search

Sahamati / rahasya

The project aims to simplify the usage of ECC curve (curve25519) with Diffie-Hellman Key exchange. The work is inline with the Account Aggregator Specification.
Apache License 2.0
13 stars 20 forks source link

Key Material Discrepancies with ReBIT Spec #5

Closed rajesha-onemoney closed 3 years ago

rajesha-onemoney commented 4 years ago

hi sasikumar, i am using the ecc service v1.2 API's via docker. i am able to encrypt the data. while decryption getting below error. "mac check in GCM failed". actaully we are consuming ecc API's in my nodejs application. i am unable to understand this java based error. please help me solve this.

Envoronment Details: OS: Linux Lang: Node JS

error response: { errorCode: 'javax.crypto.AEADBadTagException', errorMessage: 'mac check in GCM failed', errorInfo: null }

gsasikumar commented 4 years ago

GCM failed means the data used during encryption and the data after decryption are not matching.

https://www.cryptosys.net/pki/manpki/pki_aesgcmauthencryption.html

rajesha-onemoney commented 4 years ago

Hi Sasi, we found below discrepancies between our keys and ReBIT keys

  1. curve value in Rebit: Curve25519 ecc -controller: curve25519

  2. key name of DHPublicKey/parmeter Rebit: parmeter ecc -controller: parameters

  3. while encryption you mentioned in text that expecting FI data as string but key name base64data

please check the below reference screen shots.

Thanks & Regards, A.Rajesh Kumar 9666091115

web: onemoney.in https://www.onemoney.in/

On Thu, Jul 30, 2020 at 10:31 PM Sasikumar Ganesan notifications@github.com wrote:

GCM failed means the data used during encryption and the data after decryption are not matching.

https://www.cryptosys.net/pki/manpki/pki_aesgcmauthencryption.html

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/gsasikumar/forwardsecrecy/issues/5#issuecomment-666526117, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQONW7GG5CGPHBGRTGQ4GUDR6GRM5ANCNFSM4PNWXIRQ .

vishwa-vyom commented 4 years ago

@rajesha-onemoney Today we done a new docker release you can get the same using the below pull command.

docker pull gsasikumar/forwardsecrecy:latest

In this build we have taken care of above discrepancy item 1.

Can you give us more details on discrepancy item 2, since as per V1.1, V1.2 and latest build DHPublicKey/Parameter is same as the Rebit spec 1.1.3

Discrepancy item 3 we have still have to fix and I feel this is a valid ask.

@gsasikumar Please confirm so I can work on this fix.

rajesha-onemoney commented 4 years ago

hi @vishwa-vyom , please refer below screen shots for discrepancy item 2. check keynames of "DHPublicKey" in both images. one is Rebit spec and one is our ecc-service Screenshot from 2020-08-17 11-20-20 Screenshot from 2020-08-17 11-23-41

rajesha-onemoney commented 4 years ago

@vishwa-vyom , @gsasikumar ?

vishwa-vyom commented 4 years ago

@rajesha-onemoney I am current working on the discrepancy item 3, will update back once done.. Also there is pull request for item 2, so once my changes are done will speak to Sasi to merge both and do one more docker release.

rajesha-onemoney commented 4 years ago

sure @vishwa-vyom , thanks for the update

gsasikumar commented 3 years ago

As this issue is resolved I am closing this issue.