-
Notifications
You must be signed in to change notification settings - Fork 15.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: safeStorage.decryptString - Error while decrypting the ciphertext #32598
Comments
Thanks for reporting this and helping to make Electron better! Because of time constraints, triaging code with third-party dependencies is usually not feasible for a small team like Electron's. Would it be possible for you to make a standalone testcase with only the code necessary to reproduce the issue? For example, Electron Fiddle is a great tool for making small test cases and makes it easy to publish your test case to a gist that Electron maintainers can use. Stand-alone test cases make fixing issues go more smoothly: it ensure everyone's looking at the same issue, it removes all unnecessary variables from the equation, and it can also provide the basis for automated regression tests. I'm adding the |
We haven't gotten a response to our questions in our comment above. With only the information that is currently in the issue, we don't have enough information to take action. In this event, i'm going to go ahead and close this but can reopen should you follow up with more info! |
@pwasem I'm seeing the same issue -- did you find a solution? |
As I was not able to provide a proper setup to reproduce the issue it got closed. But I did not find a solution yet and the issue still persists. |
Try to use safeStorage after any browserWindow created. It helped me to figure out with the same error on MacOs. |
Some of the users of our Electron app are also facing this issue on Ubuntu 22.04. What we are doing: We use
The official documentation says that:
We are pretty sure that the app ready event has been emitted at that time, because we trigger this encryption connected to a UI action (user logs in, token is retrieved, we store it using What is the exact dependency of the Thanks in advance if anyone has some advice. |
I have this issue too. In my case it depends on the windows user. When running the decryption under my normal user everything works fine, dev and production. The code is called after the ready event. When a different user runs it (even on the same windows machine), the error returned is: "Error while decrypting the ciphertext provided to safeStorage.decryptString". But the value provided to I can only imagine that safeStorage depends on something that is present in my dev user. But not in regular users, not doing development work. By the way: I am seing the error even without dev setup because I am sending it from the production code using I dont think an electron fiddle would be of any help when user accounts have this influence. Maybe this issue should be re-opened. |
This is how the API is supposed to work, encrypting a string on one user and decrypting it on another will not work. The encryption on all platforms is based on user backed credentials, it would be wildly insecure if the scenario you described was possible |
@MarshallOfSound thanks for that great advice |
I am encountering this error on Arch Linux, as @kristof-siket mentioned - this is likely due to this constraint:
What password manager is electron looking for exactly? I am using |
* `basic_text` - When the desktop environment is not recognised or if the following
command line flag is provided `--password-store="basic"`.
* `gnome_libsecret` - When the desktop environment is `X-Cinnamon`, `Deepin`, `GNOME`, `Pantheon`, `XFCE`, `UKUI`, `unity` or if the following command line flag is provided `--password-store="gnome-libsecret"`.
* `kwallet` - When the desktop session is `kde4` or if the following command line flag
is provided `--password-store="kwallet"`.
* `kwallet5` - When the desktop session is `kde5` or if the following command line flag
is provided `--password-store="kwallet5"`.
* `kwallet6` - When the desktop session is `kde6`.
* `unknown` - When the function is called before app has emitted the `ready` event. |
Amazing @MarshallOfSound where is this documented? I’m not fully understanding the basic_text option, that is the option I am likely triggering as I am not using a DE |
@MarshallOfSound thanks for your swift replies. but I'm not fully understanding this documentation I am encountering the issue from OP on Arch Linux running Lightdm, so I do not have any of the KDE or gnome password managers that electron is looking for. What exactly is |
I'm experiencing this issue on Windows 10, inside a packaged distributed app - some users are facing trouble decrypting the very first string which was successfully encrypted during the same runtime. After rebooting PC / reinstalling the App the issue can sporadically solve itself. It seems like a problem with a host Windows system rather than an electron problem itself. In a development build - I faced even wilder issues, where rebuilding electron, or jumpstarting the safe storage with an immediate dummy "test" string encrypt/decrypt right away cleared an error for the rest of the operations There are 2 crazy scenarios which I was unable to understand or debug properly yet.
|
Does this potentially have to do with saving the encrypted string to a file, e.g. using
But once I round-trip through |
I have suddenly started having this issue on Windows 10 in multiple electron applications :( |
@codebytere @MarshallOfSound |
I've just experienced this issue with a previously working production build of Pritunl OpenVPN client (which is made on top of electron as well). This issue is real but reproduction seems to be vague and bound to host Windows environment which is somehow preventing access to the DPAPI key for electron clients. Would be great to understand why it is happening and handle it properly |
I've bee able to reliably reproduce this issue by just changing the windows user account password. Something is relying on the user account keystore, and it shouldn't be. |
I can no longer use the "Thunder Client" v2.11.3 extension of VSCodium 1.81.1 (uses Electron 22.3.18) under Ubuntu 22.04.3 LTS due to this error. |
Thank you, it solved my problem. |
I resolved this issue by saving encrypted string with base64 encoding (toString has utf8 encoding by default, and with it not working for me, too) configStore.set('secret', safeStorage.encryptString("test").toString('base64'));
const secret : string = configStore.get('secret') as string;
console.log('decrypted data: ' + safeStorage.decryptString(Buffer.from(secret, 'base64')));
//print decrypted data: test |
Preflight Checklist
Electron Version
16.0.7
What operating system are you using?
macOS
Operating System Version
macOS Monterey 12.1
What arch are you using?
x64
Last Known Working Electron version
No response
Expected Behavior
safeStorage.decryptString(buffer)
should decrypt a previously encrypted string (usingsafeStorage.encryptString(plainText)
)Given the following module for storing settings for an application.
Settings are stored to a file and retrieved on next app start.
Sensitive information, e.g.
personalAccessToken
should only be stored encrypted.Actual Behavior
safeStorage.encryptString(plainText)
works as expected but whenever asafeStorage.decryptString(buffer)
is called it throws an error:Error while decrypting the ciphertext provided to safeStorage.decryptString.
Testcase Gist URL
No response
Additional Information
No response
The text was updated successfully, but these errors were encountered: