-
-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SecretBoxAuthenticationError SecretBox has wrong HMAC #147
Comments
Update: when I remove the mac comparison (lines 133-135), the decryption works as expected. |
Can you provide a minimal example of your encryption and decryption code where the issue occurs? |
here's the decryption. Working on getting the encryption example: import 'dart:convert';
import 'package:cryptography/cryptography.dart';
void main() async {
final _symmetricAlgorithm = AesGcm.with256bits();
final hkdf = Hkdf(
hmac: Cryptography.instance.hmac(Sha256()),
outputLength: 32,
);
final key = 'ryUDXJiLUCOboYbmuG87nTIi+to1IPgJy6/hQZmr6A4=';
final masterKey = SecretKeyData(base64Decode(key));
final nonce = utf8.encode('storage_context');
final encryptedWordsMap = {
"iv": "ZfSMjhYIGgA9Ncti",
"ciphertext": "unqsCRdKhNYrPlqpY+9uFcZTxIWUxEP7c6fb9lagcOU=",
"mac": "bw6FRVKS/VMZfx8ABb4v2Q==",
};
final encryptedWordsBox = SecretBox(
base64Decode(encryptedWordsMap['ciphertext'] as String),
nonce: base64Decode(encryptedWordsMap['iv'] as String),
mac: Mac(base64Decode(encryptedWordsMap['mac'] as String)),
);
final plaintext = await _symmetricAlgorithm.decrypt(
encryptedWordsBox,
secretKey: await hkdf.deriveKey(secretKey: masterKey, nonce: nonce),
);
print(plaintext);
} |
I'm experiencing the same issue. I have debugged Flutter version: 3.7.8 Here is my flutter doctor: Doctor summary (to see all details, run flutter doctor -v): • No issues found! |
Should we follow any steps in order to create a I'm doing it this way (also tried without converting the bytes list to UInt8List)
|
Mac bytes from the Mac bytes recreated by the code I shared in my last comment: Mac received by Calculated mac: |
Even when passing the same If it helps, I'm using
|
I tried decrypting in the same method I encrypted (the only difference seems to be the sharedKey) and it worked. Could it be the error gets thrown when the key is wrong? This is the working code:
Doing the same but trying to recover the sharedSecret from the other end (message receiver user) throws the MAC error |
@stevenspiel your encrypted data also fails to decrypt when I tested with C#/NSec which probably means something went wrong when encrypting. @fedper95 yes, an incorrect key will result in a failed decryption and different mac. In your example you're using two public keys for the shared secret, I don't know what exactly you do in X25519 example code
import 'package:cryptography/cryptography.dart';
Future<void> main() async {
final algorithm = X25519();
// Alice chooses her key pair
final aliceKeyPair = await algorithm.newKeyPair();
// Alice knows Bob's public key
final bobKeyPair = await algorithm.newKeyPair();
final bobPublicKey = await bobKeyPair.extractPublicKey();
// Alice calculates the shared secret.
final sharedSecret = await algorithm.sharedSecretKey(
keyPair: aliceKeyPair,
remotePublicKey: bobPublicKey,
);
final sharedSecretBytes = await sharedSecret.extractBytes();
print('Shared secret: $sharedSecretBytes');
} |
The encryption was done using 2.0.5. I see some comments about 2.2.0 fixing the issue
|
I don't know what changed in 2.2.0 but if the mac was calculated incorrectly there is not much you can do other than bypassing the check somehow I think. If it really is just the mac that is incorrect and you can recover the plaintext by bypassing the hmac check you could also just use Aes-Ctr with a modified nonce and an empty hmac (see here for more details https://stackoverflow.com/questions/49228671/aes-gcm-decryption-bypassing-authentication-in-java/49244840#49244840) - but please note: just because it decrypts does not necessarily mean you get the correct plaintext - you also don't know if your key was correct or not and you should really know what you are doing if you go this route. If there was however also an error with the ciphertext and you can't decrypt it even with old versions I fear the data is likely lost. |
This issue reoccured in ^2.7.0 |
Yep, same for me |
I know other issues have been opened similar to this one, and the response is that it should be fixed in 2.2.0, however, users are still experiencing it on 2.2.0 and 2.5.0.
Here is a breakpoint in
aes_gcm.dart
where the exception is getting raised.The
mac
andcalculatedMac
are different, which is throwing the error. What else could be causing this issue?The text was updated successfully, but these errors were encountered: