Error: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt

[fire717]

mac os, when I run

./bin/hs-airdrop ...

got this:

Error: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
at Decipheriv.final (internal/crypto/cipher.js:172:29)
at CipherBase.final (/Users/fire/Downloads/hs-airdrop/node_modules/bcrypto/lib/native/cipher.js:59:21)
at Decipher.final (/Users/fire/Downloads/hs-airdrop/node_modules/bcrypto/lib/native/cipher.js:114:21)
at Object.decrypt (/Users/fire/Downloads/hs-airdrop/node_modules/bcrypto/lib/native/cipher.js:187:9)
at Object.decrypt (/Users/fire/Downloads/hs-airdrop/node_modules/bcrypto/lib/encoding/pemcrypt.js:68:23)
at SSHPrivateKey.fromString (/Users/fire/Downloads/hs-airdrop/node_modules/bcrypto/lib/ssh.js:644:16)
at Function.fromString (/Users/fire/Downloads/hs-airdrop/node_modules/bufio/lib/struct.js:155:23)
at readKey (/Users/fire/Downloads/hs-airdrop/bin/hs-airdrop:536:33)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at async parseArgs (/Users/fire/Downloads/hs-airdrop/bin/hs-airdrop:714:21)

[tumayun]

me too

[tumayun]

roc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC

[pinheadmz]

Looks like the nodejs crypto module can't decrypt your SSH key with the passphrase provided.

This might be hard to debug -- what version of nodejs are you running?

[fire717]

I sovled this by input correct passphase….which I just input Enter before.

The error info is just a little misleading.

[tmcc-h]

I sovled this by input correct passphase….which I just input Enter before.

The error info is just a little misleading.

@fire717 Still not work, I have not set any passphase before, just Enter ... Enter.

[zhoujingchao]

so? how to get passphase? I have the same problem!

[pinheadmz]

It's the passphrase for your encrypted private key.

[tmcc-h]

Checked those links, error info was changed, but still not work.
https://lifesaver.codes/answer/crypto-bad-decrypt
nodejs/node#2794

[tmcc-h]

From: nodejs/node#2794 (comment)

Ok, so the problem is in padding. This is actually a common issue when users are encrypting in one language and decrypting in another. By default node uses PKCS padding, but Python uses null-byte padding instead. So calling decrypt.setAutoPadding(false); after you create the decipher instance will make it work as expected:

var crypto = require('crypto');
var theCipher = "ccZmMULq3tlzAY+iafZz+96xz+qFsAuGpEjhN7CckJTcdBT03fgobfSVGCGYzILyPNSA3e3msUqHUTCpv8kRnWvFdLv9c+GTEhg+Lj5dOThGDHtkQX2j5bd6Eubw9/l+Lcwj0PeyW0ZoVkB5Nnp1yCnmKAn2Euliq+IurgthT+wln6cQmTjXfL4IB5VxwUEb72FcbeiCfbKxa+MxxbcQTCpli3ErSptwdp9on2k87JTPFqyyMmMRFA9VgOXpHNe43IwFzME01DyHZ+Rp/eQguTmY9FtkFIZeD2e2nrbbDbW6tlk/KOtdhGVIlIGMPNS5m8LYqlrGZlJU3JythEy+J0z1wW1owjVe9Yto2OtUe8WeKI744enBKAX4FnD4My7+/XRjbF5kf6loT9lqeMCdXFb3LDej3GVcKWbJuZjXmD4="
var key = "abcdefghijklmnopqrstuvwx"
var decrypt = crypto.createDecipheriv('des-ede3', key, "");
decrypt.setAutoPadding(false); // !!!!!!!!!add this line!!!!!!!!!!
var s = decrypt.update(theCipher, 'base64', 'utf8');
console.log(s + decrypt.final('utf8'));

[pinheadmz]

@tmcc-h interesting. Thank you. Would you be able to open a pull request to incorporate this fix?

[tumayun]

Please check if your ssh key has a password

[chjj]

@tmcc-h, I was not aware any platforms used something other than pkcs padding. OpenSSH uses pkcs padding for encrypting private keys.

Did that fix work for you? If so, what SSH implementation did you use to generate/encrypt your key?

[skorokithakis]

I decrypted my key by specifying no passphrase for ssh-keygen -p and it worked with the plaintext key.

