[Cryptography-dev] cryptography 36.0.1 Fernet example: AES in CBC mode UnsupportedAlgorithm

ejanssen at itmatters.nl ejanssen at itmatters.nl
Wed Jan 19 13:23:03 EST 2022 

Hi,

Fixed it. Found with strace that the old lib got loaded as well
Made a static wheel as explained in 
https://cryptography.io/en/latest/installation/
Now it works

Erik


ejanssen at itmatters.nl schreef op 2022-01-19 17:53:
> Hi,
> 
> This is maybe not a cryptography question but an openssl one, please
> bear with me..
> 
> I compiled openssl 1.1.1m myself and installed it next to the existing
> 1.0.1t from my distribution (debian 8). I built a Python linking
> against this new openssl.
> 
> When I try the example code from the documentation I get 
> UnsupportedAlgorithm:
> 
> $ python3 -i
> Python 3.9.10 (main, Jan 19 2022, 14:33:07)
> [GCC 4.9.2] on linux
> Type "help", "copyright", "credits" or "license" for more information.
>>>> import cryptography.hazmat.backends.openssl.backend as b
> 
>>>> b.openssl_version_text()
> 'OpenSSL 1.1.1m  14 Dec 2021'
> 
>>>> '{:x}'.format(b.openssl_version_number())
> '101010df'
> 
>>>> from cryptography.fernet import Fernet
>>>> key = Fernet.generate_key()
>>>> f = Fernet(key)
>>>> token = f.encrypt(b"my deep dark secret")
> Traceback (most recent call last):
> 
> <skipping parts>
> 
>     raise UnsupportedAlgorithm(msg, _Reasons.UNSUPPORTED_CIPHER)
> cryptography.exceptions.UnsupportedAlgorithm: cipher AES in CBC mode
> is not supported by this backend (Your version of OpenSSL may be too
> old. Current version: OpenSSL 1.1.1m  14 Dec 2021.)
> 
> 
> However, I can do this on the commandline:
> 
> $ openssl version
> OpenSSL 1.1.1m  14 Dec 2021
> 
> $ openssl enc -aes128 -base64 -in text.plain -out text.enc
> enter aes-128-cbc encryption password:
> Verifying - enter aes-128-cbc encryption password:
> *** WARNING : deprecated key derivation used.
> Using -iter or -pbkdf2 would be better.
> 
> $ cat text.enc
> U2FsdGVkX18dFTIizaI1vyR/zo26kRa6ZusV61GMYZ8=
> 
> This didn't work initially, I first had to align openssl.cnf with the
> one from the distribution. But now I would say the openssl itself is
> working.
> 
> Why is this not working in the cryptography module? Or/and, what would
> be the best next step to analyse?
> 
> 
> Thanks!
> 
> Erik
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev

More information about the Cryptography-dev mailing list