"Provided AES key is wrong" when decrypting wallet

[clubshaft]

I have a serious bug ! import wallet work . I see all my transfers and my saldo ''coins''

when I wanna sent some coins it ask me for password . like it always do now monts from may .

I know my password 100% here is no doubt about it .

I get the error message ► provided AES key is wrong . this is insain ! ! ! why you let me enter a password to my wallet ? not safe without a password you tell to the people . BULLSHIT + 20 BTC my own coins from 2 years pfffffff I can do nothing with it becouse off that stupid password BUG ( scam?? )

Iam now 7 days trying to fix this but nothing work . coincidentally the backup wallet and backup key also give an error . all the other files are ok from my old wallets . they are all there but there is no money on it .

the error message was "NUL" wit the backup key and backup wallet file .

I'm totally misled by multibit WTF I I knew this was going to give problems . no recovery for passwords LOL so that is safe ????? never I read anny messages for warning me becouse the danger off using a password . I know my password let that be clear . more than 23 coins WTF .

████ people if you read this do your password gone before it is to late ! ! just rar the file with password two times or 3 times . up some rar with password in gmail there it stays till we dead . for me it is to late feel verry bad what a massive scam damn ███

[clubshaft]

I also try to import them in blockchain . I create there a wallet and try to import but that is not working annymore

[gary-rowe]

We haven't stolen your bitcoins. Let's go through this step by step to help you unlock your wallet. Can I ask you to keep your responses to this issue to help me and others keep track of your progress. You may want to remove personally identifying information from your posts (don't reveal your balance and so on).

Next, can you verify that you've read the password recovery help article: https://multibit.org/en/help/v0.5/help_lostOrForgottenPassword.html

Note to readers in 2020 and later

This is an immense thread, filled with various dead ends. Please see this summary https://github.com/Multibit-Legacy/multibit/issues/620#issuecomment-783595465

[clubshaft]

if someone can tell me wich files I needed than I use a new hard disk with a clean instalation and run this disk in usb external modus to run get data back ntfs .

ps: yes sir I read that but like I say I know my password ! if I type it wrong that I get the message could not decrypt . . . . . . that is 100% wrong pass . but AESkey is wrong sorry but that is not my wrong .

[gary-rowe]

OK, I need to establish a baseline of what you've already tried to recover the wallet. Can you tell me when the wallet was first created and in which version of MultiBit it was done?

[clubshaft]

yes 2014-05-07 00:17:\ I did my first transfer with that wallet . therefore I use an other wallet but that one is still ok .

[clubshaft]

multibit vers 15 ► now I use vers 18 from last saturday after my lost coins ! !

back then I created that wallet 10 min later I make the password for it . is it posible that the recovery file that I have is before I enter an pass to it ?

the last good files are from september . but they give bold an error " NUL" so I use the file from 05/2014 I search on date . all the other file are from my first wallet . tons and tons

[gary-rowe]

Can you verify that you are using 0.5.18 as the wallet creator? It is very unlikely that the AES encryption key would have been mangled since MultiBit will check that it can decrypt the wallet with the given password before returning with a positive message.

When you add a password to a wallet MultiBit Classic will go over any backups it can find and apply the encryption to protect any previously unprotected keys. Unless your backups are outside of where it would normally expect to find them they should all be encrypted.

Here is some detailed technical information on the encryption used: https://github.com/jim618/multibit/wiki/Export-and-limited-import-of-private-keys

At this stage I would recommend that you switch to using OpenSSL to attempt decryption since it will be faster than through the MultiBit UI. You should target the .key file.

You should also pursue the possibility that you might have accidentally mistyped your password. It is definitely worth using the script in the password article referenced earlier to explore a variety of combinations rapidly. You can run the script using cygwin if you're on Windows.

[clubshaft]

multibit vers 15 ► now I use vers 18 from last saturday after my lost coins ! !

[clubshaft]

if I type it wrong than I always get coulsd not decrypt .. . . . . but i know the pass I use it + 20 times from 05/2014 till last saturday

[clubshaft]

maibe I must uninstall version 18 and get back to 15 ?

[gary-rowe]

What message is OpenSSL giving you when you attempt to decrypt using:

openssl enc -d -p -aes-256-cbc -a -in encryptedwallet.key -out decryptedwallet.txt -pass pass:yourpassword

Obviously you'll substitute your own values.

Don't rewind back to 0.5.15. I want to be sure that the problem is with the key file. You're adamant that you are typing in the correct password but that decryption is failing. That indicates a corrupted file but we have to be sure.

[clubshaft]

are you related to the software sir ?

[gary-rowe]

Yes, Jim is the primary developer of MultiBit Classic and I'm the secondary. I've asked Jim to keep an eye on this thread and he'll probably take over later since I have limited time available today.

[clubshaft]

I now find the file multiwallet-qt.md is this helpfull ? search for the key file now

[gary-rowe]

Don't know that file so it's probably not relevant. If you need to locate the .key file this article will assist you: https://multibit.org/en/help/v0.5/help_fileDescriptions.html

[clubshaft]

have it . yesterday I rar it with pass and there I get it now becouse the other is missing .

ok here is my key located can you give me the exact code

j:\nul_error.key

[clubshaft]

this whas the original key name bv-20140507000410.key

and thgis is the wallet bv-20140507000410.wallet

[clubshaft]

that ssl stuff is chineese for me lol

[gary-rowe]

Now that you have a .key file do the following (I've made the instructions step by step for Windows):

1. Ensure you have OpenSSL installed.
2. Open the command prompt and navigate to J:\ (on Windows type J: at the command prompt)
3. Verify you can see the file: (type dir to see a list)
4. Enter the following at the command prompt on a single line:

openssl enc -d -p -aes-256-cbc -a -in nul_error.key -out nul_error.txt -pass pass:yourpassword

Change yourpassword to your password.

OpenSSL will attempt to decrypt the file and will tell you if it is successful. The decrypted keys will be placed in nul_error.txt and should now be considered compromised. You'll need to sweep funds out of them as soon as possible into a safe area. If you have those keys you have your bitcoins.

You can see the key file format here: https://multibit.org/en/help/v0.5/help_exportingPrivateKeys.html

[clubshaft]

I have win 7 64 bit do I need to download the win 64 vers ?

[gary-rowe]

Sounds right. It'll tell you if it has problems.

[ghost]

@clubshaft You don't need to download a Win 64 version - the Windows installer is 32 bit and should work fine

[clubshaft]

ok I uninstall then becouse it not work

[ghost]

This is being covered in issue #611. As it's confusing having two issues open about the same thing I'll close this one. Please post on #611 thanks.

[clubshaft]

http://s23.postimg.org/ew4m6o9cr/Image_4.jpg

[clubshaft]

no #611 have nothing to do with my problem ! my password is not working and it is the right one ! ! ! ! !

[clubshaft]

Provided AES key is wrong ! I have the key file and ssl is instal now how to run it so I can encrypt like you explane to me

[ghost]

Gary's post starting "Now that you have a .key file do the following (I've made the instructions step by step for Windows):" explains using OpenSSL step by step.

Please take the time to go through the suggestions step by step.

It is the same process effectively as doing an Tools | Import private keys but on the command line.

Also, in your original post you don't explain where you got your private key file export from. That wallet will also have the private keys controlling your bitcoin. If that was a MultiBit wallet then it will have backups too that you might be able to use.

Note that your password is case sensitive and must match exactly (i.e. the same sort of hyphen, quote mark etc) or you won't be able to decrypt that file.

[clubshaft]

I use the password more that 20 times and I not change it .

http://s28.postimg.org/x3am804gt/Image_5.jpg

[gary-rowe]

Just checking in to see how things have progressed. What did OpenSSL come back with?

[clubshaft]

I dont get it ? if I give you the lokation off the file can you type the command then for me ?

[clubshaft]

I know 100% it is a bug my wallet is still there but can do nothing with it .

[clubshaft]

it is not normal at all that if the pass whas wrong that the message provided AES key is wrong comes.

why that message comes ? if I wanna change the wallet pass with the correct pass everytime this message comes . when I use an other pass I get the normal message could not decrypt string .....

[gary-rowe]

I cannot type the command for you because I do not have your wallet. You need to open your command line (video) then you need to follow the instructions given earlier regarding OpenSSL.

Simply type in the commands, press enter after each one and observe the output. If you can take a screenshot of the command window output (no private keys will be exposed so long as you don't open the decrypted file) then I can better diagnose your problem. To insert a screenshot into GitHub you need only drag the image file into the text area where you are posting your update.