[HaleTom]

I tried @skorokithakis suggestion, but then get (just pressing when asked for keyphrase):

Passphrase:
Error: Invalid bech32 string.
    at parseAddress (/home/var/ravi/tmp/hs-airdrop/bin/hs-airdrop:785:39)
    at parseArgs (/home/var/ravi/tmp/hs-airdrop/bin/hs-airdrop:734:37)
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    at async main (/home/var/ravi/tmp/hs-airdrop/bin/hs-airdrop:740:19)

I believe I originally created my key with:

ssh-keygen -t rsa -b 4096 -o -a 100

[pinheadmz]

@HaleTom the bech32 error refers to the Handshake address you need to pass in to hs-airdrop, telling the Blockchain where to send your coins. Were you able to generate a HNS address?

[ntokozodev]

From: nodejs/node#2794 (comment)

Ok, so the problem is in padding. This is actually a common issue when users are encrypting in one language and decrypting in another. By default node uses PKCS padding, but Python uses null-byte padding instead. So calling decrypt.setAutoPadding(false); after you create the decipher instance will make it work as expected:

var crypto = require('crypto');
var theCipher = "ccZmMULq3tlzAY+iafZz+96xz+qFsAuGpEjhN7CckJTcdBT03fgobfSVGCGYzILyPNSA3e3msUqHUTCpv8kRnWvFdLv9c+GTEhg+Lj5dOThGDHtkQX2j5bd6Eubw9/l+Lcwj0PeyW0ZoVkB5Nnp1yCnmKAn2Euliq+IurgthT+wln6cQmTjXfL4IB5VxwUEb72FcbeiCfbKxa+MxxbcQTCpli3ErSptwdp9on2k87JTPFqyyMmMRFA9VgOXpHNe43IwFzME01DyHZ+Rp/eQguTmY9FtkFIZeD2e2nrbbDbW6tlk/KOtdhGVIlIGMPNS5m8LYqlrGZlJU3JythEy+J0z1wW1owjVe9Yto2OtUe8WeKI744enBKAX4FnD4My7+/XRjbF5kf6loT9lqeMCdXFb3LDej3GVcKWbJuZjXmD4="
var key = "abcdefghijklmnopqrstuvwx"
var decrypt = crypto.createDecipheriv('des-ede3', key, "");
decrypt.setAutoPadding(false); // !!!!!!!!!add this line!!!!!!!!!!
var s = decrypt.update(theCipher, 'base64', 'utf8');
console.log(s + decrypt.final('utf8'));

Thanks had a same error adding decrypt.setAutoPadding(false) solved it for me.

[pinheadmz]

@ntokozo-shagala were exactly did you add that line? Could you post a diff here, or open a pull request? thank you!

[DavidMendiluce]

I had this issue with the latest version of NodeJS when running the command "ng-serve", I uninstalled that version and installed the "recommended for most users version" instead which fixed the error for me.

[pavankotesh]

I had this issue with v17.0.0, I switched to v14.18.1 and it disappeared. Thanks @DavidMendiluce

[kamax4997]

But is there any way to solve it in node v17.0.1?

[MrRed369]

i am also face this problem anyone help me

?

[pbrocks]

@MrRed369 https://stackoverflow.com/a/69665354/6282094

If you hit an ERR_OSSL_EVP_UNSUPPORTED error in your application with Node.js 17, it’s likely that your application or a module you’re using is attempting to use an algorithm or key size which is no longer allowed by default with OpenSSL 3.0. A new command-line option, --openssl-legacy-provider, has been added to revert to the legacy provider as a temporary workaround for these tightened restrictions.

[AdityaInnovates]

i was thinking that maybe that was the issue of passkey but no ,,,,,,,,,,,,,,,,,, that was never a issue,,,,,,,,,,,,,,,----------------
The Real Issue Was The IV

var iv = crypto.randomBytes(16)

I create iv Randomly every time so i have to store it in a var that hold it until i proccess this further;;
and after iv sets perfect i used Buffer From That IV AND WOOOW;;;;; I JUST GOT SUCCESS

Buffer.from(YOUR BINNARY IV DATA.toString("hex"), "hex")

[HaleTom]

Thanks for this! How much in USD terms is the value of the airdrop?

…

On 1 March 2022 22:51:29 erorr-404-Aditya ***@***.***> wrote: i was thinking that maybe that was the issue of passkey but no ,,,,,,,,,,,,,,,,,, that was never a issue,,,,,,,,,,,,,,,---------------- The Real Issue Was The IVvar iv = crypto.randomBytes(16) I create iv Randomly every time so i have to store it in a var that hold it until i proccess this further;; and after iv sets perfect i used Buffer From That IV AND WOOOW;;;;; I JUST GOT SUCCESSBuffer.from(YOUR BINNARY IV DATA.toString("hex"), "hex") — Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android. You are receiving this because you were mentioned.Message ID: ***@***.***>