fix: wrong type of kid in jwe for v1

dbluhm · dbluhm · commit e218ee373aa7 · 2024-06-06T20:05:30.000-04:00
Signed-off-by: Daniel Bluhm &lt;dbluhm@pm.me&gt;
diff --git a/didcomm_messaging/crypto/backend/askar.py b/didcomm_messaging/crypto/backend/askar.py
@@ -130,6 +130,10 @@ def kid(self) -> str:
         """Get the key ID."""
         return self._kid
 
+    def as_public_key(self) -> AskarKey:
+        """Return AskarKey representation."""
+        return AskarKey(self.key, self.kid)
+
 
 class AskarCryptoService(CryptoService[AskarKey, AskarSecretKey]):
     """CryptoService backend implemented using Askar."""
@@ -413,4 +417,4 @@ async def get_secret_by_kid(self, kid: str) -> Optional[AskarSecretKey]:
                 return None
 
         # cached_property doesn't play nice with pyright
-        return AskarKey(key_entry.key, kid)  # type: ignore
+        return AskarSecretKey(key_entry.key, kid)  # type: ignore
diff --git a/didcomm_messaging/v1/crypto/askar.py b/didcomm_messaging/v1/crypto/askar.py
@@ -58,11 +58,14 @@ async def pack_message(
         # avoid converting to bytes object: this way the only copy is zeroed afterward
         # tell type checking it's bytes to make it happy
         cek_b = cast(bytes, key_get_secret_bytes(cek._handle))
-        sender_vk = from_key.kid if from_key else None
+        sender_vk = (
+            self.public_key_to_v1_kid(from_key.as_public_key()) if from_key else None
+        )
         sender_xk = from_key.key.convert_key(KeyAlg.X25519) if from_key else None
 
         for target_vk in to_verkeys:
             target_xk = target_vk.key.convert_key(KeyAlg.X25519)
+            target_vk_kid = self.public_key_to_v1_kid(target_vk)
             if sender_vk and sender_xk:
                 enc_sender = crypto_box.crypto_box_seal(target_xk, sender_vk)
                 nonce = crypto_box.random_nonce()
@@ -72,7 +75,7 @@ async def pack_message(
                         encrypted_key=enc_cek,
                         header=OrderedDict(
                             [
-                                ("kid", target_vk.kid),
+                                ("kid", target_vk_kid),
                                 ("sender", self.b64url.encode(enc_sender)),
                                 ("iv", self.b64url.encode(nonce)),
                             ]
@@ -82,7 +85,7 @@ async def pack_message(
             else:
                 enc_cek = crypto_box.crypto_box_seal(target_xk, cek_b)
                 builder.add_recipient(
-                    JweRecipient(encrypted_key=enc_cek, header={"kid": target_vk.kid})
+                    JweRecipient(encrypted_key=enc_cek, header={"kid": target_vk_kid})
                 )
         builder.set_protected(
             OrderedDict(
diff --git a/tests/v1/conftest.py b/tests/v1/conftest.py
@@ -81,7 +81,7 @@ async def bob_key(store: Store):
     kid = base58.b58encode(key.get_public_bytes()).decode()
     async with store.session() as session:
         await session.insert_key(kid, key)
-    return AskarKey(key, kid)
+    yield AskarKey(key, kid)
 
 
 @pytest.fixture
