Closed zaneli closed 3 years ago
In makeJsonKeysetString
can you change outputPrefixType: TINK
to outputPrefixType: RAW
and try again?
If that works, you might want to consider one of the following better approaches:
1/ To serialize/deserialize a keyset, use JsonKeysetReader
/JsonKeysetWriter
, instead of hardcoding it like this.
2/ You don't have to serialize the keyset at all. If you do this in decrypt
it should also work:
private String decrypt(Context context) throws Exception {
KeysetHandle keysetHandle = KeysetHandle.generateNew(AeadKeyTemplates.createKmsEnvelopeAeadKeyTemplate(url, AeadKeyTemplates.CHACHA20_POLY1305));
Aead aead = keysetHandle.getPrimitive(Aead.class);
return new String(aead.decrypt(Base64.urlSafeDecode(context.encryptedValue), context.associatedData), StandardCharsets.UTF_8);
}
Thank you.
In
makeJsonKeysetString
can you changeoutputPrefixType: TINK
tooutputPrefixType: RAW
and try again?
I tried it and succeeded, but can you tell me the reason?
Is outputPrefixType: TINK
no longer usable?
Or, originally I do not have to explicitly specify hard coded outputPrefixType
?
You should use JsonKeysetReader
and JsonKeysetWriter
to serialize and deserialize keysets. Don't hardcode the output.
Help us help you
Please tell us more about ✅ your Tink deployment.
Describe the bug
encrypt & decrypt works in tink-awskms 1.5.0, but doesn't works in 1.6.0 or later.
To Reproduce
Expected behavior
output
test value
.Error messages, stack traces, etc.
Version information
Additional context
in 1.5.0, this
entries
size is 1, andreturn entry.getPrimitive().decrypt(ciphertextNoPrefix, associatedData);
succeed. in 1.6.1, thisentries
size is 0. https://github.com/google/tink/blob/7c93a224b8fa6a3babfaf71c18c5610052dcbd61/java_src/src/main/java/com/google/crypto/tink/aead/AeadWrapper.java#L62encrypt using 1.5.0, and decrypt using 1.6.1 works fine. So I guess encrypt implementation in 1.6.0 is something wrong.