Ashish Bainade
Ashish Bainade

Reputation: 506

Decryption issue in python using AES algorithm

I am building website in python flask & using AES algorithm of pycrypto library. In sign up web page, I am saving encrypted pwd & encrypted key in text file. In login page, I am comparing entered pwd with decrypted pwd,using below code

def decryption(encryptedString,key_from_file):
    PADDING = '{'
    DecodeAES = lambda c, e: c.decrypt(base64.b64decode(e)).rstrip(PADDING)
    #Key is FROM the printout of 'secret' in encryption
    #below is the encryption.
    encryption = encryptedString
    key = key_from_file
    cipher = AES.new(key) #### error comes here 
    decoded = DecodeAES(cipher, encryption)
    return decoded

def login():
    if request.method == 'GET':
        return render_template('login.html')
    if  request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        d2 = pandas.read_csv("Employee_Info.txt",header=0)
        search_id = d2[d2['email'] == username]
        pdb.set_trace()
        if search_id.empty:
            error = "username does not exists"
            return render_template('login.html', error = error)
        else:
            pwd_from_file=search_id.iloc[0]['pwd']
            key_from_file=search_id.iloc[0]['key']

            if decryption(pwd_from_file,key_from_file) == password:
                print "matching password"
            else:
                print "mismatch"

but I am getting error as ValueError: AES key must be 16,24 or 32 bytes long.

Text file has below fields:

id,email,pwd,key
qq,qq,h4vvEPuVNwjw22yJKz8QGg==,xéðjŸ¸AOݬ‡

Upvotes: 0

Views: 208

Answers (1)

Andy
Andy

Reputation: 14194

You are storing the key in raw Unicode bytes, so there is likely a serialization/deserialization error. Encode the raw key bytes in hexadecimal or Base64 before storing in the file, and then convert back to raw before initializing your cipher.

Note: Storing the key in the credentials data store is very bad, and encrypting passwords for credential verification is also very bad. Look at Why should I hash passwords and How to securely hash passwords for more information.

Upvotes: 1

Related Questions