gpxpod and security crypto problem

[GekoCH]

I installed the gpxpod app on an Nextcloud AIO solution running version 30.0.5

After Installation when I click the GPXpod Icon i get this error and my server says "internal Server error":

Exception
hash_hkdf(): Argument #2 ($key) cannot be empty in file '/var/www/html/lib/private/Security/Crypto.php' line 147

{"reqId":"1nGE2joRWe8vsaSKwV7e","level":3,"time":"2025-02-08T18:17:33+00:00","remoteAddr":"","user":"admin","app":"index","method":"GET","url":"/apps/gpxpod/","message":"hash_hkdf(): Argument #2 ($key) cannot be empty in file '/var/www/html/lib/private/Security/Crypto.php' line 147","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36","version":"30.0.5.1","exception":{"Exception":"Exception","Message":"hash_hkdf(): Argument #2 ($key) cannot be empty in file '/var/www/html/lib/private/Security/Crypto.php' line 147","Code":0,"Trace":[{"file":"/var/www/html/lib/private/AppFramework/App.php","line":161,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\GpxPod\\Controller\\PageController"},"index"]},{"file":"/var/www/html/lib/private/Route/Router.php","line":302,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\GpxPod\\Controller\\PageController","index",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"gpxpod.page.index"}]},{"file":"/var/www/html/lib/base.php","line":1003,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/apps/gpxpod/"]},{"file":"/var/www/html/index.php","line":24,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","Line":146,"Previous":{"Exception":"ValueError","Message":"hash_hkdf(): Argument #2 ($key) cannot be empty","Code":0,"Trace":[{"file":"/var/www/html/lib/private/Security/Crypto.php","line":147,"function":"hash_hkdf","args":["sha512",{"__class__":"SensitiveParameterValue"}]},{"file":"/var/www/html/lib/private/Security/Crypto.php","line":102,"function":"decryptWithoutSecret","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/custom_apps/gpxpod/lib/Service/ToolsService.php","line":36,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/custom_apps/gpxpod/lib/Controller/PageController.php","line":119,"function":"getEncryptedUserValue","class":"OCA\\GpxPod\\Service\\ToolsService","type":"->","args":["admin","maptiler_api_key"]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":208,"function":"index","class":"OCA\\GpxPod\\Controller\\PageController","type":"->","args":[]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":114,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\GpxPod\\Controller\\PageController"},"index"]},{"file":"/var/www/html/lib/private/AppFramework/App.php","line":161,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\GpxPod\\Controller\\PageController"},"index"]},{"file":"/var/www/html/lib/private/Route/Router.php","line":302,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\GpxPod\\Controller\\PageController","index",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"gpxpod.page.index"}]},{"file":"/var/www/html/lib/base.php","line":1003,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/apps/gpxpod/"]},{"file":"/var/www/html/index.php","line":24,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/var/www/html/lib/private/Security/Crypto.php","Line":147},"message":"hash_hkdf(): Argument #2 ($key) cannot be empty in file '/var/www/html/lib/private/Security/Crypto.php' line 147","exception":{},"CustomMessage":"hash_hkdf(): Argument #2 ($key) cannot be empty in file '/var/www/html/lib/private/Security/Crypto.php' line 147"}}

What did I worng?

[julien-nc]

Not sure, can you give me the result of this occ command?
occ user:setting YOUR_USER_ID gpxpod maptiler_api_key

[GekoCH]

ok i was able to fix it with ChatGPT.
The maptiler_api_key was stored encrypted in the DB. so i stored it now without encryption and changed two files in your app:

1. I changed:
   $ov[$key] = $this->crypto->decrypt($value); with
   $ov[$key] = $value; // Bypass decryption

return $this->crypto->decrypt($rawValue); with
return $rawValue; // Bypass decryption

and now with this two modification it works. Of course this is not the solution but at least for the time being it works...

So let ChatGPT explain it for me:

Issue:
GPXPod is attempting to decrypt the maptiler_api_key, even when Nextcloud encryption is disabled.
This results in the error:
"hash_hkdf(): Argument #2 ($key) cannot be empty in /var/www/html/lib/private/Security/Crypto.php line 147"
Steps to Reproduce:
Store the API key in plain text in oc_appconfig.
Make sure Nextcloud encryption is disabled (occ encryption:status → enabled: false).
Open GPXPod → See error.
Temporary Fix:
I had to manually modify UtilsController.php and ToolsService.php to bypass decryption.

Suggested Fix:

Before calling $this->crypto->decrypt(), GPXPod should check if the value is encrypted.
If Nextcloud encryption is disabled, GPXPod should not attempt decryption at all.