Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cipher encryption/decryption seems as if it is not authenticated #45

Open
sidhujag opened this issue Jul 18, 2017 · 2 comments
Open

Cipher encryption/decryption seems as if it is not authenticated #45

sidhujag opened this issue Jul 18, 2017 · 2 comments

Comments

@sidhujag
Copy link

sidhujag commented Jul 18, 2017
edited

Try this:

var alicePrivateKey = new bitcore.PrivateKey();
var bobPrivateKey = new bitcore.PrivateKey();
var data = new Buffer('The is a raw data example');

var cypher1 = ECIES().privateKey(alicePrivateKey).publicKey(bobPrivateKey.publicKey);
var encrypted = cypher1.encrypt(data);

var cypher2 = ECIES().privateKey(bobPrivateKey);
var decrypted = cypher2.decrypt(encrypted);

decrypted.ToString() == "The is a raw data example" which shouldn't be true. You should need alice's public key to decrypt the cipher.

Is alice's public key somehow cached and then used inside of the ECIES lib?

To test around caching I saved raw values and import them into buffer to test (I saved bobs private keys from above and the cipher text and input it directly into decrypt):

var bobPrivateKey = new bitcore.PrivateKey("5JSZTwCycfifeCuAbByTPmq8pED4PeHtLvyt1HC1yuc5iv6hm3A");

var data = new Buffer('The is a raw data example');

var cypher2 = ECIES().privateKey(bobPrivateKey);
var decrypted = cypher2.decrypt(new Buffer("048d2dd8c7c59dbe66210c872cab7f144e33468f90247d14f28f5e848e560a10e1a0a689c1e1f20ec2abbd8b7dc5b71468c8429d5ea89fa72f5ff68083e43e09b26455de7695c4436a6ff61ccee03413e6da4114b4c7ef4f0a32e650be3102165ee0b105dce8b4e32db020d1536456ca68cb00badb13a154699825fa544fe22ec9f8e39eb0c4fbae04197331d367befab6", 'hex'));

again decrypted is correct which shouldn't be. The later example should probably be part of a unit test.

UPDATE:

I found that noKey option is what you would want to use if you need sender authentication:

var data = new Buffer('The is a raw data example');
var eciesObj = new ECIES({noKey: true});
var eciesObj1 = new ECIES({noKey: true});
var cypher1 = eciesObj.privateKey(alicePrivateKey).publicKey(bobPrivateKey.publicKey);
var encrypted = cypher1.encrypt(data);
var cypher2 = eciesObj1.privateKey(bobPrivateKey).publicKey(bobPrivateKey.publicKey);
var decrypted = cypher2.decrypt(encrypted);

I get the expected "Invalid Checksum" message here.

Now works as expected, for anyone else that's having issues, you have to create a new ECIES object class on the heap and pass in noKey option. If noKey is set to false by default the ECDH key exchange isn't really happening properly not sure if its per design. Can you please document what it is doing here and why we need this?
@sidhujag sidhujag changed the title Messages are not authenticated at all! Cipher encryption/decryption are not authenticated at all! Jul 18, 2017
@sidhujag sidhujag changed the title Cipher encryption/decryption are not authenticated at all! Cipher encryption/decryption seems as if it is not authenticated Jul 18, 2017
@riyazpanarwala
Copy link

Any update on above issue ??
I got the same thing

@sidhujag
Copy link
Author

use noKey! or do sender authentication manually by checking signature inside the encrypted payload upon decryption.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sidhujag @riyazpanarwala and others