I have some data that is base64 encoded that I want to convert back to binary even if there is a padding error in it. If I use
base64.decodestring(b64_string)
it raises an 'Incorrect padding' error. Is there another way?
UPDATE: Thanks for all the feedback. To be honest, all the methods mentioned sounded a bit hit
and miss so I decided to try openssl. The following command worked a treat:
openssl enc -d -base64 -in b64string -out binary_data
It seems you just need to add padding to your bytes before decoding. There are many other answers on this question, but I want to point out that (at least in Python 3.x) base64.b64decode will truncate any extra padding, provided there is enough in the first place.
So, something like: b'abc=' works just as well as b'abc==' (as does b'abc=====').
What this means is that you can just add the maximum number of padding characters that you would ever need—which is two (b'==')—and base64 will truncate any unnecessary ones.
This lets you write:
base64.b64decode(s + b'==')
which is simpler than:
base64.b64decode(s + b'=' * (-len(s) % 4))
Note that if the string s already has some padding (e.g. b"aGVsbG8="), this approach will only work if the validate keyword argument is set to False (which is the default). If validate is True this will result in a binascii.Error being raised if the total padding is longer than two characters.
From the docs:
If validate is False (the default), characters that are neither in the normal base-64 alphabet nor the alternative alphabet are discarded prior to the padding check. If validate is True, these non-alphabet characters in the input result in a binascii.Error.
However, if validate is False (or left blank to be the default) you can blindly add two padding characters without any problem. Thanks to eel ghEEz for pointing this out in the comments.
As said in other responses, there are various ways in which base64 data could be corrupted.
However, as Wikipedia says, removing the padding (the '=' characters at the end of base64 encoded data) is "lossless":
From a theoretical point of view, the padding character is not needed,
since the number of missing bytes can be calculated from the number
of Base64 digits.
So if this is really the only thing "wrong" with your base64 data, the padding can just be added back. I came up with this to be able to parse "data" URLs in WeasyPrint, some of which were base64 without padding:
import base64
import re
def decode_base64(data, altchars=b'+/'):
"""Decode base64, padding being optional.
:param data: Base64 data as an ASCII byte string
:returns: The decoded byte string.
"""
data = re.sub(rb'[^a-zA-Z0-9%s]+' % altchars, b'', data) # normalize
missing_padding = len(data) % 4
if missing_padding:
data += b'='* (4 - missing_padding)
return base64.b64decode(data, altchars)
Tests for this function: weasyprint/tests/test_css.py#L68
Just add padding as required. Heed Michael's warning, however.
b64_string += "=" * ((4 - len(b64_string) % 4) % 4) #ugh
"Incorrect padding" can mean not only "missing padding" but also (believe it or not) "incorrect padding".
If suggested "adding padding" methods don't work, try removing some trailing bytes:
lens = len(strg)
lenx = lens - (lens % 4 if lens % 4 else 4)
try:
result = base64.decodestring(strg[:lenx])
except etc
Update: Any fiddling around adding padding or removing possibly bad bytes from the end should be done AFTER removing any whitespace, otherwise length calculations will be upset.
It would be a good idea if you showed us a (short) sample of the data that you need to recover. Edit your question and copy/paste the result of print repr(sample).
Update 2: It is possible that the encoding has been done in an url-safe manner. If this is the case, you will be able to see minus and underscore characters in your data, and you should be able to decode it by using base64.b64decode(strg, '-_')
If you can't see minus and underscore characters in your data, but can see plus and slash characters, then you have some other problem, and may need the add-padding or remove-cruft tricks.
If you can see none of minus, underscore, plus and slash in your data, then you need to determine the two alternate characters; they'll be the ones that aren't in [A-Za-z0-9]. Then you'll need to experiment to see which order they need to be used in the 2nd arg of base64.b64decode()
Update 3: If your data is "company confidential":
(a) you should say so up front
(b) we can explore other avenues in understanding the problem, which is highly likely to be related to what characters are used instead of + and / in the encoding alphabet, or by other formatting or extraneous characters.
One such avenue would be to examine what non-"standard" characters are in your data, e.g.
from collections import defaultdict
d = defaultdict(int)
import string
s = set(string.ascii_letters + string.digits)
for c in your_data:
if c not in s:
d[c] += 1
print d
Use
string += '=' * (-len(string) % 4) # restore stripped '='s
Credit goes to a comment somewhere here.
