0

Any help on this would be appreciate it :). I am trying to create a firebase function to decrypt data using google kms. For some reason I am unable to decrypt data successfully, I am just getting an empty buffer as response. Here is my code 

app.post('/', (req, res) => {
    var testToken =   Buffer.from("test-token").toString('base64')
    console.log("access token:" + testToken )
    client.encrypt({name, testToken })
        .then(responses => {
            const response = responses[0];
            //TRIED THIS
            //const  ciphertext = response.ciphertext
            //AND THIS
            const  ciphertext = response.ciphertext.toString('base64')
            console.log(ciphertext)
            client.decrypt({name, ciphertext})
                .then(responses2 => {
                    console.log(responses2);
                    console.log(Buffer.from(responses2[0].plaintext, 'base64').toString("utf8"))
                    return res.status(200).send({"status": "succes"})
                })
                .catch(err => {
                    console.log(err);
                    return res.status(400).send({"status": "error"})
                });
        })
        .catch(err => {
            console.log(err);
            return res.status(400).send({"status": "error"})
        });

});

Here are the logs that I am printing

info: access token:dGVzdC10b2tlbg==
info: CiQAoYg0TZ0KIurHuDKRxNt5tBm+bWv94gjCRqJbzi/d8ZGk7k8SIQBZ//kUwUOpsnFquNYyxrd5w6YmUMlGupghjUsjf94G9g==
info: [ { plaintext: <Buffer > }, undefined, undefined ]

I would like to make this work without the need of any temp files. Thanks in advance!

hlagos
  • 7,690
  • 3
  • 23
  • 41

1 Answers1

1

I found the issue.. in case someone else run into this, the problem is with the secondargument of the encrypt method, it has to ba named plaintext like this 

client.encrypt({name, plaintext})

So it looks like kms was encrypting empty value because plaintext was not present, so at the moment of decrypt, it returned the empty value as well.

I think it would be useful add some kind of warning or exception at the api level.

hlagos
  • 7,690
  • 3
  • 23
  • 41