def test_unaligned_data_64(self): plaintexts = [ b"7777777" ] * 100 cipher = DES3.new(self.key_192, DES3.MODE_OPENPGP, self.iv_64) ciphertexts = [ cipher.encrypt(x) for x in plaintexts ] cipher = DES3.new(self.key_192, DES3.MODE_OPENPGP, self.iv_64) self.assertEqual(b"".join(ciphertexts), cipher.encrypt(b"".join(plaintexts)))
def test_des3(self): # The following test vectors have been generated with gpg v1.4.0. # The command line used was: # gpg -c -z 0 --cipher-algo 3DES --passphrase secret_passphrase \ # --disable-mdc --s2k-mode 0 --output ct pt # For an explanation, see test_AES.py . plaintext = 'ac1762037074324fb53ba3596f73656d69746556616c6c6579' ciphertext = '9979238528357b90e2e0be549cb0b2d5999b9a4a447e5c5c7d' key = '7ade65b460f5ea9be35f9e14aa883a2048e3824aa616c0b2' iv='cd47e2afb8b7e4b0' encrypted_iv='6a7eef0b58050e8b904a' plaintext = unhexlify(plaintext) ciphertext = unhexlify(ciphertext) key = unhexlify(key) iv = unhexlify(iv) encrypted_iv = unhexlify(encrypted_iv) cipher = DES3.new(key, DES3.MODE_OPENPGP, iv) ct = cipher.encrypt(plaintext) self.assertEqual(ct[:10], encrypted_iv) self.assertEqual(ct[10:], ciphertext) cipher = DES3.new(key, DES3.MODE_OPENPGP, encrypted_iv) pt = cipher.decrypt(ciphertext) self.assertEqual(pt, plaintext)
def test_loopback_64(self): cipher = DES3.new(self.key_192, DES3.MODE_CTR, counter=self.ctr_64) pt = get_tag_random("plaintext", 8 * 100) ct = cipher.encrypt(pt) cipher = DES3.new(self.key_192, DES3.MODE_CTR, counter=self.ctr_64) pt2 = cipher.decrypt(ct) self.assertEqual(pt, pt2)
def test_unaligned_data_64(self): cipher = DES3.new(self.key_192, self.des3_mode, self.iv_64) for wrong_length in xrange(1,8): self.assertRaises(ValueError, cipher.encrypt, b("5") * wrong_length) cipher = DES3.new(self.key_192, self.des3_mode, self.iv_64) for wrong_length in xrange(1,8): self.assertRaises(ValueError, cipher.decrypt, b("5") * wrong_length)
def test_loopback_64(self): cipher = DES3.new(self.key_192, self.des3_mode, self.iv_64) pt = get_tag_random("plaintext", 8 * 100) ct = cipher.encrypt(pt) cipher = DES3.new(self.key_192, self.des3_mode, self.iv_64) pt2 = cipher.decrypt(ct) self.assertEqual(pt, pt2)
def test_loopback_64(self): cipher = DES3.new(self.key_192, DES3.MODE_EAX, nonce=self.nonce_96) pt = get_tag_random("plaintext", 8 * 100) ct = cipher.encrypt(pt) cipher = DES3.new(self.key_192, DES3.MODE_EAX, nonce=self.nonce_96) pt2 = cipher.decrypt(ct) self.assertEqual(pt, pt2)
def test_loopback_64(self): cipher = DES3.new(self.key_192, DES3.MODE_OPENPGP, self.iv_64) pt = get_tag_random("plaintext", 8 * 100) ct = cipher.encrypt(pt) eiv, ct = ct[:10], ct[10:] cipher = DES3.new(self.key_192, DES3.MODE_OPENPGP, eiv) pt2 = cipher.decrypt(ct) self.assertEqual(pt, pt2)
def test_unaligned_data_64(self): plaintexts = [ b("7777777") ] * 100 cipher = DES3.new(self.key_192, DES3.MODE_CFB, self.iv_64, segment_size=8) ciphertexts = [ cipher.encrypt(x) for x in plaintexts ] cipher = DES3.new(self.key_192, DES3.MODE_CFB, self.iv_64, segment_size=8) self.assertEqual(b("").join(ciphertexts), cipher.encrypt(b("").join(plaintexts))) cipher = DES3.new(self.key_192, DES3.MODE_CFB, self.iv_64, segment_size=64) ciphertexts = [ cipher.encrypt(x) for x in plaintexts ] cipher = DES3.new(self.key_192, DES3.MODE_CFB, self.iv_64, segment_size=64) self.assertEqual(b("").join(ciphertexts), cipher.encrypt(b("").join(plaintexts)))
def test_unaligned_data_64(self): plaintexts = [ b"7777777" ] * 100 cipher = DES3.new(self.key_192, AES.MODE_CTR, counter=self.ctr_64) ciphertexts = [ cipher.encrypt(x) for x in plaintexts ] cipher = DES3.new(self.key_192, AES.MODE_CTR, counter=self.ctr_64) self.assertEqual(b"".join(ciphertexts), cipher.encrypt(b"".join(plaintexts))) cipher = DES3.new(self.key_192, AES.MODE_CTR, counter=self.ctr_64) ciphertexts = [ cipher.encrypt(x) for x in plaintexts ] cipher = DES3.new(self.key_192, AES.MODE_CTR, counter=self.ctr_64) self.assertEqual(b"".join(ciphertexts), cipher.encrypt(b"".join(plaintexts)))
def runTest(self): # Encrypt/Decrypt data and test output parameter cipher = DES3.new(b'4'*8 + b'G'*8 + b'T'*8, DES3.MODE_ECB) pt = b'5' * 16 ct = cipher.encrypt(pt) output = bytearray(16) res = cipher.encrypt(pt, output=output) self.assertEqual(ct, output) self.assertEqual(res, None) res = cipher.decrypt(ct, output=output) self.assertEqual(pt, output) self.assertEqual(res, None) import sys if sys.version[:3] != '2.6': output = memoryview(bytearray(16)) cipher.encrypt(pt, output=output) self.assertEqual(ct, output) cipher.decrypt(ct, output=output) self.assertEqual(pt, output) self.assertRaises(TypeError, cipher.encrypt, pt, output=b'0'*16) self.assertRaises(TypeError, cipher.decrypt, ct, output=b'0'*16) shorter_output = bytearray(7) self.assertRaises(ValueError, cipher.encrypt, pt, output=shorter_output) self.assertRaises(ValueError, cipher.decrypt, ct, output=shorter_output)
def _do_tdes_test(self, file_name): test_vectors = load_tests(("Cryptodome", "SelfTest", "Cipher", "test_vectors", "TDES"), file_name, "TDES CBC KAT", { "count" : lambda x: int(x) } ) assert(test_vectors) direction = None for tv in test_vectors: # The test vector file contains some directive lines if isinstance(tv, basestring): direction = tv continue self.description = tv.desc if hasattr(tv, "keys"): cipher = DES.new(tv.keys, self.des_mode, tv.iv) else: if tv.key1 != tv.key3: key = tv.key1 + tv.key2 + tv.key3 # Option 3 else: key = tv.key1 + tv.key2 # Option 2 cipher = DES3.new(key, self.des3_mode, tv.iv) if direction == "[ENCRYPT]": self.assertEqual(cipher.encrypt(tv.plaintext), tv.ciphertext) elif direction == "[DECRYPT]": self.assertEqual(cipher.decrypt(tv.ciphertext), tv.plaintext) else: assert False
def _do_tdes_test(self, file_name, segment_size): test_vectors = load_tests(("Cryptodome", "SelfTest", "Cipher", "test_vectors", "TDES"), file_name, "AES CFB%d KAT" % segment_size, { "count" : lambda x: int(x) } ) assert(test_vectors) direction = None for tv in test_vectors: # The test vector file contains some directive lines if is_string(tv): direction = tv continue self.description = tv.desc if hasattr(tv, "keys"): cipher = DES.new(tv.keys, DES.MODE_CFB, tv.iv, segment_size=segment_size) else: if tv.key1 != tv.key3: key = tv.key1 + tv.key2 + tv.key3 # Option 3 else: key = tv.key1 + tv.key2 # Option 2 cipher = DES3.new(key, DES3.MODE_CFB, tv.iv, segment_size=segment_size) if direction == "[ENCRYPT]": self.assertEqual(cipher.encrypt(tv.plaintext), tv.ciphertext) elif direction == "[DECRYPT]": self.assertEqual(cipher.decrypt(tv.ciphertext), tv.plaintext) else: assert False
def test_segment_size_64(self): for bits in xrange(8, 65, 8): cipher = DES3.new(self.key_192, DES3.MODE_CFB, self.iv_64, segment_size=bits) for bits in 0, 7, 9, 63, 65: self.assertRaises(ValueError, DES3.new, self.key_192, AES.MODE_CFB, self.iv_64, segment_size=bits)
def test_nonce_attribute(self): # Nonce attribute is the prefix passed to Counter (DES3) cipher = DES3.new(self.key_192, DES3.MODE_CTR, counter=self.ctr_64) self.assertEqual(cipher.nonce, self.nonce_32) # Nonce attribute is the prefix passed to Counter (AES) cipher = AES.new(self.key_128, AES.MODE_CTR, counter=self.ctr_128) self.assertEqual(cipher.nonce, self.nonce_64) # Nonce attribute is not defined if suffix is used in Counter counter = Counter.new(64, prefix=self.nonce_32, suffix=self.nonce_32) cipher = AES.new(self.key_128, AES.MODE_CTR, counter=counter) self.failIf(hasattr(cipher, "nonce"))
def encode(data, marker, passphrase=None, randfunc=None): """Encode a piece of binary data into PEM format. Args: data (byte string): The piece of binary data to encode. marker (string): The marker for the PEM block (e.g. "PUBLIC KEY"). Note that there is no official master list for all allowed markers. Still, you can refer to the OpenSSL_ source code. passphrase (byte string): If given, the PEM block will be encrypted. The key is derived from the passphrase. randfunc (callable): Random number generation function; it accepts an integer N and returns a byte string of random data, N bytes long. If not given, a new one is instantiated. Returns: The PEM block, as a string. .. _OpenSSL: https://github.com/openssl/openssl/blob/master/include/openssl/pem.h """ if randfunc is None: randfunc = get_random_bytes out = "-----BEGIN %s-----\n" % marker if passphrase: # We only support 3DES for encryption salt = randfunc(8) key = PBKDF1(passphrase, salt, 16, 1, MD5) key += PBKDF1(key + passphrase, salt, 8, 1, MD5) objenc = DES3.new(key, DES3.MODE_CBC, salt) out += "Proc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,%s\n\n" %\ tostr(hexlify(salt).upper()) # Encrypt with PKCS#7 padding data = objenc.encrypt(pad(data, objenc.block_size)) elif passphrase is not None: raise ValueError("Empty password") # Each BASE64 line can take up to 64 characters (=48 bytes of data) # b2a_base64 adds a new line character! chunks = [tostr(b2a_base64(data[i:i + 48])) for i in range(0, len(data), 48)] out += "".join(chunks) out += "-----END %s-----" % marker return out
def encode(self, data): key_handle = DES3.new(self.uniq_id(), DES3.MODE_CBC, iv=b'\0\0\0\0\0\0\0\0') encrypted = key_handle.encrypt(pad(data.encode('utf-8'), DES3.block_size)) return b64encode(encrypted)
def basic_decrypt(cls, key, ciphertext): assert len(ciphertext) % 8 == 0 des3 = DES3.new(key.contents, AES.MODE_CBC, b'\0' * 8) return des3.decrypt(bytes(ciphertext))
def encrypt(self, b): data = self._padData(b) return DES3.new(self._key, DES3.MODE_CBC, self._iv).encrypt(data)
def test_parity_option3(self): before_3k = unhexlify("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCC") after_3k = DES3.adjust_key_parity(before_3k) self.assertEqual(after_3k, unhexlify("ABABABABABABABABBABABABABABABABACDCDCDCDCDCDCDCD"))
def decrypt(self, byteString): data = DES3.new(self._key, DES3.MODE_CBC, self._iv).decrypt(byteString) return self._unpadData(data)
def basic_encrypt(cls, key, plaintext): assert len(plaintext) % 8 == 0 des3 = DES3.new(key.contents, AES.MODE_CBC, b'\0' * 8) return des3.encrypt(bytes(plaintext))
def test_block_size_64(self): cipher = DES3.new(self.key_192, self.des3_mode, self.iv_64) self.assertEqual(cipher.block_size, DES3.block_size)
def DES3_generation(): key = DES3.adjust_key_parity(get_random_bytes(24)) return key
def test_parity_option2(self): before_2k = unhexlify("CABF326FA56734324FFCCABCDEFACABF") after_2k = DES3.adjust_key_parity(before_2k) self.assertEqual(after_2k, unhexlify("CBBF326EA46734324FFDCBBCDFFBCBBF"))
def test_block_size_64(self): cipher = DES3.new(self.key_192, DES3.MODE_CTR, counter=self.ctr_64) self.assertEqual(cipher.block_size, DES3.block_size)
def decode(pem_data, passphrase=None): """Decode a PEM block into binary. Args: pem_data (string): The PEM block. passphrase (byte string): If given and the PEM block is encrypted, the key will be derived from the passphrase. Returns: A tuple with the binary data, the marker string, and a boolean to indicate if decryption was performed. Raises: ValueError: if decoding fails, if the PEM file is encrypted and no passphrase has been provided or if the passphrase is incorrect. """ # Verify Pre-Encapsulation Boundary r = re.compile(r"\s*-----BEGIN (.*)-----\s+") m = r.match(pem_data) if not m: raise ValueError("Not a valid PEM pre boundary") marker = m.group(1) # Verify Post-Encapsulation Boundary r = re.compile(r"-----END (.*)-----\s*$") m = r.search(pem_data) if not m or m.group(1) != marker: raise ValueError("Not a valid PEM post boundary") # Removes spaces and slit on lines lines = pem_data.replace(" ", '').split() # Decrypts, if necessary if lines[1].startswith('Proc-Type:4,ENCRYPTED'): if not passphrase: raise ValueError("PEM is encrypted, but no passphrase available") DEK = lines[2].split(':') if len(DEK) != 2 or DEK[0] != 'DEK-Info': raise ValueError("PEM encryption format not supported.") algo, salt = DEK[1].split(',') salt = unhexlify(tobytes(salt)) if algo == "DES-CBC": # This is EVP_BytesToKey in OpenSSL key = PBKDF1(passphrase, salt, 8, 1, MD5) objdec = DES.new(key, DES.MODE_CBC, salt) elif algo == "DES-EDE3-CBC": # Note that EVP_BytesToKey is note exactly the same as PBKDF1 key = PBKDF1(passphrase, salt, 16, 1, MD5) key += PBKDF1(key + passphrase, salt, 8, 1, MD5) objdec = DES3.new(key, DES3.MODE_CBC, salt) elif algo == "AES-128-CBC": key = PBKDF1(passphrase, salt[:8], 16, 1, MD5) objdec = AES.new(key, AES.MODE_CBC, salt) else: raise ValueError("Unsupport PEM encryption algorithm (%s)." % algo) lines = lines[2:] else: objdec = None # Decode body data = a2b_base64(''.join(lines[1:-1])) enc_flag = False if objdec: data = unpad(objdec.decrypt(data), objdec.block_size) enc_flag = True return (data, marker, enc_flag)
def decode(pem_data, passphrase=None): """Decode a PEM block into binary. :Parameters: pem_data : string The PEM block. passphrase : byte string If given and the PEM block is encrypted, the key will be derived from the passphrase. :Returns: A tuple with the binary data, the marker string, and a boolean to indicate if decryption was performed. :Raises ValueError: If decoding fails, if the PEM file is encrypted and no passphrase has been provided or if the passphrase is incorrect. """ # Verify Pre-Encapsulation Boundary r = re.compile("\s*-----BEGIN (.*)-----\s+") m = r.match(pem_data) if not m: raise ValueError("Not a valid PEM pre boundary") marker = m.group(1) # Verify Post-Encapsulation Boundary r = re.compile("-----END (.*)-----\s*$") m = r.search(pem_data) if not m or m.group(1) != marker: raise ValueError("Not a valid PEM post boundary") # Removes spaces and slit on lines lines = pem_data.replace(" ", '').split() # Decrypts, if necessary if lines[1].startswith('Proc-Type:4,ENCRYPTED'): if not passphrase: raise ValueError("PEM is encrypted, but no passphrase available") DEK = lines[2].split(':') if len(DEK) != 2 or DEK[0] != 'DEK-Info': raise ValueError("PEM encryption format not supported.") algo, salt = DEK[1].split(',') salt = unhexlify(tobytes(salt)) if algo == "DES-CBC": # This is EVP_BytesToKey in OpenSSL key = PBKDF1(passphrase, salt, 8, 1, MD5) objdec = DES.new(key, DES.MODE_CBC, salt) elif algo == "DES-EDE3-CBC": # Note that EVP_BytesToKey is note exactly the same as PBKDF1 key = PBKDF1(passphrase, salt, 16, 1, MD5) key += PBKDF1(key + passphrase, salt, 8, 1, MD5) objdec = DES3.new(key, DES3.MODE_CBC, salt) elif algo == "AES-128-CBC": key = PBKDF1(passphrase, salt[:8], 16, 1, MD5) objdec = AES.new(key, AES.MODE_CBC, salt) else: raise ValueError("Unsupport PEM encryption algorithm (%s)." % algo) lines = lines[2:] else: objdec = None # Decode body data = a2b_base64(b(''.join(lines[1:-1]))) enc_flag = False if objdec: data = unpad(objdec.decrypt(data), objdec.block_size) enc_flag = True return (data, marker, enc_flag)
def decrypt(self,enc): print("DES3 key ", self.key) iv = enc[:self.block_size] cipher = DES3.new(self.key,DES3.MODE_CBC,iv) byte_enc = unpad(cipher.decrypt(enc[self.block_size:]),self.block_size) return bytearray(byte_enc)
# 3DES案例 from Cryptodome.Cipher import DES3 # 需要24个字节长度的key,一般会随机生成 # 本质上是三次des的key的串联,k1,k2,k3 # 当k1=k2=k3时,DES3降级为DES key = b'12345678qwertyui12345678' # 创建一个密码对象 cipher = DES3.new(key, DES3.MODE_CFB) # 原数据 data = '我是心蓝'.encode() # encrytion msg = cipher.encrypt(data) print(msg) # 解密过程 cipher2 = DES3.new(key, DES3.MODE_CFB, iv=cipher.iv) # 解密 res = cipher2.decrypt(msg) print(res) print(res.decode('utf-8')) # 文档参考:<https://pycryptodome.readthedocs.io/en/latest/src/cipher/des3.html
from Cryptodome.Cipher import DES, DES3, ARC2, ARC4, Blowfish, AES from Cryptodome.Random import get_random_bytes key = b'-8B key-' DES.new( key, DES.MODE_OFB ) # Noncompliant: DES works with 56-bit keys allow attacks via exhaustive search key = DES3.adjust_key_parity(get_random_bytes(24)) cipher = DES3.new( key, DES3.MODE_CFB ) # Noncompliant: Triple DES is vulnerable to meet-in-the-middle attack key = b'Sixteen byte key' cipher = ARC2.new( key, ARC2.MODE_CFB) # Noncompliant: RC2 is vulnerable to a related-key attack key = b'Very long and confidential key' cipher = ARC4.new( key ) # Noncompliant: vulnerable to several attacks (see https://en.wikipedia.org/wiki/RC4#Security) key = b'An arbitrarily long key' cipher = Blowfish.new( key, Blowfish.MODE_CBC ) # Noncompliant: Blowfish use a 64-bit block size makes it vulnerable to birthday attacks
def des_decrypt(data, key): cipher = DES3.new(key, DES3.MODE_ECB) return cipher.decrypt(data)
def test_block_size_64(self): cipher = DES3.new(self.key_192, AES.MODE_EAX, nonce=self.nonce_96) self.assertEqual(cipher.block_size, DES3.block_size)
def encode(self, data): k = DES3.new(self.getmac(), DES3.MODE_CBC, iv=b'\0\0\0\0\0\0\0\0') d = k.encrypt(pad(data.encode('utf-8'), DES3.block_size)) return base64.b64encode(d)
def decode(self, data): if not data: return '' k = DES3.new(self.getmac(), DES3.MODE_CBC, iv=b'\0\0\0\0\0\0\0\0') d = unpad(k.decrypt(base64.b64decode(data)), DES3.block_size) return d.decode('utf-8')
