Search code examples
pythonencryptioncryptographypycryptopycryptodome

PyCryptodome Error: MAC Check Failed

I am working on an encryption program with Pycryptodome in Python 3. I am trying to encrypt a (byte) string and then decrypt it and verify the MAC tag. When I get to verify it, an error is thrown.

This is the code:

from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes

aes_key = get_random_bytes(24)
aes_cipher = AES.new(aes_key, AES.MODE_GCM)
encrypted, MACtag = aes_cipher.encrypt_and_digest(b"A random thirty two byte string.")

# Imagine this is happening somewhere else
new_aes_cipher = AES.new(aes_key, AES.MODE_GCM, nonce=aes_cipher.nonce)
new_aes_cipher.verify(MACtag)
decrypted = new_aes_cipher.decrypt(encrypted)

And this is the error:

Traceback (most recent call last):
  File "aespractice.py", line 10, in <module>
    new_aes_cipher.verify(tag)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-
packages/Crypto/Cipher/_mode_gcm.py", line 441, in verify
    raise ValueError("MAC check failed")
ValueError: MAC check failed

I've looked at the documentation, and I it looks to me like everything is all right. Why do you think the program is acting this way? Any help would be appreciated.

Solution

  • If you look at the state diagram for authenticated modes:

    enter image description here

    You see that verify() should be called at the very end, after any decrypt() has taken place. So, either you invert the calls or you replace them with a combined decrypt_and_verify().