[botan-devel] Question about exceptions

Murphy, Sean smurphy at walbro.com
Wed Nov 5 14:35:38 EST 2014


I'm just getting my feet wet with Botan (and cryptography in general), and I ran into an issue that I wanted to understand better.  

I've got two functions:
encrypt()
        //Setup the key derive functions
        PKCS5_PBKDF2 pbkdf2(new HMAC(new SHA_160));
        const u32bit PBKDF2_ITERATIONS = 8192;

        //Create the KEY and IV
        KDF* kdf = get_kdf("KDF2(SHA-1)");

        //Create the master key
        SecureVector<Botan::byte> mMaster = pbkdf2.derive_key(48, encryptKey.toStdString(), &mSalt[0], 
   				mSalt.size(),PBKDF2_ITERATIONS).bits_of();
        SymmetricKey mKey = kdf->derive_key(32, mMaster, "salt1");
        InitializationVector mIV = kdf->derive_key(16, mMaster, "salt2");

        Pipe pipe(get_cipher("AES-256/CBC/PKCS7", mKey, mIV,ENCRYPTION),new Base64_Encoder);
        pipe.process_msg(originalText.toStdString());
        QString Value = QString::fromStdString(pipe.read_all_as_string(0));

decrypt()
        PKCS5_PBKDF2 pbkdf2(new HMAC(new SHA_160));
        const u32bit PBKDF2_ITERATIONS = 8192;

        //Create the KEY and IV
        KDF* kdf = get_kdf("KDF2(SHA-1)");

        //Create the master key
        SecureVector<Botan::byte> mMaster = pbkdf2.derive_key(48, decryptKey.toStdString(), &mSalt[0],
        mSalt.size(),PBKDF2_ITERATIONS).bits_of();
        SymmetricKey mKey = kdf->derive_key(32, mMaster, "salt1");
        InitializationVector mIV = kdf->derive_key(16, mMaster, "salt2");

        Pipe pipe(new Base64_Decoder,get_cipher("AES-256/CBC/PKCS7", mKey, mIV,DECRYPTION));
        pipe.process_msg(encryptedText.toStdString());
        QString Value = QString::fromStdString(pipe.read_all_as_string(0));

What I'm finding is that if I take some original text, and run it through encrypt() that seems to work fine, I get what appears to be an encrypted string back.  If I decrypt() that new string, I get my original text back so long as encryptKey in encrypt() matches decryptKey in decrypt().  So far so good, I'm getting back what I expect when I use the same key.  But if decryptKey doesn't match encryptKey, the call to pipe.process_msg() in decrypt() throws a Decoding_Error exception with the text "PKCS7".  I had expected that if the keys didn't match, I would just get garbage back, not a thrown exception.

So am I doing something wrong?  Or am I just misunderstanding something?
Sean


More information about the botan-devel mailing list