cal.com
cal.com copied to clipboard
calcom
Calendso Encryption key mismatch in docs
Issue Summary
Most of the places(in readme, env) it was mentioned to use -base64 32 to generate the Calendso encryption key, but in contribution file, it says to use -base64 24 for generating the key, however after installation, I used openssl rand -base64 24 for generating the key and everything was working fine. So which one is correct? 32 or 24?
Related issue: #12806 Related PR: #12810 #15086
Evidence
The correct command for generating the encryption key for Calendso is openssl rand -base64 32. This aligns with the AES256 encryption algorithm's requirement for a 32-byte (256-bit) key, as specified in Cal.com's packages/lib/crypto.ts. Using a 24-byte key, as mentioned in the CONTRIBUTING.md, is not in compliance with the AES256 standard and could lead to encryption or decryption failures.
The discrepancy in the documentation between recommending -base64 32 and -base64 24 for the encryption key generation could potentially lead to inadequate security, incompatibility, data loss, or system errors. It's important to follow the correct specification for the encryption key size to ensure the system's security and functionality.
Regarding the "Duplicate value found in common.json keys" error, it indicates that there are identical keys within the common.json file, which is not allowed. To resolve this, search for duplicate keys in the file and remove or rename them to ensure each key is unique.
Unfortunately, there's no specific discussion found in the mentioned issues and PRs regarding the encryption key generation command discrepancy or any recent updates that might explain the variance in the documentation.
Details
Sources
- Docs( contributing ): different bytes for 'CALENDSO_ENCRYPTION_KEY'
- deploy/install.sh
- packages/lib/crypto.ts
- apps/web/public/static/locales/pl/common.json
About Dosu This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.
Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.
To continue the conversation, mention @dosu.
![dosubot[bot] avatar](https://avatars.githubusercontent.com/in/324583?v=4 "Published by a pub.dev verified publisher"){kind=small}
It's 32. AES-256 means a 256-bit key. Using openssl rand -base64 32 will get you that, because 32 * 8 = 256.
Running openssl rand -base64 24 will only generate a 192-bit key, which is incompatible due to insufficient length of the key.
Got it. Thanks,
It's 32. AES-256 means a 256-bit key. Using
openssl rand -base64 32will get you that, because 32 * 8 = 256.Running
openssl rand -base64 24will only generate a 192-bit key, which is incompatible due to insufficient length of the key.
Then I guess the contributing file should be updated