0

I'm using the Web Crypto API in an Angular (v15) application to decrypt a hex-encoded string encrypted with AES/CBC/PKCS7Padding. The implementation works as expected when served in the development environment (ng serve in localhost), but when the application is built and deployed, the crypto.subtle.decrypt() method throws an error - DOMException: The operation failed for an operation-specific reason. (In Firefox)

The same issue occurs in Chromium browsers as well but the exception thrown is just Error (and no more error information).

Here's a simplified sample of the code with debug console logs of the method used to decrypt.

public decryptAES(encryptedText: string, secretKey: string, ivString: string): Promise<string> {
    return new Promise((resolve, reject) => {
        console.log('xxx - encryptedText ', encryptedText);
        console.log('xxx - secretKey ', secretKey);
        console.log('xxx - ivString ', ivString);
    
    crypto.subtle.importKey(
        'raw', new TextEncoder().encode(secretKey),
        { name: 'AES-CBC', length: 256 },
        false,
        ['decrypt'],
    )
    .then(keyBuffer => {
            console.log('xxx - keyBuffer ', keyBuffer);

        const ivBuffer = new TextEncoder().encode(ivString);
        console.log('xxx - ivBuffer ', ivBuffer);

        const encryptedBuffer = new Uint8Array(Uint8Array.from(encryptedText.match(/.{1,2}/g).map(byte => parseInt(byte, 16))),);
        console.log('xxx - encryptedBuffer ', encryptedBuffer);

        crypto.subtle.decrypt(
            { name: 'AES-CBC', iv: ivBuffer },
            keyBuffer,
            encryptedBuffer,
        )
        .then(decryptedBuffer => {
            console.log('xxx - decryptedBuffer ', decryptedBuffer);

            const decryptedText = new TextDecoder().decode(decryptedBuffer);
            console.log('xxx - decryptedText ', decryptedText);

                resolve(decryptedText);
        })
        .catch(err => {
            console.log('xxx - error in subtle.decrypt - ', err);
            reject(err);
        });
    })
    .catch(err => {
        console.log('xxx - error insubtle.importKey - ', err);
        reject(err);
    });
    });
}

Below are the screenshots for console logs captured in Firefox Developer.

  • in localhost (the text is decrypted as expected) - localhost

decrypting works fine in localhost

  • in production deployment - exception thrown for subtle.decrypt

Exception thrown in deployment for subtle.decrypt method

Any assistance would be appreciated. Thanks in advance.

Improve this question
4
  • Is the application running in production in a secure context? Commented Nov 28, 2023 at 12:17
  • @Topaco Yes. Its running in a secure-context Commented Nov 29, 2023 at 1:59
  • Hi @Topaco, had the same issue when this was done using the CryptoJS and node-forge libraries. Seems like this has something to do with the values I'm passing to decrypt. Any insight on this? Commented Nov 29, 2023 at 3:27
  • Check the usual suspects: Is the encryption key the same as the decryption key (analogous for the IV)? Is the ciphertext immediately after encryption the same as immediately before decryption (to rule out data corruption during transport)? Commented Nov 29, 2023 at 6:33

1 Answer 1

Reset to default
0

The issue was found to be with the secretKeys used. I was using the wrong secret key in deployment due to an issue in the enviornment configurations.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.