1

Why cipher3 can't decrypt cipher data?

  • cipher2 and cipher3 use same nonce, but cipher3 can't decrypt data

Code:

>>> from Crypto.Cipher import AES

>>> cipher = AES.new(b"M"*16, AES.MODE_EAX)
>>> cipher2 = AES.new(b"M"*16, AES.MODE_EAX, cipher.nonce)
>>> cipher3 = AES.new(b"M"*16, AES.MODE_EAX, cipher.nonce)

>>> data = cipher.encrypt(b"Hello")
>>> data2 = cipher.encrypt(b"World")

>>> cipher2.decrypt(data)
b'Hello'
>>> cipher3.decrypt(data2)
b'S\xa5\x92\xa2\x9a'
>>> cipher2.decrypt(data2)
b'World'
Tspm1eca
  • 393
  • 1
  • 3
  • 7

1 Answers1

1

The problem is that cipher objects you use for decryption (cipher2, cipher3 in your case) must be presented the pieces of ciphertext in the same order they were produced (by cipher in your case).

Instead, you are passing data2 as the first piece of ciphertext to cipher3, even though it was produced second.

This is applicable to several other cipher modes, not just EAX.

Note also that EAX is an authenticated cipher mode: you should use the method decrypt_and_verify() unless you have were good reasons not to.

SquareRootOfTwentyThree
  • 7,606
  • 32
  • 43