Probleme mit der Auffüllung der symmetrischen Verschlüsselung AES/PKCS*7/CBC [Duplikat] ⇐ Python

[Anonymous]

Ich kann nicht feststellen, was die Ursache für die ausgelöste Ausnahme ist („ungültige Füllbytes“). Beim Versuch, Beispiele für das gleiche Problem zu finden, scheint dies hauptsächlich auf die Verwendung des falschen Schlüssels beim Entschlüsseln zurückzuführen zu sein. Meine Ausgabe zeigt, dass die Schlüssel sowie das Passwort und der Salt identisch sind (was nicht überraschend ist, wenn die Schlüssel übereinstimmen). Was führt dazu, dass die Ausnahme ausgelöst wird?

Code: Select all

import os

from cryptography.hazmat.primitives import hashes, padding
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC

class PasswordManager:

key_size_bits = 256
block_size_bits = 128
encoding = 'UTF-8'

@staticmethod
def encrypt_data(password, salt, data):
print(f"{password=}")
print(f"{salt=}")
print(f"{data=}")
key = PasswordManager.generate_aes_key(password, salt)
print(f"{key=}")
cipher = Cipher(algorithms.AES(key), modes.CBC(salt))
encryptor = cipher.encryptor()
padded_data = PasswordManager.pad_data(data)
encrypted_data = encryptor.update(padded_data) + encryptor.finalize()
print("Encrypted: ")
print(encrypted_data)
print("Decryption attempt: ")
print(PasswordManager.decrypt_data(password, salt, encrypted_data))

return encrypted_data

@staticmethod
def decrypt_data(password, salt, encrypted_data):
print(f"{password=}")
print(f"{salt=}")
print("Encrypted Data:  ")
print(f"{encrypted_data}")
key = PasswordManager.generate_aes_key(password, salt)
print(f"{key=}")
cipher = Cipher(algorithms.AES(key), modes.CBC(salt))
decryptor = cipher.decryptor()
unpadded_data = PasswordManager.unpad_data(encrypted_data)
decrypted_data = decryptor.update(unpadded_data) + decryptor.finalize()
print(decrypted_data)
return decrypted_data.decode(PasswordManager.encoding)

@staticmethod
def generate_aes_key(password, salt):
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=int(PasswordManager.key_size_bits / 8),
salt=salt,
iterations=1_200_000,
)

return kdf.derive(password.encode(PasswordManager.encoding))

@staticmethod
def generate_salt():
return os.urandom(int(PasswordManager.block_size_bits/8))

@staticmethod
def pad_data(data):
padder = padding.PKCS7(PasswordManager.block_size_bits).padder()
padded_data = padder.update(data.encode(PasswordManager.encoding))
return padded_data + padder.finalize()

@staticmethod
def unpad_data(data):
unpadder = padding.PKCS7(PasswordManager.block_size_bits).unpadder()
unpadded_data = unpadder.update(data)
return unpadded_data + unpadder.finalize()

if __name__ == "__main__":
password = "123456789123456789"
salt = os.urandom(int(PasswordManager.block_size_bits/8))
data = "This is an example message for encryption"
PasswordManager.encrypt_data(password, salt, data)

Code: Select all

C:\Users\Aurora\Documents\programming\rmcnmgr\src>python test_case.py
password='123456789123456789'
salt=b'\xaeo\xb7\xccB\xff\xca\xbc\xba\xa6\xd85\xe3$\x7f\xf1'
data='This is an example message for encryption'
key=b'\xc3\x7f\xfbVV1\xdc\xf3\x98g\xbe\x01\x1eD\x97\x9b\x86\xac\x1e\x86I\xb6h\xe7\\KM-\xc3\xfc\xf6\xec'
Encrypted:
b'@j,\xe7!\xa3\xd7;m\x90|\xeaQS\x0c:$q\x0b>{\xa8\x1f\xce1#\x0f\xe4\xa4a\xc3Ww\x02_\xf4e\xb6|I\x9e \xa8\xb1\x08\x11$\xac'
Decryption attempt:
password='123456789123456789'
salt=b'\xaeo\xb7\xccB\xff\xca\xbc\xba\xa6\xd85\xe3$\x7f\xf1'
Encrypted Data:
b'@j,\xe7!\xa3\xd7;m\x90|\xeaQS\x0c:$q\x0b>{\xa8\x1f\xce1#\x0f\xe4\xa4a\xc3Ww\x02_\xf4e\xb6|I\x9e \xa8\xb1\x08\x11$\xac'
key=b'\xc3\x7f\xfbVV1\xdc\xf3\x98g\xbe\x01\x1eD\x97\x9b\x86\xac\x1e\x86I\xb6h\xe7\\KM-\xc3\xfc\xf6\xec'
Traceback (most recent call last):
File "C:\Users\Aurora\Documents\programming\rmcnmgr\src\test_case.py", line 79, in 
PasswordManager.encrypt_data(password, salt, data)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\Aurora\Documents\programming\rmcnmgr\src\test_case.py", line 28, in encrypt_data
print(PasswordManager.decrypt_data(password, salt, encrypted_data))
~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\Aurora\Documents\programming\rmcnmgr\src\test_case.py", line 42, in decrypt_data
unpadded_data = PasswordManager.unpad_data(encrypted_data)
File "C:\Users\Aurora\Documents\programming\rmcnmgr\src\test_case.py", line 72, in unpad_data
return unpadded_data + unpadder.finalize()
~~~~~~~~~~~~~~~~~^^
ValueError: Invalid padding bytes.