Skip to content
Advertisement

Python Simple DES encrypt/decrypt program “ValueError MAC check failed” issue

I’m having quite the difficulty understanding what’s wrong here, does anyone have the knowledge to decipher what this error message means and potentially how to fix the issue?

”’

from Crypto.Cipher import DES

def DESenc():
    key = b'password'
    message = b'i like beans'
    cipher = DES.new(key, DES.MODE_EAX)
    ciphertext, tag = cipher.encrypt_and_digest(message)

    file_out = open("encrypted.bin", "wb")
    [ file_out.write(x) for x in (cipher.nonce, tag, ciphertext) ]
    file_out.close()

def DESdec():
    file_in = open("encrypted.bin", "rb")
    nonce, tag, ciphertext = [ file_in.read(x) for x in (16, 16, -1) ]
    key = b'password'

    cipher = DES.new(key, DES.MODE_EAX, nonce=nonce)
    data = cipher.decrypt_and_verify(ciphertext, tag)

    print(data.decode('ascii'))

DESenc()
DESdec()

”’

Advertisement

Answer

According to the documentation, the tag size corresponds by default to the block size of the algorithm (here), which is 8 bytes for DES (and not 16 bytes as e.g. for AES). Therefore, during decryption

nonce, tag, ciphertext = [ file_in.read(x) for x in (16, 8, -1) ]

must be applied. Then decryption works.

Alternatively, the tag size can be set explicitly (but for the parameters used, DES/EAX, 8 bytes is the maximum tag size).

Note that DES is deprecated and insecure. Today’s standard is AES.

User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement