0

since I don't have much knowledge of Python or cryptography I wasn't able to figure out the solution, but I guess the problem is with padding. This script get's and decrypts the password using two functions. I am getting an error:

ValueError: The length of the provided data is not a multiple of the block length.

Which I guess has something to do with padding.

Here are the values used by the script:

Key: 8$4Tws[14R!,0Ba|

Encrypted pass: YTj+F1oo5OUNBgKyfifN/2R2zvFLFHbXu4Te2+OvBJ7JRae1DMVJR42qK0GucmiUyTGdtQzFSUeNqitBrnJolMkxp7UMxUlHeaor

Functions:

from django.utils.encoding import force_bytes, force_text

from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend

 @property
def password(self):
    """Password getter."""
    return decrypt(self._password)

def decrypt(ct):
    backend = default_backend()
    key = param_tools.get_global_parameter("secret_key", app="core")
    print(key)
    cipher = Cipher(
        algorithms.AES(force_bytes(key)), modes.ECB(), backend=backend)
    ct = base64.b64decode(force_bytes(ct))
    decryptor = cipher.decryptor()
    clear = decryptor.update(ct) + decryptor.finalize()
    return force_text(clear.rstrip(b" "))

Can you please help? Thanks

InToSSH
  • 160
  • 2
  • 10
  • Maybe this helps : `https://stackoverflow.com/questions/17773450/why-must-all-inputs-to-aes-be-multiples-of-16` – mbieren Sep 07 '17 at 08:40
  • If you base64 decode your provided 'Encrypted pass' you get 75 bytes. The 75 bytes are not a multiplum of 16, as required by AES. Something is wrong with your provided 'Encrypted pass', or with your understanding of how it's encrypted/encoded. – Ebbe M. Pedersen Sep 07 '17 at 08:52
  • thanks guys.. @EbbeM.Pedersen that's a good point, if the script used the same procedure to encrypt the password, the result should be valid and decryptable, right? these values I just printed out while running the script. So I will check the encryption side aswell, these values are saved to DB and then used by this script to decrypt them, so maybe somewhere in the process it gets messed up. – InToSSH Sep 07 '17 at 10:51
  • again, thanks for pushing me the right direction, I found the problem, the DB which was created with the package set the `password` column size to 100 characters, which was not enough for the ct to be stored. – InToSSH Sep 07 '17 at 14:22

1 Answers1

0

So, for everyone facing this problem with package modoboa-imap-migration

The problem was that in the DB table modoboa_imap_migration_migration this package stores all the passwords for the migration, hovewer the column _password is se to varchar(100) which is not enough for the encrypted pass to be saved. I increased this to varchar(255) and now everything works ok.

InToSSH
  • 160
  • 2
  • 10