Incorrect OID for keyEncryptionAlgorithm PWRI-KEK

[leovandriel]

Hi, I'm attempting to decrypt CMS data, but run into the error:

Incorrect OID for "keyEncryptionAlgorithm": 1.2.840.113549.1.9.16.3.9

A quick search turns up PWRI-KEK (PassWord Recipient Info Key-Encryption Key) as the key wrap algorithm. I've tried adding this entry to getAlgorithmByOID along side 2.16.840.1.101.3.4.1.5 (AES-KW), but then get an encryption key algorithm: { name: 'AES-CBC', length: 320 } and subsequent error Unknown AES CBC key size.

What would be the next step to here? Is there a patch I can do to make this work?

My code:

const password = Buffer.from('..', 'utf8')
const data = fs.readFileSync('..')
const asn1 = asn1js.fromBER(data.buffer)
const cmsContentSimpl = new ContentInfo({ schema: asn1.result })
const cmsEnvelopedSimp = new EnvelopedData({ schema: cmsContentSimpl.content })
const result = await cmsEnvelopedSimp.decrypt(0, { preDefinedData: password.buffer })

Thanks!

[rmhrisk]

@leonardvandriel what application is throwing this error, is it your sample code listed?

If so do you have an example input and password we can use for the reproduction?

It would also be useful to see what application created the CMS and how it was created.

[leovandriel]

HI @rmhrisk, thank you for getting back.

The error is thrown by the last line in my example: cmsEnvelopedSimp.decrypt. To be more precise in SubPasswordRecipientinfo() (https://github.com/PeculiarVentures/PKI.js/blob/master/src/EnvelopedData.js#L1578).

Unfortunately I don't have an example that I can share as the only data I have is sensitive in nature. Also I don't have access to the application that created this file.

What I do know is that it is encrypted DICOM (Digital Imaging and Communications in Medicine) data. According to the documentation:

A Secure DICOM File conforming to this security profile shall contain an Enveloped-data content type of the Cryptographic Message Syntax defined in RFC 3852, 3370 and 3565. The enveloped data shall use RSA [RFC 3447], or password-based encryption using PBKDF2 [RFC 2898] for the key derivation algorithm and either AES or Triple-DES [RFC 3211], for the key transport of the content-encryption keys. (http://dicom.nema.org/dicom/2013/output/chtml/part15/chapter_D.html)

I'm happy to try some things on my side by your suggestion.

Thanks again!

[YuryStrozhevsky]

By default pkijs uses Web Cryptography API. And in the API there is only one key wrapping algorithm - AES-KW. So if you need another it is necessary to implement specialized “crypto engine” for pkijs.

[leovandriel]

Thanks @YuryStrozhevsky, I'll give that a try. Do you have any pointers on how to build a specialized crypto engine? Alternatively, do you know any other node packages I should have a look at?

[rmhrisk]

Without sample data there is not much we can do.

You could provide a ASN1 parse stripping the content.

That said if the conclusion is as Yury assumes in that you simply need support for a different key exchange mechanism if you need it urgently you will need to add it.

Otherwise with sample data we can look at when we might be able to add it.

I do not think there is a better library out there for this sort of thing in node, I doubt you will find most libraries support much of these password based CMS mechanisms.

[leovandriel]

I understand and appreciate the offer. I'll give stripping content a try and get back to you.

[YuryStrozhevsky]

In fact I forgot that PKIjs has no full support for "crypto engines" extension. I mean that at the moment there is possibility to make specialized crypto engine only for signing/verification parts of PKIjs. Algorithms related to encryption has no ability to be extended via crypto engines. It is only a "plans for future". So it would be very hard to help you even if you will provide a test data - implementing new algorithms in encryption parts of PKIjs is not supported at the moment. But of course you can make your own fork and implement new algorithms there, via direct changing of PKIjs code.