Python 3.x Cryptography Fernet / AES256
$begingroup$
I wrote this code to make easy use of the Python library Cryptography to encrypt data
Is this safe and secure given the user inputs a strong password?
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import padding, hashes, hmac
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
import base64
import os
import secrets
def encrypt_(data, password, mode = "aes256"):
salt = get_salt()
if mode == "fernet":
key = get_hmac_key(password, salt)
f = Fernet(key)
return b''.join((b'FERNET001SALT_', # description 0 - 14
salt, # salt 14 - 46
b'_CT_', # ct label 46 - 50
base64.b64encode(f.encrypt(data)))) # cipher text 50 +
elif mode == "aes256":
key = get_scrypt_key(password, salt) # get scrypt key
iv = os.urandom(16) # get secure random iv
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend = default_backend())# start cipher
encryptor = cipher.encryptor() # start encryptor
ct = encryptor.update(pad_data(data)) + encryptor.finalize() # produce cipher text, base64 encoded
h = hmac.HMAC(get_hmac_key(password, salt),
hashes.SHA256(),
backend=default_backend()) # start hmac
h.update(iv + ct) # produce hmac of iv + ct
hmac_ = h.finalize() # output hmac as hmac_ to avoid mixing names # base64 encode hmac_, iv and ct to allow .split() when decrypting
return b''.join((b'AES256001SALT_', # description 0 - 14
salt, # salt 13 - 46
b'_HMAC_', # hmac label 46 - 52
base64.b64encode(hmac_), # hmac 52 - 84
b'_IV_', # iv label 84 - 88
base64.b64encode(iv), # iv 88 - 104
b'_CT_', # ct label 104 - 108
base64.b64encode(ct))) # cipher text 108 +
def decrypt_(data, password, mode = "aes256"):
data = data.split(b'_')
data[3] = base64.b64decode(data[3])
if mode == "fernet":
key = get_hmac_key(password, data[1])
f = Fernet(key)
return f.decrypt(data[3])
elif mode == "aes256":
data[5] = base64.b64decode(data[5])
data[7] = base64.b64decode(data[7])
key = get_scrypt_key(password, data[1])
h = hmac.HMAC(get_hmac_key(password, data[1]),
hashes.SHA256(),
backend=default_backend())
h.update(data[5] + data[7])
h.verify(data[3])
cipher = Cipher(algorithms.AES(key), modes.CBC(data[5]), backend = default_backend())
decryptor = cipher.decryptor()
return unpad_data(decryptor.update(data[7]) + decryptor.finalize())
def get_scrypt_key(password, salt):
kdf = Scrypt(salt = salt,
length = 32,
n = 2**14,
r = 8,
p = 1,
backend = default_backend())
return kdf.derive(password.encode())
def get_hmac_key(password, salt):
kdf = PBKDF2HMAC(algorithm = hashes.SHA256(),
length = 32,
salt = salt,
iterations = 100000,
backend = default_backend())
return base64.urlsafe_b64encode(kdf.derive(password.encode()))
def get_salt(length = 32):
chars = list("ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
return "".join([secrets.choice(chars) for i in range(length)]).encode()
def pad_data(data):
padder = padding.PKCS7(128).padder()
padded_data = padder.update(data)
padded_data += padder.finalize()
return padded_data
def unpad_data(padded_data):
unpadder = padding.PKCS7(128).unpadder()
data = unpadder.update(padded_data)
data += unpadder.finalize()
return data
def test_enc(s = "testingnline2", password = "key"):
x = encrypt_(s.encode(), password)
z = decrypt_(x, password).decode()
q = encrypt_(s.encode(), password, mode = "fernet")
p = decrypt_(q, password, mode = "fernet").decode()
if z == s and p == s:
return True
return False
print (test_enc())
#True
python python-3.x security cryptography
$endgroup$
migrated from crypto.stackexchange.com 2 days ago
This question came from our site for software developers, mathematicians and others interested in cryptography.
add a comment |
$begingroup$
I wrote this code to make easy use of the Python library Cryptography to encrypt data
Is this safe and secure given the user inputs a strong password?
