-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAES.py
115 lines (97 loc) · 3.99 KB
/
AES.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
import base64
import logging
import os
from random import SystemRandom
from cryptography.exceptions import AlreadyFinalized,InvalidTag,UnsupportedAlgorithm
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
# set up logger
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)
def Encryption(plain_text):
"""
Example for encryption and decryption of a string in one method.
- Random password generation using strong secure random number generator
- Random salt generation using OS random mode
- Key derivation using PBKDF2 HMAC SHA-512
- AES-256 authenticated encryption using GCM
- BASE64 encoding as representation for the byte-arrays
- UTF-8 encoding of Strings
- Exception handling
"""
psswd_choice = input("\nDo you want to create a password y/n: ")
if psswd_choice == "Y" or psswd_choice == "y":
password = input("Please enter the Password: ")
else:
password= ""
try:
# GENERATE password (not needed if you have a password already)
if not password:
alphabet = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
password = "".join(SystemRandom().choice(alphabet) for _ in range(9))
print("Your random generated password is: ",password)
password_bytes = password.encode('utf-8')
# GENERATE random salt (needed for PBKDF2HMAC)
#salt = os.urandom(32)
salt =b'\xa5\xc7\x7fpczU\x14\x1a\x8f\x89\xe3@A\xae\xa3\xad\xe6a]\xc13\xec\xbd2V\xfe&D\xde\xa7\xb6'
# DERIVE key (from password and salt)
kdf = PBKDF2HMAC(
algorithm=hashes.SHA512(),
length=32,
salt=salt,
iterations=10000,
backend=default_backend()
)
key = kdf.derive(password_bytes)
# GENERATE random nonce (number used once)
#nonce = os.urandom(12)
nonce =b'\x8f\x02\xef\xa1\xb8\x15s\xf0+\x86\xfe\x9a'
# ENCRYPTION
aesgcm = AESGCM(key)
cipher_text_bytes = aesgcm.encrypt(
nonce=nonce,
data=plain_text.encode('utf-8'),
associated_data=None
)
# CONVERSION of raw bytes to BASE64 representation
cipher_text = base64.urlsafe_b64encode(cipher_text_bytes)
print("\nYour Encrypted Text is: ",cipher_text)
main_cipher_txt=""
for i in cipher_text:
main_cipher_txt+= chr(i)
except (UnsupportedAlgorithm, AlreadyFinalized, InvalidTag):
logger.exception("Symmetric encryption failed")
return main_cipher_txt
def Decryption(signature):
password = input("Enter the password: ")
try:
password_bytes = password.encode('utf-8')
salt = b'\xa5\xc7\x7fpczU\x14\x1a\x8f\x89\xe3@A\xae\xa3\xad\xe6a]\xc13\xec\xbd2V\xfe&D\xde\xa7\xb6'
# DERIVE key (from password and salt)
kdf = PBKDF2HMAC(
algorithm=hashes.SHA512(),
length=32,
salt=salt,
iterations=10000,
backend=default_backend()
)
key = kdf.derive(password_bytes)
# GENERATE random nonce (number used once)
nonce =b'\x8f\x02\xef\xa1\xb8\x15s\xf0+\x86\xfe\x9a'
# ENCRYPTION
aesgcm = AESGCM(key)
cipher_text=signature.encode('utf-8')
# DECRYPTION
decrypted_cipher_text_bytes = aesgcm.decrypt(
nonce=nonce,
data=base64.urlsafe_b64decode(cipher_text),
associated_data=None
)
decrypted_cipher_text = decrypted_cipher_text_bytes.decode('utf-8')
print("\n\n<<<<<<<<<<<< Message Extracted >>>>>>>>>>>>>\n")
return decrypted_cipher_text
except (UnsupportedAlgorithm, AlreadyFinalized, InvalidTag):
print("\n\n<<<<<<<<<<<< Extraction Failed >>>>>>>>>>>>>\n")
# logger.exception("Symmetric decryption failed")