0

I am building website in python flask & using AES algorithm of pycrypto library. In sign up web page, I am saving encrypted pwd & encrypted key in text file. In login page, I am comparing entered pwd with decrypted pwd,using below code

def decryption(encryptedString,key_from_file):
    PADDING = '{'
    DecodeAES = lambda c, e: c.decrypt(base64.b64decode(e)).rstrip(PADDING)
    #Key is FROM the printout of 'secret' in encryption
    #below is the encryption.
    encryption = encryptedString
    key = key_from_file
    cipher = AES.new(key) #### error comes here 
    decoded = DecodeAES(cipher, encryption)
    return decoded

def login():
    if request.method == 'GET':
        return render_template('login.html')
    if  request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        d2 = pandas.read_csv("Employee_Info.txt",header=0)
        search_id = d2[d2['email'] == username]
        pdb.set_trace()
        if search_id.empty:
            error = "username does not exists"
            return render_template('login.html', error = error)
        else:
            pwd_from_file=search_id.iloc[0]['pwd']
            key_from_file=search_id.iloc[0]['key']

            if decryption(pwd_from_file,key_from_file) == password:
                print "matching password"
            else:
                print "mismatch"

but I am getting error as ValueError: AES key must be 16,24 or 32 bytes long.

Text file has below fields:

id,email,pwd,key
qq,qq,h4vvEPuVNwjw22yJKz8QGg==,xéðjŸ¸AOݬ‡
Improve this question

1 Answer 1

Reset to default
1

You are storing the key in raw Unicode bytes, so there is likely a serialization/deserialization error. Encode the raw key bytes in hexadecimal or Base64 before storing in the file, and then convert back to raw before initializing your cipher.

Note: Storing the key in the credentials data store is very bad, and encrypting passwords for credential verification is also very bad. Look at Why should I hash passwords and How to securely hash passwords for more information.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.