Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CLI command decrypt fails with 'Key is not available' #390

Open
jdjkelly opened this issue Dec 29, 2022 · 1 comment
Open

CLI command decrypt fails with 'Key is not available' #390

jdjkelly opened this issue Dec 29, 2022 · 1 comment

Comments

@jdjkelly
Copy link

Example:

❯ node -v
v16.18.0

❯ npm install -g @47ng/cloak

❯ cloak generate
Key:          k1.aesgcm256.xDQ816copHeT8jWCNGHinlashyfB5hOXR8wcvXbReeM=
Fingerprint:  d5fff283

# Generated new empty keychain:
export CLOAK_MASTER_KEY=k1.aesgcm256.xDQ816copHeT8jWCNGHinlashyfB5hOXR8wcvXbReeM=
export CLOAK_KEYCHAIN=v1.aesgcm256.d5fff283.RJPDSOWSrJubssj7.CHTk4XNSpHFKMISv3_hwdMev

❯ echo 'test' | cloak encrypt 'k1.aesgcm256.xDQ816copHeT8jWCNGHinlashyfB5hOXR8wcvXbReeM='
v1.aesgcm256.d5fff283.RWkS6dy0bZRfe8jn.KJ2CN-QinTiQhnFFFa9qNk9sgMrs

❯ export CLOAK_MASTER_KEY=k1.aesgcm256.xDQ816copHeT8jWCNGHinlashyfB5hOXR8wcvXbReeM=

❯ export CLOAK_KEYCHAIN=v1.aesgcm256.d5fff283.RJPDSOWSrJubssj7.CHTk4XNSpHFKMISv3_hwdMev

❯ echo 'v1.aesgcm256.d5fff283.RWkS6dy0bZRfe8jn.KJ2CN-QinTiQhnFFFa9qNk9sgMrs' | cloak decrypt
Error: Error: Key is not available

As best as I can tell, the root cause of this is that decrypt calls getEnvKeychain which calls importKeychain which itself calls decryptString and then decryptAesGcm which passes to decryptAesGcmSync. It is here, in decryptAesGcmSync that the Node's Decipher returns an empty array after the final update + final, which is unexpected.

I tried writing a failing test, but got blocked on being able to pass stdin to Commander in jest. Something like this is the foundation though:

import program from './cli';

const OLD_ENV = process.env;

beforeEach(() => {
  jest.resetModules();
  
  process.env = {
    ...OLD_ENV,
    CLOAK_MASTER_KEY: 'k1.aesgcm256.2itF7YmMYIP4b9NNtKMhIx2axGi6aI50RcwGBiFq-VA=',
  };
});

afterAll(() => {
  process.env = OLD_ENV;
});

test('decrypt', () => {
  const cipher = 'v1.aesgcm256.710bb0e2.F5wkSytfdVv4xvtN.8uNajc7ufhVmMFpDdzWgKMKhOY4ZR2OSv1DFjvnm'
  const expected = 'Hello, World !'
  expect(() => {
    program.parse(['decrypt', cipher]);
  }).toReturnWith(expected)
})
@jdjkelly jdjkelly changed the title CLI command decrypt fails CLI command decrypt fails with 'Key is not available' Dec 29, 2022
@franky47
Copy link
Member

Your example uses the master key to encrypt, but then uses the keychain to try and decrypt. The master key is not part of the keychain (as it's used to encrypt the keychain), hence the message Key is not available.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jdjkelly @franky47