I have the following code:
const crypto = require("crypto");
const algorithm = "aes-256-gcm";
const message = "This is a secret message";
const iv = crypto.randomBytes(12);
const sKey = crypto.randomBytes(32);
const cipher = crypto.createCipheriv(algorithm, sKey, iv);
const decipher = crypto.createDecipheriv(algorithm, sKey, iv)
let encryptedData = cipher.update(message, "utf-8", "hex");
encryptedData = cipher.final("hex");
let decData = decipher.update(encryptedData, "hex", "utf-8");
decData = decipher.final("utf-8");
console.log("Encrypted message: " encryptedData);
console.log("Decrypted message: ", decData)
When I run it, I receive the following exception:
node:internal/crypto/cipher:193
const ret = this[kHandle].final();
^
Error: Unsupported state or unable to authenticate data
at Decipheriv.final (node:internal/crypto/cipher:193:29)
at Object.<anonymous> ([...]/crypto-test.js:15:21)
at Module._compile (node:internal/modules/cjs/loader:1101:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
at Module.load (node:internal/modules/cjs/loader:981:32)
at Function.Module._load (node:internal/modules/cjs/loader:822:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12)
at node:internal/main/run_main_module:17:47
Error is thrown when calling decipher.final()
. How can I fix it?
CodePudding user response:
When using an authenticated cipher (which aes-256-gcm
is), you'll need the auth tag from the cipher; otherwise Decipher.final()
will throw (as you can see) since the auth tag it has (or in this case, doesn't) doesn't match what it thinks the deciphered text's auth tag is.
const crypto = require('crypto');
const algorithm = 'aes-256-gcm';
const message = 'This is a secret message';
const iv = crypto.randomBytes(12);
const sKey = crypto.randomBytes(32);
const cipher = crypto.createCipheriv(algorithm, sKey, iv);
let encryptedData = cipher.update(message, 'utf-8', 'hex');
encryptedData = cipher.final('hex');
const authTag = cipher.getAuthTag().toString("hex"); // <- new
console.log({authTag, encryptedData}); // for debugging
const decipher = crypto.createDecipheriv(algorithm, sKey, iv);
decipher.setAuthTag(Buffer.from(authTag, 'hex')); // <- new
let decData = decipher.update(encryptedData, 'hex', 'utf-8');
decData = decipher.final('utf-8');
console.log('Decrypted message: ', decData)