Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How (is it possible) to decrypte in Pytyhon? #141

Open
luisrock opened this issue Sep 2, 2019 · 2 comments
Open

How (is it possible) to decrypte in Pytyhon? #141

luisrock opened this issue Sep 2, 2019 · 2 comments
Labels
community help wanted wishlist

Comments

@luisrock
Copy link

luisrock commented Sep 2, 2019

I placed a question at StackOverflow on how to Decrypt in Python a string encrypted in PHP with Halite/Libsodium, but I was wondering if it is ever possible...

If so, can you put me in the right direction?
@bramus
Copy link

bramus commented Feb 6, 2020
edited
Loading

Struggling with the same thing using PyNaCL. Below is how far (or "not far") I got.

  • On the PHP side:

    // Load encryption Key
$encryptionKeyPath = '/path/to/encryption.key';
$encryptionKey = \ParagonIE\Halite\KeyFactory::loadEncryptionKey($encryptionKeyPath);

// Encrypt Value (using the default ENCODE_BASE64URLSAFE encoder)
// ~> Yields a string like 'MUIEAI…'
$encryptedValue = \ParagonIE\Halite\Symmetric\Crypto::encrypt(
  new \ParagonIE\HiddenString\HiddenString($value_to_encrypt),
  $encryptionKey
);

// Get Encryption Key to use within PyNaCl
// ~> Yields a base64-encoded string representing the encryption key
$encoder = \ParagonIE\Halite\Halite::chooseEncoder(\ParagonIE\Halite\Halite::ENCODE_BASE64URLSAFE);
echo 'base64_encoded_key to use with PyNaCl: ' . $encoder($encryptionKey->getRawKeyMaterial());

  • On the Python side:

    import nacl.secret

encrypted_value = 'MUIEA…'
base64_encoded_key = '…' # See output above to complete this

box = nacl.secret.SecretBox(
  base64_encoded_key,
  nacl.encoding.URLSafeBase64Encoder
)

plaintext = box.decrypt(
    encrypted_value,
    None,
    nacl.encoding.URLSafeBase64Encoder
)

print(plaintext.decode('utf-8'))

All I'm getting from this is a nacl.exceptions.CryptoError: Decryption failed. Ciphertext failed verification Exception.

I think I'm stumbling over the 2nd parameter of box.decrypt in the Python code which I'm setting to None. It is the value for so called "nonce" but I have no clue on how to extract that out of Halite.

Update: Looking into the code of the Symmetric Crypto class I an unpacking of the 'MUIEA…' string happens to extract the actually encrypted value, nonce, etc. — Will look into that …

@bramus
Copy link

bramus commented Feb 6, 2020

When manually calling the unpackMessageForDecryption method I can extract the nonce (at index 3) and the encrypted string (at index 4).

$decoder = \ParagonIE\Halite\Halite::chooseEncoder(\ParagonIE\Halite\Halite::ENCODE_BASE64URLSAFE, true);
$parts = \ParagonIE\Halite\Symmetric\Crypto::unpackMessageForDecryption($decoder('MUIEA…'));

$nonce = $parts[3];
$encrypted = $parts[4];

I've recreated this functionality in the Python code based upon its logic:

nonce = nacl.encoding.URLSafeBase64Encoder.decode(encrypted_value)[36:60] # start at 36, length of 24
encrypted = nacl.encoding.URLSafeBase64Encoder.decode(encrypted_value)[60:len(string)-112] # start at 60, length of 112 (not 124 as mentioned in the Halite source?!)

When comparing the base64 encoded values of both the PHP and the Python nonce and encrypted params they do match. Decrypting (in Python) however still is no go. Still getting the nacl.exceptions.CryptoError: Decryption failed. Ciphertext failed verification Exception.

Think I am close, but am still missing a part …

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community help wanted wishlist
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bramus @luisrock @paragonie-security