pycrypto: what am I doing wrong?

[Paul Pittlerson]

I seem to have misunderstood something about the way Crypto.Cipher is supposed to work, because I'm getting unexpected results, here is my code..

import hashlib
from Crypto.Cipher import AES
from Crypto import Random

h = hashlib.new('sha256')
h.update('my key')
key = h.digest()

iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CFB, iv)
txt = 'hello world'

# This is the part where I'm confused, because it seems like encrypt will output a different result every time, so how can I decrypt it?

msg = cipher.encrypt(txt)

msg = cipher.encrypt(txt)

# etc
# it works like I would expect the first time when decrypting, if I follow the example from pycrypto docs:

msg = iv + cipher.encrypt(txt)
cipher.decrypt(iv + msg)

# But it does not work subsequently:

msg = iv + cipher.encrypt(txt)
cipher.decrypt(iv+msg)

What am I doing wrong?

 

[Chris Angelico]

msg = cipher.encrypt(txt)


msg = cipher.encrypt(txt)


# etc

Is this strictly the code you're using? AES is a stream cipher; what
you've effectively done is encrypt the text twice, once as a follow-on
message from the other. To decrypt the second, you'll need to include
the first - or treat it as a stream, and decrypt piece by piece.
Untested code:

import hashlib
from Crypto.Cipher import AES
from Crypto import Random

# Shorter version of your key hashing:
key = hashlib.sha256("my key").digest()

iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CFB, iv)
txt = 'hello world'

msg1 = cipher.encrypt(txt)
msg2 = cipher.encrypt(txt)
# You may need to reset cipher here, I'm not sure.
# cipher = AES.new(key, AES.MODE_CFB, iv)
cipher.decrypt(iv) # Initialize the decrypter with the init vector
print(cipher.decrypt(msg1))
print(cipher.decrypt(msg2))



I don't have pycrypto to test with, but running the same code with
Pike's Crypto module does what I expect here.

ChrisA

 

[Johannes Bauer]

AES is a stream cipher;

No, it is definitely not! It's a block cipher! However, since he uses
CFB mode of operation, it behaves like a stream cipher.

Best regards,
Joe


--

Zumindest nicht öffentlich!

Ah, der neueste und bis heute genialste Streich unsere großen
Kosmologen: Die Geheim-Vorhersage.
- Karl Kaos über Rüdiger Thomas in dsa <[email protected]>

 

[Johannes Bauer]

What am I doing wrong?

You're not reinitializing the internal state of the crypto engine. When
you recreate "cipher" with the same IV every time, it will work.

Best regards,
Joe



--

Zumindest nicht öffentlich!

Ah, der neueste und bis heute genialste Streich unsere großen
Kosmologen: Die Geheim-Vorhersage.
- Karl Kaos über Rüdiger Thomas in dsa <[email protected]>

 

[Johannes Bauer]

You're not reinitializing the internal state of the crypto engine. When
you recreate "cipher" with the same IV every time, it will work.

Code that works:

#!/usr/bin/python3
import hashlib
from Crypto.Cipher import AES
from Crypto import Random

h = hashlib.new('sha256')
h.update(b'my key')
key = h.digest()

iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CFB, iv)
txt = 'hello world'

msg = cipher.encrypt(txt)
print(msg)

cipher = AES.new(key, AES.MODE_CFB, iv) # Use *same* IV!
origtxt = cipher.decrypt(msg)
print(origtxt)


Also note that manually deriving a symmetric secret using SHA256 is an
INCREDIBLY bad idea. Have a look at PBKDF2.

Best regards,
Joe

--

Zumindest nicht öffentlich!

Ah, der neueste und bis heute genialste Streich unsere großen
Kosmologen: Die Geheim-Vorhersage.
- Karl Kaos über Rüdiger Thomas in dsa <[email protected]>

 

[Chris Angelico]

No, it is definitely not! It's a block cipher! However, since he uses
CFB mode of operation, it behaves like a stream cipher.

Sorry! Quite right. What I meant was, it behaves differently based on
its current state. The SHA256 of "Hello, world!" is 315f5b...edd3 no
matter how many times you calculate it; but the AES-encrypted text is
going to change based on the previously-encrypted text. Hence the need
to either, as stated in your other email, reset the internal state,
or, as stated in my previous one, treat it as a stream.

ChrisA