Skip to content

DIDComm unpack fail with authcrypt envelope #1375

New issue
New issue
Open
Open
DIDComm unpack fail with authcrypt envelope#1375
Labels
bugSomething isn't workingdid-commpinneddon't close this just for being staletriage
@veromassera

Description

@veromassera
veromassera
opened on Apr 10, 2024

Bug severity
4

Describe the bug
The packed text is made with the authcrypt envelope, 'alg: ECDH-1PU+A256KW' and 'enc: A256CBC-HS512'.

One difference I noticed between the Veramo pack results and other libraries is that the Veramo result does not have the 'apu' and 'apv' fields in the 'protected' header (according to my understanding of the DIF standard, they should be mandatory https://identity.foundation/didcomm-messaging/spec/#ecdh-1pu-key-wrapping-and-common-protected-headers).

I am using Veramo version 6.0.0 and
these libraries to generate the packaging:

https://github.com/beatt83/peerdid-swift
https://github.com/beatt83/didcomm-swift

I also did other tests to rule out the possibility that the problem is with these libraries.

I performed this test:

Packaged with:
https://github.com/beatt83/peerdid-swift
https://github.com/beatt83/didcomm-swift

Unpacked with this example:
https://github.com/sicpa-dlab/didcomm-demo
It worked without problems, but I couldn't get it to work with Veramo.

Could this be the reason for the problem?
Do you have any suggestions or comments that could help me?

To Reproduce
Steps to reproduce the behaviour:
1.Create a did:peer recipient (hereinafter referred to as did:peer:recipient) in Veramo.
2.Create a did:peer sender (hereinafter referred to as did:peer:sender) outside of Veramo, for example you can follow the demo https://github.com/decentralized-identity/didcomm-messaging
3.Pack some text outside of Veramo with the following characteristics:
Sender: did:peer:sender
Recipient: did:peer:recipient
Envelope: authcrypt
alg: ECDH-1PU+A256KW
enc: A256CBC-HS512
4.Take the packed text and unpack it in Veramo.
5.It should decrypt and verify it without problems but it fails.

Observed behaviour
The unpack process throws this high-level error:
"unable to decrypt DIDComm message with any of the locally managed keys"
However, the initial innerError is:
"AESKW: integrity check failed"

Expected behaviour
I expected the unpack inside Veramo to work correctly and decrypt and verify the text packed by the sender.

Details

image

Succession of errors from lowest to highest level:

  • AESKW: integrity check failed
  • failure: Failed to decrypt
  • unable to decrypt DIDComm msg using a10639baa30d005e37413057a929bf60efbf50b75319fb4bd4456ffd43d63f2d (did:peer:2.Ez6LSnWkJwnRj6w7juo3yjou4MABoKx3v86XCDrK54hBExhsJ.Vz6MkjJAuQWLmQUJrGM44VbWikCmxDoYCFHRNeFcGrkT1diDD.SeyJpZCI6IjEyMzQiLCJ0IjoiZG0iLCJhIjpbImRpZGNvbW0vdjIiXSwicyI6IiIsInIiOltdfQ#key-1)
  • unable to decrypt DIDComm message with any of the locally managed keys

Additional context
Perhaps the error has something to do with the apv and apu header fields

Versions (please complete the following information):

  • Veramo: 6.0.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingdid-commpinneddon't close this just for being staletriage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions