My fernet key "expired" what now?

Moldender

12/15/22, 9:58 AM

6 months ago i created a bot that basically stored every users data in json format in different text files and i had a fernet key. I basically didn't touched it for like 2 months now, because it's a bot for students. So here is the thing, school starts is 15 days, i have 106 accounts which are encrypted using a single fernet key and i can't decode any files because it says that it's corrupted. What can i do?

135

1 + 1

decryption

Eric D

12/15/22, 11:14 AM

I'm not particularly familiar with fernet, but would be strange if it allowed the decryption key to expire. It's possible the data actually got corrupted, or there could be a bug in the code. (NOTE: before you do anything, make a backup of the data so that you don't make things worse during troubleshooting.) Has decryption worked before, or is this the first time you are decrypting this data? If you create new encrypted data now, does it decrypt correctly? Could you share your bot's source code (minus any secrets it might contain)?

Score:0

Crypto

Eric D

12/15/22, 12:09 PM

After digging through the fernet source code a bit, it looks like one possibility is that you have a TTL set on the encrypted data.

If you're using Ruby, you can disable the TTL check with the configuration option config.enforce_ttl:

https://github.com/fernet/fernet-rb#global-configuration

If you're using Go, it looks like you can pass a ttl of 0 into VerifyAndDecrypt:

You might be able to test this theory using the fernet CLI, as it appears to disable the TTL check by default (if I'm interpreting the Ruby code correctly).

https://github.com/fernet/fernet-cli/blob/master/lib/fernet/cli.rb#L82-L84

0 + 0