Reputation: 1
Unable to Decrypt WhatsApp Flows Server Response
I am working on decrypting WhatsApp flow data using AES-GCM encryption in C#, but I’m encountering an issue when attempting to decrypt the flow data. Below is my Decryptor class, which handles both decryption of the AES key and flow data:
public class Decryptor
{
public static DecryptedRequest DecryptRequest(EncryptedRequest body, string privatePem, string passphrase)
{
Log.Information("Decrypting request with body: {Bodyinitial_vector}", body.initial_vector);
byte[] encryptedAesKey = Convert.FromBase64String(body?.encrypted_aes_key);
byte[] encryptedFlowData = Convert.FromBase64String(body?.encrypted_flow_data);
byte[] initialVector = Convert.FromBase64String(body?.initial_vector);
byte[] decryptedAesKey;
try
{
// Decrypt AES key using private key
using (var rsa = CreateRsaPrivateKey(privatePem, passphrase))
{
decryptedAesKey = rsa.Decrypt(encryptedAesKey, RSAEncryptionPadding.OaepSHA256);
Log.Information("Decrypted AES Key: {decryptedAesKey}", decryptedAesKey);
}
}
catch (Exception ex)
{
throw new FlowEndpointException(421, "Failed to decrypt the request. Please verify your private key.");
}
const int TAG_LENGTH = 16;
byte[] flowDataBuffer = encryptedFlowData;
byte[] initialVectorBuffer = initialVector;
byte[] encryptedFlowDataBody = flowDataBuffer[..^TAG_LENGTH];
byte[] encryptedFlowDataTag = flowDataBuffer[^TAG_LENGTH..];
byte[] decryptedData;
try
{
using (var aesGcm = new AesGcm(decryptedAesKey))
{
decryptedData = new byte[encryptedFlowDataBody.Length];
aesGcm.Decrypt(initialVectorBuffer, encryptedFlowDataBody, decryptedData, encryptedFlowDataTag);
}
}
catch (CryptographicException ex)
{
Log.Error("Decryption failed: {ErrorMessage}", ex.Message);
throw new FlowEndpointException(400, "Failed to decrypt the request.");
}
string decryptedJSONString = Encoding.UTF8.GetString(decryptedData);
return new DecryptedRequest
{
DecryptedBody = decryptedJSONString,
AesKeyBuffer = decryptedAesKey,
InitialVectorBuffer = initialVectorBuffer
};
}
}
The decryption fails at the following point:
using (var aesGcm = new AesGcm(decryptedAesKey))
{
decryptedData = new byte[encryptedFlowDataBody.Length];
aesGcm.Decrypt(initialVectorBuffer, encryptedFlowDataBody, decryptedData, encryptedFlowDataTag);
}
The error message I get is:
System.ArgumentException: The specified nonce is not a valid size for this algorithm. (Parameter 'nonce')
This error suggests that the initialVector (nonce) being passed to the AES-GCM decryption is of an invalid size. However, I’ve confirmed that the initialVector is being correctly base64-decoded and passed as expected.
Has anyone encountered a similar issue with AES-GCM decryption in C#? What could be the cause of the invalid nonce size, and how can I resolve it?
I tried decrypting this
{
"encrypted_flow_data": "33oaKOMa2tsRCuh7g6JNsFzVB5icbm4dLq3sgrRXImxChcGOKWaTEZycsv/Tgg/jB/7cxQWH9D8HvJFkCc78X/avxOtEj0KbF+TuFKG28xO/HMR3A4rpzSyD37UAJy3eSmQ5CHZV7NOOMteJQNAOZQ3YEpcG/BcH8mo2iOQa2EA/8g==",
"encrypted_aes_key": "NQBgEO5GMMXVHsRx0oDb+0MeTYPnHDZM2yJBG0CeaJ2VqN9ennPnLKknbVgpfRm7GfGSxsPHvO9sZeNs/SXlmYIoasDXw3pgKVjhPq3BOk93Fkfjs8bwBhDP763RCgO5IsOSgCqvNeGxeXxyM2BLr8rUAwoE74FYRLa6dxg5RGEUpGJjKLU8VZmBDbXanhPmy6+iVcLEE79rZLsA0+kU7IZ44eeR7PpvqiDCcrnjME/uCF24+3g+iVjsgcL5lA5DdhUQnfPnkjLTiC+x/NPp7ev3e7nP+PzTLQOxnnihjggRfYHUzklp9laVLAQoSQh7vvyKJUPyCv9BRhEmR7BJVQ==",
"initial_vector": "Vs37z73b5OiBJ5hMV0kyUQ=="
}
and this is what am expecting at least
Decrypted Request:
{
"data": {
"farmer_select": "1"
},
"flow_token": "TEST",
"screen": "DEMO_SCREEN",
"action": "data_exchange",
"version": "3.0"
}
Upvotes: 0
Views: 100
Answers (0)
Related Questions
- Decrypt & Re-Encrypt Chrome cookies
- AES-GCM without AEAD (tag)
- Encrypt/Decrypt using Secure Enclave iOS AES-GCM
- Why AES-256 with GCM adds 16 bytes to the ciphertext size?
- Decrypt AES Key with RSA in Android
- decrypt TLS 1.2 AES-GCM packet
- Android : AES Encryption & Decryption using GCM mode in android?