EMR integration decryption using JavaScript

We are trying to follow Integrating Zoom Into Your EMR Platform to decrypt data passed to us from Epic.

Assumptions:
Encryption algorithm: AES-128 with an empty IV
Encrypted data is BASE64 encoded and URL encoded before passed to us as the ‘data=’ parameter.
Secret key is BASE64 encoded.

Our server is NodeJS and we are trying to decrypt using the built in Crypto library that comes with Node. Our code goes something like this:

import crypto from 'crypto';

const decodeBuffer = buffer => (Buffer.from( decodeURIComponent(buffer), 'base64' ));

export const decrypt = cipherText => {
	let decodedText = decodeBuffer(cipherText);
	let decipher = crypto.createDecipher(algorithm, decodeBuffer(secretKey));
	let plainText = decipher.update(decodedText);
	plainText = Buffer.concat([plainText, decipher.final()]);
	return plainText.toString();
}

This fails during the .final() call with a ‘bad decrypt’ error. If we call this on a cipher text obtained using this matching encrypt() function it works fine:

export const encrypt = text => {
	const cipher = crypto.createCipher(algorithm, decodeBuffer(secretKey));
	const encrypted = Buffer.concat([cipher.update(text), cipher.final()]);
	return encodeURIComponent(encrypted.toString('base64'));
};

I suspect that the assumption around the encoding of the key and/or encrypted data is false. It there documentation about this somewhere?

Thanks,
Henrik

Hey @Henrik.Nordberg,

Thank you for reaching out to the Zoom Developer Forum. I’m not sure on these details off the top of my head so I’ve reached out to an internal resource to see if I can confirm how this can be done.

I’ll be sure to update you here when I have more information.

Thanks,
Max

Just to note: I’ve also tried using the secretKey (which is our Zoom account secret key) as is, without base64 decoding it first and that also does not work.

Hey @Henrik.Nordberg,

Thank you for the update. I’m still working to gather information here to make sure that I’m providing the right steps to decrypt this data. It sounds like we may also need to update the article that you provided.

Would you be able to send an email to developersupport@zoom.us with a link to this thread so that I can track the issue and follow-up with you there?

Thanks,
Max

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.