>>> import base64
>>> enc = base64.b64encode('1')
>>> enc
>>> 'MQ=='
>>> base64.b64decode(enc)
>>> '1'
>>> enc = enc.rstrip('=')
>>> enc
>>> 'MQ'
>>> base64.b64decode(enc)
...
TypeError: Incorrect padding
>>> base64.b64decode(enc + '=' * (-len(enc) % 4))
>>> '1'
>>>
If there's a padding error it probably means your string is corrupted; base64-encoded strings should have a multiple of four length. You can try adding the padding character (=) yourself to make the string a multiple of four, but it should already have that unless something is wrong
Incorrect padding error is caused because sometimes, metadata is also present in the encoded string
If your string looks something like: 'data:image/png;base64,...base 64 stuff....'
then you need to remove the first part before decoding it.
Say if you have image base64 encoded string, then try below snippet..
from PIL import Image
from io import BytesIO
from base64 import b64decode
imagestr = 'data:image/png;base64,...base 64 stuff....'
im = Image.open(BytesIO(b64decode(imagestr.split(',')[1])))
im.save("image.png")
You can simply use base64.urlsafe_b64decode(data) if you are trying to decode a web image. It will automatically take care of the padding.
Check the documentation of the data source you're trying to decode. Is it possible that you meant to use base64.urlsafe_b64decode(s) instead of base64.b64decode(s)? That's one reason you might have seen this error message.
Decode string s using a URL-safe alphabet, which substitutes - instead
of + and _ instead of / in the standard Base64 alphabet.
This is for example the case for various Google APIs, like Google's Identity Toolkit and Gmail payloads.
Adding the padding is rather... fiddly. Here's the function I wrote with the help of the comments in this thread as well as the wiki page for base64 (it's surprisingly helpful) https://en.wikipedia.org/wiki/Base64#Padding.
import logging
import base64
def base64_decode(s):
"""Add missing padding to string and return the decoded base64 string."""
log = logging.getLogger()
s = str(s).strip()
try:
return base64.b64decode(s)
except TypeError:
padding = len(s) % 4
if padding == 1:
log.error("Invalid base64 string: {}".format(s))
return ''
elif padding == 2:
s += b'=='
elif padding == 3:
s += b'='
return base64.b64decode(s)
There are two ways to correct the input data described here, or, more specifically and in line with the OP, to make Python module base64's b64decode method able to process the input data to something without raising an un-caught exception:
Append == to the end of the input data and call base64.b64decode(...)
If that raises an exception, then
i. Catch it via try/except,
ii. (R?)Strip any = characters from the input data (N.B. this may not be necessary),
iii. Append A== to the input data (A== through P== will work),
iv. Call base64.b64decode(...) with those A==-appended input data
The result from Item 1. or Item 2. above will yield the desired result.
Caveats
This does not guarantee the decoded result will be what was originally encoded, but it will (sometimes?) give the OP enough to work with:
Even with corruption I want to get back to the binary because I can still get some useful info from the ASN.1 stream").
See What we know and Assumptions below.
TL;DR
From some quick tests of base64.b64decode(...)
it appears that it ignores non-[A-Za-z0-9+/] characters; that includes ignoring =s unless they are the last character(s) in a parsed group of four, in which case the =s terminate the decoding (a=b=c=d= gives the same result as abc=, and a==b==c== gives the same result as ab==).
It also appears that all characters appended are ignored after the point where base64.b64decode(...) terminates decoding e.g. from an = as the fourth in a group.
As noted in several comments above, there are either zero, or one, or two, =s of padding required at the end of input data for when the [number of parsed characters to that point modulo 4] value is 0, or 3, or 2, respectively. So, from items 3. and 4. above, appending two or more =s to the input data will correct any [Incorrect padding] problems in those cases.
HOWEVER, decoding cannot handle the case where the [total number of parsed characters modulo 4] is 1, because it takes a least two encoded characters to represent the first decoded byte in a group of three decoded bytes. In uncorrupted encoded input data, this [N modulo 4]=1 case never happens, but as the OP stated that characters may be missing, it could happen here. That is why simply appending =s will not always work, and why appending A== will work when appending == does not. N.B. Using [A] is all but arbitrary: it adds only cleared (zero) bits to the decoded, which may or not be correct, but then the object here is not correctness but completion by base64.b64decode(...) sans exceptions.