[tonyclifton13]

I believe I may be having the same problem. I installed Multibit and immediately set a password before sending some coin to the wallet. Shortly after, I tried sending coin from my Multibit wallet and when I put my password in I get the error "Provided AES Key Wrong". I absolutely accept the possibility that when I created the password I may have entered it incorrectly. That being said I usually am very careful and alert when entering a password, and I used a password that I use often. When I try variations of my password and I get the error "could not decrypt bytes". Since I am getting a different error for what I believe is the password I used, it seems that possibly the problem is in Multibit and not a typo on my part. I am honestly very ignorant when it comes to programming or understanding anything beyond the basics of computers, and all of the help I've found so far is way over my head. I am considering sending it to a wallet recovery service, but before I do that I would like to know if this could possibly be a "bug" in Multibit? I would REALLY appreciate any suggestions or help. Losing money sucks. PS-I am running Multibit on my iMac

[gary-rowe]

Thanks for reporting this @tonyclifton13. It would really help to see the output from OpenSSL as described earlier in this thread.

If you'd rather not attempt it you could send in the .key file to us along with what you think is the password so we can examine it. The .key file is safe to send since it's encrypted, but you would need to send over your password which has security implications for you. You would need to encrypt it so that only the MultiBit team can open it which means using GPG.

This is about as complicated to use as OpenSSL so let me know if you'd like to go down this route.

[tonyclifton13]

I wouldn't mind sending it to you guys to see what you think the problem is. I am a bit ignorant when it comes to this technical stuff, but I do have a small understanding of GPG. I would need your public key in order to send an encrypted message, correct?

On Tue, Oct 21, 2014 at 11:44 AM, Gary Rowe notifications@github.com wrote:

Thanks for reporting this @tonyclifton13 https://github.com/tonyclifton13. It would really help to see the output from OpenSSL as described earlier in this thread.

If you'd rather not attempt it you could send in the .key file to us along with what you think is the password so we can examine it. The .key file is safe to send since it's encrypted, but you would need to send over your password which has security implications for you. You would need to encrypt it so that only the MultiBit team can open it which means using GPG.

This is about as complicated to use as OpenSSL so let me know if you'd like to go down this route.

— Reply to this email directly or view it on GitHub https://github.com/jim618/multibit/issues/620#issuecomment-59958436.

[gary-rowe]

Yes. You can find the key referenced on the front page of MultiBit.org. You can use this article to assist with GPG.

[tonyclifton13]

The problem I'm having is I can't find any .key file. I searched for a couple of hours last night, doing my best to follow the instructions given earlier on this thread and reading through the help on Multibit.org, and I can't come up with anything that looks like a .key file. Earlier in this thread it mentions locating this file in Windows, since I'm using an iMac could there possibly be something that wasn't mentioned that would help me find the file?

On Wed, Oct 22, 2014 at 5:31 AM, Gary Rowe notifications@github.com wrote:

Yes. You can find the key referenced on the front page of MultiBit.org https://multibit.org. You can use this article https://multibit.org/blog/2013/07/24/how-to-check-signatures.html to assist with GPG.

— Reply to this email directly or view it on GitHub https://github.com/jim618/multibit/issues/620#issuecomment-60065246.

[gary-rowe]

The MultiBit application directory is hidden by default on OS X. A typical path would be /Users/<your user name here>/Library/Application Support/MultiBit/multibit-data/key-backup.

This help article provides instructions on making hidden files visible on OS X. There is a link to each of the file descriptions too.

[tonyclifton13]

I sent in my .key file and password. I hope I did it the right way. I really do appreciate your patience, I am in way over my head on this.

On Oct 22, 2014, at 8:50 AM, Gary Rowe notifications@github.com wrote:

The MultiBit application directory is hidden by default on OS X. A typical path would be /Users//Library/Application Support/MultiBit/multibit-data/key-backup.

This help article provides instructions on making hidden files visible on OS X. There is a link to each of the file descriptions too.

— Reply to this email directly or view it on GitHub.

[tonyclifton13]

Let me know if my .key file and password did not make it to you.

[gary-rowe]

Hi @tonyclifton13, it appears that no email has arrived. Jim has checked the support email address for MultiBit.org and nothing has appeared. If you are sure that you've GPG encrypted the password using the instructions and the .key file remains encrypted then this is not a problem. If the email has failed to send then also that is not a problem. If somehow the password is in the clear in an email sent somewhere random then you need to change any other sites that use that password as soon as possible since it should be considered compromised. I'd strongly urge the use of LastPass for making fresh passwords.

I've spent some time talking over this with Jim and we're both convinced that it is much more likely that this is a case of a password typo than an encryption error. I would suggest then that you progress using the "forgotten password" article details and attempt the OpenSSL decrypt that is described earlier in this thread.

In general sending encrypted passwords and .key files is not the best way to solve this problem so let's continue through this thread and hope to unlock it safely.

[tonyclifton13]

I'm definitely not ruling out the possibility that this is a typo error on my part. I'm usually very careful, but I still make mistakes. Honestly I wouldn't have even bothered looking for help on this if it wasn't for the fact that I am getting a different error message whenever I enter what I believe is the password. When I enter what I think is the correct password I get the error "Provided AES key is wrong". If I enter anything other than my password I get the message "Could not decrypt bytes". I've manually entered thousands of different variations at this point, but the only one that has prompted the "AES" error is what I believe is the password I used. It just seems too coincidental that my password is the only thing that promts a different error.

On Oct 23, 2014, at 2:59 PM, Gary Rowe notifications@github.com wrote:

Hi @tonyclifton13, it appears that no email has arrived. Jim has checked the support email address for MultiBit.org and nothing has appeared. If you are sure that you've GPG encrypted the password using the instructions and the .key file remains encrypted then this is not a problem. If the email has failed to send then also that is not a problem. If somehow the password is in the clear in an email sent somewhere random then you need to change any other sites that use that password as soon as possible since it should be considered compromised. I'd strongly urge the use of LastPass for making fresh passwords.

I've spent some time talking over this with Jim and we're both convinced that it is much more likely that this is a case of a password typo than an encryption error. I would suggest then that you progress using the "forgotten password" article details and attempt the OpenSSL decrypt that is described earlier in this thread.

In general sending encrypted passwords and .key files is not the best way to solve this problem so let's continue through this thread and hope to unlock it safely.

— Reply to this email directly or view it on GitHub.

[gary-rowe]

\ EDIT: This conclusion is unlikely - see later **

Although the "Provided AES key is wrong" message looks suspicious it is merely a coincidence. Here's the code that does the decryption work from the Bitcoinj library ECKey.java:

    /**
     * Create a decrypted private key with the keyCrypter and AES key supplied. Note that if the aesKey is wrong, this
     * has some chance of throwing KeyCrypterException due to the corrupted padding that will result, but it can also
     * just yield a garbage key.
     *
     * @param keyCrypter The keyCrypter that specifies exactly how the decrypted bytes are created.
     * @param aesKey The KeyParameter with the AES encryption key (usually constructed with keyCrypter#deriveKey and cached).
     * @return unencryptedKey
     */
    public ECKey decrypt(KeyCrypter keyCrypter, KeyParameter aesKey) throws KeyCrypterException {
        Preconditions.checkNotNull(keyCrypter);
        // Check that the keyCrypter matches the one used to encrypt the keys, if set.
        if (this.keyCrypter != null && !this.keyCrypter.equals(keyCrypter)) {
            throw new KeyCrypterException("The keyCrypter being used to decrypt the key is different to the one that was used to encrypt it");
        }
        byte[] unencryptedPrivateKey = keyCrypter.decrypt(encryptedPrivateKey, aesKey);
        ECKey key = new ECKey(new BigInteger(1, unencryptedPrivateKey), null, isCompressed());
        if (!Arrays.equals(key.getPubKey(), getPubKey()))
            throw new KeyCrypterException("Provided AES key is wrong");
        key.setCreationTimeSeconds(creationTimeSeconds);
        return key;
    }

This means that the password you enter yields a well-formed AES key, which is just a large integer, but it is not the correct one to unlock your wallet. Other passwords you enter result in different numbers that tend to cause padding errors resulting in "Could not decrypt bytes" and so on.

[clubshaft]

hello tony I have just fix my wallet after two weeks .

all myknowledge I give to you .

first you need to take out the hard drive and use a cable to connect the hard disk with usb you need offcource an other drive for running your pc . ones you do that you install the program recuva . I use 3 different file recovery programs the found all 3 the key file but with 2 off them I get the aes error filesize is exact the same with all 3 off the recovered files but only recuva did the job .

run recuva and if it is done can take to 10 hours depends on the size off the disk
you search "key" recover all the key files but you must watch to the date thats verry important recover to an usb stick . then install multibut and choose import key than your password wil work aggain . TIP: I made me an backup file without pass and I winrar it with pass an store it on the usb stick I use earlyer . the backup key on your pc you just use the pass aggain if it is broke aggain you always have the recovery on your usb stick .

THIS IS DEFENETLY A BUG IN multibit I dont trust there pass encryption anny more. winrar I trust with my life hehe

[tonyclifton13]

If you honestly feel it is just a coincidence and there isn't a possibility an error has occurred in Multibit, I will move on. I may try getting this to a wallet recovery service, I just didn't want to risk sending this off to someone else without being certain that I did just mistyped my password. Luckily there isn't an extremely large sum of money in that wallet, but it is a lot of money by my standards and not being able to access it has been a financial strain for me. I'm sure if I had a better understanding of code this wouldn't seem so unlikely, but the fact that I only get the "AES" error when my usual password is entered makes me doubt the possibility of a typo. I've tried thousands of variations, old password, variations of old passwords, and random combinations of numbers and letters; they all come back with the "could not decrypt bytes" error. The only thing that will prompt the "AES" error is what I believe to be the correct password. To me it seems very unlikely that this is just a coincidence, but I have no knowledge of code and I'm not going to pretend I know how any of this works. I really do appreciate you taking the time out to help me. I'm sure it's frustrating trying to explain this to someone who has very little comprehension of what it all means. Honestly, I wouldn't be bothering anyone with this if there wasn't evidence of a problem other than just a typo.

On Thu, Oct 23, 2014 at 4:31 PM, Gary Rowe notifications@github.com wrote:

Although the "Provided AES key is wrong" message looks suspicious it is merely a co-incidence. Here's the code that does the decryption work from the Bitcoinj library ECKey.java https://code.google.com/p/bitcoinj/source/browse/core/src/main/java/com/google/bitcoin/core/ECKey.java :

/**     * Create a decrypted private key with the keyCrypter and AES key supplied. Note that if the aesKey is wrong, this     * has some chance of throwing KeyCrypterException due to the corrupted padding that will result, but it can also     * just yield a garbage key.     *     * @param keyCrypter The keyCrypter that specifies exactly how the decrypted bytes are created.     * @param aesKey The KeyParameter with the AES encryption key (usually constructed with keyCrypter#deriveKey and cached).     * @return unencryptedKey     */
public ECKey decrypt(KeyCrypter keyCrypter, KeyParameter aesKey) throws KeyCrypterException {
    Preconditions.checkNotNull(keyCrypter);
    // Check that the keyCrypter matches the one used to encrypt the keys, if set.
    if (this.keyCrypter != null && !this.keyCrypter.equals(keyCrypter)) {
        throw new KeyCrypterException("The keyCrypter being used to decrypt the key is different to the one that was used to encrypt it");
    }
    byte[] unencryptedPrivateKey = keyCrypter.decrypt(encryptedPrivateKey, aesKey);
    ECKey key = new ECKey(new BigInteger(1, unencryptedPrivateKey), null, isCompressed());
    if (!Arrays.equals(key.getPubKey(), getPubKey()))
        throw new KeyCrypterException("Provided AES key is wrong");
    key.setCreationTimeSeconds(creationTimeSeconds);
    return key;
}

This means that the password you enter yields a well-formed AES key, which is just a large integer, but it is not the correct one to unlock your wallet. Other passwords you enter result in different numbers that tend to cause padding errors resulting in "Could not decrypt bytes" and so on.

— Reply to this email directly or view it on GitHub https://github.com/jim618/multibit/issues/620#issuecomment-60312735.

[clubshaft]

I personal not beleve that if I run the ssl tool that it give the solution . if you get the message aes key error your pass is right that I know from the beginning .

[tonyclifton13]

Thanks for the advice clubshaft. I'm glad you where able to recover the coins from your wallet. I do suspect that there may be a problem in Multibit, but I am very ignorant when it comes to code or anything beyond the basics of computers. That being said I don't know enough to believe that there is reason for suspicion. In defense of Multibit, lots of people use it everyday without any problem and because it is open source I would think that if there was a problem someone would have found it and made a fix by now. Since my understanding of computers is so basic, I wouldn't feel comfortable trying your suggestion. I'm already in a situation that is very far over my head, I don't want to risk making the situation even more complicated. I'm also running Multibit on an iMac, so I assume the same solution may not work. I do appreciate the suggestion though.

[clubshaft]

for me it whas 10.000 dollar 8.000 euro belive me than you try everything greetz