From 41b03b88d55dc966067275fe9c5ad397b2b4e2ea Mon Sep 17 00:00:00 2001 From: Claude Date: Mon, 19 Jan 2026 06:31:02 +0000 Subject: [PATCH] Fix silent error handling in message encryption Previously, if encryption failed for any recipient, the error was only logged to console and the code continued, resulting in a message being sent that some recipients couldn't decrypt. This creates a security and reliability issue. Changes: - Collect all failed encryption attempts instead of silently logging - Throw an error if any recipient encryption fails - Provide detailed error message listing number of failures - Implement all-or-nothing approach to prevent partial message delivery This ensures senders are notified immediately if message encryption fails for any recipient, preventing silent security failures. --- src/frontend/utils/crypto.js | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/frontend/utils/crypto.js b/src/frontend/utils/crypto.js index bc63d23..eec1990 100644 --- a/src/frontend/utils/crypto.js +++ b/src/frontend/utils/crypto.js @@ -175,6 +175,7 @@ export async function encryptMessage(message, recipientPublicKeys) { // Encrypt AES key for each recipient with their RSA public key const encryptedKeys = {}; + const failedRecipients = []; for (const recipientKeyB64 of recipientPublicKeys) { try { @@ -201,10 +202,22 @@ export async function encryptMessage(message, recipientPublicKeys) { encryptedKeys[recipientKeyB64] = arrayBufferToBase64(encryptedKey); } catch (error) { - console.error('Failed to encrypt for recipient:', error); + failedRecipients.push({ + publicKey: recipientKeyB64.substring(0, 20) + '...', // Truncate for error message + error: error.message + }); } } + // Throw error if any encryptions failed to prevent partial message delivery + if (failedRecipients.length > 0) { + throw new Error( + `Failed to encrypt message for ${failedRecipients.length} recipient(s): ${ + failedRecipients.map(r => r.error).join(', ') + }` + ); + } + return { ciphertext: arrayBufferToBase64(encryptedMessage), iv: arrayBufferToBase64(iv),