CODEWITHSUNDEEP
javascriptnode.jsaes
user8555937
user8555937

Reputation: 2387

decipher.final(): Unsupported state or unable to authenticate data

I have the following code:

const crypto = require("crypto");

const algorithm = "aes-256-gcm"; 
const message = "This is a secret message";
const iv = crypto.randomBytes(12);
const sKey = crypto.randomBytes(32);

const cipher = crypto.createCipheriv(algorithm, sKey, iv);
const decipher = crypto.createDecipheriv(algorithm, sKey, iv)

let encryptedData = cipher.update(message, "utf-8", "hex");
encryptedData += cipher.final("hex");

let decData = decipher.update(encryptedData, "hex", "utf-8");
decData += decipher.final("utf-8");

console.log("Encrypted message: " + encryptedData);
console.log("Decrypted message: ", decData)

When I run it, I receive the following exception:

node:internal/crypto/cipher:193
  const ret = this[kHandle].final();
                            ^

Error: Unsupported state or unable to authenticate data
    at Decipheriv.final (node:internal/crypto/cipher:193:29)
    at Object.<anonymous> ([...]/crypto-test.js:15:21)
    at Module._compile (node:internal/modules/cjs/loader:1101:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
    at Module.load (node:internal/modules/cjs/loader:981:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12)
    at node:internal/main/run_main_module:17:47

Error is thrown when calling decipher.final(). How can I fix it?

Upvotes: 0

Views: 3546

Answers (1)

AKX
AKX

Reputation: 169277

When using an authenticated cipher (which aes-256-gcm is), you'll need the auth tag from the cipher; otherwise Decipher.final() will throw (as you can see) since the auth tag it has (or in this case, doesn't) doesn't match what it thinks the deciphered text's auth tag is.

const crypto = require('crypto');

const algorithm = 'aes-256-gcm';
const message = 'This is a secret message';
const iv = crypto.randomBytes(12);
const sKey = crypto.randomBytes(32);

const cipher = crypto.createCipheriv(algorithm, sKey, iv);

let encryptedData = cipher.update(message, 'utf-8', 'hex');
encryptedData += cipher.final('hex');

const authTag = cipher.getAuthTag().toString("hex");  // <- new
console.log({authTag, encryptedData});  // for debugging

const decipher = crypto.createDecipheriv(algorithm, sKey, iv);
decipher.setAuthTag(Buffer.from(authTag, 'hex'));  // <- new
let decData = decipher.update(encryptedData, 'hex', 'utf-8');
decData += decipher.final('utf-8');
console.log('Decrypted message: ', decData)

Upvotes: 4

Related Questions