virgilsecurity / virgil-sdk-javascript Goto Github PK

Followed the instruction here and below error throws in "virgil-sdk": "^6.0.1".

 throw new Error("Cannot use global instances if the 'resetGlobalInstances' function has been called or 'createGlobalInstances' function has not been called yet.");
              ^

I created a getToken function that return a Firebase JWT after authentication.

firebase.auth().onAuthStateChanged(user => {
  ...
  const getToken = () user.getIdToken();
  ...
});

When I invoke an instance of CachingJwtProvider passing the function mentioned above, I get Error: Wrong JWT format but I don’t understand why.

My JWT token seems to be well formatted and everything worked before moving from version 5.3.0 to 6.0.0-alpha.1.

I would like to rollback to the previous version, but I don't know if it is incompatible with @virgilsecurity/[email protected]

Here I report the complete error:

Error: Wrong JWT format
    at new Jwt (virgil-sdk.browser.cjs.js:319)
    at Function.Jwt.fromString (virgil-sdk.browser.cjs.js:351)
    at virgil-sdk.browser.cjs.js:559
    at tryCallOne (core.js:37)
    at core.js:123
    at JSTimers.js:289
    at _callTimer (JSTimers.js:146)
    at _callImmediatesPass (JSTimers.js:194)
    at Object.callImmediates (JSTimers.js:458)
    at MessageQueue.__callImmediates (MessageQueue.js:366)

If you need more information, trying to handle the error I get InvalidCharacterError.
Something happen in this block:

try {
  this.header = JSON.parse(base64UrlDecode(parts[0]));
  this.body = JSON.parse(base64UrlDecode(parts[1]));
  his.signature = base64UrlToBase64(parts[2]);
}
catch (e) {
  throw new Error('Wrong JWT format');
}

especially when trying to decode the body.

My configuration:

"@virgilsecurity/key-storage-rn": "^0.2.0-alpha.0",
"react-native": "0.60.5",
"react-native-virgil-crypto": "0.3.0",
"virgil-sdk": "^6.0.0-alpha.1"

I'm gtting this error when I call EThree.initialize(Promise.resolve(virgilResponse.virgilToken) can anybody clarify the error?

Currently the SDK requires me to pass the exact card used to sign into decryptTheVerify. It would be great if I could just pass it all the cards for a sender and it would let me know if any of them matched.

@vadimavdeev could we get this rolled out somewhere soon? I am working on a demo and would like to have this in it already.

Currently I'm stuck in a bit of callback hell trying to do something pretty simple that most people will need to do:

• Load a key if it exists
• If it doesn't, generate a new key, store this key, and then return the new key

Currently, this looks as follows:

function loadOrCreateKey(api, id, password, callback) {
  api.keys.load(id, password)
    .then(callback)
    .catch(function() {
      var key = api.keys.generate();
      key.save(id, password)
        .then(function () {
          callback(key);
        });
    });
}

This doesn't even include creating a card and sending it to the server.

I guess, Ideally I'd do something like this:

api.keys.generateOrLoad(id, password)
  .then(function(key) {
     // now I have a problem: how do I know this is a new key?
  });

Not sure how to solve this problem, but would love for this to be a lot easier.

Maybe a simpler solution would be to at least have a way to check if a key exists?

[Context]
I'm building a small server to collect JWT tokens. The route handling looks below. When the server runs there is a TypeError from the Virgil-SDK

RuntimeError: abort(TypeError: Invalid format of 'Data'.). Build with -s ASSERTIONS=1 for more info.
at process.B (/Users/MY_USER_NAME/Documents/sendbird-virgil-uikit-sample/server/node_modules/@virgilsecurity/core-foundation/node.cjs.js:1:2501)

[Environment]
MAC Pro - Monterey - Intel not M1
Node v16.13.1
npm v8.1.2

[Impact]
I'm working to write a guide for Virgil security and Sendbird. However, I'm stuck at the moment as it seems that Node.js above v13 (two years old) is not supported

My jwt route example:

`
import express from 'express';
import { JwtGenerator } from 'virgil-sdk';

import {
initCrypto,
VirgilCrypto,
VirgilAccessTokenSigner,
} from 'virgil-crypto';

const getJwtGenerator = async () => {

await initCrypto();
const virgilCrypto = new VirgilCrypto();
return new JwtGenerator({
appId: process.env.VIRGIL_APP_ID,
apiKeyId: process.env.VIRGIL_APP_KEY_ID,
apiKey: virgilCrypto.importPrivateKey(process.env.VIRGIL_APP_KEY),
accessTokenSigner: new VirgilAccessTokenSigner(virgilCrypto),
});

};

const generatorPromise = getJwtGenerator();

export const virgilRouter = express.Router();

virgilRouter.get('/jwt/:userId', async (req, res) => {

const generator = await generatorPromise;
const virgilJwtToken = generator.generateToken(req.user.identity);
console.log({ virgilToken: virgilJwtToken.toString() });
res.json({ virgilToken: virgilJwtToken.toString() })

`});``

I am suffering from writing integration testing using virgil sdk. How should I mock your sdk?

jest.mock('virgil-crypto');
jest.mock('virgil-sdk');

I need to mock them so I don't need actual credential from virgil to be uploaded to github.

