InvalidPaddingError in StringEncryptedType #771
Description
I use the StringEncryptedType to encrypt user credentials like this:
class Credentials(SQLModel, AsyncAttrs, table=True): # type: ignore
email: str = Field(
sa_column=Column(
StringEncryptedType(
sqlalchemy.Unicode,
constants.email_encryption_key,
AesEngine,
'pkcs5',
),
unique=True,
)
)
hashed_password: strAfter using this for a few days, I get an InvalidPaddingError when reading the credentials (only end of traceback):
File "/backend/.venv/lib/python3.11/site-packages/sqlalchemy/engine/result.py", line 548, in _allrows
rows = self._fetchall_impl()
^^^^^^^^^^^^^^^^^^^^^
File "/backend/.venv/lib/python3.11/site-packages/sqlalchemy/engine/result.py", line 1674, in _fetchall_impl
return self._real_result._fetchall_impl()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/backend/.venv/lib/python3.11/site-packages/sqlalchemy/engine/result.py", line 2268, in _fetchall_impl
return list(self.iterator)
^^^^^^^^^^^^^^^^^^^
File "/backend/.venv/lib/python3.11/site-packages/sqlalchemy/orm/loading.py", line 219, in chunks
fetch = cursor._raw_all_rows()
^^^^^^^^^^^^^^^^^^^^^^
File "/backend/.venv/lib/python3.11/site-packages/sqlalchemy/engine/result.py", line 541, in _raw_all_rows
return [make_row(row) for row in rows]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/backend/.venv/lib/python3.11/site-packages/sqlalchemy/engine/result.py", line 541, in <listcomp>
return [make_row(row) for row in rows]
^^^^^^^^^^^^^
File "lib/sqlalchemy/cyextension/resultproxy.pyx", line 22, in sqlalchemy.cyextension.resultproxy.BaseRow.__init__
File "lib/sqlalchemy/cyextension/resultproxy.pyx", line 79, in sqlalchemy.cyextension.resultproxy._apply_processors
File "/backend/.venv/lib/python3.11/site-packages/sqlalchemy/sql/type_api.py", line 2144, in process
return fixed_process_value(value, dialect)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/backend/.venv/lib/python3.11/site-packages/sqlalchemy_utils/types/encrypted/encrypted_type.py", line 425, in process_result_value
decrypted_value = self.engine.decrypt(value)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/backend/.venv/lib/python3.11/site-packages/sqlalchemy_utils/types/encrypted/encrypted_type.py", line 124, in decrypt
decrypted = self.padding_engine.unpad(decrypted)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/backend/.venv/lib/python3.11/site-packages/sqlalchemy_utils/types/encrypted/padding.py", line 46, in unpad
raise InvalidPaddingError()
sqlalchemy_utils.types.encrypted.padding.InvalidPaddingError
Because this happens after a bit of time, it's very difficult to reproduce. Is this a known issue? Is there a known fix?
So far, my only solution has been to reset the database, but that's obviously not a great solution once this goes to production.