[SOLVED] Encrypt-txt.json file could not be decrypted

Questions about WAPT Packaging / Requests and help regarding Wapt packages.
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
tuxmania
Messages: 12
Registration: Sep 22, 2020 - 4:48 p.m.

July 8, 2022 - 2:32 PM

Hello everyone!

I implemented string encryption using this script: https://www.wapt.fr/en/doc-1.8/wapt-cre ... aquet.html.
During package deployment, on some machines, the encrypt-txt.json file is decrypted without any problems. However, on other machines (which are correctly registered on the server), it is impossible to decrypt the encrypt-txt.json file. I get the following error:

Code: Select all

Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\common.py", line 3874, in install_wapt
exitstatus = setup.install()
File "c:\windows\temp\waptmgjlkh\setup.py", line 44, in install
File "c:\windows\temp\waptmgjlkh\setup.py", line 37, in get_password
File "C:\Program Files (x86)\wapt\waptcrypto.py", line 1133, in decrypt
return self.rsa.decrypt(content,apadding)
File "C:\Program Files (x86)\wapt\lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 359, in decrypt
return _enc_dec_rsa(self._backend, self, ciphertext, padding)
File "C:\Program Files (x86)\wapt\lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 68, in _enc_dec_rsa
return _enc_dec_rsa_pkey_ctx(backend, key, data, padding_enum, padding)
File "C:\Program Files (x86)\wapt\lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 122, in _enc_dec_rsa_pkey_ctx
_handle_rsa_enc_dec_error(backend, key)
File "C:\Program Files (x86)\wapt\lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 153, in _handle_rsa_enc_dec_error
raise ValueError("Decryption failed.")
ValueError: Decryption failed.
ValueError: Decryption failed.
I can see that the error is generated when executing functions from the "rsa.py" file, but I confess I don't know where to start to try and debug it. If anyone has any ideas, I'd be very grateful!

THANKS! ;)
High
User avatar
dcardon
WAPT Expert
Messages: 1932
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

July 11, 2022 - 7:08 PM

Hello Tuxmania,

the encryption of secrets sent to machines is based on the machines' public key (so only machines with their private key can decrypt it).

Therefore, you need to restart the secret encryption process if you have new machines to which you need to send it.

Regards,

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
david999
Messages: 8
Registration: July 9, 2018 - 9:44 AM

September 6, 2022 - 1:13 PM

Hello Denis,

Thank you for your reply.
Sorry, I couldn't get back to you sooner.

In fact, I get 2 types of errors when the file fails to be decrypted:
- 1 error which clearly highlights the fact that the workstation's UID is not present and therefore the file cannot be decrypted
- 1 error that I can't debug (because the package works correctly on many machines, but crashes on a few without much explanation). The error log obtained is as follows:

Code: Select all

Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\common.py", line 3874, in install_wapt
exitstatus = setup.install()
File "c:\windows\temp\waptwabmov\setup.py", line 46, in install
File "c:\windows\temp\waptwabmov\setup.py", line 39, in get_password
File "C:\Program Files (x86)\wapt\waptcrypto.py", line 1133, in decrypt
return self.rsa.decrypt(content,apadding)
File "C:\Program Files (x86)\wapt\lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 359, in decrypt
return _enc_dec_rsa(self._backend, self, ciphertext, padding)
File "C:\Program Files (x86)\wapt\lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 68, in _enc_dec_rsa
return _enc_dec_rsa_pkey_ctx(backend, key, data, padding_enum, padding)
File "C:\Program Files (x86)\wapt\lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 122, in _enc_dec_rsa_pkey_ctx
_handle_rsa_enc_dec_error(backend, key)
File "C:\Program Files (x86)\wapt\lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 153, in _handle_rsa_enc_dec_error
raise ValueError("Decryption failed.")
ValueError: Decryption failed.
ValueError: Decryption failed.
Do you have any idea what I could check to identify the problem (I specify again that the packet passes without problem on many machines, and that the problem observed occurs on some machines only, while all machines use the same version of the Wapt agent)?

Thank you in advance for your feedback.
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

September 8, 2022 - 2:12 PM

It's possible the machine has re-engaged a registry with a key change:

this would mean that the keys present in "C:\Program Files (x86)\wapt\private" on the machine don't match the keys present in the wapt database.

If in doubt, you can delete the contents of the "C:\Program Files (x86)\wapt\private" folder, then re-engage the registry, and then recreate the encrypt-txt.json file.
High
david999
Messages: 8
Registration: July 9, 2018 - 9:44 AM

September 9, 2022 - 3:58 PM

Ah, okay! I hadn't thought of that scenario.

Thank you so much for your reply!
High
david999
Messages: 8
Registration: July 9, 2018 - 9:44 AM

September 9, 2022 - 6:28 PM

@sfonteneau

Do you know why a computer might register itself (without user action)?
Thank you in advance for your reply.
High
User avatar
dcardon
WAPT Expert
Messages: 1932
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

September 12, 2022 - 10:07

@david999, could you please open a new thread for this new question? Forum maintenance takes time, and revisiting closed threads that mix topics doesn't make things any easier. :-)

Thank you, sincerely,

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
Locked

Return to “WAPT Packages”


  • To go further with WAPT