Key Material Discrepancies with ReBIT Spec

Question

Key Material Discrepancies with ReBIT Spec

rajesha-onemoney opened this issue 5 years ago · 8 comments

hi sasikumar,
i am using the ecc service v1.2 API's via docker. i am able to encrypt the data. while decryption getting below error.
"mac check in GCM failed". actaully we are consuming ecc API's in my nodejs application. i am unable to understand this java based error. please help me solve this.

Envoronment Details:
OS: Linux
Lang: Node JS

error response:
{
errorCode: 'javax.crypto.AEADBadTagException',
errorMessage: 'mac check in GCM failed',
errorInfo: null
}

Answer 1 · 2020-07-30T17:00:46.000Z

GCM failed means the data used during encryption and the data after decryption are not matching.

https://www.cryptosys.net/pki/manpki/pki_aesgcmauthencryption.html

Answer 2 · 2020-08-05T13:40:08.000Z

Hi Sasi, we found below discrepancies between our keys and ReBIT keys 1. curve value in Rebit: Curve25519 ecc -controller: curve25519 2. key name of DHPublicKey/parmeter Rebit: parmeter ecc -controller: parameters 3. while encryption you mentioned in text that expecting FI data as *string* but key name *base64data* please check the below reference screen shots. Thanks & Regards, *A.Rajesh Kumar* *9666091115* web*: onemoney.in <https://www.onemoney.in/>*

…

On Thu, Jul 30, 2020 at 10:31 PM Sasikumar Ganesan ***@***.***> wrote: GCM failed means the data used during encryption and the data after decryption are not matching. https://www.cryptosys.net/pki/manpki/pki_aesgcmauthencryption.html — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#5 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AQONW7GG5CGPHBGRTGQ4GUDR6GRM5ANCNFSM4PNWXIRQ> .

Answer 3 · 2020-08-13T16:05:07.000Z

@rajesha-onemoney Today we done a new docker release you can get the same using the below pull command.

docker pull gsasikumar/forwardsecrecy:latest

In this build we have taken care of above discrepancy item 1.

Can you give us more details on discrepancy item 2, since as per V1.1, V1.2 and latest build DHPublicKey/Parameter is same as the Rebit spec 1.1.3

Discrepancy item 3 we have still have to fix and I feel this is a valid ask.

@gsasikumar Please confirm so I can work on this fix.

Answer 4 · 2020-08-17T05:57:40.000Z

hi @vishwa-vyom ,
please refer below screen shots for discrepancy item 2.
check keynames of "DHPublicKey" in both images. one is Rebit spec and one is our ecc-service

Answer 5 · 2020-08-24T07:06:09.000Z

@vishwa-vyom , @gsasikumar ?

Answer 6 · 2020-08-25T17:57:53.000Z

@rajesha-onemoney I am current working on the discrepancy item 3, will update back once done..
Also there is pull request for item 2, so once my changes are done will speak to Sasi to merge both and do one more docker release.

Answer 7 · 2020-08-26T05:33:04.000Z

sure @vishwa-vyom , thanks for the update

Answer 8 · 2021-03-26T17:38:09.000Z

As this issue is resolved I am closing this issue.