[Bug]: HMAC does not match. Could not decrypt or decode encrypted session data

[ghost]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

Getting following error on NC 28 RC4. Might be the same as #41254 (comment)

Steps to reproduce

Not Sure

Expected behavior

Not Sure

Installation method

Community Manual installation with Archive

Nextcloud Server version

28

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Upgraded to a MAJOR version (ex. 22 to 23)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

No response

List of activated Apps

No response

Nextcloud Signing status

No response

Nextcloud Logs

{"reqId":"FuMPRjC8eJRqt0MgX7ET","level":3,"time":"2023-12-10T16:02:10-06:00","remoteAddr":"172.58.164.60","user":"--","app":"no app in context","method":"REPORT","url":"/remote.php/dav/files/axheli","message":"Could not decrypt or decode encrypted session data","userAgent":"Mozilla/5.0 (iOS) Nextcloud-iOS/4.9.3","version":"28.0.0.10","exception":{"Exception":"Exception","Message":"HMAC does not match.","Code":0,"Trace":[{"file":"/var/www/nextcloud/lib/private/Security/Crypto.php","line":119,"function":"decryptWithoutSecret","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Session/CryptoSessionData.php","line":90,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Session/CryptoSessionData.php","line":67,"function":"initializeSession","class":"OC\\Session\\CryptoSessionData","type":"->"},{"file":"/var/www/nextcloud/lib/private/Session/CryptoWrapper.php","line":112,"function":"__construct","class":"OC\\Session\\CryptoSessionData","type":"->"},{"file":"/var/www/nextcloud/lib/base.php","line":449,"function":"wrapSession","class":"OC\\Session\\CryptoWrapper","type":"->"},{"file":"/var/www/nextcloud/lib/base.php","line":705,"function":"initSession","class":"OC","type":"::"},{"file":"/var/www/nextcloud/lib/base.php","line":1200,"function":"init","class":"OC","type":"::"},{"file":"/var/www/nextcloud/remote.php","line":119,"args":["/var/www/nextcloud/lib/base.php"],"function":"require_once"}],"File":"/var/www/nextcloud/lib/private/Security/Crypto.php","Line":158,"message":"Could not decrypt or decode encrypted session data","exception":[],"CustomMessage":"Could not decrypt or decode encrypted session data"},"id":"6577154851e3b"}

Additional info

No response

[Mr-Maniac]

I also get this log when Thunderbird syncs CardDAV/CalDAV via App password (2FA enabled for "normal" account). But not from android / DAVx5

EDIT: Also seems to happen when Browser (Firefox) is freshly opened and I open Nextcloud.

Nextcloud Server Version 28.0.0 (upgraded via web updater)

OS: Gentoo Linux - Kernel 6.1.67-gentoo

PHP 8.2.13

Webserver: Apache

DB: Postgres

DB user backend

No server encryption

Log:
{"reqId":"eHty4HYgC7PZkqoE7Azl","level":3,"time":"2023-12-18T22:31:52+01:00","remoteAddr":"fd00::a7d3:7ce8:c4d3:6189","user":"--","app":"no app in context","method":"PROPFIND","url":"/remote.php/dav/addressbooks/users/XXX/contacts/","message":"Could not decrypt or decode encrypted session data","userAgent":"Thunderbird CardBook/92.1","version":"28.0.0.11","exception":{"Exception":"Exception","Message":"HMAC does not match.","Code":0,"Trace":[{"file":"/mnt/web/nextcloud/lib/private/Security/Crypto.php","line":119,"function":"decryptWithoutSecret","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/mnt/web/nextcloud/lib/private/Session/CryptoSessionData.php","line":90,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/mnt/web/nextcloud/lib/private/Session/CryptoSessionData.php","line":67,"function":"initializeSession","class":"OC\\Session\\CryptoSessionData","type":"->","args":[]},{"file":"/mnt/web/nextcloud/lib/private/Session/CryptoWrapper.php","line":112,"function":"__construct","class":"OC\\Session\\CryptoSessionData","type":"->","args":[["OC\\Session\\Internal"],["OC\\Security\\Crypto"],"*** sensitive parameters replaced ***"]},{"file":"/mnt/web/nextcloud/lib/base.php","line":449,"function":"wrapSession","class":"OC\\Session\\CryptoWrapper","type":"->","args":[["OC\\Session\\Internal"]]},{"file":"/mnt/web/nextcloud/lib/base.php","line":705,"function":"initSession","class":"OC","type":"::","args":[]},{"file":"/mnt/web/nextcloud/lib/base.php","line":1200,"function":"init","class":"OC","type":"::","args":[]},{"file":"/mnt/web/nextcloud/remote.php","line":119,"args":["/mnt/web/nextcloud/lib/base.php"],"function":"require_once"}],"File":"/mnt/web/nextcloud/lib/private/Security/Crypto.php","Line":158,"message":"Could not decrypt or decode encrypted session data","exception":[],"CustomMessage":"Could not decrypt or decode encrypted session data"},"id":"6580bb340ff49"}

