Error: key must be a buffer -- altnet publish private message

[av8ta]

Hi all, I got this error when creating a private message using both my own code and from patchfoo:

Error: key must be a buffer
    at exports.crypto_auth (C:\Users\av8ta\AppData\Roaming\nvm\v8.11.1\node_modules\scuttlebot\node_modules\sodium-chloride\index.js:93:8)
    at Object.exports.signObj (C:\Users\av8ta\AppData\Roaming\nvm\v8.11.1\node_modules\scuttlebot\node_modules\ssb-keys\index.js:128:20)
    at Object.exports.create (C:\Users\av8ta\AppData\Roaming\nvm\v8.11.1\node_modules\scuttlebot\node_modules\ssb-validate\index.js:187:18)
    at C:\Users\av8ta\AppData\Roaming\nvm\v8.11.1\node_modules\scuttlebot\node_modules\secure-scuttlebutt\minimal.js:102:17
    at EventEmitter.append (C:\Users\av8ta\AppData\Roaming\nvm\v8.11.1\node_modules\scuttlebot\node_modules\secure-scuttlebutt\minimal.js:88:17)
    at EventEmitter.add (C:\Users\av8ta\AppData\Roaming\nvm\v8.11.1\node_modules\scuttlebot\node_modules\secure-scuttlebutt\index.js:97:10)
    at apply (C:\Users\av8ta\AppData\Roaming\nvm\v8.11.1\node_modules\scuttlebot\node_modules\muxrpc-validation\index.js:173:15)
    at EventEmitter.<anonymous> (C:\Users\av8ta\AppData\Roaming\nvm\v8.11.1\node_modules\scuttlebot\node_modules\muxrpc-validation\index.js:82:14)
    at EventEmitter.hooked [as publish] (C:\Users\av8ta\AppData\Roaming\nvm\v8.11.1\node_modules\scuttlebot\node_modules\hoox\index.js:10:15)
    at Object.<anonymous> (C:\Users\av8ta\AppData\Roaming\nvm\v8.11.1\node_modules\scuttlebot\plugins\private.js:21:14)

It was on my test altnet called ssb-test with the following 'caps' settings in the config file:

"caps": {
    "shs": "MVZDyNf1TrZuGv3W5Dpef0vaITW1UqOUO3aWLNBp+7A=",
    "sign": "qym3eJKBjm0E0OIjuh3O1VX8+lLVSGV2p5UzrMStHTs="
  },

I nuked the database and set the following config and was able to correctly publish a private message:

"caps": {
    "shs": "MVZDyNf1TrZuGv3W5Dpef0vaITW1UqOUO3aWLNBp+7A=",
    "sign": ""
  },

So it looks like having 'sign' set doesn't work as expected for private messages. Works fine for public ones though.

[dominictarr]

okay, so the sign cap hmac's the content before signing it. https://github.com/ssbc/ssb-keys/blob/master/index.js#L124-L131

This gaurantees the signature to be different to a normal signature, so that the messages in your test net will never be valid to the main net.

From the error message I can instantly see that the problem here is just that something should have converted from the base64 string to a buffer but didn't. possibly that is my fault: https://github.com/ssbc/secure-scuttlebutt/blob/master/minimal.js#L138

Important Question: did you just start to see this error, or is this the first time you tried this?

[dominictarr]

I think this should happen on all messages, if it only happens on private messages and also not public messages, then there is something I still don't understand.

[dominictarr]

this should be fixed in secure-scuttlebutt@18.0.1, reinstalling should get you that.

[av8ta]

Important Question: did you just start to see this error, or is this the first time you tried this?

First time I tried private messages with sign set.

Updated to secure-scuttlebutt@18.0.1 in scuttlebot but error is the same.

[av8ta]

Installed scuttlebot@10.5.2 - private messages are working now with 'sign' set. I've tried a few of v11 but no luck. I'm starting to wonder if the api changed after v10?

This is the code that works with 10.5.2

sbot.private.publish(
      // message:
      {
        type: 'post',
        text: 'This is an encrypted message for testing purposes'
      },
      // recipient PKs:
      [
        "@32eYi2kQTUrEcbXI9MD7fjU+oXIQ+jELRLTVCwj9Rrg=.ed25519"
      ],
      // cb:
      function (err, privateMsg) {
        if (err) console.log(err)
        else console.log('privateMsg', privateMsg)
        // privateMsg.value.content is
        // an encrypted string
      }
    )

[dominictarr]

what version of ssb-keys do you have? post output of npm ls ssb-keys ?

Ah okay, the change between 10 and 11 is that it removed sbot.private so that api must come via ssb-private plugin...

[av8ta]

7.0.15

[christianbundy]

@av8ta Can you confirm that you're still facing this issue? I'd like to try to help but I'm not sure how to reproduce the problem.

[stale[bot]]

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

[stale[bot]]

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?