Search code examples
javascriptnode.jsaes

decipher.final(): Unsupported state or unable to authenticate data

I have the following code:

const crypto = require("crypto");

const algorithm = "aes-256-gcm"; 
const message = "This is a secret message";
const iv = crypto.randomBytes(12);
const sKey = crypto.randomBytes(32);

const cipher = crypto.createCipheriv(algorithm, sKey, iv);
const decipher = crypto.createDecipheriv(algorithm, sKey, iv)

let encryptedData = cipher.update(message, "utf-8", "hex");
encryptedData += cipher.final("hex");

let decData = decipher.update(encryptedData, "hex", "utf-8");
decData += decipher.final("utf-8");

console.log("Encrypted message: " + encryptedData);
console.log("Decrypted message: ", decData)

When I run it, I receive the following exception:

node:internal/crypto/cipher:193
  const ret = this[kHandle].final();
                            ^

Error: Unsupported state or unable to authenticate data
    at Decipheriv.final (node:internal/crypto/cipher:193:29)
    at Object.<anonymous> ([...]/crypto-test.js:15:21)
    at Module._compile (node:internal/modules/cjs/loader:1101:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
    at Module.load (node:internal/modules/cjs/loader:981:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12)
    at node:internal/main/run_main_module:17:47

Error is thrown when calling decipher.final(). How can I fix it?

Solution

  • When using an authenticated cipher (which aes-256-gcm is), you'll need the auth tag from the cipher; otherwise Decipher.final() will throw (as you can see) since the auth tag it has (or in this case, doesn't) doesn't match what it thinks the deciphered text's auth tag is.

    const crypto = require('crypto');

const algorithm = 'aes-256-gcm';
const message = 'This is a secret message';
const iv = crypto.randomBytes(12);
const sKey = crypto.randomBytes(32);

const cipher = crypto.createCipheriv(algorithm, sKey, iv);

let encryptedData = cipher.update(message, 'utf-8', 'hex');
encryptedData += cipher.final('hex');

const authTag = cipher.getAuthTag().toString("hex");  // <- new
console.log({authTag, encryptedData});  // for debugging

const decipher = crypto.createDecipheriv(algorithm, sKey, iv);
decipher.setAuthTag(Buffer.from(authTag, 'hex'));  // <- new
let decData = decipher.update(encryptedData, 'hex', 'utf-8');
decData += decipher.final('utf-8');
console.log('Decrypted message: ', decData)