-
Notifications
You must be signed in to change notification settings - Fork 9
Decrypt Errors
When there is a DecryptError.InvalidSignature, then we need to check on envelope.mac (the message signature) and rc.chain_key.message_keys.mac_key.key (the receiver's MacKey).
It's very likely that the receiver's MacKey is undefined or the sender's MacKey is different than the one which the receiver uses.
HCMAC validation:
- Alice has the same MacKey (HMAC) as Bob
- Bob receives a message envelope from Alice
- The message envelope contains a signature (which was created with Alice's MacKey) and the message (among other properties)
- Bob signs the message again (using his MacKey) to check if he can create the same signature (as provided in the message envelope)
- If Bob is able to create the same signature, then the signature is valid because Alice and Bob share the same MacKey (symmetrical signature)
Calls:
-
DecryptError.InvalidSignaturecomes fromSessionState.decrypt>Envelope.verify>MacKey.verify>sodium.crypto_auth_hmacsha256_verify
Interesting fact:
Because Alice and Bob are using the same MacKey, Proteus guarantees Deniability. Because Bob you show someone that the message he got is from Alice (showing the signature verification). But it could also have been Bob who signed this message (because he has the same signature key as Alice and thus is able to sign messages). So no one believe Bob that Alice signed this message (because it could have also been him).