Re: [Cryptography-dev] cryptography 36.0.1 Fernet example: AES in CBC mode UnsupportedAlgorithm

Wed, 19 Jan 2022 10:53:23 -0800 

Hi,

Fixed it. Found with strace that the old lib got loaded as well
Made a static wheel as explained in https://cryptography.io/en/latest/installation/ 
Now it works

Erik


ejans...@itmatters.nl schreef op 2022-01-19 17:53:

Hi,

This is maybe not a cryptography question but an openssl one, please
bear with me..

I compiled openssl 1.1.1m myself and installed it next to the existing
1.0.1t from my distribution (debian 8). I built a Python linking
against this new openssl.
When I try the example code from the documentation I get UnsupportedAlgorithm: 

$ python3 -i
Python 3.9.10 (main, Jan 19 2022, 14:33:07)
[GCC 4.9.2] on linux
Type "help", "copyright", "credits" or "license" for more information.

import cryptography.hazmat.backends.openssl.backend as b



b.openssl_version_text()

'OpenSSL 1.1.1m  14 Dec 2021'


'{:x}'.format(b.openssl_version_number())

'101010df'


from cryptography.fernet import Fernet
key = Fernet.generate_key()
f = Fernet(key)
token = f.encrypt(b"my deep dark secret")

Traceback (most recent call last):

<skipping parts>

    raise UnsupportedAlgorithm(msg, _Reasons.UNSUPPORTED_CIPHER)
cryptography.exceptions.UnsupportedAlgorithm: cipher AES in CBC mode
is not supported by this backend (Your version of OpenSSL may be too
old. Current version: OpenSSL 1.1.1m  14 Dec 2021.)


However, I can do this on the commandline:

$ openssl version
OpenSSL 1.1.1m  14 Dec 2021

$ openssl enc -aes128 -base64 -in text.plain -out text.enc
enter aes-128-cbc encryption password:
Verifying - enter aes-128-cbc encryption password:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

$ cat text.enc
U2FsdGVkX18dFTIizaI1vyR/zo26kRa6ZusV61GMYZ8=

This didn't work initially, I first had to align openssl.cnf with the
one from the distribution. But now I would say the openssl itself is
working.

Why is this not working in the cryptography module? Or/and, what would
be the best next step to analyse?


Thanks!

Erik
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev

_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev

Reply via email to