NC 20 hex2bin(): Input string must be hexadecimal string at /var/www/nextcloud/lib/private/Security/Crypto.php#125 #23197

ghost · 2020-10-05T15:22:59Z

How to use GitHub

Please use the 👍 reaction to show that you are affected by the same issue.
Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
Subscribe to receive notifications on status change and new comments.

Steps to reproduce

Getting the following error:

NC 20
Apache2
PHP 7.4.10

hex2bin(): Input string must be hexadecimal string at /var/www/nextcloud/lib/private/Security/Crypto.php#125

hex2bin(): Hexadecimal input string must have an even length at /var/www/nextcloud/lib/private/Security/Crypto.php#127

Web server error 1

Error: hash_equals(): Expected user_string to be a string, bool given at /var/www/nextcloud/lib/private/Security/Crypto.php#138

{
  "reqId": "4ZTVeGlWnJN9UCkv6opc",
  "level": 3,
  "time": "2020-10-05T16:02:04+00:00",
  "remoteAddr": "X.X.X.X",
  "user": "USERNAME",
  "app": "PHP",
  "method": "GET",
  "url": "/apps/text/session/create?fileId=731299&filePath=%2FDocuments%2FNextcloud+Setup+Docmunets%2FUnblock+BruteForce+Attempts.md&guestName=Daikon+Radish&forceRecreate=false",
  "message": {
    "Exception": "Error",
    "Message": "hash_equals(): Expected user_string to be a string, bool given at /var/www/nextcloud/lib/private/Security/Crypto.php#138",
    "Code": 0,
    "Trace": [
      {
        "function": "onError",
        "class": "OC\\Log\\ErrorHandler",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Security/Crypto.php",
        "line": 138,
        "function": "hash_equals"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Encryption/Keys/Storage.php",
        "line": 303,
        "function": "decrypt",
        "class": "OC\\Security\\Crypto",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/Encryption/Keys/Storage.php",
        "line": 104,
        "function": "getKey",
        "class": "OC\\Encryption\\Keys\\Storage",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/encryption/lib/KeyManager.php",
        "line": 554,
        "function": "getFileKey",
        "class": "OC\\Encryption\\Keys\\Storage",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/encryption/lib/KeyManager.php",
        "line": 460,
        "function": "getShareKey",
        "class": "OCA\\Encryption\\KeyManager",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/encryption/lib/Crypto/Encryption.php",
        "line": 202,
        "function": "getFileKey",
        "class": "OCA\\Encryption\\KeyManager",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Stream/Encryption.php",
        "line": 268,
        "function": "begin",
        "class": "OCA\\Encryption\\Crypto\\Encryption",
        "type": "->"
      },
      {
        "function": "stream_open",
        "class": "OC\\Files\\Stream\\Encryption",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Stream/Encryption.php",
        "line": 207,
        "function": "fopen"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Stream/Encryption.php",
        "line": 187,
        "function": "wrapSource",
        "class": "OC\\Files\\Stream\\Encryption",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php",
        "line": 473,
        "function": "wrap",
        "class": "OC\\Files\\Stream\\Encryption",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php",
        "line": 300,
        "function": "fopen",
        "class": "OC\\Files\\Storage\\Wrapper\\Encryption",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/View.php",
        "line": 1159,
        "function": "fopen",
        "class": "OC\\Files\\Storage\\Wrapper\\Wrapper",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/View.php",
        "line": 995,
        "function": "basicOperation",
        "class": "OC\\Files\\View",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Node/File.php",
        "line": 115,
        "function": "fopen",
        "class": "OC\\Files\\View",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/text/lib/Service/DocumentService.php",
        "line": 157,
        "function": "fopen",
        "class": "OC\\Files\\Node\\File",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/text/lib/Service/ApiService.php",
        "line": 99,
        "function": "createDocument",
        "class": "OCA\\Text\\Service\\DocumentService",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/text/lib/Controller/SessionController.php",
        "line": 49,
        "function": "create",
        "class": "OCA\\Text\\Service\\ApiService",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 169,
        "function": "create",
        "class": "OCA\\Text\\Controller\\SessionController",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 100,
        "function": "executeController",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/App.php",
        "line": 152,
        "function": "dispatch",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Route/Router.php",
        "line": 308,
        "function": "main",
        "class": "OC\\AppFramework\\App",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/lib/base.php",
        "line": 1009,
        "function": "match",
        "class": "OC\\Route\\Router",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/index.php",
        "line": 37,
        "function": "handleRequest",
        "class": "OC",
        "type": "::"
      }
    ],
    "File": "/var/www/nextcloud/lib/private/Log/ErrorHandler.php",
    "Line": 91,
    "CustomMessage": "--"
  },
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36",
  "version": "20.0.0.9",
  "id": "5f7b775319a85"
}

Web server error 2

Error: hex2bin(): Input string must be hexadecimal string at /var/www/nextcloud/lib/private/Security/Crypto.php#127

{
  "reqId": "4ZTVeGlWnJN9UCkv6opc",
  "level": 3,
  "time": "2020-10-05T16:02:04+00:00",
  "remoteAddr": "X.X.X.X",
  "user": "username",
  "app": "PHP",
  "method": "GET",
  "url": "/apps/text/session/create?fileId=731299&filePath=%2FDocuments%2FNextcloud+Setup+Docmunets%2FUnblock+BruteForce+Attempts.md&guestName=Daikon+Radish&forceRecreate=false",
  "message": {
    "Exception": "Error",
    "Message": "hex2bin(): Input string must be hexadecimal string at /var/www/nextcloud/lib/private/Security/Crypto.php#127",
    "Code": 0,
    "Trace": [
      {
        "function": "onError",
        "class": "OC\\Log\\ErrorHandler",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Security/Crypto.php",
        "line": 127,
        "function": "hex2bin"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Encryption/Keys/Storage.php",
        "line": 303,
        "function": "decrypt",
        "class": "OC\\Security\\Crypto",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/Encryption/Keys/Storage.php",
        "line": 104,
        "function": "getKey",
        "class": "OC\\Encryption\\Keys\\Storage",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/encryption/lib/KeyManager.php",
        "line": 554,
        "function": "getFileKey",
        "class": "OC\\Encryption\\Keys\\Storage",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/encryption/lib/KeyManager.php",
        "line": 460,
        "function": "getShareKey",
        "class": "OCA\\Encryption\\KeyManager",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/encryption/lib/Crypto/Encryption.php",
        "line": 202,
        "function": "getFileKey",
        "class": "OCA\\Encryption\\KeyManager",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Stream/Encryption.php",
        "line": 268,
        "function": "begin",
        "class": "OCA\\Encryption\\Crypto\\Encryption",
        "type": "->"
      },
      {
        "function": "stream_open",
        "class": "OC\\Files\\Stream\\Encryption",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Stream/Encryption.php",
        "line": 207,
        "function": "fopen"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Stream/Encryption.php",
        "line": 187,
        "function": "wrapSource",
        "class": "OC\\Files\\Stream\\Encryption",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php",
        "line": 473,
        "function": "wrap",
        "class": "OC\\Files\\Stream\\Encryption",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php",
        "line": 300,
        "function": "fopen",
        "class": "OC\\Files\\Storage\\Wrapper\\Encryption",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/View.php",
        "line": 1159,
        "function": "fopen",
        "class": "OC\\Files\\Storage\\Wrapper\\Wrapper",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/View.php",
        "line": 995,
        "function": "basicOperation",
        "class": "OC\\Files\\View",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Node/File.php",
        "line": 115,
        "function": "fopen",
        "class": "OC\\Files\\View",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/text/lib/Service/DocumentService.php",
        "line": 157,
        "function": "fopen",
        "class": "OC\\Files\\Node\\File",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/text/lib/Service/ApiService.php",
        "line": 99,
        "function": "createDocument",
        "class": "OCA\\Text\\Service\\DocumentService",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/text/lib/Controller/SessionController.php",
        "line": 49,
        "function": "create",
        "class": "OCA\\Text\\Service\\ApiService",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 169,
        "function": "create",
        "class": "OCA\\Text\\Controller\\SessionController",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 100,
        "function": "executeController",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/App.php",
        "line": 152,
        "function": "dispatch",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Route/Router.php",
        "line": 308,
        "function": "main",
        "class": "OC\\AppFramework\\App",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/lib/base.php",
        "line": 1009,
        "function": "match",
        "class": "OC\\Route\\Router",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/index.php",
        "line": 37,
        "function": "handleRequest",
        "class": "OC",
        "type": "::"
      }
    ],
    "File": "/var/www/nextcloud/lib/private/Log/ErrorHandler.php",
    "Line": 91,
    "CustomMessage": "--"
  },
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36",
  "version": "20.0.0.9",
  "id": "5f7b775319c32"
}

Web server error 3

Error: hex2bin(): Hexadecimal input string must have an even length at /var/www/nextcloud/lib/private/Security/Crypto.php#125

{
  "reqId": "4ZTVeGlWnJN9UCkv6opc",
  "level": 3,
  "time": "2020-10-05T16:02:04+00:00",
  "remoteAddr": "X.X.X.X",
  "user": "username",
  "app": "PHP",
  "method": "GET",
  "url": "/apps/text/session/create?fileId=731299&filePath=%2FDocuments%2FNextcloud+Setup+Docmunets%2FUnblock+BruteForce+Attempts.md&guestName=Daikon+Radish&forceRecreate=false",
  "message": {
    "Exception": "Error",
    "Message": "hex2bin(): Hexadecimal input string must have an even length at /var/www/nextcloud/lib/private/Security/Crypto.php#125",
    "Code": 0,
    "Trace": [
      {
        "function": "onError",
        "class": "OC\\Log\\ErrorHandler",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Security/Crypto.php",
        "line": 125,
        "function": "hex2bin"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Encryption/Keys/Storage.php",
        "line": 303,
        "function": "decrypt",
        "class": "OC\\Security\\Crypto",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/Encryption/Keys/Storage.php",
        "line": 104,
        "function": "getKey",
        "class": "OC\\Encryption\\Keys\\Storage",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/encryption/lib/KeyManager.php",
        "line": 554,
        "function": "getFileKey",
        "class": "OC\\Encryption\\Keys\\Storage",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/encryption/lib/KeyManager.php",
        "line": 460,
        "function": "getShareKey",
        "class": "OCA\\Encryption\\KeyManager",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/encryption/lib/Crypto/Encryption.php",
        "line": 202,
        "function": "getFileKey",
        "class": "OCA\\Encryption\\KeyManager",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Stream/Encryption.php",
        "line": 268,
        "function": "begin",
        "class": "OCA\\Encryption\\Crypto\\Encryption",
        "type": "->"
      },
      {
        "function": "stream_open",
        "class": "OC\\Files\\Stream\\Encryption",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Stream/Encryption.php",
        "line": 207,
        "function": "fopen"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Stream/Encryption.php",
        "line": 187,
        "function": "wrapSource",
        "class": "OC\\Files\\Stream\\Encryption",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php",
        "line": 473,
        "function": "wrap",
        "class": "OC\\Files\\Stream\\Encryption",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php",
        "line": 300,
        "function": "fopen",
        "class": "OC\\Files\\Storage\\Wrapper\\Encryption",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/View.php",
        "line": 1159,
        "function": "fopen",
        "class": "OC\\Files\\Storage\\Wrapper\\Wrapper",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/View.php",
        "line": 995,
        "function": "basicOperation",
        "class": "OC\\Files\\View",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Files/Node/File.php",
        "line": 115,
        "function": "fopen",
        "class": "OC\\Files\\View",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/text/lib/Service/DocumentService.php",
        "line": 157,
        "function": "fopen",
        "class": "OC\\Files\\Node\\File",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/text/lib/Service/ApiService.php",
        "line": 99,
        "function": "createDocument",
        "class": "OCA\\Text\\Service\\DocumentService",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/apps/text/lib/Controller/SessionController.php",
        "line": 49,
        "function": "create",
        "class": "OCA\\Text\\Service\\ApiService",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 169,
        "function": "create",
        "class": "OCA\\Text\\Controller\\SessionController",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 100,
        "function": "executeController",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/App.php",
        "line": 152,
        "function": "dispatch",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Route/Router.php",
        "line": 308,
        "function": "main",
        "class": "OC\\AppFramework\\App",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/lib/base.php",
        "line": 1009,
        "function": "match",
        "class": "OC\\Route\\Router",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/index.php",
        "line": 37,
        "function": "handleRequest",
        "class": "OC",
        "type": "::"
      }
    ],
    "File": "/var/www/nextcloud/lib/private/Log/ErrorHandler.php",
    "Line": 91,
    "CustomMessage": "--"
  },
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36",
  "version": "20.0.0.9",
  "id": "5f7b775319dc0"
}

The text was updated successfully, but these errors were encountered:

mpranj · 2020-11-03T13:10:55Z

At first I encountered a different problem (#23595) and manually applied the existing patch #23606.
After that patch I encountered this problem with hex2bin. I'm not sure if there is any relation between these issues.

