bitcore-ecies icon indicating copy to clipboard operation
bitcore-ecies copied to clipboard

Published 20 hours ago verified publisher icon bitpay

Cipher encryption/decryption seems as if it is not authenticated

Open sidhujag opened this issue 7 years ago • 2 comments

Try this:

var alicePrivateKey = new bitcore.PrivateKey();
var bobPrivateKey = new bitcore.PrivateKey();
var data = new Buffer('The is a raw data example');

var cypher1 = ECIES().privateKey(alicePrivateKey).publicKey(bobPrivateKey.publicKey);
var encrypted = cypher1.encrypt(data);

var cypher2 = ECIES().privateKey(bobPrivateKey);
var decrypted = cypher2.decrypt(encrypted);

decrypted.ToString() == "The is a raw data example" which shouldn't be true. You should need alice's public key to decrypt the cipher.

Is alice's public key somehow cached and then used inside of the ECIES lib?

To test around caching I saved raw values and import them into buffer to test (I saved bobs private keys from above and the cipher text and input it directly into decrypt):

var bobPrivateKey = new bitcore.PrivateKey("5JSZTwCycfifeCuAbByTPmq8pED4PeHtLvyt1HC1yuc5iv6hm3A");

var data = new Buffer('The is a raw data example');

var cypher2 = ECIES().privateKey(bobPrivateKey);
var decrypted = cypher2.decrypt(new Buffer("048d2dd8c7c59dbe66210c872cab7f144e33468f90247d14f28f5e848e560a10e1a0a689c1e1f20ec2abbd8b7dc5b71468c8429d5ea89fa72f5ff68083e43e09b26455de7695c4436a6ff61ccee03413e6da4114b4c7ef4f0a32e650be3102165ee0b105dce8b4e32db020d1536456ca68cb00badb13a154699825fa544fe22ec9f8e39eb0c4fbae04197331d367befab6", 'hex'));

again decrypted is correct which shouldn't be. The later example should probably be part of a unit test.

UPDATE:

I found that noKey option is what you would want to use if you need sender authentication:

var data = new Buffer('The is a raw data example');
var eciesObj = new ECIES({noKey: true});
var eciesObj1 = new ECIES({noKey: true});
var cypher1 = eciesObj.privateKey(alicePrivateKey).publicKey(bobPrivateKey.publicKey);
var encrypted = cypher1.encrypt(data);
var cypher2 = eciesObj1.privateKey(bobPrivateKey).publicKey(bobPrivateKey.publicKey);
var decrypted = cypher2.decrypt(encrypted);

I get the expected "Invalid Checksum" message here.

Now works as expected, for anyone else that's having issues, you have to create a new ECIES object class on the heap and pass in noKey option. If noKey is set to false by default the ECDH key exchange isn't really happening properly not sure if its per design. Can you please document what it is doing here and why we need this?

sidhujag avatar Jul 18 '17 17:07 sidhujag

Any update on above issue ?? I got the same thing

riyazpanarwala avatar Feb 21 '18 06:02 riyazpanarwala

use noKey! or do sender authentication manually by checking signature inside the encrypted payload upon decryption.

sidhujag avatar Mar 29 '18 20:03 sidhujag