Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

derivedSeedHex and Messages throws Incorrect HMAC error #90

Open
farsadf opened this issue Nov 2, 2021 · 3 comments
Open

derivedSeedHex and Messages throws Incorrect HMAC error #90

farsadf opened this issue Nov 2, 2021 · 3 comments

Comments

@farsadf
Copy link
Contributor

farsadf commented Nov 2, 2021

As the Derived Key implementation is not clearly documented, I thought derivedSeedHex would be interchangeable with seedHex; thus, I copied the implementation provided in this repository (including src/lib/ecies/index.js) and configured it on a React Native project running on top of Expo.

After fiddling around to make the crypto, buffer, and stream implementation load correctly, I tried it with my own seedHex (directly out of my browser's localStorage).

Everything seemed to be working; however, as soon as I replaced the seedHex with the derivedSeedHex (given by doing the derived authorization flow on the identity), the implementation started to throw the following error:

[Unhandled promise rejection: Error: Incorrect MAC]
at src/lib/ecies/index.js:26:1 in kdf
at src/lib/ecies/index.js:170:2 in decrypt
at http://127.0.0.1:19000/node_modules/expo/AppEntry.bundle?platform=ios&dev=true&hot=false&minify=false:192892:18 in decryptShared
at src/pages/Inbox/index.tsx:41:20 in useCallback$argument_0
at [native code]:null in flushedQueue
at [native code]:null in invokeCallbackAndReturnFlushedQueue

The error comes from the following section, and removing it, will cause invalid encryption.

assert(hmacGood.equals(msgMac), "Incorrect MAC");

With that said:

  1. Does the Derived Keys support decrypting messages? (or in other words, Am I doing something wrong?)
  2. If they don't support decryption: when will this feature be available?
  3. If they do support decryption: is it only from the messages encoded using Derived Keys?
  4. All and all, how should I proceed to implement such a feature?
@farsadf farsadf changed the title derivedSeedHex and Messages throws Incorrect HMAC error derivedSeedHex and Messages throws Incorrect HMAC error Nov 2, 2021
@farsadf
Copy link
Contributor Author

farsadf commented Nov 2, 2021

So after talking with Ribal from CloutFeed, he told me that there is an endpoint (/get-shared-secrets) to handle this situation; however, such an implementation does have its limitations, primarily a very unusual UX and character length limitation on Nginx.

@maebeam, Is there any sort of alternative method to achieve the same result without this unusual UX?

@AeonSw4n
Copy link
Contributor

Hey @farsadf sorry for responding to this just now. Also please tag me for anything related to derived keys in the future. Decrypting/encrypting messages with derived keys doesn't work for now, besides the shared secret endpoint you mentioned. It's a non-trivial crypto problem to have derived keys handle message but I already conceptualized how to make it possible (rotating messaging keys working similar to derived keys but with HD wallet hardened-derivation). It's on my priority list, so it will be possible soon.

@farsadf
Copy link
Contributor Author

farsadf commented Nov 11, 2021

@AeonSw4n Fantastic mate! Is there an estimated TAT?
Although I'm not that confident with these sorts of issues, if you think that I might be of help, I'd be more than interested to do some parts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@farsadf @AeonSw4n