Please ping me if I can povide any new logs/info that has not already been posted above.

ghost · 2020-11-05T17:22:01Z

My error log is getting filled up by this error system to happen when users are syncing. @nickvergessen I know you've asked not to mention people but im not sure how to go about this but this error started since NC 20 and its not going away.

ghost · 2020-11-09T14:42:06Z

Looks like if you setup a fresh install of NC20 you dont get this error but when you upgrade from an earlier version then you get this error.

timbrd · 2020-11-15T16:37:57Z

I am affected by this also. The error first appeared after upgrading from Nextcloud 19 to 20.

ghost · 2020-11-15T18:08:38Z

Can someone from @nextcloud help with this

mpranj · 2020-11-20T08:53:58Z

Ok so after the NC 20.0.2 update I think I could narrow it down a bit:
these errors are logged together with #23078 when I use the Notes app using a desktop web browser or when I open photos from the NC iOS app.

@axheli do you have the same experience or when does it happen for you?

ghost · 2020-11-20T15:00:38Z

Ok so after the NC 20.0.2 update I think I could narrow it down a bit:
these errors are logged together with #23078 when I use the Notes app using a desktop web browser or when I open photos from the NC iOS app.

@axheli do you have the same experience or when does it happen for you?

I get it when users sync the most or open files.

MaievJL · 2020-12-04T13:42:18Z

Yep I am also experiencing this issue. In fact, our files is not even accessible right now after upgrading from NC 19 to 20

HigH-HawK · 2020-12-08T15:36:16Z

I just updated from 19.0.5 to 20.0.2 and can see these error messages as well in Nextcloud Logging. I remember that I switched the config parameter 'encryption.legacy_format_support' from true to false, after I ran the OCC command occ encryption:scan:legacy-format.

I went back a little further in the logs and it seems that these error messages, already appeared while running the OCC command occ encryption:scan:legacy-format.

Apart from those error messages, it seems to run smoothly and without any issues.

System Infos:

CentOS 7.8
Apache 2
PHP 7.4.13
NC 20.0.2

These appeared while browsing through Nextcloud and changing things in the dashboard:

{
	"reqId": "X897iCpUeCe5gxPzuGb3UQAAACw",
	"level": 3,
	"time": "2020-12-08T13:11:37+00:00",
	"remoteAddr": "xx.xx.xx.xx",
	"user": "test.user",
	"app": "PHP",
	"method": "POST",
	"url": "/index.php/apps/dashboard/background/custom",
	"message": {
		"Exception": "Error",
		"Message": "hash_equals(): Expected user_string to be a string, bool given at /var/www/html/nextcloud/htdocs/lib/private/Security/Crypto.php#138",
		"Code": 0,
		"Trace": [
			{
				"function": "onError",
				"class": "OC\\Log\\ErrorHandler",
				"type": "::"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Security/Crypto.php",
				"line": 138,
				"function": "hash_equals"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Encryption/Keys/Storage.php",
				"line": 303,
				"function": "decrypt",
				"class": "OC\\Security\\Crypto",
				"type": "->",
				"args": [
					"*** sensitive parameters replaced ***"
				]
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Encryption/Keys/Storage.php",
				"line": 104,
				"function": "getKey",
				"class": "OC\\Encryption\\Keys\\Storage",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/apps/encryption/lib/KeyManager.php",
				"line": 554,
				"function": "getFileKey",
				"class": "OC\\Encryption\\Keys\\Storage",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/apps/encryption/lib/KeyManager.php",
				"line": 460,
				"function": "getShareKey",
				"class": "OCA\\Encryption\\KeyManager",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/apps/encryption/lib/Crypto/Encryption.php",
				"line": 202,
				"function": "getFileKey",
				"class": "OCA\\Encryption\\KeyManager",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Files/Stream/Encryption.php",
				"line": 268,
				"function": "begin",
				"class": "OCA\\Encryption\\Crypto\\Encryption",
				"type": "->"
			},
			{
				"function": "stream_open",
				"class": "OC\\Files\\Stream\\Encryption",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Files/Stream/Encryption.php",
				"line": 207,
				"function": "fopen"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Files/Stream/Encryption.php",
				"line": 187,
				"function": "wrapSource",
				"class": "OC\\Files\\Stream\\Encryption",
				"type": "::"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Files/Storage/Wrapper/Encryption.php",
				"line": 473,
				"function": "wrap",
				"class": "OC\\Files\\Stream\\Encryption",
				"type": "::"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Files/Storage/Wrapper/Wrapper.php",
				"line": 300,
				"function": "fopen",
				"class": "OC\\Files\\Storage\\Wrapper\\Encryption",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Files/View.php",
				"line": 1165,
				"function": "fopen",
				"class": "OC\\Files\\Storage\\Wrapper\\Wrapper",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Files/View.php",
				"line": 1001,
				"function": "basicOperation",
				"class": "OC\\Files\\View",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Files/Node/File.php",
				"line": 115,
				"function": "fopen",
				"class": "OC\\Files\\View",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/apps/dashboard/lib/Service/BackgroundService.php",
				"line": 146,
				"function": "fopen",
				"class": "OC\\Files\\Node\\File",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/apps/dashboard/lib/Controller/DashboardController.php",
				"line": 162,
				"function": "setFileBackground",
				"class": "OCA\\Dashboard\\Service\\BackgroundService",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/AppFramework/Http/Dispatcher.php",
				"line": 169,
				"function": "setBackground",
				"class": "OCA\\Dashboard\\Controller\\DashboardController",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/AppFramework/Http/Dispatcher.php",
				"line": 100,
				"function": "executeController",
				"class": "OC\\AppFramework\\Http\\Dispatcher",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/AppFramework/App.php",
				"line": 152,
				"function": "dispatch",
				"class": "OC\\AppFramework\\Http\\Dispatcher",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Route/Router.php",
				"line": 308,
				"function": "main",
				"class": "OC\\AppFramework\\App",
				"type": "::"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/base.php",
				"line": 1008,
				"function": "match",
				"class": "OC\\Route\\Router",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/index.php",
				"line": 37,
				"function": "handleRequest",
				"class": "OC",
				"type": "::"
			}
		],
		"File": "/var/www/html/nextcloud/htdocs/lib/private/Log/ErrorHandler.php",
		"Line": 91,
		"CustomMessage": "--"
	},
	"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36",
	"version": "20.0.2.2",
	"id": "5fcf9b231d75f"
}

Followed by:

{
	"reqId": "X897iCpUeCe5gxPzuGb3UQAAACw",
	"level": 3,
	"time": "2020-12-08T13:11:37+00:00",
	"remoteAddr": "xx.xx.xx.xx",
	"user": "test.user",
	"app": "PHP",
	"method": "POST",
	"url": "/index.php/apps/dashboard/background/custom",
	"message": {
		"Exception": "Error",
		"Message": "hex2bin(): Input string must be hexadecimal string at /var/www/html/nextcloud/htdocs/lib/private/Security/Crypto.php#127",
		"Code": 0,
		"Trace": [
			{
				"function": "onError",
				"class": "OC\\Log\\ErrorHandler",
				"type": "::"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Security/Crypto.php",
				"line": 127,
				"function": "hex2bin"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Encryption/Keys/Storage.php",
				"line": 303,
				"function": "decrypt",
				"class": "OC\\Security\\Crypto",
				"type": "->",
				"args": [
					"*** sensitive parameters replaced ***"
				]
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Encryption/Keys/Storage.php",
				"line": 104,
				"function": "getKey",
				"class": "OC\\Encryption\\Keys\\Storage",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/apps/encryption/lib/KeyManager.php",
				"line": 554,
				"function": "getFileKey",
				"class": "OC\\Encryption\\Keys\\Storage",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/apps/encryption/lib/KeyManager.php",
				"line": 460,
				"function": "getShareKey",
				"class": "OCA\\Encryption\\KeyManager",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/apps/encryption/lib/Crypto/Encryption.php",
				"line": 202,
				"function": "getFileKey",
				"class": "OCA\\Encryption\\KeyManager",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Files/Stream/Encryption.php",
				"line": 268,
				"function": "begin",
				"class": "OCA\\Encryption\\Crypto\\Encryption",
				"type": "->"
			},
			{
				"function": "stream_open",
				"class": "OC\\Files\\Stream\\Encryption",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Files/Stream/Encryption.php",
				"line": 207,
				"function": "fopen"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Files/Stream/Encryption.php",
				"line": 187,
				"function": "wrapSource",
				"class": "OC\\Files\\Stream\\Encryption",
				"type": "::"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Files/Storage/Wrapper/Encryption.php",
				"line": 473,
				"function": "wrap",
				"class": "OC\\Files\\Stream\\Encryption",
				"type": "::"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Files/Storage/Wrapper/Wrapper.php",
				"line": 300,
				"function": "fopen",
				"class": "OC\\Files\\Storage\\Wrapper\\Encryption",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Files/View.php",
				"line": 1165,
				"function": "fopen",
				"class": "OC\\Files\\Storage\\Wrapper\\Wrapper",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Files/View.php",
				"line": 1001,
				"function": "basicOperation",
				"class": "OC\\Files\\View",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Files/Node/File.php",
				"line": 115,
				"function": "fopen",
				"class": "OC\\Files\\View",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/apps/dashboard/lib/Service/BackgroundService.php",
				"line": 146,
				"function": "fopen",
				"class": "OC\\Files\\Node\\File",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/apps/dashboard/lib/Controller/DashboardController.php",
				"line": 162,
				"function": "setFileBackground",
				"class": "OCA\\Dashboard\\Service\\BackgroundService",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/AppFramework/Http/Dispatcher.php",
				"line": 169,
				"function": "setBackground",
				"class": "OCA\\Dashboard\\Controller\\DashboardController",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/AppFramework/Http/Dispatcher.php",
				"line": 100,
				"function": "executeController",
				"class": "OC\\AppFramework\\Http\\Dispatcher",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/AppFramework/App.php",
				"line": 152,
				"function": "dispatch",
				"class": "OC\\AppFramework\\Http\\Dispatcher",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/private/Route/Router.php",
				"line": 308,
				"function": "main",
				"class": "OC\\AppFramework\\App",
				"type": "::"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/lib/base.php",
				"line": 1008,
				"function": "match",
				"class": "OC\\Route\\Router",
				"type": "->"
			},
			{
				"file": "/var/www/html/nextcloud/htdocs/index.php",
				"line": 37,
				"function": "handleRequest",
				"class": "OC",
				"type": "::"
			}
		],
		"File": "/var/www/html/nextcloud/htdocs/lib/private/Log/ErrorHandler.php",
		"Line": 91,
		"CustomMessage": "--"
	},
	"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36",
	"version": "20.0.2.2",
	"id": "5fcf9b231d883"
}

phoerious · 2020-12-10T18:49:34Z

Having the same issue. All my files are encrypted with a password that supposedly doesn't match my current password anymore (which is bullshit, I never changed it). While the files are still intact on my already synced clients, I cannot open them anymore via the web UI. This started happening after the upgrade to 20.0.

occ encryption:scan:legacy-format said everything was fine, so I turned legacy support off. Turning it back on, doesn't change anything. I only get an error 500 and a message saying I should recover my files by entering my "old" password. I have no "old" password and when I enter the same password for old and new, it just says "Saving....", but does nothing. When I check the browser's developer console why, then I see a JSON parser error due to an error page being returned, which says "Missing signature".

This Discourse chat is related: https://help.nextcloud.com/t/cant-update-private-key/53662

MaievJL · 2020-12-11T00:56:49Z

So the way I was able to grab photos via downgrading to NC19 (luckily my backup works) and goto Photos --> Album, only there can I click the picture 1 at a time, pretty sad. But the photo function can read and decrypt the file.

However, I cannot save the PDF or non picture file.

I try many of the OCC command like encryption:decrypt-all or encryption:decrypt-all [user] doesn't work. I review my overview section to ensure I resolved all errors. I had better luck with PHP7.4 but PHP 7.2 I cannot even login saying my password was wrong.

