search

spikex / strongbox

Secures ActiveRecord attributes with public key encryption
http://stuff-things.net/2009/04/17/introducing-strongbox/
MIT License
397 stars 43 forks source link

OpenSSL::PKey::RSAError: padding check failed #47

Closed ekampp closed 4 years ago

ekampp commented 8 years ago

Hi there.

I'm using the master branch to get access to the deferred_encryption option.

This is the error I'm getting: 

Agent.create(password: 'hello', encrypted_password: 'a').encrypted_password.decrypt 'hello'
# => OpenSSL::PKey::RSAError: padding check failed

Based on this code: 

require 'openssl'

class Agent < ActiveRecord::Base
  attr_accessor :password

  # Encrypts the emphemeral #password value into the #encrypted_password field.
  encrypt_with_public_key :encrypted_password, key_pair: :key_pair,
                                               deferred_encryption: true,
                                               padding: RSA_PKCS1_OAEP_PADDING,
                                               symmetric: :always,
                                               symmetric_cipher: 'des3'

  private

    def key_pair
     rsa_key = OpenSSL::PKey::RSA.new(2048)
     cipher =  OpenSSL::Cipher::Cipher.new('des3')
     rsa_key.to_pem(cipher,self.password) + rsa_key.public_key.to_pem
    end
end

Here is the stacktrace from the exception: 

from /Users/emil/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/bundler/gems/strongbox-975d4dcf6c8b/lib/strongbox/lock.rb:105:in `private_decrypt'
from /Users/emil/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/bundler/gems/strongbox-975d4dcf6c8b/lib/strongbox/lock.rb:105:in `decrypt'
from (irb):1
from /Users/emil/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands/console.rb:110:in `start'
from /Users/emil/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands/console.rb:9:in `start'
from /Users/emil/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands/commands_tasks.rb:68:in `console'
from /Users/emil/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands/commands_tasks.rb:39:in `run_command!'
from /Users/emil/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/railties-4.2.3/lib/rails/commands.rb:17:in `<top (required)>'
from bin/rails:4:in `require'
from bin/rails:4:in `<main>'

I tried outputting boy the symmetric_cipher and the padding from lock.rbs encrypt and decrypt method, and they where the same going in, and comming out. So I'm a little at a loss, on what's going on.

The reason I'm bringing it up as an issue here, is that I suspect that the deferred_encryption might be at fault?

Best regards, Emil