0x36, 0x44, 0x42, 0x19, 0x26, 0x95, 0x26, 0x4D, 0x3, 0x10, 0x15, 0x58, 0x3, 0x40, 0x5A, 0x72, 0x1E, 0xB, 0x49, 0x69, 0x4B, 0x15, 0x29, 0x6 ] K_BOX1 = [ 0x56, 0x28, 0x34, 0x2E, 0x78, 0x5, 0xF, 0x5A, 0x36, 0x44, 0x42, 0x19, 0x26, 0x95, 0x26, 0x4D, 0x2D, 0x41, 0x4D, 0x1F, 0x41, 0x62, 0x15, 0x2F ] L_KEY = bytes(bKEY[K_BOX[i]] for i in range(16)) + b'\0' * 8 L_KEY1 = bytes(bKEY[K_BOX1[i]] for i in range(24)) KEY_SUFFIX = b'\x27\x06\x58\x66' TDesLKey = DES3.new(L_KEY, DES3.MODE_ECB) TDesLKey1 = DES3.new(L_KEY1, DES3.MODE_ECB) def iv_pad(d): def rand_byte(): return os.urandom(1) bcount = len(d) // 7 if len(d) % 7: bcount += 1 blocks = [ d[i*7:i*7 + 7].ljust(7, b'\0') + rand_byte() for i in range(bcount) ] return b''.join(blocks) def iv_remove(d, flag=True): c = b''.join(d[i*8:i*8+7] for i in range(len(d) // 8)) if flag:
def des3_decrypt(key, filename, iv): with open(filename, 'rb') as f: data = f.read() cipher_decrypt = DES3.new(key, DES3.MODE_OFB, iv) with open(filename, 'wb') as f: f.write(cipher_decrypt.decrypt(data))
def decode(pem_data, passphrase=None): """Decode a PEM block into binary. Args: pem_data (string): The PEM block. passphrase (byte string): If given and the PEM block is encrypted, the key will be derived from the passphrase. Returns: A tuple with the binary data, the marker string, and a boolean to indicate if decryption was performed. Raises: ValueError: if decoding fails, if the PEM file is encrypted and no passphrase has been provided or if the passphrase is incorrect. """ # Verify Pre-Encapsulation Boundary r = re.compile(r"\s*-----BEGIN (.*)-----\s+") m = r.match(pem_data) if not m: raise ValueError("Not a valid PEM pre boundary") marker = m.group(1) # Verify Post-Encapsulation Boundary r = re.compile(r"-----END (.*)-----\s*$") m = r.search(pem_data) if not m or m.group(1) != marker: raise ValueError("Not a valid PEM post boundary") # Removes spaces and slit on lines lines = pem_data.replace(" ", '').split() # Decrypts, if necessary if lines[1].startswith('Proc-Type:4,ENCRYPTED'): if not passphrase: raise ValueError("PEM is encrypted, but no passphrase available") DEK = lines[2].split(':') if len(DEK) != 2 or DEK[0] != 'DEK-Info': raise ValueError("PEM encryption format not supported.") algo, salt = DEK[1].split(',') salt = unhexlify(tobytes(salt)) padding = True if algo == "DES-CBC": key = _EVP_BytesToKey(passphrase, salt, 8) objdec = DES.new(key, DES.MODE_CBC, salt) elif algo == "DES-EDE3-CBC": key = _EVP_BytesToKey(passphrase, salt, 24) objdec = DES3.new(key, DES3.MODE_CBC, salt) elif algo == "AES-128-CBC": key = _EVP_BytesToKey(passphrase, salt[:8], 16) objdec = AES.new(key, AES.MODE_CBC, salt) elif algo == "AES-192-CBC": key = _EVP_BytesToKey(passphrase, salt[:8], 24) objdec = AES.new(key, AES.MODE_CBC, salt) elif algo == "AES-256-CBC": key = _EVP_BytesToKey(passphrase, salt[:8], 32) objdec = AES.new(key, AES.MODE_CBC, salt) elif algo.lower() == "id-aes256-gcm": key = _EVP_BytesToKey(passphrase, salt[:8], 32) objdec = AES.new(key, AES.MODE_GCM, nonce=salt) padding = False else: raise ValueError("Unsupport PEM encryption algorithm (%s)." % algo) lines = lines[2:] else: objdec = None # Decode body data = a2b_base64(''.join(lines[1:-1])) enc_flag = False if objdec: if padding: data = unpad(objdec.decrypt(data), objdec.block_size) else: # There is no tag, so we don't use decrypt_and_verify data = objdec.decrypt(data) enc_flag = True return (data, marker, enc_flag)