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import padding, hashes, hmac
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
import base64
import os
import secrets
def encrypt_(data, password, mode = "aes256"):
salt = get_salt()
if mode == "fernet":
key = get_hmac_key(password, salt)
f = Fernet(key)
return b''.join((b'FERNET001SALT_', # description 0 - 14
salt, # salt 14 - 46
b'_CT_', # ct label 46 - 50
base64.b64encode(f.encrypt(data)))) # cipher text 50 +
elif mode == "aes256":
key = get_scrypt_key(password, salt) # get scrypt key
iv = os.urandom(16) # get secure random iv
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend = default_backend())# start cipher
encryptor = cipher.encryptor() # start encryptor
ct = encryptor.update(pad_data(data)) + encryptor.finalize() # produce cipher text, base64 encoded
h = hmac.HMAC(get_hmac_key(password, salt),
hashes.SHA256(),
backend=default_backend()) # start hmac
h.update(iv + ct) # produce hmac of iv + ct
hmac_ = h.finalize() # output hmac as hmac_ to avoid mixing names # base64 encode hmac_, iv and ct to allow .split() when decrypting
return b''.join((b'AES256001SALT_', # description 0 - 14
salt, # salt 13 - 46
b'_HMAC_', # hmac label 46 - 52
base64.b64encode(hmac_), # hmac 52 - 84
b'_IV_', # iv label 84 - 88
base64.b64encode(iv), # iv 88 - 104
b'_CT_', # ct label 104 - 108
base64.b64encode(ct))) # cipher text 108 +
def decrypt_(data, password, mode = "aes256"):
data = data.split(b'_')
data[3] = base64.b64decode(data[3])
if mode == "fernet":
key = get_hmac_key(password, data[1])
f = Fernet(key)
return f.decrypt(data[3])
elif mode == "aes256":
data[5] = base64.b64decode(data[5])
data[7] = base64.b64decode(data[7])
key = get_scrypt_key(password, data[1])
h = hmac.HMAC(get_hmac_key(password, data[1]),
hashes.SHA256(),
backend=default_backend())
h.update(data[5] + data[7])
h.verify(data[3])
cipher = Cipher(algorithms.AES(key), modes.CBC(data[5]), backend = default_backend())
decryptor = cipher.decryptor()
return unpad_data(decryptor.update(data[7]) + decryptor.finalize())
def get_scrypt_key(password, salt):
kdf = Scrypt(salt = salt,
length = 32,
n = 2**14,
r = 8,
p = 1,
backend = default_backend())
return kdf.derive(password.encode())
def get_hmac_key(password, salt):
kdf = PBKDF2HMAC(algorithm = hashes.SHA256(),
length = 32,
salt = salt,
iterations = 100000,
backend = default_backend())
return base64.urlsafe_b64encode(kdf.derive(password.encode()))
def get_salt(length = 32):
chars = list("ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
return "".join([secrets.choice(chars) for i in range(length)]).encode()
def pad_data(data):
padder = padding.PKCS7(128).padder()
padded_data = padder.update(data)
padded_data += padder.finalize()
return padded_data
def unpad_data(padded_data):
unpadder = padding.PKCS7(128).unpadder()
data = unpadder.update(padded_data)
data += unpadder.finalize()
return data
def test_enc(s = "testingnline2", password = "key"):
x = encrypt_(s.encode(), password)
z = decrypt_(x, password).decode()
q = encrypt_(s.encode(), password, mode = "fernet")
p = decrypt_(q, password, mode = "fernet").decode()
if z == s and p == s:
return True
return False
print (test_enc())
#True
python python-3.x security cryptography
$endgroup$
migrated from crypto.stackexchange.com 2 days ago
This question came from our site for software developers, mathematicians and others interested in cryptography.
1
$begingroup$
Whilst folks here (on Crypto.SE) aren't keen on reviewing code, they may have opinions on your compression of the cipher text...
$endgroup$
– Paul Uszak
2 days ago
add a comment |
$begingroup$
I wrote this code to make easy use of the Python library Cryptography to encrypt data
Is this safe and secure given the user inputs a strong password?
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import padding, hashes, hmac
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
import base64
import os
import secrets
def encrypt_(data, password, mode = "aes256"):
salt = get_salt()
if mode == "fernet":
key = get_hmac_key(password, salt)
f = Fernet(key)
return b''.join((b'FERNET001SALT_', # description 0 - 14
salt, # salt 14 - 46
b'_CT_', # ct label 46 - 50
base64.b64encode(f.encrypt(data)))) # cipher text 50 +
elif mode == "aes256":
key = get_scrypt_key(password, salt) # get scrypt key
iv = os.urandom(16) # get secure random iv
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend = default_backend())# start cipher
encryptor = cipher.encryptor() # start encryptor
ct = encryptor.update(pad_data(data)) + encryptor.finalize() # produce cipher text, base64 encoded
h = hmac.HMAC(get_hmac_key(password, salt),
hashes.SHA256(),
backend=default_backend()) # start hmac
h.update(iv + ct) # produce hmac of iv + ct
hmac_ = h.finalize() # output hmac as hmac_ to avoid mixing names # base64 encode hmac_, iv and ct to allow .split() when decrypting
return b''.join((b'AES256001SALT_', # description 0 - 14
salt, # salt 13 - 46
b'_HMAC_', # hmac label 46 - 52
base64.b64encode(hmac_), # hmac 52 - 84
b'_IV_', # iv label 84 - 88
base64.b64encode(iv), # iv 88 - 104
b'_CT_', # ct label 104 - 108
base64.b64encode(ct))) # cipher text 108 +
def decrypt_(data, password, mode = "aes256"):
data = data.split(b'_')
data[3] = base64.b64decode(data[3])
if mode == "fernet":
key = get_hmac_key(password, data[1])
f = Fernet(key)
return f.decrypt(data[3])
elif mode == "aes256":
data[5] = base64.b64decode(data[5])
data[7] = base64.b64decode(data[7])
key = get_scrypt_key(password, data[1])
h = hmac.HMAC(get_hmac_key(password, data[1]),
hashes.SHA256(),
backend=default_backend())
h.update(data[5] + data[7])
h.verify(data[3])
cipher = Cipher(algorithms.AES(key), modes.CBC(data[5]), backend = default_backend())
decryptor = cipher.decryptor()
return unpad_data(decryptor.update(data[7]) + decryptor.finalize())
def get_scrypt_key(password, salt):
kdf = Scrypt(salt = salt,
length = 32,
n = 2**14,
r = 8,
p = 1,
backend = default_backend())
return kdf.derive(password.encode())
def get_hmac_key(password, salt):
kdf = PBKDF2HMAC(algorithm = hashes.SHA256(),
length = 32,
salt = salt,
iterations = 100000,
backend = default_backend())
return base64.urlsafe_b64encode(kdf.derive(password.encode()))
def get_salt(length = 32):
chars = list("ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
return "".join([secrets.choice(chars) for i in range(length)]).encode()
def pad_data(data):
padder = padding.PKCS7(128).padder()
padded_data = padder.update(data)
padded_data += padder.finalize()
return padded_data
def unpad_data(padded_data):
unpadder = padding.PKCS7(128).unpadder()
data = unpadder.update(padded_data)
data += unpadder.finalize()
return data
def test_enc(s = "testingnline2", password = "key"):
x = encrypt_(s.encode(), password)
z = decrypt_(x, password).decode()
q = encrypt_(s.encode(), password, mode = "fernet")
p = decrypt_(q, password, mode = "fernet").decode()
if z == s and p == s:
return True
return False
print (test_enc())
#True
python python-3.x security cryptography
$endgroup$
I wrote this code to make easy use of the Python library Cryptography to encrypt data
Is this safe and secure given the user inputs a strong password?