I haven't had time to look but I'm tempted to roll back another month to NC18 or something

phoerious · 2020-12-14T08:01:49Z

Any reaction? This is basically a complete data loss due to the upgrade. My cloud file storage is completely dysfunctional right now. My only option at the moment is to delete everything and restore from backup. I will most likely have to delete the whole account with calendars and contacts, since there seems to be no other way to reset the broken encryption key.

kesselb · 2020-12-14T12:01:10Z

Disclaimer: I don't know much about the encryption in Nextcloud. Be careful with everything I suggest. Better have a full backup.

server/apps/encryption/lib/Crypto/Crypt.php

Lines 579 to 596 in b3037de

    
           private function hasSignature($catFile, $cipher) { 
        
           	$skipSignatureCheck = $this->config->getSystemValue('encryption_skip_signature_check', false); 
        
           	$meta = substr($catFile, -93); 
        
           	$signaturePosition = strpos($meta, '00sig00'); 
        
           	// If we no longer support the legacy format then everything needs a signature 
        
           	if (!$skipSignatureCheck && !$this->supportLegacy && $signaturePosition === false) { 
        
           		throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature')); 
        
           	} 
        
           	// enforce signature for the new 'CTR' ciphers 
        
           	if (!$skipSignatureCheck && $signaturePosition === false && stripos($cipher, 'ctr') !== false) { 
        
           		throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature')); 
        
           	} 
        
           	return ($signaturePosition !== false); 
        
           }

@phoerious You can turn off the signature check with encryption_skip_signature_check set to true in config.php. That might help to gain access to your files again.

phoerious · 2020-12-14T15:42:22Z

Thanks. Commenting out that line allowed me to reset the private key password in the encryption settings.

merwan · 2021-01-06T18:34:14Z

I had the same issue after a server failure: I restored a backup of my DB and data files to a new server and I had the same message as @phoerious about a changed password which was not...
I added a line 'encryption_skip_signature_check' => true, in the config.php file and then updated my encryption password providing the same password for old and new, and the error message disappeared. I'm now able to access all my files through the UI.
Thanks for your suggestion @kesselb!

phoerious · 2021-01-06T18:39:16Z

I find it startling that this critical issue still hasn't had any response from the developers after three months. Doesn't really boost my confidence in the product.

ghost · 2021-01-06T19:26:13Z

@phoerious yes i agree with you on this. I understand they are busy but at least to get some movement on this i have 4 servers and all have the same issue after i updateded them from nc19 to nc20.

i setup a new nc 20 and i dont get these errors so these seems more related from updating. @nickvergessen Anyway we can have someone look at this please 🙏🏼

phoerious · 2021-01-06T19:28:34Z

Busy isn't an excuse. I manage a larger open source project myself and we would never be this unresponsive on such a critical issue. And we don't even have a company with full-time employees behind us like Nextcloud does.

ghost · 2021-01-06T19:31:23Z

@

Busy isn't an excuse. I manage a larger open source project myself and we would never be this unresponsive on such a critical issue. And we don't even have a company with full-time employees behind us like Nextcloud does.

Trust me i understand and i agree with you 100%

nickvergessen · 2021-01-07T12:05:14Z

If you get an error about hex2bin being given invalid data, maybe you can add a log statement or go in with the debugger and see what data is given in. Should help a potential developer picking this one up, when they can not reproduce it themselves locally.
Also note that it has to be something quite specific, when it only get 15 thumbs up and 0 reposts within 3 months. If it would happen for everyone or all the time there would be much more reports, so doesn't seem to be too crucial atm.

Busy isn't an excuse. I manage a larger open source project myself and we would never be this unresponsive on such a critical issue. And we don't even have a company with full-time employees behind us like Nextcloud does.

¯\_(ツ)_/¯ we are humans, our job is not to monitor github and immediately fix every tiny thing a person reports. We have things to develop, a security program to handle and support requests from customers to answer (no specific order). After that comes everything else.
Feel free to become a customer/partner and share the revenue you make from reselling/hosting nextcloud https://nextcloud.com/pricing/ or https://nextcloud.com/contact/ that will help getting your issues prioritized. Otherwise you have to wait until someone has time for it.

phoerious · 2021-01-07T12:30:17Z

All relevant log snippets have been posted, there are clear instructions as to how you may be able to reproduce it, the issue is formulated clearly and may potentially affect a lot of people, even if not many have written here. It leads to a potential loss of all data stored in the cloud and should thus have at least high triage priority if not for me, then for the thousands of users who might potentially face this in the future. The total lack of communication does not cast a positive light on this project. At least a timely acknowledgment would have been due, but ymmv. Yet how this went, if tomorrow I were to post a critical security vulnerability, I couldn't trust at all that it would ever be fixed.

/rant

Thanks for your work on this project anyway.

nickvergessen · 2021-01-07T12:47:42Z

Yet how this went, if tomorrow I were to post a critical security vulnerability, I couldn't trust at all that it would ever be fixed.

As per above: "We have … a security program to handle …. After that comes everything else."
Security reports go via hackerone and are looked into immediately.

rullzer · 2021-01-07T13:30:00Z

Please try:

diff --git a/lib/private/Encryption/Keys/Storage.php b/lib/private/Encryption/Keys/Storage.php
index a2b27de6b5..c70ebc15ec 100644
--- a/lib/private/Encryption/Keys/Storage.php
+++ b/lib/private/Encryption/Keys/Storage.php
@@ -301,7 +301,7 @@ class Storage implements IStorage {
                                                $fallback = false;
                                                try {
                                                        $clearData = $this->crypto->decrypt($data);
-                                               } catch (\Exception $e) {
+                                               } catch (\Throwable $e) {
                                                        $fallback = true;
                                                }

viciousvex · 2021-01-25T12:50:30Z

I am getting the same messages in my log file, which is filling up faster than I can delete it. Current rate at which it is filling up is 1.5GB per day. I am also using an upgraded version of nextcloud ("userAgent":"Mozilla/5.0 (iOS) Nextcloud-iOS/3.1.0","version":"20.0.5.2"). I've regularly updated this server since version 14 or even earlier. I also did this recommended thing:

occ encryption:scan:legacy-format

returned all good.
Set 'encryption.legacy_format_support' from true to false

Setting 'encryption.legacy_format_support' back to true does not change anything.

rullzer · 2021-01-25T12:53:20Z

Sorry for the delay but I don't get notifications on closed ticket.
So more digging here it seems.

lorddoumer · 2021-02-02T14:58:56Z

FYI: still persists on 20.0.6.1

AykutCevik · 2021-02-03T20:42:00Z

Can confirm the same error on Nextcloud 20.0.7

rullzer · 2021-02-04T08:36:10Z

Does somebody have a complete stack trace for me? On 20.0.7?

AugustMacke · 2021-02-07T17:23:53Z

This is the stack trace on my 20.0.7:

Click to expand

{"reqId":"UyCpAteIaX2kO4DrKPP9","level":3,"time":"2021-02-07T17:03:25+00:00","remoteAddr":"127.0.0.1","user":"august","app":"no app in context","method":"PUT","url":"/index.php/apps/text/session/create","message":"Couldn't re-calculate unencrypted size for files/Willkommen/_Willkommen.md","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0","version":"20.0.7.1","id":"60201d5d80b6b"}

ghost · 2021-02-09T17:57:03Z

@rullzer I hope this helps.