What we know from the OP and especially subsequent comments is
It is suspected that there are missing data (characters) in the
Base64-encoded input data
The Base64 encoding uses the standard 64 place-values plus padding:
A-Z; a-z; 0-9; +; /; = is padding. This is confirmed, or at least
suggested, by the fact that openssl enc ... works.
Assumptions
The input data contain only 7-bit ASCII data
The only kind of corruption is missing encoded input data
The OP does not care about decoded output data at any point after that corresponding to any missing encoded input data
Github
Here is a wrapper to implement this solution:
https://github.com/drbitboy/missing_b64
I got this error without any use of base64. So i got a solution that error is in localhost it works fine on 127.0.0.1
In my case Gmail Web API was returning the email content as a base64 encoded string, but instead of encoded with the standard base64 characters/alphabet, it was encoded with the "web-safe" characters/alphabet variant of base64. The + and / characters are replaced with - and _. For python 3 use base64.urlsafe_b64decode().
This can be done in one line - no need to add temporary variables:
b64decode(f"{s}{'=' * (4 - len(s) % 4)}")
In case this error came from a web server: Try url encoding your post value. I was POSTing via "curl" and discovered I wasn't url-encoding my base64 value so characters like "+" were not escaped so the web server url-decode logic automatically ran url-decode and converted + to spaces.
"+" is a valid base64 character and perhaps the only character which gets mangled by an unexpected url-decode.
You should use
base64.b64decode(b64_string, ' /')
By default, the altchars are '+/'.
I ran into this problem as well and nothing worked.
I finally managed to find the solution which works for me. I had zipped content in base64 and this happened to 1 out of a million records...
This is a version of the solution suggested by Simon Sapin.
In case the padding is missing 3 then I remove the last 3 characters.
Instead of "0gA1RD5L/9AUGtH9MzAwAAA=="
We get "0gA1RD5L/9AUGtH9MzAwAA"
missing_padding = len(data) % 4
if missing_padding == 3:
data = data[0:-3]
elif missing_padding != 0:
print ("Missing padding : " + str(missing_padding))
data += '=' * (4 - missing_padding)
data_decoded = base64.b64decode(data)
According to this answer Trailing As in base64 the reason is nulls. But I still have no idea why the encoder messes this up...
def base64_decode(data: str) -> str:
data = data.encode("ascii")
rem = len(data) % 4
if rem > 0:
data += b"=" * (4 - rem)
return base64.urlsafe_b64decode(data).decode('utf-8')
Simply add additional characters like "=" or any other and make it a multiple of 4 before you try decoding the target string value. Something like;
if len(value) % 4 != 0: #check if multiple of 4
while len(value) % 4 != 0:
value = value + "="
req_str = base64.b64decode(value)
else:
req_str = base64.b64decode(value)
In my case I faced that error while parsing an email. I got the attachment as base64 string and extract it via re.search. Eventually there was a strange additional substring at the end.
dHJhaWxlcgo8PCAvU2l6ZSAxNSAvUm9vdCAxIDAgUiAvSW5mbyAyIDAgUgovSUQgWyhcMDAyXDMz
MHtPcFwyNTZbezU/VzheXDM0MXFcMzExKShcMDAyXDMzMHtPcFwyNTZbezU/VzheXDM0MXFcMzEx
KV0KPj4Kc3RhcnR4cmVmCjY3MDEKJSVFT0YK
--_=ic0008m4wtZ4TqBFd+sXC8--
When I deleted --_=ic0008m4wtZ4TqBFd+sXC8-- and strip the string then parsing was fixed up.
So my advise is make sure that you are decoding a correct base64 string.
Clear your browser cookie and recheck again, it should work.
In my case I faced this error, after deleting the venv for the perticular project and it showing error for each fields so I tried by changing the BROWSER(Chrome to Edge), And actually it worked..
I have some str variables, having the form of
'Nov 3, 2019 16:13:05.882679000
\xe4\xb8\xad\xe5\x9b\xbd\xe6\xa0\x87\xe5\x87\x86\xe6\x97\xb6\xe9\x97\xb4', and I want to convert the unicode part '\xe4\xb8\xad\xe5\x9b...' to Chinese, here they mean "中国标准时间". I have tried this method :
t.encode('raw_unicode_escape').decode()
It works well when I assign the string directly to t. However, when t is a variable—— I mean do not assign the string to it,the method doesn't work.
