Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

age fails to decrypt files generated in Windows PowerShell #2

Closed
BlackHoleFox opened this issue Oct 7, 2019 · 5 comments
Closed

age fails to decrypt files generated in Windows PowerShell #2

BlackHoleFox opened this issue Oct 7, 2019 · 5 comments
Labels
Windows

Comments

@BlackHoleFox
Copy link

When attempting a round trip on Windows using PowerShell, age errors out when trying to decrypt a file. I have confirmed the exact same steps work fine in WSL.

It creates the key file and the encrypted .age file properly as far as I can tell.

Steps to reproduce:

  1. ./age -generate > key.txt
  2. echo "Gophers" | ./age pubkey:h-yq6lhyIAdDc23LVXP_h1X5wpIgHvNk8kvbV0auhG4 > test.txt.age
  3. /.age -d key.txt | Get-Content -raw test.txt.age
  4. See error of: error: malformed secret keys file "key.txt": malformed secret key: ��# c r e a t e d : 2 0 1 9 - 1 0 - 0 7 T 0 0 : 0 5 : 3 7 - 0 5 : 0 0

key.txt contents (CRLF line endings):

# created: 2019-10-07T00:22:04-05:00
# pubkey:xmAE7g4IsPELqsEkUEner7mlIu4pi2qwda0-s8eq3jw
AGE_SECRET_KEY_MZuIdDrlt4dRUXlmO6FdVwXMHrhzXdgxxgj4yaj9Z14
@FiloSottile
Copy link
Owner

It looks like there are a couple bytes before the # in key.txt? Can you do a hexdump of the file?

@BlackHoleFox
Copy link
Author

Looking at the hexdump, it seems to be creating 2 random characters at the start.

Heres a gist of the hex dump: https://gist.github.com/BlackHoleFox/5dbfb60ba8d5180f2cbac53446597e4f

And heres a picture of HxD for easy viewing:
image

@FiloSottile
Copy link
Owner

Yeah, that's a BOM, and it looks like the text got also converted to UTF-16 (notice the zero bytes).

That's not something we can support on the parsing side for sure, the file is effectively corrupt. Are we supposed to put stdout in some special mode to prevent this? I know next to nothing about PowerShell.

@BlackHoleFox
Copy link
Author

BlackHoleFox commented Oct 7, 2019
edited

So, replacing the > with | out-file -encoding ASCII on both the key and encrypted file generation fixes the corruption issue, but it still seems the line endings are causing trouble.

By default, I get Error initializing decryption: failed to read header: parsing age header: unexpected intro: "This is a file encrypted with age-tool.com, version 1\r\n" while decrypting.

When I change the line endings of the files, I get Error decrypting the input: chacha20poly1305: message authentication failed, which makes sense considering I modified the .age file to change the EOLs to LF

@The-King-of-Toasters The-King-of-Toasters mentioned this issue Oct 8, 2019
Closed
@str4d str4d mentioned this issue Oct 9, 2019
Closed
@FiloSottile
Copy link
Owner

The armored format (-a) should make it viable to use redirection in PowerShell. For binary files, use -o and the input argument.

@FiloSottile FiloSottile mentioned this issue Jun 28, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Windows
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add the -i, -o flags, and other improvements
2 participants
@FiloSottile @BlackHoleFox