search

panva / paseto

PASETO (Platform-Agnostic SEcurity TOkens) for Node.js with no dependencies
MIT License
428 stars 26 forks source link

stuck on key length error #9

Closed lu-zen closed 4 years ago

lu-zen commented 4 years ago 
const keyword = "..."

const key = crypto.createSecretKey(Buffer.from(keyword, "base64"));

key.byteLength // >= 32

V2.encrypt(payload, key);
// V2.local secret key must be 32 bytes long symmetric key

Always get this error even when the secret is long enough.

lu-zen commented 4 years ago

symmetricKeySize and asymmetricKeySize props of the KeyObject generated are both undefined. Running node 12.16.1

panva commented 4 years ago

https://nodejs.org/docs/latest-v12.x/api/crypto.html#crypto_keyobject_symmetrickeysize

KeyObjects do not have ‘byteLength’ as your code suggests.

I can’t reproduce this report.

lu-zen commented 4 years ago 
require("crypto")
  .createSecretKey( Buffer.from("...", "base64") )
  .symmetricKeySize // undefined

Wrong code srry. The symmetricKeySize property is undefined. Running the same code on console returns its size. Any idea?

panva commented 4 years ago

The code without the property is not using node 12, it’s likely v11 which used symmetricSize property. V11 is not supported by this module tho.

lu-zen commented 4 years ago

Node 12.16.1. Anyway it's something related to node.

panva commented 4 years ago

You asked if I had an idea. Your console is node 12, whatever else you run the code in where it doesn’t work is a different version.

Put a console.log(process.versions) in the code and see the difference.

lu-zen commented 4 years ago

@panva just to check... The func checkKey receives two args (header, key), but key is passed as the first argument here:

/lib/V2/encrypt.js

  payload = checkPayload(payload)
  key = checkKey(key) // <<

/lib/V2/help/symmetric_key_check.js

function checkKey (header, key) {
  if (!(key instanceof KeyObject)) {
    key = createSecretKey(key)
  }

  if (key.type !== 'secret' || key.symmetricKeySize !== 32) {
    throw new TypeError(`${header} secret key must be 32 bytes long symmetric key`)
  }

Is this correct? I think this combined to the wrong type of symmetricKeySize popping on vscode confused me :laughing: .

panva commented 4 years ago

Yes it is used correctly. Your vscode is running node 11, am i right?

lu-zen commented 4 years ago

Only one node version, latest lts. Idk which lib included node typing. Now it works, just tired I guess. thanks for you help

panva commented 4 years ago

I don't see what typings have to do with runtime results but okay.