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import padding, hashes, hmac
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
import base64
import os
import secrets
def encrypt_(data, password, mode = "aes256"):
salt = get_salt()
if mode == "fernet":
key = get_hmac_key(password, salt)
f = Fernet(key)
return b''.join((b'FERNET001SALT_', # description 0 - 14
salt, # salt 14 - 46
b'_CT_', # ct label 46 - 50
base64.b64encode(f.encrypt(data)))) # cipher text 50 +
elif mode == "aes256":
key = get_scrypt_key(password, salt) # get scrypt key
iv = os.urandom(16) # get secure random iv
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend = default_backend())# start cipher
encryptor = cipher.encryptor() # start encryptor
ct = encryptor.update(pad_data(data)) + encryptor.finalize() # produce cipher text, base64 encoded
h = hmac.HMAC(get_hmac_key(password, salt),
hashes.SHA256(),
backend=default_backend()) # start hmac
h.update(iv + ct) # produce hmac of iv + ct
hmac_ = h.finalize() # output hmac as hmac_ to avoid mixing names # base64 encode hmac_, iv and ct to allow .split() when decrypting
return b''.join((b'AES256001SALT_', # description 0 - 14
salt, # salt 13 - 46
b'_HMAC_', # hmac label 46 - 52
base64.b64encode(hmac_), # hmac 52 - 84
b'_IV_', # iv label 84 - 88
base64.b64encode(iv), # iv 88 - 104
b'_CT_', # ct label 104 - 108
base64.b64encode(ct))) # cipher text 108 +
def decrypt_(data, password, mode = "aes256"):
data = data.split(b'_')
data[3] = base64.b64decode(data[3])
if mode == "fernet":
key = get_hmac_key(password, data[1])
f = Fernet(key)
return f.decrypt(data[3])
elif mode == "aes256":
data[5] = base64.b64decode(data[5])
data[7] = base64.b64decode(data[7])
key = get_scrypt_key(password, data[1])
h = hmac.HMAC(get_hmac_key(password, data[1]),
hashes.SHA256(),
backend=default_backend())
h.update(data[5] + data[7])
h.verify(data[3])
cipher = Cipher(algorithms.AES(key), modes.CBC(data[5]), backend = default_backend())
decryptor = cipher.decryptor()
return unpad_data(decryptor.update(data[7]) + decryptor.finalize())
def get_scrypt_key(password, salt):
kdf = Scrypt(salt = salt,
length = 32,
n = 2**14,
r = 8,
p = 1,
backend = default_backend())
return kdf.derive(password.encode())
def get_hmac_key(password, salt):
kdf = PBKDF2HMAC(algorithm = hashes.SHA256(),
length = 32,
salt = salt,
iterations = 100000,
backend = default_backend())
return base64.urlsafe_b64encode(kdf.derive(password.encode()))
def get_salt(length = 32):
chars = list("ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
return "".join([secrets.choice(chars) for i in range(length)]).encode()
def pad_data(data):
padder = padding.PKCS7(128).padder()
padded_data = padder.update(data)
padded_data += padder.finalize()
return padded_data
def unpad_data(padded_data):
unpadder = padding.PKCS7(128).unpadder()
data = unpadder.update(padded_data)
data += unpadder.finalize()
return data
def test_enc(s = "testingnline2", password = "key"):
x = encrypt_(s.encode(), password)
z = decrypt_(x, password).decode()
q = encrypt_(s.encode(), password, mode = "fernet")
p = decrypt_(q, password, mode = "fernet").decode()
if z == s and p == s:
return True
return False
print (test_enc())
#True
python python-3.x security cryptography
python python-3.x security cryptography
edited 15 mins ago
Jamal♦
30.4k11121227
30.4k11121227
asked 2 days ago
citizen2077citizen2077
1095
1095
migrated from crypto.stackexchange.com 2 days ago
This question came from our site for software developers, mathematicians and others interested in cryptography.
migrated from crypto.stackexchange.com 2 days ago
This question came from our site for software developers, mathematicians and others interested in cryptography.
1
$begingroup$
Whilst folks here (on Crypto.SE) aren't keen on reviewing code, they may have opinions on your compression of the cipher text...
$endgroup$
– Paul Uszak
2 days ago
add a comment |
1
$begingroup$
Whilst folks here (on Crypto.SE) aren't keen on reviewing code, they may have opinions on your compression of the cipher text...
$endgroup$
– Paul Uszak
2 days ago
1
1
$begingroup$
Whilst folks here (on Crypto.SE) aren't keen on reviewing code, they may have opinions on your compression of the cipher text...
$endgroup$
– Paul Uszak
2 days ago
$begingroup$
Whilst folks here (on Crypto.SE) aren't keen on reviewing code, they may have opinions on your compression of the cipher text...
$endgroup$
– Paul Uszak
2 days ago
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
});
});
}, "mathjax-editing");
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "196"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f215348%2fpython-3-x-cryptography-fernet-aes256%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Code Review Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f215348%2fpython-3-x-cryptography-fernet-aes256%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
$begingroup$
Whilst folks here (on Crypto.SE) aren't keen on reviewing code, they may have opinions on your compression of the cipher text...
$endgroup$
– Paul Uszak
2 days ago