Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Empty string encryption #21

Closed
transmissions11 opened this issue May 11, 2020 · 6 comments
Closed

Empty string encryption #21

transmissions11 opened this issue May 11, 2020 · 6 comments
Assignees
@transmissions11
Labels
enhancement

Comments

@transmissions11
Copy link
Contributor

transmissions11 commented May 11, 2020
edited

The line here prevents us from encrypting an empty string, even though it was possible before 2.4.0?

simple-crypto-js/src/SimpleCrypto.ts

Line 51 in 0ccd426

if (data === void 0 || data === null || data === "") {

I understand the reasoning behind this (as to prevent silly errors by developers), but this actually complicates my use case of doing E2EE, as live editing forms where users may clear a form, will throw an error.

Is there anyway I could make a PR that would disable this protection or at least add an an optional parameter to disable it?
@danang-id
Copy link
Owner

Yup, this is come after 2.4.0 update with the assumption that empty string is not subject to encryption. I could agree to disable empty string check. As the goals of this library is to be simple, I don't see an optional configuration is coming.

Beside that snippet you provide, empty string check happens 3 times here.

simple-crypto-js/src/SimpleCrypto.ts

Line 51 in 0ccd426

if (data === void 0 || data === null || data === "") {

simple-crypto-js/src/SimpleCrypto.ts

Lines 172 to 174 in 0ccd426

if (this._dataBuffer === "") {
throw new Error("No data was provided to be decrypted. Decryption halted.")
}

simple-crypto-js/src/SimpleCrypto.ts

Lines 206 to 208 in 0ccd426

if (this._dataBuffer === "") {
throw new Error("No data was provided to be encrypted. Encryption halted.")
}

You may, if you wish, provide a PR to remove empty string check.

@danang-id danang-id changed the title Why can't we encrypt empty strings? Empty string encryption May 11, 2020
@transmissions11
Copy link
Contributor Author

@danang-id Thank you! PR coming shortly. 😁

@transmissions11
Copy link
Contributor Author

transmissions11 commented May 11, 2020
edited

@danang-id As I began working on this PR i noticed that this snippet you linked me:

simple-crypto-js/src/SimpleCrypto.ts

Lines 172 to 174 in 0ccd426

if (this._dataBuffer === "") {
throw new Error("No data was provided to be decrypted. Decryption halted.")
}

This snippet isn't validating whether a plain string is empty, but whether the cypher text is empty. I don't think I should remove this, correct?

@transmissions11 transmissions11 mentioned this issue May 11, 2020
Merged
@danang-id
Copy link
Owner

Merged PR #22

@danang-id
Copy link
Owner

danang-id commented May 11, 2020
edited

This snippet isn't validating whether a plain string is empty, but whether the cypher text is empty. I don't think I should remove this, correct?

@TransmissionsDev The empty string check of _dataBuffer in _decrypt() is actually useless because of the _dataBuffer length check that happens after the empty string check.

simple-crypto-js/src/SimpleCrypto.ts

Lines 176 to 178 in 0ccd426

if (this._dataBuffer.length <= 64) {
throw new Error("Invalid cipher text. Decryption halted.")
}

The empty string check on _decrypt() will also be removed.

@transmissions11
Copy link
Contributor Author

@danang-id Thanks for all your hard work, and thanks for being so quick to respond. Closing this PR as no further work needs to be done. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@transmissions11 transmissions11

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@transmissions11 @danang-id