Web server error

Error: Error: hash_equals(): Expected user_string to be a string, bool given at /var/www/nextcloud/lib/private/Security/Crypto.php#138

{"reqId":"aLtfVjowvNIY7ZRRFupF","level":3,"time":"2021-02-04T21:11:43+00:00","remoteAddr":"10.0.10.178","user":"Laura.Flisk","app":"PHP","method":"PUT","url":"/remote.php/dav/files/Laura.Flisk/Documents/LAPTOPS-2014/VFIS-2003LAPTOPS.XLS","message":{"Exception":"Error","Message":"hash_equals(): Expected user_string to be a string, bool given at /var/www/nextcloud/lib/private/Security/Crypto.php#138","Code":0,"Trace":[{"function":"onError","class":"OC\\Log\\ErrorHandler","type":"::"},{"file":"/var/www/nextcloud/lib/private/Security/Crypto.php","line":138,"function":"hash_equals"},{"file":"/var/www/nextcloud/lib/private/Encryption/Keys/Storage.php","line":303,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Encryption/Keys/Storage.php","line":104,"function":"getKey","class":"OC\\Encryption\\Keys\\Storage","type":"->"},{"file":"/var/www/nextcloud/apps/encryption/lib/KeyManager.php","line":554,"function":"getFileKey","class":"OC\\Encryption\\Keys\\Storage","type":"->"},{"file":"/var/www/nextcloud/apps/encryption/lib/KeyManager.php","line":460,"function":"getShareKey","class":"OCA\\Encryption\\KeyManager","type":"->"},{"file":"/var/www/nextcloud/apps/encryption/lib/Crypto/Encryption.php","line":202,"function":"getFileKey","class":"OCA\\Encryption\\KeyManager","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Stream/Encryption.php","line":268,"function":"begin","class":"OCA\\Encryption\\Crypto\\Encryption","type":"->"},{"function":"stream_open","class":"OC\\Files\\Stream\\Encryption","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Stream/Encryption.php","line":207,"function":"fopen"},{"file":"/var/www/nextcloud/lib/private/Files/Stream/Encryption.php","line":187,"function":"wrapSource","class":"OC\\Files\\Stream\\Encryption","type":"::"},{"file":"/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php","line":473,"function":"wrap","class":"OC\\Files\\Stream\\Encryption","type":"::"},{"file":"/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php","line":1037,"function":"fopen","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php","line":631,"function":"writeStream","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/File.php","line":207,"function":"writeStream","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1143,"function":"put","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":515,"function":"updateFile","class":"Sabre\\DAV\\Server","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"httpPut","class":"Sabre\\DAV\\CorePlugin","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":474,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":251,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":319,"function":"start","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Server.php","line":332,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":167,"args":["/var/www/nextcloud/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/var/www/nextcloud/lib/private/Log/ErrorHandler.php","Line":91,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Windows) mirall/3.0.3stable-Win64 (build 20201029) (Nextcloud)","version":"20.0.6.1","id":"6022cb9b8895a"}

Web server error

Error: hex2bin(): Hexadecimal input string must have an even length at /var/www/nextcloud/lib/private/Security/Crypto.php#127

{"reqId":"aLtfVjowvNIY7ZRRFupF","level":3,"time":"2021-02-04T21:11:43+00:00","remoteAddr":"10.0.10.178","user":"Laura.Flisk","app":"PHP","method":"PUT","url":"/remote.php/dav/files/Laura.Flisk/Documents/LAPTOPS-2014/VFIS-2003LAPTOPS.XLS","message":{"Exception":"Error","Message":"hex2bin(): Hexadecimal input string must have an even length at /var/www/nextcloud/lib/private/Security/Crypto.php#127","Code":0,"Trace":[{"function":"onError","class":"OC\\Log\\ErrorHandler","type":"::"},{"file":"/var/www/nextcloud/lib/private/Security/Crypto.php","line":127,"function":"hex2bin"},{"file":"/var/www/nextcloud/lib/private/Encryption/Keys/Storage.php","line":303,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Encryption/Keys/Storage.php","line":104,"function":"getKey","class":"OC\\Encryption\\Keys\\Storage","type":"->"},{"file":"/var/www/nextcloud/apps/encryption/lib/KeyManager.php","line":554,"function":"getFileKey","class":"OC\\Encryption\\Keys\\Storage","type":"->"},{"file":"/var/www/nextcloud/apps/encryption/lib/KeyManager.php","line":460,"function":"getShareKey","class":"OCA\\Encryption\\KeyManager","type":"->"},{"file":"/var/www/nextcloud/apps/encryption/lib/Crypto/Encryption.php","line":202,"function":"getFileKey","class":"OCA\\Encryption\\KeyManager","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Stream/Encryption.php","line":268,"function":"begin","class":"OCA\\Encryption\\Crypto\\Encryption","type":"->"},{"function":"stream_open","class":"OC\\Files\\Stream\\Encryption","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Stream/Encryption.php","line":207,"function":"fopen"},{"file":"/var/www/nextcloud/lib/private/Files/Stream/Encryption.php","line":187,"function":"wrapSource","class":"OC\\Files\\Stream\\Encryption","type":"::"},{"file":"/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php","line":473,"function":"wrap","class":"OC\\Files\\Stream\\Encryption","type":"::"},{"file":"/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php","line":1037,"function":"fopen","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php","line":631,"function":"writeStream","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/File.php","line":207,"function":"writeStream","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1143,"function":"put","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":515,"function":"updateFile","class":"Sabre\\DAV\\Server","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"httpPut","class":"Sabre\\DAV\\CorePlugin","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":474,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":251,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":319,"function":"start","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Server.php","line":332,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":167,"args":["/var/www/nextcloud/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/var/www/nextcloud/lib/private/Log/ErrorHandler.php","Line":91,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Windows) mirall/3.0.3stable-Win64 (build 20201029) (Nextcloud)","version":"20.0.6.1","id":"6022cb9b8b5c2"}

Web server error

Error: hex2bin(): Input string must be hexadecimal string at /var/www/nextcloud/lib/private/Security/Crypto.php#125

{"reqId":"aLtfVjowvNIY7ZRRFupF","level":3,"time":"2021-02-04T21:11:43+00:00","remoteAddr":"10.0.10.178","user":"Laura.Flisk","app":"PHP","method":"PUT","url":"/remote.php/dav/files/Laura.Flisk/Documents/LAPTOPS-2014/VFIS-2003LAPTOPS.XLS","message":{"Exception":"Error","Message":"hex2bin(): Input string must be hexadecimal string at /var/www/nextcloud/lib/private/Security/Crypto.php#125","Code":0,"Trace":[{"function":"onError","class":"OC\\Log\\ErrorHandler","type":"::"},{"file":"/var/www/nextcloud/lib/private/Security/Crypto.php","line":125,"function":"hex2bin"},{"file":"/var/www/nextcloud/lib/private/Encryption/Keys/Storage.php","line":303,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Encryption/Keys/Storage.php","line":104,"function":"getKey","class":"OC\\Encryption\\Keys\\Storage","type":"->"},{"file":"/var/www/nextcloud/apps/encryption/lib/KeyManager.php","line":554,"function":"getFileKey","class":"OC\\Encryption\\Keys\\Storage","type":"->"},{"file":"/var/www/nextcloud/apps/encryption/lib/KeyManager.php","line":460,"function":"getShareKey","class":"OCA\\Encryption\\KeyManager","type":"->"},{"file":"/var/www/nextcloud/apps/encryption/lib/Crypto/Encryption.php","line":202,"function":"getFileKey","class":"OCA\\Encryption\\KeyManager","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Stream/Encryption.php","line":268,"function":"begin","class":"OCA\\Encryption\\Crypto\\Encryption","type":"->"},{"function":"stream_open","class":"OC\\Files\\Stream\\Encryption","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Stream/Encryption.php","line":207,"function":"fopen"},{"file":"/var/www/nextcloud/lib/private/Files/Stream/Encryption.php","line":187,"function":"wrapSource","class":"OC\\Files\\Stream\\Encryption","type":"::"},{"file":"/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php","line":473,"function":"wrap","class":"OC\\Files\\Stream\\Encryption","type":"::"},{"file":"/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php","line":1037,"function":"fopen","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php","line":631,"function":"writeStream","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/File.php","line":207,"function":"writeStream","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1143,"function":"put","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":515,"function":"updateFile","class":"Sabre\\DAV\\Server","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"httpPut","class":"Sabre\\DAV\\CorePlugin","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":474,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":251,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":319,"function":"start","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Server.php","line":332,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":167,"args":["/var/www/nextcloud/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/var/www/nextcloud/lib/private/Log/ErrorHandler.php","Line":91,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Windows) mirall/3.0.3stable-Win64 (build 20201029) (Nextcloud)","version":"20.0.6.1","id":"6022cb9b8c50c"}

ghost · 2021-02-15T16:20:57Z

@rullzer Looks like this happens to me when i sync files for example i had a user log into a new computer and had them sync all there files and by error log went crazy with these errors.

drudgede · 2021-02-15T16:55:41Z

@axheli I can confirm this, this only happens to me when the Nextcloud desktop client is used, but regardless if it's a new computer or not.

ghost · 2021-02-15T16:57:04Z

@axheli I can confirm this, this only happens to me when the Nextcloud desktop client is used, but regardless if it's a new computer or not.

I would say the same just notice it more when it's doing a sync of everything then a file here and there

For #23197 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

rullzer · 2021-02-18T19:13:40Z

Ok I'm out of ideas why this is not being caught with the throwable.... let me add manual checks and give you a patch
Please check https://github.com/nextcloud/server/pull/25714.patch

nonickchosen · 2021-02-19T08:43:22Z

I ran into the same issue and did a little digging and read some of the code.

First off the setup and history:
currently: debian stable (buster), update from NC19 to NC20
original install: debian oldstable (stretch), NC13, encryption enabled from the beginning
updates without any major problems

In the first versions of files_encryption the keys used to be just binary blobs (spoiler: some of them may contain 2 or 3 '|' chars at random offsets). At some point the format was changed to something like "hex-encoded payload|binary IV|HMAC" and later "hex-encoded payload|hex-encoded IV|hex-encoded HMAC|version number".
I have all 3 variants of shareKeys in the fs, depending on when the share was created.

For this, suppose the current key is of the binary variant and contains 2 or 3 '|' chars.
https://github.com/nextcloud/server/blob/stable20/lib/private/Encryption/Keys/Storage.php#L296 feeds the (binary) string to https://github.com/nextcloud/server/blob/stable20/lib/private/Security/Crypto.php#L113

The check L121 passes, no exception is thrown.
The '|' chars are at random places in the key, so $parts[0] may be an odd length. Feeding odd length strings to hex2bin() will make it Error with E_WARNING. This is not caught and falls through to the error handler, causing the stack trace and error page. Same for $parts[2] etc., though $parts[3] being '2' is somewhat unlikely.

For even length strings containing garbage (i.e. stuff different from [0-9a-f]) false is returned by hex2bin.
In those cases the call to hash_equals() will have one or more 'null' arguments, making it fail and causing the stack trace before the intended exception is thrown.

@rullzer: is there documentation for the previous key formats? Field lengths etc. may help writing useful checks as to what the keyformat actually is. Just checking for [0-9a-f|] was my first idea, but that doesn't work, since for some time the IV used to be binary (which doesn't make any sense btw).

I'm not really familiar with the code, structure and architecture of NC, I just read some of the relevant parts after users started complaining after the last update.
However, this is breaking my setup quite severely.

I have noticed some more problems with crypto, namely user keys (private and public). This should probably go to a separate bug report. The short version: looks like NC is trying to migrate user keys to the format "hex-encoded payload|hex-encoded IV|hex-encoded HMAC|version number". However, something goes terribly wrong. I have one user who's keys now are somewhat largish and invalid. Keys in this format now are private: 627204bytes, public 127236bytes. This affects multiple accounts, including my own non-admin account.
I have not yet investigated this to any more detail. I just noticed some strange very long traces scroll by in the log.
I think https://github.com/nextcloud/server/blob/stable20/lib/private/Encryption/Keys/Storage.php#L229 may be related. Not sure yet, but L250 makes me wonder...

Also, for some requests user private keys get logged in the traces. This is very bad as well.

In short: NC20 MAJORLY BREAKS CRYPTO for older setups.

I've put the instance in maintenance mode and disabled the cron job to prevent it from breaking more stuff.
I will look into the issue with user keys next. Maybe it's broken in NC20, maybe this was caused by me while debugging this issue.
Unfortunately, I don't have a backup/snapshot from before the update any more. The problems became apparent only after the snapshot was removed.

ghost · 2021-02-22T19:46:34Z

So no fix on this?

mjurksa · 2021-02-26T01:02:33Z

Im on 20.0.8 and also getting the same error after Upgrade from NC 19 to NC 20.

berho · 2021-03-05T08:10:47Z

I have this problem too on NC 20.0.8 but mostly on empty or very small files (1 Byte).

