cryptography 36.0.1 Fernet example: AES in CBC mode UnsupportedAlgorithm
Hi, This is maybe not a cryptography question but an openssl one, please bear with me.. I compiled openssl 1.1.1m myself and installed it next to the existing 1.0.1t from my distribution (debian 8). I built a Python linking against this new openssl. When I try the example code from the documentation I get UnsupportedAlgorithm: $ python3 -i Python 3.9.10 (main, Jan 19 2022, 14:33:07) [GCC 4.9.2] on linux Type "help", "copyright", "credits" or "license" for more information.
import cryptography.hazmat.backends.openssl.backend as b
b.openssl_version_text() 'OpenSSL 1.1.1m 14 Dec 2021'
'{:x}'.format(b.openssl_version_number()) '101010df'
from cryptography.fernet import Fernet key = Fernet.generate_key() f = Fernet(key) token = f.encrypt(b"my deep dark secret") Traceback (most recent call last):
<skipping parts> raise UnsupportedAlgorithm(msg, _Reasons.UNSUPPORTED_CIPHER) cryptography.exceptions.UnsupportedAlgorithm: cipher AES in CBC mode is not supported by this backend (Your version of OpenSSL may be too old. Current version: OpenSSL 1.1.1m 14 Dec 2021.) However, I can do this on the commandline: $ openssl version OpenSSL 1.1.1m 14 Dec 2021 $ openssl enc -aes128 -base64 -in text.plain -out text.enc enter aes-128-cbc encryption password: Verifying - enter aes-128-cbc encryption password: *** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better. $ cat text.enc U2FsdGVkX18dFTIizaI1vyR/zo26kRa6ZusV61GMYZ8= This didn't work initially, I first had to align openssl.cnf with the one from the distribution. But now I would say the openssl itself is working. Why is this not working in the cryptography module? Or/and, what would be the best next step to analyse? Thanks! Erik
participants (1)
-
ejanssen@itmatters.nl