0

I am using Fernet to decrypt a file I know the key too. The file contains nothing sensitive other than some random text. But for some reason, when I use a custom key, I cannot decrypt without encrypting the already encrypted file.

This is my code which I want to work:

import base64
import os
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
password = b"password"
salt = os.urandom(16)
kdf = PBKDF2HMAC(
    algorithm=hashes.SHA256(),
    length=32,
    salt=salt,
    iterations=480000,
)
key = base64.urlsafe_b64encode(kdf.derive(password))
f = Fernet(key)
#token = f.encrypt(b"Secret message!")
#print(token)
print('______________')
token= f.decrypt(b'gAAAAABk1CXw-QjKcxrK1rH_9vuczhVTOEALQWL0yLSjN7aznfjbWKj84K6nAa6waSC0KLtYvqos1QtZx1x7mn75D30yOIzn2w==')
print(token)

Using this code gives me a: 

Traceback (most recent call last):
  File "/Users/user/Library/Python/3.10/lib/python/site-packages/cryptography/fernet.py", line 127, in _verify_signature
    h.verify(data[-32:])
  File "/Users/user/Library/Python/3.10/lib/python/site-packages/cryptography/hazmat/primitives/hmac.py", line 72, in verify
    ctx.verify(signature)
  File "/Users/user/Library/Python/3.10/lib/python/site-packages/cryptography/hazmat/backends/openssl/hmac.py", line 85, in verify
    raise InvalidSignature("Signature did not match digest.")
cryptography.exceptions.InvalidSignature: Signature did not match digest.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/user/Desktop/python/PyPass/pypass.py", line 19, in <module>
    passwordChosen = f.decrypt(password)
  File "/Users/user/Library/Python/3.10/lib/python/site-packages/cryptography/fernet.py", line 88, in decrypt
    return self._decrypt_data(data, timestamp, time_info)
  File "/Users/user/Library/Python/3.10/lib/python/site-packages/cryptography/fernet.py", line 145, in _decrypt_data
    self._verify_signature(data)
  File "/Users/user/Library/Python/3.10/lib/python/site-packages/cryptography/fernet.py", line 129, in _verify_signature
    raise InvalidToken
cryptography.fernet.InvalidToken

This is the code that will not let my decrypt the encrypted data, and instead forces me to encrypt encrypted data, and then decrypt encrypted encrypted data:

import base64
import os
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
password = b"password"
salt = os.urandom(16)
kdf = PBKDF2HMAC(
    algorithm=hashes.SHA256(),
    length=32,
    salt=salt,
    iterations=480000,
)
key = base64.urlsafe_b64encode(kdf.derive(password))
f = Fernet(key)
token = f.encrypt(b"Secret message!")
print(token)
print('______________')
token= f.decrypt(b'gAAAAABk1CXw-QjKcxrK1rH_9vuczhVTOEALQWL0yLSjN7aznfjbWKj84K6nAa6waSC0KLtYvqos1QtZx1x7mn75D30yOIzn2w==')
print(token)

I am aware that I should not put keys directly in the file. But that is not my issue. I also am aware that using a custom passphrase may not be safe.

Any help is appreciated.

DevBev3
  • 3
  • 5

0 Answers0