Error while downloading object after using restrict_scope from lib/uplinkc

Hello Everyone,
I have been trying to use restrict_scope function in uplinkc. I want to use restricted scope to access some object uploaded on a bucket using API Key and Encryption PassPhrase. I am using "lib/uplinkc v0.28.4" functions for this.

Steps and functions involved in uploading data:

  1. new_uplink
  2. parse_api_key
  3. open_project
  4. project_salted_key_from_passphrase
  5. new_encryption_access_with_default_key
  6. serialize_encryption_access
  7. open_bucket
  8. upload
  9. upload_write
  10. upload_commit

The data is successfully uploaded on storj and can be accessed/downloaded using uplink CLI.
Bucket: "bucketname01" Object Path: "uploadPath01/data/"

Further Scope is created using new_scope function with returned objects from above “parse_api_key” and “new_encryption_access_with_default_key” functions.

The created scope is then restricted using restrict_scope function with parameters as:

Caveat caveat = {disallow_deletes : true};
EncryptionRestriction restrictions[] = {
            {"bucketname01", "uploadPath01/data"}};

Steps involved in downloading data using restricted scope:

  1. get_scope_satellite_address
  2. get_scope_api_key
  3. get_scope_enc_access
  4. serialize_encryption_access
  5. new_uplink
  6. open_project
  7. open_bucket
  8. download
  9. download_read
  10. download_close

It works properly till open bucket but fails to download object data.

Error: unable to find encryption base for: bucketname01/""

If I add this path to restrictions, I get the following error:

EncryptionRestriction restrictions[] = {
            {"bucketname01", ""},
            {"bucketname01", "uploadPath01/data"}};

Error: encryption error: decryption failed, check encryption key: cipher: message authentication failed

If I try the above steps without using restrict_scope function, it successfully downloads object data.

Please let me know what may be the issue and if I am doing something wrong ?

Is there a full self-contained code that demonstrates the issue?

Currently it’s difficult to debug what could be going wrong.

Sorry Sir, but to share the code that would demonstrate the issue, complete project need to be shared because all the functions are interlinked. You can use the test examples in lib/uplinkc to test the issue.

I have tested the same procedure using uplink instead of uplinkc and it works like a charm.

I think there is an issue with the restrict_scope function of uplinkc. If possible please try to download or upload using restricted scope created using uplinkc. This might recreate the issue.

I prepared test case where file is uploaded and later is downloaded with restricted api key and encryption access. Looks to be working fine. Let me know what kind of restrictions you are trying to apply, maybe there is a difference there. Also let me know if you have any questions about code I prepared.


@michaln Thank you . i will check and get back to you.

@Ayush-003 Is it working for you now? I Encounter the same Problem and I’m not sure, if the error is on my side. Will have to do some further Tests.

I’m seeing problems using a restricted-scope with a caveat used where at least one of the disallow-fields is set to true. Download works from that restricted scope, but upload does not.

@michaln: Your test code does only a download, but no upload. I’ve created an issue to discuss this “officially”: