aws / aws-encryption-sdk-python

AWS Encryption SDK
https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html
Apache License 2.0
236 stars 86 forks source link

Update README required version of crypthograpy #625

Closed NicolasVelazquez closed 8 months ago

NicolasVelazquez commented 10 months ago

Problem:

AWS Encryption SDK version: 3.1.1

Hi! Due to this refactor (https://github.com/aws/aws-encryption-sdk-python/pull/467) an error NotSupportedError("Unsupported signing algorithm info") is raised when decrypting with some Algorithms with version of cryptography=2.8. I upgrade the cryptography version to the latest (41.0.7 right now) and the error was gone. I dont know from what version the issue is resolved.

Algorithm with issue: AlgorithmSuite.AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384

Error log: Error on closing Traceback (most recent call last): File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/init.py", line 196, in decrypt plaintext = decryptor.read() File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/streaming_client.py", line 260, in read self._prep_message() File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/streaming_client.py", line 792, in _prep_message self._header, self.header_auth = self._read_header() File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/streaming_client.py", line 830, in _read_header decryption_materials = self.config.materials_manager.decrypt_materials(request=decrypt_materials_request) File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/materials_managers/caching.py", line 251, in decrypt_materials new_result = self.backing_materials_manager.decrypt_materials(request) File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/materials_managers/default.py", line 155, in decrypt_materials verification_key = self._load_verification_key_from_encryption_context( File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/materials_managers/default.py", line 136, in _load_verification_key_from_encryption_context verifier = Verifier.from_encoded_point(algorithm=algorithm, encoded_point=encoded_verification_key) File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/internal/crypto/authentication.py", line 144, in from_encoded_point return cls( File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/internal/crypto/authentication.py", line 44, in init self._signature_type = self._set_signature_type() File "/.local/lib/python3.8/site-packages/aws_encryption_sdk/internal/crypto/authentication.py", line 51, in _set_signature_type raise NotSupportedError("Unsupported signing algorithm info") aws_encryption_sdk.exceptions.NotSupportedError: Unsupported signing algorithm info

Solution:

I suggest to increase the required version of cryptography in your guide.

Out of scope:

Nope

ajewellamz commented 8 months ago

Done. README and requirements.txt now both say 3.4.6.