Op encode issue

regsethu

I am trying to work with creating an item using 1password cli. I am unable to use “op encode” to encode the JSON, for some reason when I try to pass a string from my program into the stdin of the process running ‘op encode’, I keep getting an error.

I am trying to use node to spawn a process and then write to the stdin of that process.

const getEncodedData = () =>
new Promise(resolve => {
const process = spawn('op', ['encode'])
process.stdout.on('data', data => {
console.log(data)
resolve(data)
})

  process.stderr.on('data', (data) => {
    console.log(`stderr: ${data}`);
  })

  process.on('close', (code) => {
    console.log(`child process exited with code ${code}`);
  })


  process.stdin.write('hi\n')
  process.stdin.end()
})

getEncodedData().then(data => {
console.log('promise resolved', data)
})

I get this error when I run the above program
stderr: [LOG] 2019/08/20 16:25:27 (ERROR) No input found in pipe

But from my node program I can do

child_process.exec(‘echo “hi” | op encode’, (err, stdout) => {
console.log(stdout) // prints the encoded data
})

But this will open my program to command injection.

So I looked at what op encode was doing. It’s encoding the string in Base 64. This can be done in node. So I started doing that. It was working fine except for some strange combination of characters, I think the pad “=“ string is added by the Base 64 encoder. op cli does not like the pad character when creating an item. I get an error saying:

[LOG] 2019/08/20 16:22:11 (ERROR) illegal base64 data at input byte 107

Let me illustrate what’s happening with an example string.

I am trying to create a login item. Here’s the JSON:
var string = '{"notesPlain":"\\n\\nData imported from lastpass\\n\\naaaaaaaaaaaaaaaaaaaaaaaaaaaaa{?=","sections":[],"passwordHistory":[],"fields":[{"value":"a@a.com","name":"username","type":"T","designation":"username"},{"value":"aaaa","name":"password","type":"P","designation":"password"}]}'

When I Base64 encode it like below
console.log(Buffer.from(string).toString('base64'))

I get the string
eyJub3Rlc1BsYWluIjoiXG5cbkRhdGEgaW1wb3J0ZWQgZnJvbSBsYXN0cGFzc1xuXG5hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYXs/PSIsInNlY3Rpb25zIjpbXSwicGFzc3dvcmRIaXN0b3J5IjpbXSwiZmllbGRzIjpbeyJ2YWx1ZSI6ImFAYS5jb20iLCJuYW1lIjoidXNlcm5hbWUiLCJ0eXBlIjoiVCIsImRlc2lnbmF0aW9uIjoidXNlcm5hbWUifSx7InZhbHVlIjoiYWFhYSIsIm5hbWUiOiJwYXNzd29yZCIsInR5cGUiOiJQIiwiZGVzaWduYXRpb24iOiJwYXNzd29yZCJ9XX0=

Notice the = at the end. This is because Base 64 pads string with a = if the length is not divisible by 3.

When I use this string to create an item with op like below:
data=eyJub3Rlc1BsYWluIjoiXG5cbkRhdGEgaW1wb3J0ZWQgZnJvbSBsYXN0cGFzc1xuXG5hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYXs/PSIsInNlY3Rpb25zIjpbXSwicGFzc3dvcmRIaXN0b3J5IjpbXSwiZmllbGRzIjpbeyJ2YWx1ZSI6ImFAYS5jb20iLCJuYW1lIjoidXNlcm5hbWUiLCJ0eXBlIjoiVCIsImRlc2lnbmF0aW9uIjoidXNlcm5hbWUifSx7InZhbHVlIjoiYWFhYSIsIm5hbWUiOiJwYXNzd29yZCIsInR5cGUiOiJQIiwiZGVzaWduYXRpb24iOiJwYXNzd29yZCJ9XX0= op create item Login $data --title=“my title“ --vault=“my vault” --tags=“Lastpass Import” --session=<my token>

I get an error like the below:
[LOG] 2019/08/20 16:22:11 (ERROR) illegal base64 data at input byte 107

If I repeat the same thing with op encode:

echo '{"notesPlain":"\\n\\nData imported from lastpass\\n\\naaaaaaaaaaaaaaaaaaaaaaaaaaaaa{?=","sections":[],"passwordHistory":[],"fields":[{"value":"a@a.com","name":"username","type":"T","designation":"username"},{"value":"aaaa","name":"password","type":"P","designation":"password"}]}' | op encode

The Base64 encoded string is
eyJub3Rlc1BsYWluIjoiXG5cbkRhdGEgaW1wb3J0ZWQgZnJvbSBsYXN0cGFzc1xuXG5hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYXs_PSIsInNlY3Rpb25zIjpbXSwicGFzc3dvcmRIaXN0b3J5IjpbXSwiZmllbGRzIjpbeyJ2YWx1ZSI6ImFAYS5jb20iLCJuYW1lIjoidXNlcm5hbWUiLCJ0eXBlIjoiVCIsImRlc2lnbmF0aW9uIjoidXNlcm5hbWUifSx7InZhbHVlIjoiYWFhYSIsIm5hbWUiOiJwYXNzd29yZCIsInR5cGUiOiJQIiwiZGVzaWduYXRpb24iOiJwYXNzd29yZCJ9XX0

The difference being the = at the end is not present

And the op create item command works
data=eyJub3Rlc1BsYWluIjoiXG5cbkRhdGEgaW1wb3J0ZWQgZnJvbSBsYXN0cGFzc1xuXG5hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYXs_PSIsInNlY3Rpb25zIjpbXSwicGFzc3dvcmRIaXN0b3J5IjpbXSwiZmllbGRzIjpbeyJ2YWx1ZSI6ImFAYS5jb20iLCJuYW1lIjoidXNlcm5hbWUiLCJ0eXBlIjoiVCIsImRlc2lnbmF0aW9uIjoidXNlcm5hbWUifSx7InZhbHVlIjoiYWFhYSIsIm5hbWUiOiJwYXNzd29yZCIsInR5cGUiOiJQIiwiZGVzaWduYXRpb24iOiJwYXNzd29yZCJ9XX0 op create item Login $data --title=“my title“ --vault=“my vault” --tags=“Lastpass Import” --session=<my token>

So I am not able to use op encode, and I am not able to use the base 64 encoding from node. Some data gets created, as long as the length is divisible by 3 and doesn’t need a pad character, others will fail. Could someone please help?

thanks..

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

graham_1P

Hi @regsethu

Correct me if I'm wrong, but I believe you are using the base64 encoding, whereas we accept the base64url enocding. There is a minor difference, as the latter is url safe. Take a look here for the specification: https://tools.ietf.org/html/rfc3548#section-4

I see an npm package for it here: https://npmjs.com/package/base64url

Does that work?

Graham

regsethu

Thanks Graham. Yes that works.

graham_1P

Excellent! Glad to hear it.