Signing status:

Signing status

Login as admin user into your Nextcloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.

List of activated apps:

App list

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

**Nextcloud configuration:**

<details>
<summary>$CONFIG = array (
  'passwordsalt' => 'removed',
  'secret' => 'removed',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'removed',
  ),
  'gs.enabled' => false,
  'datadirectory' => '/srv/removed/data',
  'dbtype' => 'pgsql',
  'version' => '15.0.3.0',
  'overwrite.cli.url' => 'https://removed/',
  'dbname' => 'removed',
  'dbhost' => '127.0.0.1:5432',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'removed',
  'dbpassword' => 'removed',
  'installed' => true,
  'instanceid' => 'oc6q1v3d2tmm',
  'mail_from_address' => 'noreply',
  'mail_smtpmode' => 'php',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_domain' => 'removed',
  'redis' =>
  array (
    'dbindex' => 12,
    'host' => '127.0.0.1',
    'port' => 9501,
    'timeout' => 0,
    'password' => 'removed',
  ),
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'share_folder' => '/Shared',
  'quota_include_external_storage' => false,
  'hide_logo' => false,
  'users_licences' => 30,
  'filer_not_allowed' => true,
  'default_language' => 'en',
  'filelocking.enabled' => false,
  'hide_encryption_section' => false,
  'hide_social_buttons' => true,
  'filter_not_allowed_apps' =>
  array (
  ),
  'has_internet_connection' => false,
  'loglevel' => 2,
  'maintenance' => false,
);

Are you using external storage, if yes which one: yes, but the problem was replicated on the local storage

Are you using encryption: yes

Are you using an external user-backend, if yes which one: Tested with LDAP and without - the same issue happened

Client configuration

Happens on Chrome, Firefox, iE and Safari on Windows and Mac

Logs

Web server error log

Web server error log

nothing relevant in web server logs

Nextcloud log (data/nextcloud.log)

from NC-13.0.1:

Fatal | webdav | OCP\Encryption\Exceptions\GenericEncryptionException: Missing Signature: user/srv/nc-000/web/apps/encryption/lib/Crypto/Crypt.php - line 530: 
OCA\Encryption\Crypto\Crypt->hasSignature('', 'AES-256-CTR')/srv/nc-000/web/apps/encryption/lib/Crypto/Crypt.php - line 462: 
OCA\Encryption\Crypto\Crypt->splitMetaData('', 'AES-256-CTR')/srv/nc-000/web/apps/encryption/lib/Crypto/Encryption.php - line 380: 
OCA\Encryption\Crypto\Crypt->symmetricDecryptFileContent('', '\f~\x16\xEC\xF5lF\xE0\x87P\x80y\x02*\xC5...', 'AES-256-CTR', 6, '0end')/srv/nc-000/web/lib/private/Files/Stream/Encryption.php - line 464: 
OCA\Encryption\Crypto\Encryption->decrypt(*** sensitive parameters replaced ***)/srv/nc-000/web/lib/private/Files/Stream/Encryption.php - line 295: 
OC\Files\Stream\Encryption->readCache()[internal function] 
OC\Files\Stream\Encryption->stream_read(52)/srv/nc-000/web/3rdparty/sabre/http/lib/Sapi.php - line 80: stream_copy_to_stream(Resource id #41, Resource id #43, '52')/srv/nc-000/web/3rdparty/sabre/dav/lib/DAV/Server.php - line 498: 
Sabre\HTTP\Sapi sendResponse(Object(Sabre\HTTP\Response))/srv/nc-000/web/3rdparty/sabre/dav/lib/DAV/Server.php - line 254: 
Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))/srv/nc-000/web/apps/dav/lib/Server.php - line 283: Sabre\DAV\Server->exec()/srv/nc-000/web/apps/dav/appinfo/v2/remote.php - line 35: 
OCA\DAV\Server->exec()/srv/nc-000/web/remote.php - line 164: require_once('/srv/nc-000/w...'){main}

Browser log

Browser log

Insert your browser log here, this could for example include:

nothing relevant in javascript and network - log

[aignerat]

After further tests and code-adjustments I could figure out that the problem exists when a user moves a file from a folder where user1 is the owner to a folder where user2 is the owner.

Seems to be a problem with private keys while the configvalue 'filelocking.enabled' => false is set. The configvalue was set for the antivirus cronjob.

Is it possible to get any helpful information on this case?

[arcanatigris]

Enabling it through the CLI works still so it seems to be a GUI issue only.

sudo -u www-data php ./occ encryption:enable

[aignerat]

Enabling it through the CLI works still so it seems to be a GUI issue only.

sudo -u www-data php ./occ encryption:enable

it's not about enabling encryption, it's about dataloss when filelocking.enabled is set to false and shared files are copied from the sharee

[szaimen]

I'm closing this issue due to inactivity. If this is still happening please make sure to upgrade to the latest version. After that, feel free to reopen.