security-audit-report: fix for decryption error when enterprise pri…

…vate RSA key-size = 2047 bits
Keeper-Security · Jul 19, 2024 · adb503c · adb503c
1 parent b15bda0
commit adb503c
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/keepercommander/commands/security_audit.py b/keepercommander/commands/security_audit.py
@@ -346,7 +346,7 @@ def decrypt_security_data(sec_data, k):  # type: (bytes, RSAPrivateKey) -> Dict[
                 decrypted = None
                 if sec_data:
                     try:
-                        decrypted = crypto.decrypt_rsa(sec_data, k, pad_plaintext=True)
+                        decrypted = crypto.decrypt_rsa(sec_data, k, apply_padding=True)
                     except Exception as e:
                         error = f'Decrypt fail (incremental data): {e}'
                         self.get_error_report_builder().update_report_data(error)

diff --git a/keepercommander/crypto.py b/keepercommander/crypto.py
@@ -128,9 +128,9 @@ def encrypt_rsa(data, rsa_key):
     return rsa_key.encrypt(data, PKCS1v15())
 
 
-def decrypt_rsa(data, rsa_key, pad_plaintext=False):
-    size_diff = (rsa_key.key_size >> 3) - len(data)
-    if pad_plaintext and size_diff:
+def decrypt_rsa(data, rsa_key, apply_padding=False):
+    size_diff = (rsa_key.key_size + 7 >> 3) - len(data)
+    if apply_padding and size_diff > 0:
         pad_bytes = bytes(size_diff)
         pad_bytearray = bytearray([b for b in pad_bytes])
         data_bytearray = bytearray([b for b in data])