[o-live-r]

I get the same bug using ubuntu 22.04.03 LTS (VM) with mariadb and nginx

[rrose-github]

I just did a clean install of Nextcloud 28.0.0 on Ubuntu 22.04 LTS using nginx, PHP 8.2, and PostgreSQL as the database. I too have received the exception "HMAC does not match. Could not decrypt or decode encrypted session data"

Given the timestamp of the exception, I probably was accessing the server using the Nextcloud iOS app.

[BJKle]

@rrose-github that's it. When I open the latest NC iOS App the error gets thrown. Now I know why I have so many of these errors. Hopefully it gets fixed soon.

[ghost]

Hi @marinofaggiana Is this something that needs to be address on iOS app or on the server end ?

[johnczer]

I saw this error only one time when trying to open a document in Nextcloud from IOS device over cellular. But it was because I was blocking access to Collabora online port. Once I opened the port to CODE again this error did not reappear.

[IssueFindings]

Hello, I have the same issue. In my case, last version NextCloud/PHP/Nginx installation with Nextcloud mac Legacy client, when I turn off the plugin "End-to-end encryption" everything works again. I think this plugin is not fulling tested with the last NextCloud server version. Have a nice Christmas day !

[rrose-github]

Just to update my previous mention of getting the HMAC error when access the Nextcloud server from my iPhone. The version of the Nextcloud iOS app that I have installed is "Nextcloud Liquid for iOS 4.9.6.1". I don't have Collabora or any VPN software installed. Presumably the iPhone was utilizing my WiFi connection, and not cellular.

[rrose-github]

As an additional follow-up, the HMAC error is seeming to happening when I first attempt to play a MP3 that are on my Nextcloud account. At this time, I'm not sure if that is the only time the HMAC error is generated, but playing a MP3 seems to usually trigger the issue.

For anyone else getting this error, the "work-around solution" that I found was to add these lines to the /lib/systemd/system/php8.2-fpm.service file under the [Service] section:

Restart=on-failure
RestartSec=1s 

After modifying the service file, you also need to execute this statement:
sudo systemctl daemon-reload

When the HMAC error is generated in Nextcloud, php8.2-fpm is being killed with a "oom-kill". The above lines will cause Linux to automatically restart php8.2-fpm, restoring everything to normal. Also, after php8.2-fpm is restarted, the Nextcloud iOS app is able to play the audio file.

NOTE: I happen to have version 8.2 of php installed on this system. If you have a different version of php installed, then the version number in the filename will change accordingly.

[GrahamTolhurst]

Nextcloud 28.01, Ubuntu Server 22.04.3, Apache 2.4.58, MariaDB 10.6.12, PHP 8.2.14, Nextcloud Default Encryption Module disabled.

I'm getting the exact same problem. However, I can't find a trigger for it. Some of the posts above highlight actions that cause this, but none of them reliably trigger this in the Nextcloud log. When I notice the log entry, the timestamp is always several hours ago, and I can't remember what I was doing at the time.

I have the iOS Nextcloud app, but opening and browsing through that doesn't trigger this event. I have Calendar and Contacts synching with my iPhone Calendar and Contacts, but a manual sync doesn't trigger it. I have Joplin on more than one PC, synching via local folders, and also on my iPhone synching via WebDAV URL with an app specific password assigned in Settings-Personal Security-Devices & sessions.

I also have Home Assistant (on a Raspberry Pi) that is connected to my Nextcloud with an app specific password.

In the raw log entry, there is a reference to iOS, so the problem may be triggered by something on my iPhone. Manually synching any of my connected app/services doesn't trigger this event.

[GrahamTolhurst]

Suspecting that the problem may be related to the iOS Nextcloud app (despite not being able to manually trigger the error), I looked a bit deeper into the app settings. There is a log file created by the app. There is a section in the log that's time stamped with the same time and date as the errors in my Nextcloud server log.

