consultoria-as/Horux360
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use combined encryption for FIEL credentials

Browse Source 
Each piece of data was being encrypted with a different IV, but only
the first IV was saved. Now using encryptFielCredentials/decryptFielCredentials
helper functions that encrypt all data together with a single IV/tag.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Consultoria AS
2026-01-25 01:50:15 +00:00
parent 02ccfb41a0
commit 121fe731d0
1 changed files with 13 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
apps/api/src/services/fiel.service.ts
View File

@@ -1,6 +1,6 @@
import { Credential } from '@nodecfdi/credentials/node'; import { Credential } from '@nodecfdi/credentials/node';
import { prisma } from '../config/database.js'; import { prisma } from '../config/database.js';
import { encrypt, decrypt } from './sat/sat-crypto.service.js'; import { encryptFielCredentials, decryptFielCredentials } from './sat/sat-crypto.service.js';
import type { FielStatus } from '@horux/shared'; import type { FielStatus } from '@horux/shared';
/** /**
@@ -58,10 +58,14 @@ export async function uploadFiel(
}; };
} }
// Encriptar credenciales // Encriptar credenciales (todas juntas con el mismo IV/tag)
const { encrypted: encryptedCer, iv, tag } = encrypt(cerData); const {
const { encrypted: encryptedKey } = encrypt(keyData); encryptedCer,
const { encrypted: encryptedPassword } = encrypt(Buffer.from(password, 'utf-8')); encryptedKey,
encryptedPassword,
iv,
tag,
} = encryptFielCredentials(cerData, keyData, password);
// Guardar o actualizar en BD // Guardar o actualizar en BD
await prisma.fielCredential.upsert({ await prisma.fielCredential.upsert({
@@ -192,22 +196,14 @@ export async function getDecryptedFiel(tenantId: string): Promise<{
} }
try { try {
// Desencriptar // Desencriptar todas las credenciales juntas
const cerData = decrypt( const { cerData, keyData, password } = decryptFielCredentials(
Buffer.from(fiel.cerData), Buffer.from(fiel.cerData),
Buffer.from(fiel.encryptionIv),
Buffer.from(fiel.encryptionTag)
);
const keyData = decrypt(
Buffer.from(fiel.keyData), Buffer.from(fiel.keyData),
Buffer.from(fiel.encryptionIv),
Buffer.from(fiel.encryptionTag)
);
const password = decrypt(
Buffer.from(fiel.keyPasswordEncrypted), Buffer.from(fiel.keyPasswordEncrypted),
Buffer.from(fiel.encryptionIv), Buffer.from(fiel.encryptionIv),
Buffer.from(fiel.encryptionTag) Buffer.from(fiel.encryptionTag)
).toString('utf-8'); );
// Crear credencial // Crear credencial
const credential = Credential.create( const credential = Credential.create(