Federation is not working - crypt.error ([InvalidAsn1Error]: Expected 0x30: got 0xe2)

[christian-becker]

Description:

Federation is not working.
I have a setup of two Rocket.Chat servers with "Federation" enabled. According to the "Test setup" button it should work fine on both sites. Also i am able to search and add an external user from the other server, but the messages don't get transmitted.
The log of Rocket.Chat shows "crypt.error ([InvalidAsn1Error]: Expected 0x30: got 0xe2)"
(for details see "Relevant logs" below).

Steps to reproduce:

1. setup Federation on two Rocket.Chat servers (standard snap installation)
2. add external user (on one site / or on both sites)
3. write a chat message to this external user

Expected behavior:

The chat message should be trasnmitted to the user on the other Rocket.Chat server.

Actual behavior:

Nothing happens - the user won't be notified about an arriving chat message. Only an error message occurres in Rocket.Chat logs.
(for details see "Relevant logs" below)

Server Setup Information:

• Version of Rocket.Chat Server: 3.15.0
• Operating System: Ubuntu 20.04
• Deployment Method: snap
• Number of Running Instances: 2
• NodeJS Version: v12.22.1
• MongoDB Version: 3.6.14 / wiredTiger (oplog activated)

Client Setup Information

• Desktop App or Browser Version: Google Chrome Version 91.0.4472 (or Rocket.Chat App)
• Operating System: Windows 10 / Manjaro Linux

Relevant logs:

I20210706-20:15:09.343(2) server.js:204 Federation ➔ crypt.error Error [InvalidAsn1Error]: Expected 0x30: got 0xe2
at newInvalidAsn1Error (/snap/rocketchat-server/1478/programs/server/npm/node_modules/asn1/lib/ber/errors.js:7:13)
at Reader.readString (/snap/rocketchat-server/1478/programs/server/npm/node_modules/asn1/lib/ber/reader.js:169:11)
at Object.publicImport (/snap/rocketchat-server/1478/programs/server/npm/node_modules/node-rsa/src/formats/pkcs8.js:154:44)
at Object.detectAndImport (/snap/rocketchat-server/1478/programs/server/npm/node_modules/node-rsa/src/formats/formats.js:66:48)
at NodeRSA.module.exports.NodeRSA.importKey (/snap/rocketchat-server/1478/programs/server/npm/node_modules/node-rsa/src/NodeRSA.js:183:22)
at new NodeRSA (/snap/rocketchat-server/1478/programs/server/npm/node_modules/node-rsa/src/NodeRSA.js:73:18)
at FederationKeysModel.loadKey (app/models/server/models/FederationKeys.js:19:10)
at encrypt (app/federation/server/lib/crypt.js:58:25)
at federationRequest (app/federation/server/lib/http.js:16:11)
at federationRequestToPeer (app/federation/server/lib/http.js:42:12)
at dispatchEvents (app/federation/server/handler/index.js:65:3)
at dispatchEvent (app/federation/server/handler/index.js:70:2)
at app/federation/server/hooks/afterSaveMessage.js:26:2
at /snap/rocketchat-server/1478/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40

I20210706-20:15:09.344(2) server.js:204 Federation ➔ http.error [IGNORED] Error Error: Could not encrypt

[johncrisp]

Hi and thanks for reporting this.

We are going to need some more information to be able to diagnose this.

Can you please give details on the host.domains used and exactly what setting you have used in the Federation setup. Discovery via DNS or Hub etc.

Note that a quick search of the interwebs reveals that the error InvalidAsn1Error refers to an invalid PEM key.

I think you may have pasted the keys incorrectly or in the wrong format somewhere.

[christian-becker]

Hello John,

thank you for your reply!
The DNS method was used to setup federation. I copied the public keys of the Rocket.Chat servers to the "public key txt record".
The key of one site had to be divided into two parts, as described in the example on the website. But i think that shouldn't be the problem because the "Test setup" shows that everything is okay.

I am going to send you the domain names of the two servers via Rocket.Chat.
Thank you in advance!

[johncrisp]

I've got your info thanks, and I have asked the Federation dev to take a look.

[geekgonecrazy]

How's this on recent versions?