My experience with server side encryption is very bad and I can't recommend it to anyone. Especially because it is treated like a stepchild by NextCloud if at all!

m-boyd · 2021-04-05T17:45:36Z

Does anyone have a fix for this?

t52lE4MWEcgCx · 2021-04-21T19:17:01Z

I'm on NC 21.0.1 and I also have these issue with Crypto.php

Error: hash_equals(): Expected user_string to be a string, bool given at /www/htdocs/[xxx]/lib/private/Security/Crypto.php#146 | | 2021-04-21T20:17:29+0200
Error | PHP | Error: hex2bin(): Input string must be hexadecimal string at /www/htdocs/[xxx]/lib/private/Security/Crypto.php#134 | | 2021-04-21T20:17:29+0200
Error | PHP | Error: hex2bin(): Input string must be hexadecimal string at /www/htdocs/[xxx]/lib/private/Security/Crypto.php#129 | | 2021-04-21T20:17:29+0200
Error | PHP | Error: hex2bin(): Input string must be hexadecimal string at /www/htdocs/[xxx]/lib/private/Security/Crypto.php#127

it seems to occur in combination with

Fatal | webdav | OCP\Encryption\Exceptions\GenericEncryptionException: Bad Signature

I also get lot of

Couldn't re-calculate unencrypted size for files_versions/...

for a lot of files...

What shall I do?

Cheers,
Ralph

ghost · 2021-04-21T19:39:51Z

@t52lE4MWEcgCx looks like the Explicitly check hex2bin input #25714 has not been merged so until then you might get these errors.

Can we please get this pull request merged?

t52lE4MWEcgCx · 2021-04-21T19:50:45Z

Thanks for that hint. I applied the suggested changes to Crypto.php

Any idea about the

Fatal | webdav | OCP\Encryption\Exceptions\GenericEncryptionException: Bad Signature

problem as well?

Cheers,
Ralph

MorrisJobke · 2021-04-22T11:24:18Z

Fixed with #25714

For #23197 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

ghost added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels Oct 5, 2020

This comment has been minimized.

Sign in to view

solracsf added the 20-feedback label Oct 7, 2020

ghost mentioned this issue Nov 8, 2020

NC 20 hash_equals(): Expected user_string to be a string, bool given at /var/www/nextcloud/lib/private/Security/Crypto.php#138 #23078

Closed

rullzer reopened this Jan 25, 2021

rullzer added a commit that referenced this issue Feb 18, 2021

Explicitly check hex2bin input

16652ac

For #23197 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

rullzer mentioned this issue Feb 18, 2021

Explicitly check hex2bin input #25714

Merged

This comment has been minimized.

Sign in to view

MorrisJobke added this to the Nextcloud 22 milestone Apr 22, 2021

MorrisJobke closed this as completed Apr 22, 2021

backportbot-nextcloud bot pushed a commit that referenced this issue Apr 22, 2021

Explicitly check hex2bin input

ca540e8

For #23197 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

backportbot-nextcloud bot pushed a commit that referenced this issue Apr 22, 2021

Explicitly check hex2bin input

97e5fe4

For #23197 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

rullzer added a commit that referenced this issue Apr 22, 2021

Explicitly check hex2bin input

86de5d9

For #23197 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Meistache mentioned this issue Aug 16, 2021

Invalid private key for encryption app. Please update your private key password in your personal settings to recover access to your encrypted files #8546

Open

NC 20 hex2bin(): Input string must be hexadecimal string at /var/www/nextcloud/lib/private/Security/Crypto.php#125 #23197

NC 20 hex2bin(): Input string must be hexadecimal string at /var/www/nextcloud/lib/private/Security/Crypto.php#125 #23197

Comments

ghost commented Oct 5, 2020 • edited by kesselb Loading

How to use GitHub

Steps to reproduce

Web server error 1

Web server error 2

Web server error 3

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

mpranj commented Nov 3, 2020 • edited Loading

ghost commented Nov 5, 2020

ghost commented Nov 9, 2020

timbrd commented Nov 15, 2020 • edited Loading

ghost commented Nov 15, 2020

mpranj commented Nov 20, 2020

ghost commented Nov 20, 2020

MaievJL commented Dec 4, 2020

HigH-HawK commented Dec 8, 2020 • edited Loading

phoerious commented Dec 10, 2020 • edited Loading

MaievJL commented Dec 11, 2020

phoerious commented Dec 14, 2020 • edited Loading

kesselb commented Dec 14, 2020 • edited Loading

phoerious commented Dec 14, 2020

merwan commented Jan 6, 2021

phoerious commented Jan 6, 2021 • edited Loading

ghost commented Jan 6, 2021 • edited by ghost Loading

phoerious commented Jan 6, 2021

ghost commented Jan 6, 2021

nickvergessen commented Jan 7, 2021 • edited Loading

phoerious commented Jan 7, 2021

nickvergessen commented Jan 7, 2021

rullzer commented Jan 7, 2021

viciousvex commented Jan 25, 2021

rullzer commented Jan 25, 2021

lorddoumer commented Feb 2, 2021

AykutCevik commented Feb 3, 2021

rullzer commented Feb 4, 2021

AugustMacke commented Feb 7, 2021

ghost commented Feb 9, 2021

Web server error

Web server error

Web server error

ghost commented Feb 15, 2021

drudgede commented Feb 15, 2021

ghost commented Feb 15, 2021

rullzer commented Feb 18, 2021

nonickchosen commented Feb 19, 2021 • edited Loading

ghost commented Feb 22, 2021

mjurksa commented Feb 26, 2021

berho commented Mar 5, 2021

m-boyd commented Apr 5, 2021

t52lE4MWEcgCx commented Apr 21, 2021

ghost commented Apr 21, 2021

t52lE4MWEcgCx commented Apr 21, 2021

This comment has been minimized.

MorrisJobke commented Apr 22, 2021

ghost commented Oct 5, 2020 •

edited by kesselb

Loading

mpranj commented Nov 3, 2020 •

edited

Loading

timbrd commented Nov 15, 2020 •

edited

Loading

HigH-HawK commented Dec 8, 2020 •

edited

Loading

phoerious commented Dec 10, 2020 •

edited

Loading

phoerious commented Dec 14, 2020 •

edited

Loading

kesselb commented Dec 14, 2020 •

edited

Loading

phoerious commented Jan 6, 2021 •

edited

Loading

ghost commented Jan 6, 2021 •

edited by ghost

Loading

nickvergessen commented Jan 7, 2021 •

edited

Loading

nonickchosen commented Feb 19, 2021 •

edited

Loading