fix: apkam add IV to self encryption key and encryption private key d…

…ata in keystore

packages/at_secondary_server/lib/src/verb/handler/enroll_verb_handler.dart

@@ -409,12 +409,18 @@ class EnrollVerbHandler extends AbstractVerbHandler {
       String newEnrollmentId, EnrollParams enrollParams, String atSign) async {
     var privateKeyJson = {};
     privateKeyJson['value'] = enrollParams.encryptedDefaultEncryptionPrivateKey;
+    if (enrollParams.encPrivateKeyIV != null) {
+      privateKeyJson['iv'] = enrollParams.encPrivateKeyIV;
+    }
     await keyStore.put(
         '$newEnrollmentId.${AtConstants.defaultEncryptionPrivateKey}.$enrollManageNamespace$atSign',
         AtData()..data = jsonEncode(privateKeyJson),
         skipCommit: true);
     var selfKeyJson = {};
     selfKeyJson['value'] = enrollParams.encryptedDefaultSelfEncryptionKey;
+    if (enrollParams.selfEncKeyIV != null) {
+      selfKeyJson['iv'] = enrollParams.selfEncKeyIV;
+    }
     await keyStore.put(
         '$newEnrollmentId.${AtConstants.defaultSelfEncryptionKey}.$enrollManageNamespace$atSign',
         AtData()..data = jsonEncode(selfKeyJson),

packages/at_secondary_server/pubspec.yaml

@@ -34,6 +34,13 @@ dependencies:
   yaml: 3.1.2
   logging: 1.2.0
 
+dependency_overrides:
+  at_commons:
+    git:
+      url: https://github.com/atsign-foundation/at_libraries.git
+      path: packages/at_commons
+      ref: apkam_iv_issue_fix
+
 dev_dependencies:
   build_runner: ^2.3.3
   test: ^1.25.9

tests/at_functional_test/test/enroll_verb_test.dart

@@ -1,6 +1,7 @@
 import 'dart:convert';
 import 'dart:io';
 
+import 'package:at_chops/at_chops.dart';
 import 'package:at_commons/at_commons.dart';
 import 'package:at_demo_data/at_demo_data.dart' as at_demos;
 import 'package:at_demo_data/at_demo_data.dart';
@@ -387,8 +388,12 @@ void main() {
       var secondEnrollId = enrollJson['enrollmentId'];
 
       // connect to the first client to approve the enroll request
+      final encryptionPrivateKeyIV =
+          base64Encode(AtChopsUtil.generateRandomIV(16).ivBytes);
+      final selfEncryptionKeyIV =
+          base64Encode(AtChopsUtil.generateRandomIV(16).ivBytes);
       String approveResponse = (await firstAtSignConnection.sendRequestToServer(
-              'enroll:approve:{"enrollmentId":"$secondEnrollId","encryptedDefaultEncryptionPrivateKey":"${apkamEncryptedKeysMap['encryptedDefaultEncPrivateKey']}","encryptedDefaultSelfEncryptionKey": "${apkamEncryptedKeysMap['encryptedSelfEncKey']}"}'))
+              'enroll:approve:{"enrollmentId":"$secondEnrollId","encryptedDefaultEncryptionPrivateKey":"${apkamEncryptedKeysMap['encryptedDefaultEncPrivateKey']}","encPrivateKeyIV":"$encryptionPrivateKeyIV","encryptedDefaultSelfEncryptionKey": "${apkamEncryptedKeysMap['encryptedSelfEncKey']}","selfEncKeyIV":"$selfEncryptionKeyIV"}'))
           .replaceFirst('data:', '');
       var approveJson = jsonDecode(approveResponse);
       expect(approveJson['status'], 'approved');
@@ -404,13 +409,15 @@ void main() {
       var selfKey = '$secondEnrollId.default_self_enc_key.__manage$firstAtSign';
       String selfKeyResponse =
           await socketConnection2.sendRequestToServer('keys:get:self');
+      print('** selfKeyResponse: $selfKeyResponse');
       expect(selfKeyResponse.contains(selfKey), true);
 
       // keys:get:private should return private encryption key
       var privateKey =
           '$secondEnrollId.default_enc_private_key.__manage$firstAtSign';
       String privateKeyResponse =
           await socketConnection2.sendRequestToServer('keys:get:private');
+      print('** privateKeyResponse: $privateKeyResponse');
       expect(privateKeyResponse.contains(privateKey), true);
     });