Attached to this post is a copy of the relevant section. I'm no expert, but it looks like 'user_status' is causing the issue. Now that reminds me that I've been having problems with my user status within Nextcloud. It's not consistent. It seems to be a random status (Online, Away, Do Not Disturb etc.) despite trying to set it as Online. I remember recently disabling it in the Nextcloud server apps. I don't use this feature, and it's random status was annoying, so I disabled it. Maybe this is the issue?

iOS_Nextcloud_Log.txt

[Mr-Maniac]

Just a little addendum to my last post:

Nextcloud and PHP have been updated in the meantime:

Nextcloud Server Version 28.0.1 (updated via web updater)

PHP 8.2.14

Log still appears but it seems like it does not have any negative side effects (aside from the log entry everything seems to be working normally). Response-codes are all normal (200/207) and no PHP error messages.

Really only happens when Thunderbird (with Cardbook extension) is freshly opened (NOT on sync when it is still running) and when Firefox is freshly opened and I open Nextcloud (no matter if I open /apps/dashboard/ or apps/files/ - but if I open Nextcloud again in the running Firefox instance, log entry does not appear...

[alienos]

In my case there is an error when uploading a photo from the android app.

{
  "reqId": "XKpOw8vNOPny1Tvq85B6",
  "level": 3,
  "time": "2023-12-30T22:41:28+00:00",
  "remoteAddr": "192.168.1.228",
  "user": "--",
  "app": "no app in context",
  "method": "GET",
  "url": "/index.php/apps/files/api/v1/thumbnail/128/128/InstantUpload/Camera/IMG_20231230_234115910_MP.jpg",
  "message": "Could not decrypt or decode encrypted session data",
  "userAgent": "Mozilla/5.0 (Android) Nextcloud-android/3.26.0",
  "version": "28.0.1.1",
  "exception": {
    "Exception": "Exception",
    "Message": "HMAC does not match.",
    "Code": 0,
    "Trace": [
      {
        "file": "/var/www/html/lib/private/Security/Crypto.php",
        "line": 119,
        "function": "decryptWithoutSecret",
        "class": "OC\\Security\\Crypto",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/html/lib/private/Session/CryptoSessionData.php",
        "line": 90,
        "function": "decrypt",
        "class": "OC\\Security\\Crypto",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/html/lib/private/Session/CryptoSessionData.php",
        "line": 67,
        "function": "initializeSession",
        "class": "OC\\Session\\CryptoSessionData",
        "type": "->",
        "args": []
      },
      {
        "file": "/var/www/html/lib/private/Session/CryptoWrapper.php",
        "line": 112,
        "function": "__construct",
        "class": "OC\\Session\\CryptoSessionData",
        "type": "->",
        "args": [
          [
            "OC\\Session\\Internal"
          ],
          [
            "OC\\Security\\Crypto"
          ],
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/html/lib/base.php",
        "line": 449,
        "function": "wrapSession",
        "class": "OC\\Session\\CryptoWrapper",
        "type": "->",
        "args": [
          [
            "OC\\Session\\Internal"
          ]
        ]
      },
      {
        "file": "/var/www/html/lib/base.php",
        "line": 705,
        "function": "initSession",
        "class": "OC",
        "type": "::",
        "args": []
      },
      {
        "file": "/var/www/html/lib/base.php",
        "line": 1200,
        "function": "init",
        "class": "OC",
        "type": "::",
        "args": []
      },
      {
        "file": "/var/www/html/index.php",
        "line": 37,
        "args": [
          "/var/www/html/lib/base.php"
        ],
        "function": "require_once"
      }
    ],
    "File": "/var/www/html/lib/private/Security/Crypto.php",
    "Line": 158,
    "message": "Could not decrypt or decode encrypted session data",
    "exception": [],
    "CustomMessage": "Could not decrypt or decode encrypted session data"
  },
  "id": "65909e899b44d"
}

[noci2012]

Similar, just on a heartbeat ... from a chromium browser on up to date Gentoo Linux

