Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

[SOLVED] Encrypt-txt.json file could not be decrypted

https://forum.tranquil.it/viewtopic.php?t=3128

Page 1 of 1

[SOLVED] Encrypt-txt.json file could not be decrypted

Published: July 8, 2022 - 2:32 PM
by tuxmania
Hello everyone!

I implemented string encryption using this script: https://www.wapt.fr/en/doc-1.8/wapt-cre ... aquet.html.
During package deployment, on some machines, the encrypt-txt.json file is decrypted without any problems. However, on other machines (which are correctly registered on the server), it is impossible to decrypt the encrypt-txt.json file. I get the following error:

Code: Select all

Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\common.py", line 3874, in install_wapt
exitstatus = setup.install()
File "c:\windows\temp\waptmgjlkh\setup.py", line 44, in install
File "c:\windows\temp\waptmgjlkh\setup.py", line 37, in get_password
File "C:\Program Files (x86)\wapt\waptcrypto.py", line 1133, in decrypt
return self.rsa.decrypt(content,apadding)
File "C:\Program Files (x86)\wapt\lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 359, in decrypt
return _enc_dec_rsa(self._backend, self, ciphertext, padding)
File "C:\Program Files (x86)\wapt\lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 68, in _enc_dec_rsa
return _enc_dec_rsa_pkey_ctx(backend, key, data, padding_enum, padding)
File "C:\Program Files (x86)\wapt\lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 122, in _enc_dec_rsa_pkey_ctx
_handle_rsa_enc_dec_error(backend, key)
File "C:\Program Files (x86)\wapt\lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 153, in _handle_rsa_enc_dec_error
raise ValueError("Decryption failed.")
ValueError: Decryption failed.
ValueError: Decryption failed.
I can see that the error is generated when executing functions from the "rsa.py" file, but I confess I don't know where to start to try and debug it. If anyone has any ideas, I'd be very grateful!

THANKS! ;)

Re: Encrypt-txt.json file cannot be decrypted

Published: July 11, 2022 - 7:08 PM
by dcardon
Hello Tuxmania,

the encryption of secrets sent to machines is based on the machines' public key (so only machines with their private key can decrypt it).

Therefore, you need to restart the secret encryption process if you have new machines to which you need to send it.

Regards,

Denis

Re: Encrypt-txt.json file cannot be decrypted

Published: September 6, 2022 - 1:13 PM
by david999
Hello Denis,

Thank you for your reply.
Sorry, I couldn't get back to you sooner.

In fact, I get 2 types of errors when the file fails to be decrypted:
- 1 error which clearly highlights the fact that the workstation's UID is not present and therefore the file cannot be decrypted
- 1 error that I can't debug (because the package works correctly on many machines, but crashes on a few without much explanation). The error log obtained is as follows:

Code: Select all

Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\common.py", line 3874, in install_wapt
exitstatus = setup.install()
File "c:\windows\temp\waptwabmov\setup.py", line 46, in install
File "c:\windows\temp\waptwabmov\setup.py", line 39, in get_password
File "C:\Program Files (x86)\wapt\waptcrypto.py", line 1133, in decrypt
return self.rsa.decrypt(content,apadding)
File "C:\Program Files (x86)\wapt\lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 359, in decrypt
return _enc_dec_rsa(self._backend, self, ciphertext, padding)
File "C:\Program Files (x86)\wapt\lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 68, in _enc_dec_rsa
return _enc_dec_rsa_pkey_ctx(backend, key, data, padding_enum, padding)
File "C:\Program Files (x86)\wapt\lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 122, in _enc_dec_rsa_pkey_ctx
_handle_rsa_enc_dec_error(backend, key)
File "C:\Program Files (x86)\wapt\lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 153, in _handle_rsa_enc_dec_error
raise ValueError("Decryption failed.")
ValueError: Decryption failed.
ValueError: Decryption failed.
Do you have any idea what I could check to identify the problem (I specify again that the packet passes without problem on many machines, and that the problem observed occurs on some machines only, while all machines use the same version of the Wapt agent)?

Thank you in advance for your feedback.

Re: Encrypt-txt.json file cannot be decrypted

Published: September 8, 2022 - 2:12 PM
by sfonteneau
It's possible the machine has re-engaged a registry with a key change:

this would mean that the keys present in "C:\Program Files (x86)\wapt\private" on the machine don't match the keys present in the wapt database.

If in doubt, you can delete the contents of the "C:\Program Files (x86)\wapt\private" folder, then re-engage the registry, and then recreate the encrypt-txt.json file.

Re: Encrypt-txt.json file cannot be decrypted

Published: September 9, 2022 - 3:58 PM
by david999
Ah, okay! I hadn't thought of that scenario.

Thank you so much for your reply!

Re: [SOLVED] Encrypt-txt.json file cannot be decrypted

Published: September 9, 2022 - 6:28 PM
by david999
@sfonteneau

Do you know why a computer might register itself (without user action)?
Thank you in advance for your reply.

Re: [SOLVED] Encrypt-txt.json file cannot be decrypted

Published: September 12, 2022 - 10:07 AM
by dcardon
@david999, could you please open a new thread for this new question? Forum maintenance takes time, and revisiting closed threads that mix topics doesn't make things any easier. :-)

Thank you, sincerely,

Denis
Time zone set to UTC+02:00
Page 1 of 1

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru