Based on "it creates a new key from the password and is used for decryption" it sounds like you're using different keys for encryption and decryption.
You need to use the same key to decrypt a value as you used to encrypt it -- this is the point of symmetric encryption! It wouldn't make much sense if you could decrypt a value without possessing the key. How exactly you manage your keys depends a lot on your application, deployment environment, and threat model, so I can't really provide any general purpose advice. You generally should not store the key with the ciphretext, as there's basically no threat model that makes sense under. Alex On Sat, Jan 4, 2025 at 12:28 PM Sriram R via Cryptography-dev <cryptography-dev@python.org> wrote: > > Hello, > > I'm reaching out to the cryptography experts for this issue. > > Using Python 3.9 on a RHEL 9.4 platform with the cryptography module > installed on it. > The requirements are to encrypt some data using > classcryptography.hazmat.primitives.ciphers.aead.AESGCM(key) > > I've written the encryption code to use the above cipher and it works without > any issues. > > The issue I'm running into is in the decryption step. The same Python code is > called with the flag set to decryption but it raises the InvalidToken > exception. > Reading the documentation it says this could occur if the ciphertext is > changed, which it is not. Or if the nonce is different, I adjusted the code > to save each nonce during the encryption process and I supply this same nonce > during decryption. > The documentation also says this exception can occur if the key is different. > > This is where my confusion is, the .decrypt() only takes in the ct, nonce and > aad parameters. > Obviously when the Python module is run for decryption, it creates a new key > from the password and is used for decryption. Which will be different than > what was used during encryption. > I don't think the solution is to also store the key along with the nonce, > since it's a very bad security practice. > > What am I missing? > Do I need to parse the ciphertext and extract the tag or something? But then > .decrypt() method doesn't use a tag parameter. > > FYI, I'm saving the ciphertext and the nonce with the 'wb' flag in the open() > statement and the decryption step uses the 'rb' flag to read in the > ciphertext and the nonce. > > The example code snippet in the cryptography website shows the encrypt and > decrypt operation in sequence. > In my situation, encryption happens at one time and the decryption has to > happen some time later. > > Several websites/users are using the Pycryptodome module for this. > I'd rather not because the cryptography module works great for my other > requirements. > Also I'd prefer not to use cryptography module and the Pycryptodome module as > well. I think that would be overkill. > > Best > PE > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev -- All that is necessary for evil to succeed is for good people to do nothing. _______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
