How to decrypt sentry message

Hello to everyone.

One of my Python/Django applications had wrong SENTRY_DSN specified in settings (for old Sentry server). Meanwhile an error occured that I cannot find or repeat. Maybe maximum number of connections to DBMS had exceeded. Error did not manage to get to Sentry server because of wrong SENTRY_DNS but it had been saved to database on the same server (instead of what it should be saved).

Is there any way I could decrypt the message in JSON “data” node like the one below (shortened). I belive “sentry_key”, “sentry_secret” and “data” are base64 encoded. But what is the algorithm and where are the keys and initialization vector. I found on internet that algorithm could be DES-EDE3-CBC (3DES) or AES-256. But from Sentry documentation ( sentry_key is public key and sentry_secret will be deprecated which implies there may be asymmetric cryptography in which case private key would be lost on old server and so the message in “data”.

Is there any way I could decrypt message in “data” without having access to old Sentry server?

	"myapp.sentry.crashreport": {
		"url": ["myapp+http", "sentryserver:9000", "/api/4/store/", "", "", ""],
		"headers": {
			"Content-Type": "application/octet-stream",
			"X-Sentry-Auth": "Sentry sentry_timestamp=1546939176.76, sentry_client=raven-python/5.4.1, sentry_version=6, sentry_key=90487ada...71b9, sentry_secret=815h3...009abe",
			"User-Agent": "raven-python/5.4.1"
		"data": "eJzVGg1z2jj2r2jYKSQNGJsAgex6Z9I07ea2aTok295c0vMIW4CCsXyyTT46/e/3nmSDbQzpbvf2ZtuZFktPT0/vW+/pSy2U4o65ce2Y1Lq1JqmxB5eFMRcBjHypLamfsAh+3nypRTF157GkLlNTE0kX2dQkCdx0TW3KYkeyKBRBxB ... 2YxekHf/F4ZfKR8="


This is base64-encoded compressed with deflate. There’s no encryption, we only do this to get past some firewalls I believe.

The sentry secrets and keys are basically just passwords (from a cryptographer’s perspective).

On OS X I can decode this with:

cat foo | base64 -D | pigz -d

Then you get the JSON payload. This might not be very nice to look at. It might be worth to try resending them against Sentry with a manually repaired X-Sentry-Auth header.

Thank you very much. You are the best.

cat "... message ... " | base64 -d | pigz -d
did the trick.

Is there a schema for the JSON that the Sentry server accepts? Would be useful for custom clients.

We have the code here:

And the docs here: