[BUG] unable to decrypt own message in ecdh

[sirpy]

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• [x] I am running the latest version
• [x] I checked the documentation and found no answer
• [x] I checked to make sure that this issue has not already been filed

Current Behavior

The decrypter fails when trying to decode sender message with sender secretkey

Expected Behavior

Sender should be able to decrypt his own message since the shared secret should be the same in ecdh

Please provide detailed steps for reproducing the issue.

   const userKeyPair = genX25519EphemeralKeyPair()
    const senderKeyPair = genX25519EphemeralKeyPair()
    const clearText = await prepareCleartext({x:"record"})
    const encrypter = xc20pAuthEncrypterEcdh1PuV3x25519WithXc20PkwV2(Buffer.from(userKeyPair.publicKeyJWK.x || "","base64url"),senderKeyPair.secretKey)
    const result = await createJWE(clearText,[encrypter])
    const decrypter = xc20pAuthDecrypterEcdh1PuV3x25519WithXc20PkwV2(senderKeyPair.secretKey,Buffer.from(userKeyPair.publicKeyJWK.x || "","base64url")) //doesnt fail if switching between sendKeyPair and userKeyPair, ie the standard flow
    const decrypted = await decryptJWE(result,decrypter) //fails

[mirceanis]

This is normal and expected. ECDH-1PU is not bidirectional. The shared secret is computed as a concatenation between 2 ECDH operations:

• on the sender side: ephemeralSecret * recipientPublicKey || senderSecret * recipientPublicKey
• on the recipient side: recipientSecret * ephemeralPublicKey || recipientSecret * senderPublicKey

If you try to replace the recipient with the sender you would compute: senderSecret * ephemeralPublicKey || senderSecret * recipientPublicKey as the shared secret, but the first half would not match and therefore result in a different shared secret.

A similar situation happens with ECDH-ES, where the shared secret is computed between the recipient key pair and an ephemeral key pair (whose secret part is discarded by the sender).

Please close this issue if this information is sufficient.

[sirpy]

ok thanks. is there an option to use regular ecdh?

[mirceanis]

For the moment, no. But you're free to try to create your own.