rattatwinko/bytechat-desktop
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity

Issue: Tauri client fails to join existing room (missing decryption key) #1

New Issue
Closed
opened 2025-08-27 01:44:22 +00:00 by rattatwinko · 2 comments
rattatwinko commented 2025-08-27 01:44:22 +00:00
Owner
Copy Link

Description
When joining an existing room, the Tauri desktop client fails to decrypt messages because it never successfully obtains or imports the per-room AES session key.
The browser client works fine, but the desktop client shows "failed to get decryption key".

Root causes (likely)

  1. Socket event mismatch – The session_key_received (or equivalent) event is not being handled correctly in the Tauri client.

  2. Encoding mismatch – The browser exports keys in base64/JWK, while the desktop client may be expecting raw ArrayBuffers.

  3. Crypto API differences – Browser uses window.crypto.subtle (WebCrypto API). Tauri may be running the socket listener outside the WebView (in Rust/Node), which means keys need to be converted to a compatible format.

  4. Key persistence – Browser stores keys in localStorage/IndexedDB, which do not map automatically to Tauri. The desktop app might not have the RSA private key available when trying to unwrap the AES session key.

Tasks to fix

[ ] Add socket logging in the Tauri client:

socket.onAny((event, payload) => console.log('SOCKET RECV', event, payload));

→ Verify if session_key_received event actually fires.

[ ] Implement consistent helpers for exporting/importing AES keys as base64 (see WebCrypto snippets).

[ ] Ensure the Tauri client generates and persists an RSA keypair (private key must be available when joining).

[ ] On session_key_received, use unwrapAesKeyWithRsa(privateKey, wrappedKeyBase64) to import the AES key.

[ ] Compare the exported AES session key (base64) between browser & Tauri — they should match byte-for-byte after unwrap.

[ ] If keys match but decryption still fails → double-check that both sides use AES-GCM with the same IV handling.

Acceptance Criteria

Tauri client successfully joins an already existing room.

Encrypted messages are decrypted correctly.

The wrapped session key logged in browser and Tauri are identical (same base64).

No more "failed to get decryption key" error.

Description When joining an existing room, the Tauri desktop client fails to decrypt messages because it never successfully obtains or imports the per-room AES session key. The browser client works fine, but the desktop client shows "failed to get decryption key". --- Root causes (likely) 1. Socket event mismatch – The session_key_received (or equivalent) event is not being handled correctly in the Tauri client. 2. Encoding mismatch – The browser exports keys in base64/JWK, while the desktop client may be expecting raw ArrayBuffers. 3. Crypto API differences – Browser uses window.crypto.subtle (WebCrypto API). Tauri may be running the socket listener outside the WebView (in Rust/Node), which means keys need to be converted to a compatible format. 4. Key persistence – Browser stores keys in localStorage/IndexedDB, which do not map automatically to Tauri. The desktop app might not have the RSA private key available when trying to unwrap the AES session key. --- Tasks to fix [ ] Add socket logging in the Tauri client: socket.onAny((event, payload) => console.log('SOCKET RECV', event, payload)); → Verify if session_key_received event actually fires. [ ] Implement consistent helpers for exporting/importing AES keys as base64 (see WebCrypto snippets). [ ] Ensure the Tauri client generates and persists an RSA keypair (private key must be available when joining). [ ] On session_key_received, use unwrapAesKeyWithRsa(privateKey, wrappedKeyBase64) to import the AES key. [ ] Compare the exported AES session key (base64) between browser & Tauri — they should match byte-for-byte after unwrap. [ ] If keys match but decryption still fails → double-check that both sides use AES-GCM with the same IV handling. --- Acceptance Criteria Tauri client successfully joins an already existing room. Encrypted messages are decrypted correctly. The wrapped session key logged in browser and Tauri are identical (same base64). No more "failed to get decryption key" error.
rattatwinko self-assigned this 2025-08-27 01:44:22 +00:00
rattatwinko commented 2025-08-27 01:44:44 +00:00
Author
Owner
Copy Link

I'll fix it tomorrow

I'll fix it tomorrow
rattatwinko commented 2025-08-27 15:18:54 +00:00
Author
Owner
Copy Link

ive come up with a semi fix. it works much better now but there are still some issues left

ive come up with a semi fix. it works much better now but there are still some issues left
Sign in to join this conversation.
main
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
rattatwinko
No Assignees rattatwinko
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: rattatwinko/bytechat-desktop#1
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?