Skip to content

Ciphertext Integrity Failure

URI: https://docs.ankatech.co/errors/ciphertext-integrity-failure
HTTP Status: 422 Unprocessable Entity

When you see this

The server understood your request and found the payload well-formed, but could not process it because the ciphertext failed its integrity or authenticity checks.

Common Causes

  • The GCM/CCM authentication tag did not verify (bad or missing tag).
  • An encrypted key (CEK) unwrap failed due to OAEP/PKCS#1 padding errors.
  • The detached JWE’s AAD, IV or tag parameters were incorrect or mismatched.
  • Corruption or tampering of the ciphertext occurred during transmission or storage.

How to Resolve

  1. Inspect the response detail message for the precise cause (e.g. “ciphertext integrity failed”).
  2. Verify that all JWE components match those used during encryption:
    • kid (correct key identifier)
    • iv (initialization vector)
    • protected (Base64-URL header)
    • tag (authentication tag)
    • ek (wrapped content encryption key)
  3. Ensure the correct key material is loaded (the key must not have been replaced or rotated).
  4. Retry the operation once the above parameters are confirmed accurate.

If you continue to receive a 422 after these steps, please consult the full API Reference.