Login/Register
PyCryptodome Error: MAC Check Failed
Asked Answered
Solved pythonencryptioncryptographypycryptopycryptodome
R

1

5

I am working on an encryption program with Pycryptodome in Python 3. I am trying to encrypt a (byte) string and then decrypt it and verify the MAC tag. When I get to verify it, an error is thrown.

This is the code:

from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes

aes_key = get_random_bytes(24)
aes_cipher = AES.new(aes_key, AES.MODE_GCM)
encrypted, MACtag = aes_cipher.encrypt_and_digest(b"A random thirty two byte string.")

# Imagine this is happening somewhere else
new_aes_cipher = AES.new(aes_key, AES.MODE_GCM, nonce=aes_cipher.nonce)
new_aes_cipher.verify(MACtag)
decrypted = new_aes_cipher.decrypt(encrypted)

And this is the error:

Traceback (most recent call last):
  File "aespractice.py", line 10, in <module>
    new_aes_cipher.verify(tag)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-
packages/Crypto/Cipher/_mode_gcm.py", line 441, in verify
    raise ValueError("MAC check failed")
ValueError: MAC check failed

I've looked at the documentation, and I it looks to me like everything is all right. Why do you think the program is acting this way? Any help would be appreciated.

Randell answered 5/2, 2018 at 5:33 Comment(0)
R
9

If you look at the state diagram for authenticated modes:

enter image description here

You see that verify() should be called at the very end, after any decrypt() has taken place. So, either you invert the calls or you replace them with a combined decrypt_and_verify().

Refrigerate answered 5/2, 2018 at 7:48 Comment(3)
Thank you, but I have one more question. What is the difference between digest() and hexdigest()?Randell
hexdigest() returns digest() already encoded as a hexadecimal stringRefrigerate
I am having the same problem in a machine with ARM architecture. I use a decrypt_and_verify() but i get the same errorSaintmihiel

© 2022 - 2024 — McMap. All rights reserved.