stackoom
  简体   繁体   中英

Fixing Invalid signature when decrypting fernet token

 原文  2019-04-27 14:13:34       python/ cryptography

Question

i am relatively new to pyhton and the cryptography module, so i'm trying to learn the basics of encrypting and decrypting. It all works fine when i encrypt a file and decrypt it on the same program, but if i try to just run a decrypt code on a pre-encrypted file (i used the same key, of course) i get an InvalidSignature error, followed by an InvalidToken.

Now, i assumed that for some reason the key didn't match, but they are indeed the same. Then i thought that for some reason i was passing a string instead of a byte to the functions, or that there are some sort of conversion errors that might alter the encrypted message. But the encrypt-decrypt code works, so i can't figure why the decrypt-only should face errors. At last, i had a look at the source code for the decrypt function, and tried to figure out if the time stamp had something to do with the error i get, but i couldn't get anything relevant since i'm not too experienced. This is the encrypt-decrypt code: given a password by the user it encrypts and prints a file, that can decrypt right away. 

import base64
import os
from cryptography.fernet import Fernet
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC

print("Insert password: ")
password_str = input()
password = password_str.encode()
salt = os.urandom(16)

kdf = PBKDF2HMAC(algorithm=hashes.SHA256(), length=32, salt=salt, 
iterations=100000, backend=default_backend())

key = base64.urlsafe_b64encode(kdf.derive(password))
f = Fernet(key)

message = "A really secret message. Not for prying eyes.".encode()
token = f.encrypt(message)

file = open("text_encrypted.txt", "wb")
file.write(token)
file.close()

file = open("text_encrypted.txt", "rb")
data = file.read()
file.close()

token = f.decrypt(data)

file = open("text_decrypted.txt", "wb")
file.write(token)
file.close()

Now, that works just fine and i get the two files that contain the encrypted and decrypted message. If i delete the: 

message = "A really secret message. Not for prying eyes.".encode()
token = f.encrypt(message)

file = open("text_encrypted.txt", "wb")
file.write(token)
file.close()

part, i should be left with just a decryption code, that should work on a previously generated encrypted file, that should be decrypted by the same password.

I'm obviously missing something maybe trivial, since it raises both invalid signature and invalid token. Thanks for your help

1 answers

solution1
 0 ACCPTED  2019-04-27 15:31:23

The encryption key you're using is a result of a PBKDF2. In order for PBKDF2 to return the same encryption key it must get the exact same parameters. That includes salt, which in your example is generated randomly every time.

You need to store the generated salt together with the encrypted file in order to be able to decrypt it later.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Python fernet invalid token Fernet Invalid Token Error for Password Manager Fernet Cryptography Decrypt giving Invalid Token Why do i keep getting invalid token when i've validated that the tokens are the exact same? Cryptography Fernet : Invalid Token Decrypting a Fernet Key when you have the key file but don't know what is encrypted in Python Decrypting multiple files using cryptography.fernet Python3 - Encrypting and decrypting an image (Fernet) Issue Invalid signature error when trying to generate request token in Pyramid oauth provider ValueError: Invalid padding bytes when decrypting with AES256 Decrypt Python cryptography fernet token in C#
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM