1

I am new to encryption/decryption algorithms. I have an encrypted value in my config.yaml as below.

db_creds:
  key_id: b'gAAAAABjPbHlcR2CKJaF-CmIuxaIlp_6pvgo24xBTSopD2yKKgTWS2-aTh-IDbrnTHj47u9z1wYHV5tiOHQqOYcVrQsfRYbfkOB--6XRHaGUxjp9274VAgE='

I saved the data exactly like above in my config.yaml file's key: db_creds on my pycharm.

The decrypted value should be sdkljdcgkjhdbcjksdbc. It is a dummy value of course. When I use the value in ['db_creds']['key_d'] directly to decode as below:

from cryptography.fernet import Fernet

def decrypt(message):
    # generate a key for encryption and decryption
    # You can use fernet to generate
    # the key or use random key generator
    # here I'm using fernet to generate key

    key = Fernet.generate_key()

    # Instance the Fernet class with the key    
    fernet = Fernet(key)

    # decrypt the encrypted string with the
    # Fernet instance of the key,
    # that was used for encrypting the string
    # encoded byte string is returned by decrypt method,
    # so decode it to string with decode methods
    decMessage = fernet.decrypt(encMessage).decode()
    
    print("decrypted string: ", decMessage)

decrypt(b'gAAAAABjPbHlcR2CKJaF-CmIuxaIlp_6pvgo24xBTSopD2yKKgTWS2-aTh-IDbrnTHj47u9z1wYHV5tiOHQqOYcVrQsfRYbfkOB--6XRHaGUxjp9274VAgE=')

I see an error message:

Traceback (most recent call last):

  File "/some_package/utils/decrypt_aws_creds.py", line 38, in <module>
    decrypt(b'gAAAAABjPbHlcR2CKJaF-CmIuxaIlp_6pvgo24xBTSopD2yKKgTWS2-aTh-IDbrnTHj47u9z1wYHV5tiOHQqOYcVrQsfRYbfkOB--6XRHaGUxjp9274VAgE=')
  File "/some_package/utils/decrypt_aws_creds.py", line 32, in decrypt
    decMessage = fernet.decrypt(message).decode()
  File "some_package/venv/lib/python3.10/site-packages/cryptography/fernet.py", line 90, in decrypt
    return self._decrypt_data(data, timestamp, time_info)
  File "some_package/venv/lib/python3.10/site-packages/cryptography/fernet.py", line 151, in _decrypt_data
    self._verify_signature(data)
  File "some_package/venv/lib/python3.10/site-packages/cryptography/fernet.py", line 135, in _verify_signature
    raise InvalidToken
cryptography.fernet.InvalidToken

Is there any mistake with the way I am representing the data in my config file itself, or did I miss any configuration? Could anyone let me know what is the mistake I am doing here?

Metadata
  • 2,127
  • 9
  • 56
  • 127
  • 2
    You need to import the Fernet key used during encryption (with [`Fernet.generate_key()`](https://cryptography.io/en/latest/fernet/#cryptography.fernet.Fernet.generate_key) you generate a *new* key). – Topaco Oct 05 '22 at 16:56
  • ah, so there is no way I can directly decrypt an encrypted string in the manner I wrote. – Metadata Oct 05 '22 at 17:28
  • 1
    No. If it were feasible, anyone could decrypt the ciphertext and encryption would be pointless. – Topaco Oct 05 '22 at 17:38

0 Answers0