Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when calling API to decrypt Cognito MFA code: '65 is not a valid SerializationVersion' #695

Open
dtataru-bainbridge opened this issue Jul 3, 2024 · 1 comment
Open

Error when calling API to decrypt Cognito MFA code: '65 is not a valid SerializationVersion' #695

dtataru-bainbridge opened this issue Jul 3, 2024 · 1 comment

Comments

@dtataru-bainbridge
Copy link

dtataru-bainbridge commented Jul 3, 2024
edited
Loading

Security issue notifications

N/A

Problem:

I'm following the steps here: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sms-sender.html to have Cognito call my lambda which needs to decrypt the MFA code and use a custom API to email it ( since Cognito doesn't support email MFA :/ )

Getting error: 65 is not a valid SerializationVersion
I never set any version other than LambdaVersion=V1_0 as outlined in the doc above so I have no idea where that is from.

Stack trace:

Traceback (most recent call last):
  File "/var/task/aws_encryption_sdk/internal/formatting/deserialize.py", line 87, in _verified_version_from_id
    return SerializationVersion(version_id)
  File "/var/lang/lib/python3.9/enum.py", line 384, in __call__
    return cls.__new__(cls, value)
  File "/var/lang/lib/python3.9/enum.py", line 702, in __new__
    raise ve_exc
ValueError: 65 is not a valid SerializationVersion

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/task/aws_encryption_sdk/__init__.py", line 186, in decrypt
    plaintext = decryptor.read()
  File "/var/task/aws_encryption_sdk/streaming_client.py", line 250, in read
    self._prep_message()
  File "/var/task/aws_encryption_sdk/streaming_client.py", line 782, in _prep_message
    self._header, self.header_auth = self._read_header()
  File "/var/task/aws_encryption_sdk/streaming_client.py", line 797, in _read_header
    header, raw_header = deserialize_header(self.source_stream, self.config.max_encrypted_data_keys)
  File "/var/task/aws_encryption_sdk/internal/formatting/deserialize.py", line 336, in deserialize_header
    version = _verified_version_from_id(version_id)
  File "/var/task/aws_encryption_sdk/internal/formatting/deserialize.py", line 89, in _verified_version_from_id
    raise NotSupportedError("Unsupported version 
{}
".format(version_id), error)
aws_encryption_sdk.exceptions.NotSupportedError: ('Unsupported version 65', ValueError('65 is not a valid SerializationVersion'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/task/aws_encryption_sdk/streaming_client.py", line 218, in __exit__
    self.close()
  File "/var/task/aws_encryption_sdk/streaming_client.py", line 985, in close
    raise SerializationError("Footer not read")
aws_encryption_sdk.exceptions.SerializationError: Footer not read

Solution:

Looking for one.

Out of scope:

N/A
@dtataru-bainbridge
Copy link
Author

dtataru-bainbridge commented Jul 5, 2024
edited
Loading

Got a solution here: https://stackoverflow.com/questions/78704479/aws-encryption-sdk-python-decrypt-error-65-is-not-a-valid-serializationversion

The issue was the base64 encoding. Leaving this issue open in case you guys want to update your documentation to mention base64 decoding (similarly to the JS sister-library offered).

A better error message would be nice too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dtataru-bainbridge