I am trying to implement a messaging system into a website. The messages between two user should be E2E encrypted. There is a wonderful tutorial at https://getstream.io/blog/web-crypto-api-chat/, that I used as a guide for implementation. For the encryption/decryption I use the WebCrypto API.
- Each user get's an EC-256 (public, private)-keypair generated.
- Messages between two users will be encrypted with the AES-GCM algorithm using an IV and the secret key derived from the sender's private and the receivers public key.
So far, so good, in the most cases this works perfectly: the message to send will be encrypted on the client, sent to the server and stored in the database as an incomprehensible string. If one of the user's is logged in again on the website and opens the conversation, the messages will be decrypted and are readable again for both user's...BUT certain messages can't be decrypted for some reason. I get this common error message, which can be found in numerous threads:
DOMException: The operation failed for an operation-specific reason
Unfortunately, for security reasons, the browser does not show more details about what is going wrong. It also makes no difference which browsers I use, it's always the same messages that can't be decrypted. But this is probably an indication that something is going wrong with the encryption, so that the decryption can no longer work. But on the other side I can't experience any errors in the console when encrypting a message, which can't be decrypted later.
Has anyone had experience with something like this?
Thank you and best regards
