diff --git a/lnbits/commands.py b/lnbits/commands.py index 5e9d51066..7b3ec71ca 100644 --- a/lnbits/commands.py +++ b/lnbits/commands.py @@ -518,12 +518,15 @@ def encrypt_macaroon(): @encrypt.command("aes") @click.option("-p", "--payload", required=True, help="Payload to encrypt.") -def encrypt_aes(payload: str): +@click.option( + "-u", "--urlsafe", is_flag=True, required=False, help="Urlsafe b64encode." +) +def encrypt_aes(payload: str, urlsafe: bool = False): """AES encrypts a payload""" key = getpass("Enter encryption key: ") aes = AESCipher(key.encode()) try: - encrypted = aes.encrypt(payload.encode()) + encrypted = aes.encrypt(payload.encode(), urlsafe=urlsafe) except Exception as ex: click.echo(f"Error encrypting payload: {ex}") return @@ -533,12 +536,15 @@ def encrypt_aes(payload: str): @decrypt.command("aes") @click.option("-p", "--payload", required=True, help="Payload to decrypt.") -def decrypt_aes(payload: str): +@click.option( + "-u", "--urlsafe", is_flag=True, required=False, help="Urlsafe b64decode." +) +def decrypt_aes(payload: str, urlsafe: bool = False): """AES decrypts a payload""" key = getpass("Enter encryption key: ") aes = AESCipher(key.encode()) try: - decrypted = aes.decrypt(payload) + decrypted = aes.decrypt(payload, urlsafe=urlsafe) except Exception as ex: click.echo(f"Error decrypting payload: {ex}") return diff --git a/lnbits/utils/crypto.py b/lnbits/utils/crypto.py index 34f2458eb..c8506f29c 100644 --- a/lnbits/utils/crypto.py +++ b/lnbits/utils/crypto.py @@ -93,9 +93,14 @@ class AESCipher: try: decrypted_bytes = aes.decrypt(encrypted_bytes) - return self.unpad(decrypted_bytes).decode() except Exception as exc: - raise ValueError("Decryption error") from exc + raise ValueError("Decryption error: could not decrypt") from exc + + unpadded = self.unpad(decrypted_bytes) + if len(unpadded) == 0: + raise ValueError("Decryption error: unpadding failed") + + return unpadded.decode() def encrypt(self, message: bytes, urlsafe: bool = False) -> str: """