-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
5.0.2 cannot decrypt data encoded with 5.0.1 #314
Comments
This comment was marked as duplicate.
This comment was marked as duplicate.
Hi, same here. In the mean time I just use hard-coded version in |
This comment was marked as duplicate.
This comment was marked as duplicate.
Can you folks force |
This comment was marked as duplicate.
This comment was marked as duplicate.
Same, but it's 5.0.2 that is causing the issue. Reverting to 5.0.1 puts things back in order. Interesting gap in updates as 5.0.1 was 2 years ago; 5.0.2 just two days. Great package and hope this gets resolved. Unsure of what (breaking) changes this update provides. |
This comment was marked as duplicate.
This comment was marked as duplicate.
1 similar comment
This comment was marked as duplicate.
This comment was marked as duplicate.
This comment was marked as duplicate.
This comment was marked as duplicate.
I overridden to (pointycastle: 3.6.2) and still got same error |
This comment was marked as duplicate.
This comment was marked as duplicate.
This comment was marked as duplicate.
This comment was marked as duplicate.
Can you guys force |
This comment was marked as duplicate.
This comment was marked as duplicate.
still with error |
The weird thing is that the files on the stacktrace hasn't changed at those spots:
Can you guys spot any differences? |
The same problem with the latest
|
5.0.3 fixes another bug. This one wasn't spotted yet. Help wanted. |
The weird thing is that what was encrypted with 5.0.2 or 5.0.3 can't be decrypted by the same version of the package (also retroactively - something encrypted with 5.0.1). 5.0.1 can't decode something encoded with 5.0.2 or 5.0.3. The reason is the same mentioned here: #314 (comment). Maybe there is a difference in the Initialization Vector (IV). |
That is why I think it something at Pointcastle, there wasn't any significative changes at Encrypt, but people are saying that de downgrade didn't work. |
Downgrade back to 5.0.1 has helped (with encrypted data by 5.0.3 loss) |
I mean: the downgrade of the Pointycastle... |
@farukprogrammer do you know if #259 does have something with that somehow? |
This comment was marked as duplicate.
This comment was marked as duplicate.
Downgrade back to 5.0.1 and clear all data that was encrypted in others version, if you use shared preferences, change the version to automatic clear that. |
This comment was marked as duplicate.
This comment was marked as duplicate.
In my specific issue, it turns out that replacing: final iv = IV.fromLength(16); by final iv = IV.allZerosOfLength(16); fixes my test. i.e. the following test works fine using 5.0.3: import 'package:encrypt/encrypt.dart';
import 'package:test/test.dart';
String aesEncrypt(String decoded, String password) {
final key = Key.fromUtf8(password);
// final iv = IV.fromLength(16); (ok in 5.0.1 not in 5.0.3)
final iv = IV.allZerosOfLength(16);
final encrypter = Encrypter(AES(key));
return encrypter.encrypt(decoded, iv: iv).base64;
}
String aesDecrypt(String encoded, String password) {
final key = Key.fromUtf8(password);
// final iv = IV.fromLength(16); (ok in 5.0.1 not in 5.0.3)
final iv = IV.allZerosOfLength(16);
final encrypter = Encrypter(AES(key));
return encrypter.decrypt(Encrypted.fromBase64(encoded), iv: iv);
}
void main() {
test('AES encrypt/decrypt', () {
var password = r'E4x*$TwbkJC-xK4KGC4zJF9j*Rh&WLgR';
expect(aesEncrypt('test', password), 'amGhyRRLUIoE59IiEys5Vw==');
expect(aesDecrypt('amGhyRRLUIoE59IiEys5Vw==', password), 'test');
});
} So it seems that the behavior of EDIT: The following is compatible for both version: final iv = IV(Uint8List(16)); However reading the comment: /// The key is ALL ZEROS - NOT CRYPTOGRAPHICALLY SECURE!
IV.allZerosOfLength(int length) it sounds that it is not fully secure to use this. What is the correct way to encrypt a content that we need to decrypt later then?. Do we need to save also the content of the |
Hi, @alextekartik. Ideally, the Initialization Vector should be secured as well: After an issue (#246) opened by @InnovativeInventor warning about @deskangel warned us about this risk at #266 (comment) and people was asking for the changes: #295 Meanwhile I haven't been working with Dart/Flutter anymore, I wasn't using this lib and the support was dropping. I assume it is all my fault, I thought that was just a matter of sending a new release and haven't looked carefully to check for breaking changes. My bad, not an excuse, but is really hard to maintain OSS already, then alone and in a stack that you don't work for years, is even harder. Thank you all for you patience. I'd love to hear especially from you guys that use the package, how we can go from there:
|
Thanks for the support, I know maintaining open source project is a pain ! You might want to get other contributors/publishers if you cannot commit to it in the the long term as it seems many people are using it ! So you have to maintain it forever, ha ha. Hard to change the behavior especially in an API that is shown as an example in the README.md. The safest behavior would be to add a new |
hi, current state: both (fromLength + from fromSecureRandom) Therefore, we don't have a breaking change with a change in the second level version slot (5.0.1 to 5.0.2). |
in my case the issue was caused by pointycastle... with encryption at 5.0.1 and pointycastle at version 3.5.2 everything works correctly |
up |
1. pointycastle: 3.6.2 2. leocavalcante#314
Im facing same issue I just changed my yaml to works |
@vihangel Being stuck on an old version could be a pain. If you change your existing |
What does this mean? Are we now stuck in version 5.0.1 or what? |
i had issue when using encrypt version 5.0.2/3 and now i have reverted version to 5.0.1 without "^" prefix as below in pubsepc.xml file. Issue is resolved, encrypt password works. |
I'm getting the same error but am not using
|
I get different results since upgrading to 5.0.2. The following test:
works fine with 5.0.1 but fails with 5.0.2.
Am I using it wrong ? Unfortunately I have some encrypted content that I cannot read anymore.
Thanks !
The text was updated successfully, but these errors were encountered: