0

I'm new to encryption/decryption, but I have sensitive data that I need to store as encrypted data. Our ETL has a built in encryption process which outputs the following

{
   "data":{
      "transformation":"AES/GCM/noPadding",
      "iv":"jlemHiOD8uiyMsqY",
      "type":"JSON",
      "ciphertext":"TOtsmTYG1jKCZXewFNPBk5xWf+q4AO8OSZPoYw==",
      "key_params":{
         "symmetric":{
            "key_algorithm":"AES"
         }
      }
   }
}

From here, I'd like to use pycryptodome to decrypt the data when I need to consume the data. I am trying to run the following python script to decrypt but am running into some errors. I think it has to do with how the data is formatted?

import pandas as pd
from Crypto.Cipher import AES

test_encrypted_value = TOtsmTYG1jKCZXewFNPBk5xWf+q4AO8OSZPoYw==
aes_iv = 'jIemHiOD8uiyMsqY'
aes_key = '4E645267556B586E3272357538782F41'

cipher = AES.new(aes_key, AES.MODE_GCM, aes_iv)

error - TypeError: Nonce must be bytes, bytearray or memoryview

If I remove the IV, I also get an error on the key passed. Which leads me to think I am passing the wrong data type/format.

error - TypeError: Object type <class 'str'> cannot be passed to C code

UPDATE Per the responses, I updated my code to transform data format. Additionally, I changed my example and saved the expected value. I am expecting the decrypted value to be 158100.

import pandas as pd
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
import codecs
import base64

test_encrypted_value = 'SUXiDF6Dgtc8y3eY8Euqi/IYbSlQquLJAUKmZw=='
aes_iv = 'lMF2Jrruo9rR57Uy'
aes_key = '4E645267556B586E3272357538782F41'

byte_key = codecs.decode(aes_key, 'hex_codec')
base64_iv = base64.b64decode(aes_iv)
base64_encrypted_value = base64.b64decode(test_encrypted_value)

cipher = AES.new(byte_key, AES.MODE_GCM, base64_iv)
plaintext = cipher.decrypt(ciphertext)
print(plaintext.decode())

I am now getting the below error

UnicodeDecodeError: 'utf-8' codec can't decode byte 0xb9 in position 1: invalid start byte

For what it's worth, encryption is through snaplogic 'Encrypt Field' found here - https://docs-snaplogic.atlassian.net/wiki/spaces/SD/pages/1438346/Encrypt+Field

I am also generating the AES key at the following link with the 128-bit and HEX option set - https://www.allkeysgenerator.com/Random/Security-Encryption-Key-Generator.aspx

ToeKnee
  • 35
  • 1
  • 3
  • What are you expecting the plain text to be for `test_encrypted_value`? It looks like `test_encrypted_value` and `aes_iv` are base64 encoded. and `aes_key` needs to be converted to bytes also with `bytes.fromhex(aes_key) but I still don't get a sensible looking plain text value – ukBaz Nov 19 '22 at 12:52
  • @ukBaz I've updated my post to change the sample data. I am now expecting decrypted value to be 158100. – ToeKnee Nov 21 '22 at 05:54

1 Answers1

1

You need to pass the data in bytes format. Your aes_iv and test_encrypted_value is in the base64 format, while your aes_key is in the hex format. In order to use it, you must first convert those to bytes.

byte_key = codecs.decode(aes_key, 'hex_codec')
base64_iv = base64.b64decode(aes_iv)
base64_encrypted_value = base64.b64decode(test_encrypted_value)
Wang Zerui
  • 292
  • 1
  • 5
  • I've updated with your suggestions and am running into another error. I've updated my original post to reflect. – ToeKnee Nov 21 '22 at 05:55