{"reqId":"7SPmtU8WtanMMDXtcjVF","level":3,"time":"2024-01-02T01:55:54+00:00","remoteAddr":"192.168.x.y","user":"--","app":"no app in context","method":"PUT","url":"/ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json","message":"Could not decrypt or decode encrypted session data","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36","version":"28.0.1.1","exception":{"Exception":"Exception","Message":"HMAC does not match.","Code":0,"Trace":
[{"file":"/var/www/nextcloud/lib/private/Security/Crypto.php","line":119,"function":"decryptWithoutSecret","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Session/CryptoSessionData.php","line":90,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Session/CryptoSessionData.php","line":67,"function":"initializeSession","class":"OC\\Session\\CryptoSessionData","type":"->"},{"file":"/var/www/nextcloud/lib/private/Session/CryptoWrapper.php","line":112,"function":"__construct","class":"OC\\Session\\CryptoSessionData","type":"->"},{"file":"/var/www/nextcloud/lib/base.php","line":449,"function":"wrapSession","class":"OC\\Session\\CryptoWrapper","type":"->"},{"file":"/var/www/nextcloud/lib/base.php","line":705,"function":"initSession","class":"OC","type":"::"},
{"file":"/var/www/nextcloud/lib/base.php","line":1200,"function":"init","class":"OC","type":"::"},{"file":"/var/www/nextcloud/ocs/v1.php","line":31,"args":["/var/www/nextcloud/lib/base.php"],"function":"require_once"},{"file":"/var/www/nextcloud/ocs/v2.php","line":23,"args":["/var/www/nextcloud/ocs/v1.php"],"function":"require_once"}],"File":"/var/www/nextcloud/lib/private/Security/Crypto.php","Line":158,"message":"Could not decrypt or decode encrypted session data","exception":[],"CustomMessage":"Could not decrypt or decode encrypted session data"},"id":"6593e7a938c1b"}

[eugef66]

Getting the same errors for all files I upload using Nextcloud iOS app:

{
  "reqId": "E0TPH6vF3HOND0zR1WM5",
  "level": 3,
  "time": "2023-12-27T03:38:22+00:00",
  "remoteAddr": "207.44.63.80",
  "user": "--",
  "app": "no app in context",
  "method": "MKCOL",
  "url": "/nextcloud/remote.php/dav/files/vasa/Photos/2023",
  "message": "Could not decrypt or decode encrypted session data",
  "userAgent": "Mozilla/5.0 (iOS) Nextcloud-iOS/4.9.6",
  "version": "28.0.1.1",
  "exception": {
    "Exception": "Exception",
    "Message": "HMAC does not match.",
    "Code": 0,
    "Trace": [
      {
        "file": "/var/www/nextcloud/lib/private/Security/Crypto.php",
        "line": 119,
        "function": "decryptWithoutSecret",
        "class": "OC\\Security\\Crypto",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/Session/CryptoSessionData.php",
        "line": 90,
        "function": "decrypt",
        "class": "OC\\Security\\Crypto",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/Session/CryptoSessionData.php",
        "line": 67,
        "function": "initializeSession",
        "class": "OC\\Session\\CryptoSessionData",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Session/CryptoWrapper.php",
        "line": 112,
        "function": "__construct",
        "class": "OC\\Session\\CryptoSessionData",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/base.php",
        "line": 449,
        "function": "wrapSession",
        "class": "OC\\Session\\CryptoWrapper",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/base.php",
        "line": 705,
        "function": "initSession",
        "class": "OC",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/lib/base.php",
        "line": 1200,
        "function": "init",
        "class": "OC",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/remote.php",
        "line": 119,
        "args": [
          "/var/www/nextcloud/lib/base.php"
        ],
        "function": "require_once"
      }
    ],
    "File": "/var/www/nextcloud/lib/private/Security/Crypto.php",
    "Line": 158,
    "message": "Could not decrypt or decode encrypted session data",
    "exception": [],
    "CustomMessage": "Could not decrypt or decode encrypted session data"
  },
  "id": "65946242321a0"
}

[whitewings00]

I get the same error entry when I open the iOS app. If it stays open in the background, the error doesn't appear for me. If the app is closed completely and reopened, this error message appears again.
Nextcloud 28.01, Debian GNU/Linux 12 (bookworm) on Raspi, Apache 2.4.58 + NGINX Proxy Manager (on another host), MariaDB 10.6.12, PHP 8.2.14, Nextcloud Default Encryption Module and the user_state app are disabled no use.

[szaimen]

cc @ChristophWurst

[ChristophWurst]

Session is decrypted using the oc_sessionPassphrase cookie value. I think this error happens when the cookie is assigned a new value and the old one is still sent to the backend. This might be a timing problem or race condition.

[hanserasmus]

I get this when trying to upload a file via the android app. More specifically, going to a different app than nextcloud, like CamScan app, pressing the share button, and then selecting Nextcloud. I get this no matter what app I use. If I try to upload via the + sign inside the Nextcloud app, it works fine.

I don't have any encryption enabled, so it is definitely not related to encryption, and definitely not only iOS app.

Server is Apache/2.4.37 (CentOS Stream), PHP 8.1, and MariaDB 10.5.23-1.el8.x86_64.

[noci2012]

I think it is linked to idle time. Where some cookies expire, and others do not or the generated password is used.
It also happens on the regular browser or the linux desktop client. (as a laptop is also the remote address in the logging).

[GrahamTolhurst]

I think @noci2012 is on the right lines. The problem is definitely related to the use of the Nextcloud app. It will trigger four consecutive errors whenever I use the iOS Nextcloud app to authenticate a login on another device. And it will also trigger four consecutive errors if I access a file on the Nextcloud app (it may cause the errors just when opening the app, but I haven't verified this yet). However, the problem is not repeatable. If I use the app and get the errors, using it again within a few tens of minutes does not create more errors. There is definitely a time since last used, after which, re-using the app will cause the errors. I have no idea how long it takes before using the app causes another set of four errors.

There is a minor Nextcloud server update due to be released next week. The RC1 doesn't list this error in the list of fixes applied, so I'm guessing nobody has looked into this problem yet, or if they have, they haven't identified or fixed it. There also seems to be a lack of feedback on this chat thread about any positive resolution. I realise the problem may not be with Nextcloud server, but with the Nextcloud app, but some feedback would be reassuring to see. Then at least we know it's being addressed.

[ghost]

Still waiting on the iOS team to respond they where tagged in the a while back from one of my comments

[sonyon]

I don't think the problem is with the apps, it happened to me during a fresh installation. Without using the apps. The logins via the web interface fail several times and I have the error message in the logs. The cookies didn't have time to expire at the time either.

[colttt]

Hello,
just for Info.
I got the same issue when I try to access nextcloud via KDE Dolphin and webdav

[janhenrlk]

Hello everyone,

this error in the log only appears for me when opening the iOS app and I suspect it is a race condition conflict as already mentioned. The functionality does not seem to be impaired so far, but it still looks unattractive in the log.
Is there already a solution for this?
I am using the Nextcloud AIO instance.

[nigelharpur]

No definitive solution yet as far as I am aware. I use the Android Talk app and that's the only thing that causes it for me. Most of the time but 'not always'. I currently just clear the log every few days.

…

On 19 August 2024 08:44:49 BST, janhenrlk ***@***.***> wrote: Hello everyone, this error in the log only appears for me when opening the iOS app and I suspect it is a race condition conflict as already mentioned. Is there already a solution for this? I am using the Nextcloud AIO instance.  -- Reply to this email directly or view it on GitHub: #42157 (comment) You are receiving this because you commented. Message ID: ***@***.***>

[andrewborell]

Im not 100% sure, but somewhat confident in thinking what caused this HMAC error for me is:

• Windows 11 required an update
• Update was installed overnight then computer was restarted
• upon login, Windows attempted to restore the state of Chrome

Also I should note that in a separate chrome instance I launched before windows restored chrome, I had already logged back into the site.

[raptortees0f]

Im not 100% sure, but somewhat confident in thinking what caused this HMAC error for me is:

• Windows 11 required an update
• Update was installed overnight then computer was restarted
• upon login, Windows attempted to restore the state of Chrome

Also I should note that in a separate chrome instance I launched before windows restored chrome, I had already logged back into the site.

I'm no macOS and used to have the same issue happening to me, so I don't think it is specific to Windows 11. Since the 29.0.7 update the issue is gone for me.

[Rayn0r]

I had trouble using the oauth2 app to authenticate my Grafana instance on the weekend and saw similar messages like yours:

"message":"Could not decrypt token password: HMAC does
not match.","userAgent":"Go-http-client/1.1","version":"29.0.7.1","exception":{"Exception":"OC\Authentication\Exceptions\InvalidTokenException","Message":"Could not decrypt token password: HMAC does not match."

After some digging, I found lots of entries in the table oc_oauth2_access_tokens. After deleting mine with:

delete from oc_oauth2_access_tokens where client_id=3

I was able to use oauth2 again.

I know the problem here is different, but perhaps it sparks some ideas on where to look...

[ghost]

This also seems to be an issue on Nextcloud 30. Can we please update the tracked by to reflect NC 30 as well.

{"reqId":"8hM63DkTUbdJcVLAwlRQ","level":3,"time":"2024-10-15T22:04:25-05:00","remoteAddr":"10.2.4.5","user":"--","app":"no app in context","method":"GET","url":"/index.php/apps/files/api/v1/thumbnail/256/256/Shared%20Photos/2024/Pictured%20Rocks%20Trip/20240902_191411.jpg","message":"Could not decrypt or decode encrypted session data","userAgent":"Mozilla/5.0 (Android) Nextcloud-android/3.29.2","version":"30.0.1.1","exception":{"Exception":"Exception","Message":"HMAC does not match.","Code":0,"Trace":[{"file":"/var/www/nextcloud/lib/private/Security/Crypto.php","line":98,"function":"decryptWithoutSecret","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Session/CryptoSessionData.php","line":70,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Session/CryptoSessionData.php","line":47,"function":"initializeSession","class":"OC\\Session\\CryptoSessionData","type":"->"},{"file":"/var/www/nextcloud/lib/private/Session/CryptoWrapper.php","line":94,"function":"__construct","class":"OC\\Session\\CryptoSessionData","type":"->"},{"file":"/var/www/nextcloud/lib/base.php","line":402,"function":"wrapSession","class":"OC\\Session\\CryptoWrapper","type":"->"},{"file":"/var/www/nextcloud/lib/base.php","line":662,"function":"initSession","class":"OC","type":"::"},{"file":"/var/www/nextcloud/lib/base.php","line":1132,"function":"init","class":"OC","type":"::"},{"file":"/var/www/nextcloud/index.php","line":22,"args":["/var/www/nextcloud/lib/base.php"],"function":"require_once"}],"File":"/var/www/nextcloud/lib/private/Security/Crypto.php","Line":137,"message":"Could not decrypt or decode encrypted session data","exception":[],"CustomMessage":"Could not decrypt or decode encrypted session data"},"id":"670fbb35a778e"}

[raptortees0f]

Issue is gone for me after the 30 update.

[towade]

Issue is gone for me after the 30 update.

Unfortunately not for me.

Is it possible that the problem occurs when you have Nextcloud open in several browser tabs at the same time?

[j-lakeman]

Still present in Nextcloud Hub 9 (30.0.1). I do have two tabs open at the same time, but the error occurs every couple of hours.

[joshtrichards]

I think the only way we're going to get to the bottom of this is to stick a bunch of debug logging in decrypt(), decryptWithoutSecret(), and calculateHMAC() (and possibly initializeSession() and wrapSession() for completeness) then start logging a bunch of sensitive values to see what is going on in your environments.

Clearly some value is not what we're expecting.

[tdse13]

Same issue here since the upgrade from 30.0.0 to 30.0.1.

[akwala]

...also in 30.0.2.

[brendan-pike]

Also effects me on 28.0.11

[Cisco30]

hi, I have been using version 30.0.2 RC1 for 5 days with 6 users on a test server, we have had several talk conversations and several calls per day between us for 5 days (we use android, and the Talk Desktop app and the web app) and since then I have not had any HMAC errors .... with version 30.0.1, as soon as a call or a discussion is launched, we have HMAC errors ... I am a little confused because I expected in 5 days to have at least one HMAC error, and finally still no errors

[Cisco30]

unfortunately the error came back so the problem is still present on Nextcloud 30.0.2 RC1
Exception

HMAC does not match.
Could not decrypt or decode encrypted session data

[nigelharpur]

I will put the champagne back in the cellar then! I had a similar few 'days off' at the upgrade to 29, got quite excited... oh well 🖖

On 5 November 2024 09:34:32 GMT, XYZ ***@***.***> wrote: unfortunately the error came back so the problem is still present on Nextcloud 30.0.2 RC1 Exception ``` HMAC does not match. Could not decrypt or decode encrypted session data ``` -- Reply to this email directly or view it on GitHub: #42157 (comment) You are receiving this because you commented. Message ID: ***@***.***>

Live Long and Prosper

[IIMacGyverII]

I am also seeing this error. For me it's either happening when logging in to the talk app on android or when I try to send a picture through the talk app on android which fails every time as well.

NC 30.0.1

[ChristophWurst]

Dear @AndyXheli,
thanks for keeping the ticket updated. However, the state change here is incorrect and misleading. The problem still exists. A fix is planned and in progress: #47396.
Please don't close tickets without asking the assignee if they are done. Thank you.