Did you know?

[johnmcloud]

Hi Paul, did you know:
(Windows version)

- You can crypt an empty txt (ANSI encoding) but you can't decrypt it ( Input file is corrupt )
Why the software can crypt it but can't decrypt it?
- If i want to decrypt "picture.jpg.aes" and in the same folder i have another picture.jpg ( maybe it's a different file ) he automatically overwrite the old picture.jpg with the new picture.jpg. There is a way to avoid overwrite?

Thanks

[paulej]

Hi Paul, did you know:
(Windows version)

- You can crypt an empty txt (ANSI encoding) but you can't decrypt it ( Input file is corrupt )
Why the software can crypt it but can't decrypt it?

I don't have any issues decrypting a zero-length file on Windows, using either the GUI or the command-line. I also do not have this problem on Linux, either. (This is actually a test I perform every time I introduce a change in the encryption or decryption logic.)

- If i want to decrypt "picture.jpg.aes" and in the same folder i have another picture.jpg ( maybe it's a different file ) he automatically overwrite the old picture.jpg with the new picture.jpg. There is a way to avoid overwrite?

The GUI version on Windows does perform a check and will not over-write a file. However, the command-line version (Windows, Linux, Mac) will not: it will just over-write any existing file. That's a bit harsh, but it's fairly common practice for most command-line tools. I like it that way, myself, but it has caused some heartburn for folks who did not realize there was already a file with the same name. So, this is on the "to do" list, but not sure when that list will get addressed.

Paul

[johnmcloud]

I don't have any issues decrypting a zero-length file on Windows, using either the GUI or the command-line. I also do not have this problem on Linux, either. (This is actually a test I perform every time I introduce a change in the encryption or decryption logic.)

I have this issue, my s.o is Windows Xp, i'm using the command-line version
You can find my test on attachment, the password of the crypt file is:
1
I know it's not a secure password but was a test

The GUI version on Windows does perform a check and will not over-write a file. However, the command-line version (Windows, Linux, Mac) will not: it will just over-write any existing file. That's a bit harsh, but it's fairly common practice for most command-line tools. I like it that way, myself, but it has caused some heartburn for folks who did not realize there was already a file with the same name. So, this is on the "to do" list, but not sure when that list will get addressed

I'm using the commandline version and i have an heartburn yesterday, luckly i don't have lost nothing.
Maybe you can add a paramenter for don't overwrite the file? By default overwrite, adding example -s don't overwrite. Please If you can do it i'll really appreciate, and my heart thanks you

[paulej]

That decrypted just fine for me. I can't explain why mine works and yours does not. The software is exactly the same. That's strange.

Not automatically over-writing is on the "to do" list, but I have many things on the to-do list. I'll get to it when I can, but likely will not be soon.

We need a package maintainer who has more time than I do for these things

[johnmcloud]

You can decrypt that empty file? Really strange.
If you want i can make other test, i don't have idea what is the problem, i have try on another pc with the same s.o and i have the same error

[paulej]

You can decrypt that empty file? Really strange.
If you want i can make other test, i don't have idea what is the problem, i have try on another pc with the same s.o and i have the same error

Yeah. As I said, decrypting a zero-length file is always one of those "edge cases" that I check every time I change the encryption/decryption code.

I trust you are using the latest version? All versions should work, of course, but I only tested with the current code published on aescrypt.com.

[johnmcloud]

Sure, anyway i have download it again
Console (Windows 32-bit)
Version 308a_win32_console

This is the output:

Code: Select all

C:\Documents and Settings\USERNAME>"C:\Documents and Settings\USERNAME\Desktop\aescrypt.exe" -d -p 1 "C:\Documents and Settings\USERNAME\Desktop\EmptyFile.txt.aes"
Error: Input file is corrupt (2)

Another strange thing, if i use the last GUI version work fine!
In the same package of the GUI ( v308_win32 ), if i'll try to decript with the command line i have the error, if i'll decrypt with AESCrypt32 GUI work
So i think something wrong in the command line version, this is the only thing possible, because give me two different result on the same file.

EDIT: Tested also this commandline version:
v307
v306
But same problem, i don't have found any other version on this site

EDIT2: News! If i crypt the file with GUI version, i can decrypt the same file with the commandline. So the problem isn't the decrypt of the command line because can decrypt the file from the GUI, but something wrong in the crypt method of the commandline, i think.

In summary:
GUI Version - Can decrypt the file created by himself or by commandline
Commandline - Can decrypt the file created by GUI version / give error if i try to decrypt the file created by commandline

You can see the output:

Code: Select all

C:\Documents and Settings\USERNAME>"C:\Documents and Settings\USERNAME\Desktop\aescrypt.exe" -d -p 1 "C:\Documents and Settings\USERNAME\Desktop\CreatedBYGUI.txt.aes"

C:\Documents and Settings\USERNAME>"C:\Documents and Settings\USERNAME\Desktop\aescrypt.exe" -d -p 1 "C:\Documents and Settings\USERNAME\Desktop\CreatedBYCommandLine.txt.aes"
Error: Input file is corrupt (2)

You can find both file in the attachment, same password as before.

Hope all of this information can be useful for resolve the problem. Please check it out because i use only the command line

Thanks

[paulej]

Good news and bad news....

First the good news. I tested using the file you attached and I also got the same error. Previously, I just used the Windows GUI to decrypt the file and it worked fine. I then tied to encrypt and decrypt that file with the command line utilities. It all worked fine. What had not done was take your encrypted file and try to decrypt it using Linux. I did that tonight and it failed.

I checked the Linux code and it is rightfully reporting that the file is corrupt. There is an error in the file, but I'm not sure why. Here's a hex dump of the encrypted file you provided:

Code: Select all

000000000:  41 45 53 02 00 00 18 43 52 45 41 54 45 44 5F 42  :AES....CREATED_B:
000000010:  59 00 61 65 73 63 72 79 70 74 20 33 2E 30 38 00  :Y.aescrypt.3.08.:
000000020:  80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  :................:
000000030:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  :................:
000000040:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  :................:
000000050:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  :................:
000000060:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  :................:
000000070:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  :................:
000000080:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  :................:
000000090:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  :................:
0000000A0:  00 00 00 28 23 07 5B 4F 3F 18 BC 38 C1 34 D6 9C  :...(#.[O?..8.4..:
0000000B0:  C7 7D 9B 62 53 D3 6B A1 AE 1A C5 C7 EC 73 24 6F  :.}.bS.k......s$o:
0000000C0:  BC DB CF 79 FA 4F 15 0A 5E 32 FE DB 89 C5 3A 3D  :...y.O..^2....:=:
0000000D0:  39 86 9F F2 3A 8C 96 9D 91 55 03 7E 26 24 71 D9  :9...:....U.~&$q.:
0000000E0:  A1 4C 43 10 80 D1 C7 5F D1 E6 E7 B1 60 1B 49 1C  :.LC...._....`.I.:
0000000F0:  CF 89 07 3D 14 DE F0 0C BB 04 D4 57 1B 5A 48 A1  :...=.......W.ZH.:
000000100:  25 40 EB 08 D7 B6 20 F1 E8 74 3A E0 98 3F 58 39  :%@.......t:..?X9:
000000110:  CE 02 39 7F CC 0F 92 FA 47 A0 CD 90 0A 66 C4 5C  :..9.....G....f.\:
000000120:  BF 42 C2 40

The problem is the line number "100". The 4th octet from the left has a value 0x08. Since this is a zero-length file, that octet should be 0x00.

The Windows GUI version ignores the fact that this is not 0x00. I actually had code to read the value of this byte, but did not have code to produce an error if it was wrong. It was an oversight. I just updated the source code so that the next release will. However, checking for the error here is of no significance since the contents of the entire file are validated with an HMAC. This was just an "extra" check that I prefer to have, precisely for these reasons. So, it's not a big deal.

The bad news is that I do not yet know why this byte would be bad in the first place. However, I think I might know why. In the command-line versions, I failed to initialize the structure that writes out this modulo octet. In all of my tests, the system initialized this to zero for me, so I didn't notice. IT is certainly possible on some systems that this does not initialize to zero. This might be why you have the error. Now the good news is that this only happens if the file has a zero size. Otherwise, the value would be properly set before it is written.

So, you succeeded in finding one more zero-length file corner case issue I missed. It's now closed in version 3.0.9. New source and binaries will be posted shortly. (I know others are waiting for other enhancements, but I had to post this one. I don't like bugs, and this is a bug.)

[johnmcloud]

Noone like bugs, anyway this is minor bug because the problem is only with 0 lenght, maybe only with that txt ANSI coding (UTF-Unicode etc working fine )

I'm glad to help if i can, so i'll test the new 309 command line when you release it and let you know if i have the same problem ( i have clean XP-7-8 on VM )
Thanks for your effort.

EDIT: Tested the last version 309 on:
Windows XP-7-8
Everything work fine with that empty file, good work