From 0e75a49b0868e31d2f83f8f710a5d9d25949d23a Mon Sep 17 00:00:00 2001
From: NicolasCantu <nicolas.cantu@pm.me>
Date: Sun, 26 Oct 2025 02:36:27 +0100
Subject: [PATCH] debug: add detailed logging for WebAuthn decryption

---
 src/services/credentials/webauthn.service.ts | 37 +++++++++++++++-----
 1 file changed, 29 insertions(+), 8 deletions(-)

diff --git a/src/services/credentials/webauthn.service.ts b/src/services/credentials/webauthn.service.ts
index 2dfafbd..44a7b05 100644
--- a/src/services/credentials/webauthn.service.ts
+++ b/src/services/credentials/webauthn.service.ts
@@ -310,6 +310,7 @@ export class WebAuthnService {
       }
 
       // Déchiffrer la clé avec le credentialId WebAuthn
+      console.log('🔐 Decrypting PBKDF2 key with credentialId:', credentialId);
       const encrypted = atob(result.encryptedKey);
       const combined = new Uint8Array(encrypted.length);
       for (let i = 0; i < encrypted.length; i++) {
@@ -320,6 +321,13 @@ export class WebAuthnService {
       const salt = combined.slice(0, 16);
       const iv = combined.slice(16, 28);
       const encryptedData = combined.slice(28);
+      
+      console.log('🔐 Extraction complete:', {
+        saltLength: salt.length,
+        ivLength: iv.length,
+        encryptedDataLength: encryptedData.length,
+        totalLength: combined.length
+      });
 
       // Dériver la clé avec PBKDF2
       const keyMaterial = await crypto.subtle.importKey(
@@ -350,15 +358,28 @@ export class WebAuthnService {
       );
 
       // Déchiffrer
-      const decrypted = await crypto.subtle.decrypt(
-        { name: 'AES-GCM', iv: iv },
-        cryptoKey,
-        encryptedData
-      );
+      console.log('🔐 Attempting AES-GCM decryption...');
+      try {
+        const decrypted = await crypto.subtle.decrypt(
+          { name: 'AES-GCM', iv: iv },
+          cryptoKey,
+          encryptedData
+        );
 
-      const decryptedKey = new TextDecoder().decode(decrypted);
-      console.log('🔐 PBKDF2 key decrypted with WebAuthn');
-      return decryptedKey;
+        const decryptedKey = new TextDecoder().decode(decrypted);
+        console.log('🔐 PBKDF2 key decrypted with WebAuthn successfully');
+        return decryptedKey;
+      } catch (decryptError) {
+        console.error('❌ Decryption failed:', decryptError);
+        console.error('❌ Decryption error details:', {
+          errorName: decryptError instanceof Error ? decryptError.name : 'Unknown',
+          errorMessage: decryptError instanceof Error ? decryptError.message : String(decryptError),
+          credentialId: credentialId,
+          iv: Array.from(iv),
+          salt: Array.from(salt)
+        });
+        throw decryptError;
+      }
 
     } catch (error) {
       secureLogger.error('Failed to retrieve PBKDF2 key with WebAuthn', error as Error, {