pyca / pynacl

Python binding to the Networking and Cryptography (NaCl) library
https://pynacl.readthedocs.io/
Apache License 2.0
1.08k stars 232 forks source link

nacl.exceptions.CryptoError: An error occurred trying to decrypt the message #815

Closed DanielAtCosmicDNA closed 8 months ago

DanielAtCosmicDNA commented 8 months ago

Utilising a frontend with TweetNacl and a backend with Pynacl, the message decryption is failing. I have logged the information flow, but it still seems to me there is something amiss after applying this patch.

Frontend

At apiSlice.js line 7, the private key of the message sender is:

[22, 97, 70, 216, 88, 21, 163, 202, 104, 56, 100, 167, 209, 169, 134, 197, 246, 233, 91, 189, 136, 30, 42, 236, 116, 87, 200, 192, 229, 58, 107, 84]

And the public key is:

[60, 123, 72, 36, 90, 18, 17, 174, 101, 188, 160, 241, 155, 182, 149, 227, 175, 150, 208, 48, 248, 230, 245, 182, 61, 128, 101, 71, 44, 100, 45, 103]

Then a message with the content { message: 'Hello to you!' } is encrypted at App.js line 97, which in turns calls the query at apiSlice.js line 23.

Network

A GET query message with the following payload is then sent:

parameter data
publicKey 169e9f8728dad5f95c9ee33bc3b9460c5b9ca9b279fdd563bf56f1cd2ebdd738
encryptedMessage ZJ/vazrENEKfORsJtSoTWnh6M+VkoXRp70j/EGJ4qp+omLurcGpsG1hdmipebmlHZtYQETJxHf4NGyNGEJchAx3pLQ==

And which is responded by server with:

Traceback (most recent call last):
  File "C:\Users\aUsername\AppData\Local\plover\plover\plugins\win\Python39\site-packages\plover_engine_server\websocket\nacl_middleware.py", line 99, in returned_middleware
    decrypted_message = my_mail_box.decrypt(incoming_base64_encrypted_message, encoder=Base64Encoder)
  File "C:\Users\aUsername\AppData\Local\plover\plover\plugins\win\Python39\site-packages\nacl\public.py", line 299, in decrypt
    plaintext = nacl.bindings.crypto_box_open_afternm(
  File "C:\Users\aUsername\AppData\Local\plover\plover\plugins\win\Python39\site-packages\nacl\bindings\crypto_box.py", line 221, in crypto_box_open_afternm
    ensure(
  File "C:\Users\aUsername\AppData\Local\plover\plover\plugins\win\Python39\site-packages\nacl\exceptions.py", line 88, in ensure
    raise raising(*args)
nacl.exceptions.CryptoError: An error occurred trying to decrypt the message

Server

On the server side, there is Plover with the following plugin.

This plugin writes and reads to a file that has the public and private keys. In this round the server has:

{
  "private_key": "72ce753d550cdb81cd2148ffffd09c7790c76c404ba071ca4ccbd77f7dbf4651",
  "public_key": "169e9f8728dad5f95c9ee33bc3b9460c5b9ca9b279fdd563bf56f1cd2ebdd738",
}

The read and write to this file are governed by config.py

The message is then received by the nacl_middleware where the following log is written to plover.log:

2024-03-15 23:30:56,362 [Thread-3] INFO: Request received.
2024-03-15 23:30:56,362 [Thread-3] INFO: Retrieving publicKey from message...
2024-03-15 23:30:56,364 [Thread-3] INFO: PublicKey 169e9f8728dad5f95c9ee33bc3b9460c5b9ca9b279fdd563bf56f1cd2ebdd738 retrieved!
2024-03-15 23:30:56,364 [Thread-3] INFO: Decoding messager's public key hex...
2024-03-15 23:30:56,365 [Thread-3] INFO: Messager's public key b'\x16\x9e\x9f\x87(\xda\xd5\xf9\\\x9e\xe3;\xc3\xb9F\x0c[\x9c\xa9\xb2y\xfd\xd5c\xbfV\xf1\xcd.\xbd\xd78' decoded!
2024-03-15 23:30:56,365 [Thread-3] INFO: Retrieving encryptedMessage from message...
2024-03-15 23:30:56,365 [Thread-3] INFO: EncryptedMessage ZJ/vazrENEKfORsJtSoTWnh6M+VkoXRp70j/EGJ4qp+omLurcGpsG1hdmipebmlHZtYQETJxHf4NGyNGEJchAx3pLQ== retrieved!
2024-03-15 23:30:56,365 [Thread-3] INFO: Creating Box...
2024-03-15 23:30:56,366 [Thread-3] INFO: Box b'\xdd\x11\x12Dr\xf6\xe2\xcd\x1b`\xbf\xe0\xbfR\x99P\xae5\x93\xdf\xfe\xe5\xc3\x99P\xf8vB.\xba\xfb\xa1' created!
2024-03-15 23:30:56,366 [Thread-3] INFO: Decrypting message...
2024-03-15 23:30:56,412 [Thread-3] INFO: Response hook.
2024-03-15 23:30:56,413 [Thread-3] INFO: headers: <CIMultiDict('Content-Type': 'text/plain; charset=utf-8')>
2024-03-15 23:30:56,413 [Thread-3] INFO: status: 401
2024-03-15 23:30:56,413 [Thread-3] INFO: reason: Failed to retrieve a valid message!
2024-03-15 23:30:56,413 [Thread-3] INFO: body: <aiohttp.payload.StringPayload object at 0x000002203840B400>
2024-03-15 23:30:56,942 [Thread-3] INFO: Request received.
2024-03-15 23:30:56,943 [Thread-3] INFO: Retrieving publicKey from message...
2024-03-15 23:30:56,943 [Thread-3] INFO: PublicKey None retrieved!
2024-03-15 23:30:56,943 [Thread-3] INFO: Decoding messager's public key hex...
DanielAtCosmicDNA commented 8 months ago

It seems now, after analysing the data that the error is in the fact that the wrong public key is being sent together with the encrypted message. Instead of the server's that should be the sender's public key.

DanielAtCosmicDNA commented 8 months ago

I am closing as the problem was successfully solved with the content being decrypted as expected. Thank you @alex for your prompt support!