ValueError: Ciphertext with incorrect length (not 256 bytes) using Python

Question

I want to decode RSA key in python, see below my code :

def decode():
    encoded_password = request.args['password']

    rsa_key = RSA.importKey(open('Python/auth/private.txt', "rb").read())
    cipher = PKCS1_v1_5.new(rsa_key)
    raw_cipher_data = b64decode(encoded_password)

    # Decrypt the data
    decrypted_password = cipher.decrypt(raw_cipher_data, "ERROR")
    return jsonify({'status': 'success', 'message': decrypted_password.decode('utf-8')})

My RSA Private key file looks like this :

    -----BEGIN RSA PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC3r6bHdnLyOlnA
3SL9Q1emrIfq/GUz1L9nlUEraWAF/ZSjwAjzxISNW2sP7Utoz6rUCxGPhwUAYaqx
D5J4iNZ4Uh4v7q8/XIyzfj0kT2/+sEznFLLTMbfIMV/gn8dbzAWDfMjA4itv3FCp
...
sEcPKDP+Cfu+9qjCGZ8+cTa7ilT9r/yvUus5bwW+DpfeMAVMgLahPB0sHPR2jkAK
v/dTPZz+XPN8k4kbO/wQlY1NCavHjwOIiwd/Z1d0Fv+K9Pmrwi2xO3icegEj93dG
F7c3bSZfWisoMQm+K2VCMZY=
-----END RSA PRIVATE KEY-----

I managed to import the private RSA key, but I get an error when I try to decode.

ValueError: Ciphertext with incorrect length (not 256 bytes)

I can't find answers to my problem.

Answer 1

As the error message says, the ciphertext you are trying to decrypt is of the incorrect length. Looking at the section for RSA decryption in RFC 3447, the ciphertext must be "an octet string of length k, where k is the length in octets of the RSA modulus n". In your case, it must be 256 bytes.

As @JoelCrypto says, this might be due to a discrepancy between your encryption and decryption code. Or it could be an extra byte or two that you added to the ciphertext by mistake. (Maybe an extra newline crept in somewhere?) Also, I totally agree with Joel about using PKCS#1 OAEP instead of PKCS#1 v1.5, as the latter is vulnerable to timing attacks.

Answer 2

Maybe your encryption part is not coherent with the decryption one :

from Cryptodome.PublicKey import RSA
from Cryptodome.Cipher import PKCS1_v1_5
from base64 import b64encode
from base64 import b64decode
def decode():
    rsa_key = RSA.importKey(open('Python/auth/private.txt', "rb").read())
    cipher = PKCS1_v1_5.new(rsa_key)
    global encoded_password
    # Decrypt the data
    decrypted_password = cipher.decrypt(encoded_password, "ERROR")
    password = b64decode(decrypted_password)
    return jsonify({'status': 'success', 'message': decrypted_password.decode('utf-8')})
def encode():
    password = b"stackoverflow"
    rsa_key=RSA.generate(2048)
    with open('Python/auth/private.txt', "wb") as file:
        file.write(rsa_key.export_key('PEM'))
    cipher = PKCS1_v1_5.new(rsa_key)
    raw_cipher_data = b64encode(password)
    print(raw_cipher_data)
    # Decrypt the data
    global encoded_password
    encoded_password = cipher.encrypt(raw_cipher_data)
    return jsonify({'status': 'success', 'message': encoded_password.decode('utf-8')})
encode()
decode()

The RSA key looks like :

    -----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAmnDiQmYr3oHiVaEtRcD2wARtFS2FeHCX6CMreiyXy7bIAtMY
KvO2EMBv4jjqpZQ3IT8qFKYxSANgC/t6/PX8ZshjERhngTs/C39logjgf7NOabWh
pfjKVJ+XMGBCR943YpTR2YBCqyztbZUGTO1EL4dFrEYYEPBIlvy2AXXOYwWj78Bv
VrgQlhqZk7WeEmZ1t6ezGvsw18R72ITU1wzSekLiMCJhNttELIHbuWQZw48wVlXd
5B/803zHKPivtKsVaqrfBwv+UONozlXhpBlz6FYjA/tnC2xuk5WpSBc2jQfyeNho
pRtA1WK2YMp2IMbp1nVeajlPENCEE3w7joIyGwIDAQABAoIBABWVgNbvyYzDe+V6
F5t/4DGuIgKg2zOduhUxfnIziOlpu6KYFvDAdmmj7gm16PvyxBEA72QgZT3KaaId
vNldQC+rLMaRsbwqvWEMJnY9UFwjK+pz0x92LuzMZbMB7kbLWdPiDEFIqXNGiE4q
0s0YfHw5/F+bEjeieo/4ydpYDlvh5nG0y9Sdl6FxufAhx/JXuNNq+qO5qEEMQwYU
hnf31Sw7twEJGvOaKsCAcPG9F64JGo/QUx/VJIA97EoHvWl5USRxqUiOkyWpeeHs
iSYBOA4zAF68uEakax7jD2xc/GxCwBJGjrI9K3A6+NI9wfu6uJxIL8unfR+KwCSn
0k6446UCgYEAvZnOj7eY5t3q94TxxH3HHc61jBDLn7Mq/N0YdxocJp84zXLFtH6x
bgBVoqqllF3rp77f2HLnVHzacW+Tvv8GVxhZ1o48v8WK/5Ej3Sgh+6dsa99e24SQ
z7sGpYinATwqhWnwzd/G0ZHDTNX3vScOq/rNfnyRi6qu9+TIEbqCqC0CgYEA0Ibo
IJDxoBP2387jYB/Z8gqv6xq0kqyrdOa0yv2c7JFS8yCXXZ1cTy/x/YJrZR2eCeQs
YQfN95u12j3lUlCVWVb3ZmM6CAyEpUYqPZ4sCtJdKChLM0+I0yfIbfXiEIIJ0yjM
Al56IAYNEYydSPE9jLW/P4lHRrssQbKr3Py/qGcCgYB0XpKJYwZVrJ8qjE5Xa1tq
0BRdg3F282DPEmSRtVTR36fdcTQnNBtyiIIG9PXrujmJG34IO34APSFVvkXQVHZv
vmJlbaebjINjmJGKi7dP3dKN4us1kIfQ99l8gAMAnwz6FavWsCI3Pl/AKROE5RP8
OlMl7w7lyjzZqXGib/cBgQKBgEw8hjEhzLTRl7hLUyWZf3zWG2rA4LOfHTAoCIEO
J4j1uHXavHwlQ9JPnREp1UmqglTrbq4qxEp6Swn3BxgJDhETkm+EZ3r52KTz+g18
/m0Wa6h60sN3mHZaXRSWiIewgxcIG03ibJO4op5/4iEA0ZfX+ouoDL73Pz7lq5+n
aAqRAoGAFbytz4N8vCftiznwzTED5l2qqO3PASU1YctcZWVh7zDK8bQ6sXI9Abmz
8Q8kXPNFFLs+LeMaiId8KK6KtCMv8nu1GvjC1OuzMTwbASTDyy6FFdxOTB+JfEX9
XCftkh3k7F7OtIKarGVnSXbwH+NIPbV25DBRvW2tqCyztH8j4Bc=
-----END RSA PRIVATE KEY-----

So it is bigger than yours. NB : I strongly recommend you to use PKCS OAEP #1 due to security reasons (https://pycryptodome.readthedocs.io/en/latest/src/cipher/pkcs1_v1_5.html).