encryptor | A simple wrapper for the standard ruby OpenSSL library | SSH Utils library

You can use the working Test Vectors from the GlobalPlatform library and test if your executed crypto logic is really working. It could also be that your card is using some key derivation scheme, i.e. the keys you are using cannot be used directly.

For a Key Check Value (KCV) one generally uses single block encryption, without any mode such as ECB or CBC. As only a constant value of 16 bytes is used, there is no need for padding either.

If you just have a CBC class that performs ISO 9797-1 M2 padding then you could encrypt the static value of 01010101010101010101010101010101 (hex encoding of 16 bytes), using an all-zero IV and taking the first 16 bytes from the result (removing 16 bytes of ciphertext at the end that is just encryption of the mandatory padding).

As you can see in the image below, because the IV is all zero, the XOR with the plaintext leaves the input intact, basically making the first ciphertext identical to direct encryption with the block cipher.

By WhiteTimberwolf (SVG version) - PNG version, Public Domain, https://commons.wikimedia.org/w/index.php?curid=26434096

However, as you are using Java, it makes more sense to use a Cipher object using algorithm "AES/ECB/NoPadding" and use that to encrypt the value of 01010101010101010101010101010101 directly. ECB doesn't take an IV, so that problem is avoided. Also, no padding needs to be considered when "NoPadding" is specified.

If you need fewer bytes: those are usually taken from the left (lowest index) of the result.

Beware that these kinds of KCV's are somewhat dangerous as they show the ciphertext of one particular plaintext block. In the worst instances, this could lead to an adversary decrypting one ciphertext block, or for an authenticated scheme to lose its integrity/authentication properties.

Commonly KCV's are over an all-zero plaintext block. Using an all one-valued block makes the chance that this happens smaller, but that chance is still significant.

Libraries like aws-encryption-sdk-python sometimes contain code/dependencies that are not pure Python and need to be compiled. When code needs to be "compiled" it is usually compiled for a target architecture (like ARM or x86) to run properly.

You can not run code compiled for one architecture on different architecture. So I suspect that is the reason for your error.

Looking at the error message I suspect it is the cryptography library causing this issue.

The library uses Rust. If you check your error, you will see that the shared library for the Rust binding is the causing your error (_rust.abi3.so). According to the documentation of the library, the ARM architecture is supported.

Therefore, I suspect that the way you are packaging your Lambda deployment package and it's dependencies is the issue. You are probably doing that on a computer with x86 architecture. Package manager like pip usually detect the OS and architecture they are run on and download dependencies for those OS's and architectures.

So I guess you have two options:

1. Run your build/deployment on an ARM machine
2. Somehow manage to "cross compile" with tools like crossenv

Both options are not really great.

Unfortunately, this is one of those areas where Python Lambdas can become very cumbersome to develop/deploy. Every time a depdency uses a non-Python extension (like a C extension), packaging/deployment becomes a problem.

Maybe someone else has a great tool to recommend.

The reason is this breaking change:

DeflateStream, GZipStream, and CryptoStream diverged from typical Stream.Read and Stream.ReadAsync behavior in two ways:

They didn't complete the read operation until either the buffer passed to the read operation was completely filled or the end of the stream was reached.

And the new behaviour is:

Starting in .NET 6, when Stream.Read or Stream.ReadAsync is called on one of the affected stream types with a buffer of length N, the operation completes when:

At least one byte has been read from the stream, or The underlying stream they wrap returns 0 from a call to its read, indicating no more data is available.

In your case you are affected because of this code in Decrypt method:

You are decrypting the data incorrectly. Try this:

for future reference: I forgot to implement changed_in_place?

You need everything to be the exact same between both versions. This is not currently true; fix that.

Your java code uses:

• AES at block size 128, because that's just how AES rolls. Nothing to configure.
• AES key size of 128, 192, or 256 bits.
• The key.
• The Mode of Operation. Your java code uses ECB (which is insecure). You've told your python code to use GCM. That's, obviously, not going to work. You need to specify ECB there, too.
• Given that it's ECB, there is no IV.
• The padding mode. Java code is doing PKCS5Padding here.
• Crypto is fundamentally byte based but you're trying to encrypt strings, which aren't. That means the string is being converted to bytes, and that means a charset encoding is used. You didn't specify in your java code which means you get 'platform default'. Horrible idea, but if you can't change the java side, figure out what that is, and use the same encoding in your python code.
• Finally, your java code base64's the result.

For most of these, I simply can't tell you; the code you pasted is insufficient. For example, AES key size and whether the keys are actually identical? I have no idea - you tell me. How did you make that SecretKey key object?

I'm not as familiar with python but it sure looks like you base64-encode it, and then decode it again. That's.. no, don't do that. Your java code encodes and that's that. Your python code should base64 encode and that's that.

I'm pretty sure python also defaults to PKCS5Padding.

That leaves the encoding mode which you 100% mismatched between java and python give what little code you pasted, and the way you construct the keys. If the text you're encrypting isn't straight ASCII, it's somewhat likely charset encoding is also causing a difference.

It's crypto. One tiny difference and the outputs will be quite different.

In the C# code, the key is the ASCII encoding of key, but in the Python code it is the SHA-256 hash of key.

So that the Python code produces the same ciphertext, simply replace:

The reason is you are using StreamWriter, which is intended to write text into the stream, but then you write raw bytes there: