New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect OID for keyEncryptionAlgorithm PWRI-KEK #216
Comments
@leonardvandriel what application is throwing this error, is it your sample code listed? If so do you have an example input and password we can use for the reproduction? It would also be useful to see what application created the CMS and how it was created. |
HI @rmhrisk, thank you for getting back. The error is thrown by the last line in my example: Unfortunately I don't have an example that I can share as the only data I have is sensitive in nature. Also I don't have access to the application that created this file. What I do know is that it is encrypted DICOM (Digital Imaging and Communications in Medicine) data. According to the documentation:
I'm happy to try some things on my side by your suggestion. Thanks again! |
By default pkijs uses Web Cryptography API. And in the API there is only one key wrapping algorithm - AES-KW. So if you need another it is necessary to implement specialized “crypto engine” for pkijs. |
Thanks @YuryStrozhevsky, I'll give that a try. Do you have any pointers on how to build a specialized crypto engine? Alternatively, do you know any other node packages I should have a look at? |
Without sample data there is not much we can do. You could provide a ASN1 parse stripping the content. That said if the conclusion is as Yury assumes in that you simply need support for a different key exchange mechanism if you need it urgently you will need to add it. Otherwise with sample data we can look at when we might be able to add it. I do not think there is a better library out there for this sort of thing in node, I doubt you will find most libraries support much of these password based CMS mechanisms. |
I understand and appreciate the offer. I'll give stripping content a try and get back to you. |
In fact I forgot that PKIjs has no full support for "crypto engines" extension. I mean that at the moment there is possibility to make specialized crypto engine only for signing/verification parts of PKIjs. Algorithms related to encryption has no ability to be extended via crypto engines. It is only a "plans for future". So it would be very hard to help you even if you will provide a test data - implementing new algorithms in encryption parts of PKIjs is not supported at the moment. But of course you can make your own fork and implement new algorithms there, via direct changing of PKIjs code. |
Hi, I'm attempting to decrypt CMS data, but run into the error:
A quick search turns up
PWRI-KEK
(PassWord Recipient Info Key-Encryption Key) as the key wrap algorithm. I've tried adding this entry togetAlgorithmByOID
along side2.16.840.1.101.3.4.1.5
(AES-KW
), but then get an encryption keyalgorithm: { name: 'AES-CBC', length: 320 }
and subsequent errorUnknown AES CBC key size
.What would be the next step to here? Is there a patch I can do to make this work?
My code:
Thanks!
The text was updated successfully, but these errors were encountered: