Better error handling for invalid decrypt input

Question

Better error handling for invalid decrypt input

Closed this issue 3 years ago · 1 comments

Type the sensitive data to decrypt, then press Enter: hellofriendthisissomething
thatisverylong
Error: Payload is too short to be encrypted

This error message seems a bit less intuitive than would be ideal. Ideally something along the lines of "Invalid input" / this is not an encrypted string that we can decrypt

Answer 1 · 2022-03-23T19:10:31.000Z

For the above input I see the following instead:

Error: invalid decryption payload: illegal base64 data at input byte 24

This seems fairly user-friendly to me, but I may be overstating things. Generally decryption can fail for three reasons, all of which have their own error messages:

Non-base64 input. Maybe due to extra whitespace, which we could try to detect (#3).
A base64-encoded payload too short to contain the nonce + content, which is the error you saw.
An actual failure to decrypt, perhaps due to (a) garbage input; or (b) a mismatched key.

In all these cases it can be hard to know exactly why a user ended up in the situation they did, but I'm open to adding more informative error messages -- especially in the CLI -- to help them guess.