Hi! Due to this refactor (https://github.com/aws/aws-encryption-sdk-python/pull/467) an error NotSupportedError("Unsupported signing algorithm info") is raised when decrypting with some Algorithms with version of cryptography=2.8. I upgrade the cryptography version to the latest (41.0.7 right now) and the error was gone. I dont know from what version the issue is resolved.
Algorithm with issue: AlgorithmSuite.AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384
Error log:
Error on closing
Traceback (most recent call last):
File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/init.py", line 196, in decrypt
plaintext = decryptor.read()
File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/streaming_client.py", line 260, in read
self._prep_message()
File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/streaming_client.py", line 792, in _prep_message
self._header, self.header_auth = self._read_header()
File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/streaming_client.py", line 830, in _read_header
decryption_materials = self.config.materials_manager.decrypt_materials(request=decrypt_materials_request)
File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/materials_managers/caching.py", line 251, in decrypt_materials
new_result = self.backing_materials_manager.decrypt_materials(request)
File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/materials_managers/default.py", line 155, in decrypt_materials
verification_key = self._load_verification_key_from_encryption_context(
File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/materials_managers/default.py", line 136, in _load_verification_key_from_encryption_context
verifier = Verifier.from_encoded_point(algorithm=algorithm, encoded_point=encoded_verification_key)
File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/internal/crypto/authentication.py", line 144, in from_encoded_point
return cls(
File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/internal/crypto/authentication.py", line 44, in init
self._signature_type = self._set_signature_type()
File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/internal/crypto/authentication.py", line 51, in _set_signature_type
raise NotSupportedError("Unsupported signing algorithm info")
aws_encryption_sdk.exceptions.NotSupportedError: Unsupported signing algorithm info
Solution:
I suggest to increase the required version of cryptography in your guide.
Problem:
AWS Encryption SDK version: 3.1.1
Hi! Due to this refactor (https://github.com/aws/aws-encryption-sdk-python/pull/467) an error NotSupportedError("Unsupported signing algorithm info") is raised when decrypting with some Algorithms with version of cryptography=2.8. I upgrade the cryptography version to the latest (41.0.7 right now) and the error was gone. I dont know from what version the issue is resolved.
Algorithm with issue: AlgorithmSuite.AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384
Error log: Error on closing Traceback (most recent call last): File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/init.py", line 196, in decrypt plaintext = decryptor.read() File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/streaming_client.py", line 260, in read self._prep_message() File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/streaming_client.py", line 792, in _prep_message self._header, self.header_auth = self._read_header() File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/streaming_client.py", line 830, in _read_header decryption_materials = self.config.materials_manager.decrypt_materials(request=decrypt_materials_request) File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/materials_managers/caching.py", line 251, in decrypt_materials new_result = self.backing_materials_manager.decrypt_materials(request) File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/materials_managers/default.py", line 155, in decrypt_materials verification_key = self._load_verification_key_from_encryption_context( File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/materials_managers/default.py", line 136, in _load_verification_key_from_encryption_context verifier = Verifier.from_encoded_point(algorithm=algorithm, encoded_point=encoded_verification_key) File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/internal/crypto/authentication.py", line 144, in from_encoded_point return cls( File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/internal/crypto/authentication.py", line 44, in init self._signature_type = self._set_signature_type() File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/internal/crypto/authentication.py", line 51, in _set_signature_type raise NotSupportedError("Unsupported signing algorithm info") aws_encryption_sdk.exceptions.NotSupportedError: Unsupported signing algorithm info
Solution:
I suggest to increase the required version of cryptography in your guide.
Out of scope:
Nope