I'm trying to figure out how secure private keys are when using virgil (specifically e3kit) in the browser. This line looks like it's stored in indexeddb. Can it easily be extracted/exported?

If a malicious actor were to gain control over my website, could they deploy a new version that contains code that extracts the private key and sends it to themselves?

Currently the global variable that is initialized when including the library as a script is called virgil.

This means that currently initialization looks like this:

var client = virgil.API("[ACCESS_TOKEN]");

It would be really nice if instead we could do this:

var virgil = new Virgil("[ACCESS_TOKEN]");
// or, less preferable
var virgil = new Virgil.API("[ACCESS_TOKEN]");

With that in place, every SDK method call would start with virgil., making it always clear to everyone which object is the Virgil client.

As this is a backwards incompatible change, this should probably only be added from version 5 onwards.

I have used virgil for encrypted communication and am having trouble with decrypting a message. The buffer returned by the decrypt function seems to have some sort of problem, when it is converted to a string using 'toString()' the value '[Object object]' is returned when it should return the original message. When tested locally the decryption works but when a server and socket communication is used, this is when the problems occur. Please could you assist.

The function in question is shown herevar originalMessage = userKey.decrypt(data.message.toString()); console.log(originalMessage); . The value of originalMessage is always "[Object object]" no matter what.

@vadimavdeev I am trying to write a guide for https://developer.virgilsecurity.com/docs/javascript/get-started/passwordless-authentication

Is this present in the JS SDK yet?

const jwtProvider1 = new Virgil.CachingJwtProvider(fetchVirgilJwt);
virgil-sdk.browser.umd.min.js:1 Uncaught TypeError: renewJwtFn must be a function
at new t (virgil-sdk.browser.umd.min.js:1)

My code is currently quite naive, looking up the sender's Card every time a message comes in. I wonder if there's a better way of doing this, maybe by caching the card and passing the card ID in the message?

Or is it cheap/fast/easy/desired/more secure to just keep calling Virgil?

Attempting to use e3kit-node with electron v8.3.0 in the background process (non renderer process, so it acts like nodejs). I get this error when I attempt to initialize eThree.

TypeError: fetch is not a function
    at eval (webpack:///./node_modules/fetch-ponyfill/fetch-node.js?:13:12)
    at Connection.send (webpack:///./node_modules/virgil-sdk/dist/virgil-sdk.es.js?:912:16)
    at Connection.post (webpack:///./node_modules/virgil-sdk/dist/virgil-sdk.es.js?:906:21)
    at CardClient.eval (webpack:///./node_modules/virgil-sdk/dist/virgil-sdk.es.js?:1003:52)
    at Generator.next (<anonymous>)
    at eval (webpack:///./node_modules/virgil-sdk/dist/virgil-sdk.es.js?:587:71)
    at new Promise (<anonymous>)
    at __awaiter (webpack:///./node_modules/virgil-sdk/dist/virgil-sdk.es.js?:583:12)
    at CardClient.searchCards (webpack:///./node_modules/virgil-sdk/dist/virgil-sdk.es.js?:1002:16)
    at CardManager.eval (webpack:///./node_modules/virgil-sdk/dist/virgil-sdk.es.js?:1388:157)

Hello, are there any plans to upgrade to Webpack 5?

Webpack 4 is starting to come with more dependency security issues, and it looks like they don't plan to fix them because they will be breaking changes. The recommended action is always to upgrade to Webpack 5 unfortunately. I am seeing two dependabot alerts for set-value and glob-parent, and it looks like both can be traced back to Webpack 4 which is required by virgil-sdk.

webpack/webpack#12286
webpack/webpack#12319

Thanks, cheers 🍺

Currently the SDK requires a password for saving the key, which I do not think is necessary, @unlim-it agrees.

@vadimavdeev could we get this rolled out somewhere soon? I am working on a demo and would like to have this in it already.

Context
I'm trying to run the getJwtGenerator example but am getting an error when calling initCrypto:

RuntimeError: abort(TypeError: Failed to parse URL from /Users/username/demo-backend-nodejs/node_modules/@virgilsecurity/core-foundation/libfoundation.wasm). Build with -s ASSERTIONS=1 for more info.
    at process.B (/Users/username/demo-backend-nodejs/node_modules/@virgilsecurity/core-foundation/node.cjs.js:1:2501)
    at process.emit (node:events:512:28)
    at emit (node:internal/process/promises:150:20)
    at processPromiseRejections (node:internal/process/promises:284:27)
    at process.processTicksAndRejections (node:internal/process/task_queues:96:32)

Here is the code in question:

async function getJwtGenerator() {
	await initCrypto();

	const virgilCrypto = new VirgilCrypto();

	return new JwtGenerator({
		appId: config.virgil.appId,
		apiKeyId: config.virgil.appKeyId,
		apiKey: virgilCrypto.importPrivateKey(config.virgil.appKey),
		accessTokenSigner: new VirgilAccessTokenSigner(virgilCrypto)
	});
}

Environment

• M1 Macbook Pro
• node: 19.8.1
• virgil-crypto: 4.2.2
• virgil-sdk: 6.2.0