rails_event_store: Error when decrypting event with new cipher key

Hi guys, I think I found another issue

So the use case is this - we have some events that are encrypted using a cipher key with an identifier

When we delete that cipher key from the database, similar events being encrypted after the cipher key has been deleted, will result in creating a new cipher key in our db with an identical identifier.

So when we try to decrypt the old events with the new cipher key, this happens:

2020-08-31 13:21:43 - Psych::SyntaxError - (<unknown>): invalid leading UTF-8 octet at line 1 column 1:
	/Users/nicolaiseerup/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/psych.rb:456:in `parse'
	/Users/nicolaiseerup/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/psych.rb:456:in `parse_stream'
	/Users/nicolaiseerup/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/psych.rb:390:in `parse'
	/Users/nicolaiseerup/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/psych.rb:277:in `load'
	/Users/nicolaiseerup/.rvm/gems/ruby-2.6.5@smart-workspaces/gems/ruby_event_store-1.1.1/lib/ruby_event_store/mappers/transformation/encryption.rb:117:in `decrypt_attribute'

https://github.com/RailsEventStore/rails_event_store/blob/master/ruby_event_store/lib/ruby_event_store/mappers/transformation/encryption.rb#L117

Maybe this line should also rescue from Psych::SyntaxError ?

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 15 (6 by maintainers)

Most upvoted comments

require 'openssl'

cipher = "aes-256-cbc"
iv = "\x9C\x91t\xD2\x99\xC3\xCAQ\x7F\xA8\xADV\xA9\xB6X\x8D"
cryptogram = "}E\x7F\xBA\xF9\t\x80@O\xC8\xC6q<4\x9B\xFBZ\xBB\xFC\xCE\x83\x16\xAAdv\xBE\a\x869l\x8C\x91"
key = "\xE8\xB5\x0E\x89\xF1\x98\xBA\xDBkI9\x05\x90\xAD\\\xFF\xB6\xE3An\x86^\xF0lI\x92\xF8b\x02*\x90\xAE"

crypto = OpenSSL::Cipher.new(cipher)
crypto.decrypt
crypto.iv  = iv
crypto.key = key
(crypto.update(cryptogram) + crypto.final).force_encoding("UTF-8")
=> "{M]\xEAμ\xEA\x99\xE5\"ЮF\xE6bM)C\xA1݃\x96\xBC_\xB2\xD7DN\"\x80i"

# and then

require 'yaml'
YAML.load("{M]\xEAμ\xEA\x99\xE5\"ЮF\xE6bM)C\xA1݃\x96\xBC_\xB2\xD7DN\"\x80i")
=> Psych::SyntaxError ((<unknown>): invalid trailing UTF-8 octet at line 1 column 1)

With that set of cryptogram, iv & key you will get a {M]\xEAμ\xEA\x99\xE5\"ЮF\xE6bM)C\xA1݃\x96\xBC_\xB2\xD7DN\"\x80i as decrypted message, of course later when we try to parse it to as YAML it fails.

This seems like not RES related problem - I think you should verify your keys management.

+1
mpraglowski on Sep 8, 2020

Ok, let me try to reproduce our case somehow - please leave this issue open a bit

+1
casiodk on Aug 31, 2020
Read more comments on GitHub
← rails_admin: NameError in RailsAdmin::Main#dashboard
rails_event_store: infinite mutations on master in rails_event_store-browser →