Is there another method to solve the problem or something worry with my code?
from pyshark.packet.fields import LayerField
from scapy.all import *
import pyshark
from pyshark.packet.packet import Packet
capture = pyshark.LiveCapture(interface='WLAN')
capture.sniff(packet_count=10)
pkt = capture[0] # type: Packet
time = pkt.frame_info.time.fields[0] # type: LayerField
t=time.showname_value # type: str
s='\xe4\xb8\xad\xe5\x9b\xbd\xe6\xa0\x87\xe5\x87\x86\xe6\x97\xb6\xe9\x97\xb4'
print(t)
print()
print(t[t.find('\\'):])
print(s)
print()
print(t[t.find('\\'):].encode('raw_unicode_escape'))
print(s.encode('raw_unicode_escape'))
------------------------ I forgot the outcome-----------
Nov 3, 2019 16:33:57.630346000 \xe4\xb8\xad\xe5\x9b\xbd\xe6\xa0\x87\xe5\x87\x86\xe6\x97\xb6\xe9\x97\xb4
\xe4\xb8\xad\xe5\x9b\xbd\xe6\xa0\x87\xe5\x87\x86\xe6\x97\xb6\xe9\x97\xb4
ä¸å½æ åæ¶é´
b'\\xe4\\xb8\\xad\\xe5\\x9b\\xbd\\xe6\\xa0\\x87\\xe5\\x87\\x86\\xe6\\x97\\xb6\\xe9\\x97\\xb4'
b'\xe4\xb8\xad\xe5\x9b\xbd\xe6\xa0\x87\xe5\x87\x86\xe6\x97\xb6\xe9\x97\xb4'
The bytes that you provide are not Unicode sequences. The string "中国标准时间" in Unicode sequences would look like: \u4e2d\u56fd\u6807\u51c6\u65f6\u95f4. I can offer you to use MgntUtils java Open Source library that has a feature that converts any string in any language into a Unicode sequence and vice-versa. The code I used to convert your String into the above Unicode sequence looks like this:
System.out.println(StringUnicodeEncoderDecoder.encodeStringToUnicodeSequence("中国标准时间"));
The library can be found at Maven Central or at Github It comes as maven artifact and with sources and javadoc
Here is javadoc for the class StringUnicodeEncoderDecoder
This is UTF-8 incorrectly decoded as latin-1. Mojibake. To reverse it, undo the incorrect decoder and apply the correct decoder:
>>> s = '\xe4\xb8\xad\xe5\x9b\xbd\xe6\xa0\x87\xe5\x87\x86\xe6\x97\xb6\xe9\x97\xb4'
>>> s.encode('latin-1').decode('utf-8')
'中国标准时间'
Zhōngguó biāozhǔn shíjiān or China Standard Time according to Google translate.
Once again, I am very confused with a unicode question. I can't figure out how to successfully use unicodedata.normalize to convert non-ASCII characters as expected. For instance, I want to convert the string
u"Cœur"
To
u"Coeur"
I am pretty sure that unicodedata.normalize is the way to do this, but I can't get it to work. It just leaves the string unchanged.
>>> s = u"Cœur"
>>> unicodedata.normalize('NFKD', s) == s
True
What am I doing wrong?
You could try Unidecode:
# -*- coding: utf-8 -*-
from unidecode import unidecode # $ pip install unidecode
print(unidecode(u"Cœur"))
# -> Coeur
Your problem seems not to have to do with Python, but that the character you are trying to decompose (u'\u0153' - 'œ') is not a composition itself.
Check as your code works with a string containing normal composite characters like "ç" and "ã":
>>> a1 = a
>>> a = u"maçã"
>>> for norm in ('NFC', 'NFKC', 'NFD','NFKD'):
... b = unicodedata.normalize(norm, a)
... print b, len(b)
...
maçã 4
maçã 4
maçã 6
maçã 6
And then, if you check the unicode reference for both characters (yours and c + cedila) you will see that the later has a "decomposition" specification the former lacks:
http://www.fileformat.info/info/unicode/char/153/index.htm
http://www.fileformat.info/info/unicode/char/00e7/index.htm
It like "œ" is not formally equivalent to "oe" - (at least not for the people who defined this unicode part) - so, the way to go to normalize text containing this is to make a manual replacement of the char for the sequence with unicode.replace - as hacky as it sounds.
As jsbueno says, some letters just don't have a compatibility decomposition.
You can use the Unicode CLDR Latin-ASCII transform to generate a mapping of manual replacements.
I would like to encrypt a 10 Character (alpha-numeric only) string into a 16 or 32 character alpha-numeric string.
The string I am encrypting is an asset tag. So in itself it carries no information, but I would like to hide all valid possible strings within a larger group of possible strings. I was hoping that encrypting the string would be a good way to do this.
Is it possible to do this with the Python PyCrypto library?
Here is an example I found regarding using PyCrypto.
You're better off with simple hashing (which is like one way encryption). To do this just use the md5 function to make a digest and then base64 or base16 encode it. Please note that base64 strings can include +, = or /.
import md5
import base64
def obfuscate(s):
return base64.b64encode( md5.new(s).digest())
def obfuscate2(s):
return base64.b16encode( md5.new(s).digest())
# returns alphanumeric string but strings can also include slash, plus or equal i.e. /+=
print obfuscate('Tag 1')
print obfuscate('Tag 2')
print obfuscate('Tag 3')
# return hex string
print obfuscate2('Tag 1')
As has been commented md5 is rapidly losing its security, so if you want to have something more reliable for the future, use the SHA-2 example below.
import hashlib
def obfuscate(s):
m = hashlib.sha256()
m.update(s)
return m.hexdigest()
print obfuscate('Tag 1')
print obfuscate('Tag 2')
print obfuscate('Tag 3')
One more function - this time generate about 96-bit* digest using SHA-2 and truncating the output so that we can restrict it to 16 alphanum chars. This give slightly more chance of collision but should be good enough for most practical purposes.
import hashlib
import base64
def obfuscate(s):
m = hashlib.sha256()
m.update(s)
hash = base64.b64encode(m.digest(), altchars="ZZ") # make one way base64 encode, to fit characters into alphanum space only
return hash[:16] # cut of hash at 16 chars - gives about 96 bits which should
# 96 bits means 1 in billion chance of collision if you have 1 billion tags (or much lower chance with fewer tags)
# http://en.wikipedia.org/wiki/Birthday_attack
print obfuscate('Tag 1')
print obfuscate('Tag 2')
print obfuscate('Tag 3')
*The actual digest is only 95.2 bits as we use 62 character alphabet for encoding.
>>> math.log(62**16,2)
95.26714096618998
To make a string longer, you could try the following;
first compress it with bzip2
then make it readable again with base64 encoding
Like this:
import bz2
import base64
base64.b64encode(bz2.compress('012345'))
This will yield:
'QlpoOTFBWSZTWeEMDLgAAAAIAH4AIAAhgAwDJy7i7kinChIcIYGXAA=='
Due to the bzip2 header, the first 13 character will always be the same, so you should discard them;
base64.b64encode(bz2.compress('012345'))[14:]
This gives:
'EMDLgAAAAIAH4AIAAhgAwDJy7i7kinChIcIYGXAA=='
Note that this is not cryptographically secure; it is trivial to invert if you know the recipe that is used:
foo = base64.b64encode(bz2.compress('012345'))
bz2.decompress(base64.b64decode(foo))
gives:
'012345'
I think shake256 fit your needs:
You need to install pycryptodome.
https://pycryptodome.readthedocs.io/en/latest/src/hash/shake256.html
#!/usr/bin/env python
from Crypto.Hash import SHAKE256
from binascii import hexlify
def encrypt_shake256(s, hash_size):
shake = SHAKE256.new()
shake.update(s.encode())
return hexlify(shake.read(hash_size//2))
def main():
hash = encrypt_shake256("holahola", 16)
print(hash)
print(len(hash))
if __name__ == '__main__':
main()
Output:
b'c126f8fb14fb21d8'
16
Yes, you can also use PyCrypto :
from Crypto.Hash import SHA256
aHash = SHA256.new("somethingToHash")
print(aHash.hexdigest()) #will print out the hashed password
The Crypto.Hash module is what comes from installing the pycrypto module (sudo pip install pycrypto).
This is basically the same thing as hashlib, however the PyCrypto library comes with ciphering modules.