OpenSSL::Cipher::CipherError: wrong final block length about attr_encrypted HOT 17 CLOSED

Try setting the cipher.key value after calling the decrypt or encrypt methods

from attr_encrypted.

I got this error before. Make sure that you're not setting your encrypted attribute directly, and also make sure the key you're using is ok. I just searched google for a random 256 key generator and used that key.

from attr_encrypted.

Thanks - I grabbed a 256bit key, and am using it. Also - encrypting user.dob (virtual attrib) vs. user.encrypted_dob. Its going in encrypted - but when I do 'user.dob' keep getting the 'OpenSSL::Cipher::CipherError: wrong final block length' error.

from attr_encrypted.

Hi, just having this issue. The funny thing is that I'm using some encrypted attributes on some fields from 3 models. No problem with 2 of the models and now with the users model I get this error. I should have followed the same procedure but I can't spot the difference. Did you manage to find the problem in your case?

Cheers.

from attr_encrypted.

Gosh I didn't - I'm going to get back to it soon as I need to resolve it
or use a different solution.

On 10/24/12 5:32 PM, josegrad wrote:

Hi, just having this issue. The funny thing is that I'm using some
encrypted attributes on some fields from 3 models. No problem with 2 of
the models and now with the users model I get this error. I should have
followed the same procedure but I can't spot the difference. Did you
manage to find the problem in your case?

Cheers.

—
Reply to this email directly or view it on GitHub
#44 (comment).

from attr_encrypted.

I gave away about encrypting the user fields, also I'm using sorcery for authentication and encrypting those was adding extra complexity. I think I covered the thing protecting the other models. I'm curious to know which route you take and if you manage to find the solution.

Cheers.

from attr_encrypted.

Just wanted to point out that if the field the encrypted value is stored in is a generic text field (like in MySQL) then it's possible to get unwanted padding to the value when pulling it back out (at least that is what I've read). The recommendation (for MySQL) was to use a BLOB field type for storing encrypted values. Not sure this even applies here but just something to check.

from attr_encrypted.

Thanks. I wasn't aware of that recommendation. I'm using this gem in several projects and never used blob for it. I'm on postgresql though I'm not sure if that makes any difference.

from attr_encrypted.

Still stumbled across this problem also.

from attr_encrypted.

@northband,

What database are you using and do you have any limits on the length of the encrypted column? We were able to replicate this issue with a MySQL database and a column whose limit caused the encrypted value to be truncated.

I would check that the encrypted value stored in the database is the same as the encrypted value that is returned when a value is encrypted.

Thanks

from attr_encrypted.

closing for now. unless reproducible details are available #52 may suffice to address this based on our testing.

from attr_encrypted.

I am getting this error. Using postgres. Was there ever a resolution?

from attr_encrypted.

@pdsullivan Please provide more info.

from attr_encrypted.

Hey @saghaulor

Here is the full error I am getting

OpenSSL::Cipher::CipherError: wrong final block length
from /Users/patrick/.rvm/gems/ruby-2.2.2/gems/encryptor-1.3.0/lib/encryptor.rb:73:in `final'

What i am doing is setting the user's ssn like so user.ssn = '888888888' then i am able to access it by just doing user.ssn in memory but when i do user.save and and user.reload and try to access the ssn again i get that error.

also just so it is said, in my database i have the column called encrypted_ssn.

In my model i am using the attr_encrypted. I have tried it with and without the :encode => true

attr_encrypted :ssn, :key => ENV["KEY"], :encode => true

@saghaulor

from attr_encrypted.

@pdsullivan can you please include the line where you're using attr_encrypted in your User model?

from attr_encrypted.

and the encrypted_ssn column is added as string type

def change
    add_column :users, :encrypted_ssn, :string  
end

from attr_encrypted.

@pdsullivan what ORM are you using?

Also, just an FYI:

1. It looks like you're using a generic IV (:single_iv_and_salt). This is not very safe. In fact it's not recommended.
2. You're using the string column type and base64 encoding the ciphertext. This is not required. You can use the binary column type and not encode and thing should still work, saving some time.
3. Depending on what db you use, it may have dangerous defaults. Namely, older versions of mysql will truncate data silently if it exceeds the column length. You should be fine with a short string like SSN, but please be mindful of that. You turn on strict mode in Mysql so that it will raise an exception if the data exceeds the column max length.
4. If you're just getting started with attr_encrypted, please stay tuned. I'm about to push a v2.0 that significantly improves the default security.

from attr_encrypted.