pythoncryptographypymongofernet

Fernet key must be 32 url-safe base64-encoded bytes


import certifi
from pymongo import MongoClient 
import os
import platform
from cryptography.fernet import Fernet

cluster = MongoClient("(database string)", tlsCAFile=certifi.where())
db = cluster["db"]
pass_collection = db["password"]

def clear():
    if platform.system() == "Windows":
        os.system('cls')
    else:
        os.system('clear')

while True:
    clear()
    print(''''
    /$$$$$$  /$$$$$$$  /$$      /$$
    /$$__  $$| $$__  $$| $$$    /$$$
    | $$  \__/| $$  \ $$| $$$$  /$$$$
    |  $$$$$$ | $$$$$$$/| $$ $$/$$ $$
    \____  $$| $$____/ | $$  $$$| $$
    /$$  \ $$| $$      | $$\  $ | $$
    |  $$$$$$/| $$      | $$ \/  | $$
    \______/ |__/      |__/     |__/          
    ''')
    print("---------------------------------")
    print("1: New password")
    print("2: View Password")
    print("3: Exit")
    print("---------------------------------")
    startMenu = int(input())
    if startMenu == 1:
        clear()
        print("Password to save:")

        passwd = input()
        key_en = Fernet.generate_key()

        print("Hasing pass....")
        passwd = passwd.encode('utf-8')
        hash_pw = Fernet(key_en).encrypt(passwd)

        print("Create rapass.")
        rapass = input()

        print("NOTE THESE PASSWORDS:")
        print('RAPASS : ' + rapass)
        print('SecurePass : ' + str(key_en))

        print("Storing pass...")

        pass_collection.insert_one({"_id": rapass, "password": hash_pw})

        input()

        print("Succesful. Press any key to continue.")
        input()

    elif startMenu == 2:
        clear()
        print("Enter rapass:")
        rapass = input()
        data = pass_collection.find_one({"_id" : rapass})

        if rapass == data["_id"]:
            print("Enter SecurePass")
            
            key_de = input()
            key_de = bytes(key_de, 'utf-8')

            raw_pass = Fernet(key_de).decrypt(data["password"])

            if Fernet(key_de).encrypt(raw_pass) == data["password"]:
                print(raw_pass)
            else:
                print("SecurePass incorrect. Please try again.")
                input()
                clear()            
        else:
            print("Invalid credentials.")
            input()
            clear()

    elif startMenu == 3:
        exit()

Here is my code, I was trying to make a login/register system but then I got this error. I tried encoding it into utf-8 but it still shows up. Can you tell me how to obliterate this error.

Here is where the program stops and shows the error:

raw_pass = Fernet(key_de).decrypt(data["password"])

Ive tried using the base64 import to encode the data but it comes up with the same error-

key_de = bytes(key_de, 'utf-8')

key_de = base64.urlsafe_b64encode(key_de)


Solution

  • The key used to encrypt (not hash) the password - called key_en - is not stored or shown. It consists of binary data, which seemingly is encoded as base 64 by Fernet. You then ask for a key_de, which would need to be the same as key_en, but since you've never communicated that value, the code will fail.

    This is more likely a design error than a programming error. You may want to rethink your strategy.