Python 3.x Cryptography Fernet / AES256












1












$begingroup$


I wrote this code to make easy use of the Python library Cryptography to encrypt data



Is this safe and secure given the user inputs a strong password?



from cryptography.fernet import Fernet
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import padding, hashes, hmac
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
import base64
import os
import secrets

def encrypt_(data, password, mode = "aes256"):
salt = get_salt()
if mode == "fernet":
key = get_hmac_key(password, salt)
f = Fernet(key)
return b''.join((b'FERNET001SALT_', # description 0 - 14
salt, # salt 14 - 46
b'_CT_', # ct label 46 - 50
base64.b64encode(f.encrypt(data)))) # cipher text 50 +

elif mode == "aes256":
key = get_scrypt_key(password, salt) # get scrypt key
iv = os.urandom(16) # get secure random iv
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend = default_backend())# start cipher
encryptor = cipher.encryptor() # start encryptor
ct = encryptor.update(pad_data(data)) + encryptor.finalize() # produce cipher text, base64 encoded
h = hmac.HMAC(get_hmac_key(password, salt),
hashes.SHA256(),
backend=default_backend()) # start hmac
h.update(iv + ct) # produce hmac of iv + ct
hmac_ = h.finalize() # output hmac as hmac_ to avoid mixing names # base64 encode hmac_, iv and ct to allow .split() when decrypting
return b''.join((b'AES256001SALT_', # description 0 - 14
salt, # salt 13 - 46
b'_HMAC_', # hmac label 46 - 52
base64.b64encode(hmac_), # hmac 52 - 84
b'_IV_', # iv label 84 - 88
base64.b64encode(iv), # iv 88 - 104
b'_CT_', # ct label 104 - 108
base64.b64encode(ct))) # cipher text 108 +

def decrypt_(data, password, mode = "aes256"):
data = data.split(b'_')
data[3] = base64.b64decode(data[3])
if mode == "fernet":
key = get_hmac_key(password, data[1])
f = Fernet(key)
return f.decrypt(data[3])

elif mode == "aes256":
data[5] = base64.b64decode(data[5])
data[7] = base64.b64decode(data[7])
key = get_scrypt_key(password, data[1])
h = hmac.HMAC(get_hmac_key(password, data[1]),
hashes.SHA256(),
backend=default_backend())
h.update(data[5] + data[7])
h.verify(data[3])
cipher = Cipher(algorithms.AES(key), modes.CBC(data[5]), backend = default_backend())
decryptor = cipher.decryptor()
return unpad_data(decryptor.update(data[7]) + decryptor.finalize())

def get_scrypt_key(password, salt):
kdf = Scrypt(salt = salt,
length = 32,
n = 2**14,
r = 8,
p = 1,
backend = default_backend())
return kdf.derive(password.encode())

def get_hmac_key(password, salt):
kdf = PBKDF2HMAC(algorithm = hashes.SHA256(),
length = 32,
salt = salt,
iterations = 100000,
backend = default_backend())
return base64.urlsafe_b64encode(kdf.derive(password.encode()))

def get_salt(length = 32):
chars = list("ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
return "".join([secrets.choice(chars) for i in range(length)]).encode()

def pad_data(data):
padder = padding.PKCS7(128).padder()
padded_data = padder.update(data)
padded_data += padder.finalize()
return padded_data

def unpad_data(padded_data):
unpadder = padding.PKCS7(128).unpadder()
data = unpadder.update(padded_data)
data += unpadder.finalize()
return data


def test_enc(s = "testingnline2", password = "key"):
x = encrypt_(s.encode(), password)
z = decrypt_(x, password).decode()
q = encrypt_(s.encode(), password, mode = "fernet")
p = decrypt_(q, password, mode = "fernet").decode()
if z == s and p == s:
return True
return False

print (test_enc())
#True









share|improve this question











$endgroup$



migrated from crypto.stackexchange.com 2 days ago


This question came from our site for software developers, mathematicians and others interested in cryptography.














  • 1




    $begingroup$
    Whilst folks here (on Crypto.SE) aren't keen on reviewing code, they may have opinions on your compression of the cipher text...
    $endgroup$
    – Paul Uszak
    2 days ago
















1












$begingroup$


I wrote this code to make easy use of the Python library Cryptography to encrypt data



Is this safe and secure given the user inputs a strong password?



from cryptography.fernet import Fernet
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import padding, hashes, hmac
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
import base64
import os
import secrets

def encrypt_(data, password, mode = "aes256"):
salt = get_salt()
if mode == "fernet":
key = get_hmac_key(password, salt)
f = Fernet(key)
return b''.join((b'FERNET001SALT_', # description 0 - 14
salt, # salt 14 - 46
b'_CT_', # ct label 46 - 50
base64.b64encode(f.encrypt(data)))) # cipher text 50 +

elif mode == "aes256":
key = get_scrypt_key(password, salt) # get scrypt key
iv = os.urandom(16) # get secure random iv
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend = default_backend())# start cipher
encryptor = cipher.encryptor() # start encryptor
ct = encryptor.update(pad_data(data)) + encryptor.finalize() # produce cipher text, base64 encoded
h = hmac.HMAC(get_hmac_key(password, salt),
hashes.SHA256(),
backend=default_backend()) # start hmac
h.update(iv + ct) # produce hmac of iv + ct
hmac_ = h.finalize() # output hmac as hmac_ to avoid mixing names # base64 encode hmac_, iv and ct to allow .split() when decrypting
return b''.join((b'AES256001SALT_', # description 0 - 14
salt, # salt 13 - 46
b'_HMAC_', # hmac label 46 - 52
base64.b64encode(hmac_), # hmac 52 - 84
b'_IV_', # iv label 84 - 88
base64.b64encode(iv), # iv 88 - 104
b'_CT_', # ct label 104 - 108
base64.b64encode(ct))) # cipher text 108 +

def decrypt_(data, password, mode = "aes256"):
data = data.split(b'_')
data[3] = base64.b64decode(data[3])
if mode == "fernet":
key = get_hmac_key(password, data[1])
f = Fernet(key)
return f.decrypt(data[3])

elif mode == "aes256":
data[5] = base64.b64decode(data[5])
data[7] = base64.b64decode(data[7])
key = get_scrypt_key(password, data[1])
h = hmac.HMAC(get_hmac_key(password, data[1]),
hashes.SHA256(),
backend=default_backend())
h.update(data[5] + data[7])
h.verify(data[3])
cipher = Cipher(algorithms.AES(key), modes.CBC(data[5]), backend = default_backend())
decryptor = cipher.decryptor()
return unpad_data(decryptor.update(data[7]) + decryptor.finalize())

def get_scrypt_key(password, salt):
kdf = Scrypt(salt = salt,
length = 32,
n = 2**14,
r = 8,
p = 1,
backend = default_backend())
return kdf.derive(password.encode())

def get_hmac_key(password, salt):
kdf = PBKDF2HMAC(algorithm = hashes.SHA256(),
length = 32,
salt = salt,
iterations = 100000,
backend = default_backend())
return base64.urlsafe_b64encode(kdf.derive(password.encode()))

def get_salt(length = 32):
chars = list("ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
return "".join([secrets.choice(chars) for i in range(length)]).encode()

def pad_data(data):
padder = padding.PKCS7(128).padder()
padded_data = padder.update(data)
padded_data += padder.finalize()
return padded_data

def unpad_data(padded_data):
unpadder = padding.PKCS7(128).unpadder()
data = unpadder.update(padded_data)
data += unpadder.finalize()
return data


def test_enc(s = "testingnline2", password = "key"):
x = encrypt_(s.encode(), password)
z = decrypt_(x, password).decode()
q = encrypt_(s.encode(), password, mode = "fernet")
p = decrypt_(q, password, mode = "fernet").decode()
if z == s and p == s:
return True
return False

print (test_enc())
#True









share|improve this question











$endgroup$



migrated from crypto.stackexchange.com 2 days ago


This question came from our site for software developers, mathematicians and others interested in cryptography.














  • 1




    $begingroup$
    Whilst folks here (on Crypto.SE) aren't keen on reviewing code, they may have opinions on your compression of the cipher text...
    $endgroup$
    – Paul Uszak
    2 days ago














1












1








1





$begingroup$


I wrote this code to make easy use of the Python library Cryptography to encrypt data



Is this safe and secure given the user inputs a strong password?



from cryptography.fernet import Fernet
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import padding, hashes, hmac
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
import base64
import os
import secrets

def encrypt_(data, password, mode = "aes256"):
salt = get_salt()
if mode == "fernet":
key = get_hmac_key(password, salt)
f = Fernet(key)
return b''.join((b'FERNET001SALT_', # description 0 - 14
salt, # salt 14 - 46
b'_CT_', # ct label 46 - 50
base64.b64encode(f.encrypt(data)))) # cipher text 50 +

elif mode == "aes256":
key = get_scrypt_key(password, salt) # get scrypt key
iv = os.urandom(16) # get secure random iv
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend = default_backend())# start cipher
encryptor = cipher.encryptor() # start encryptor
ct = encryptor.update(pad_data(data)) + encryptor.finalize() # produce cipher text, base64 encoded
h = hmac.HMAC(get_hmac_key(password, salt),
hashes.SHA256(),
backend=default_backend()) # start hmac
h.update(iv + ct) # produce hmac of iv + ct
hmac_ = h.finalize() # output hmac as hmac_ to avoid mixing names # base64 encode hmac_, iv and ct to allow .split() when decrypting
return b''.join((b'AES256001SALT_', # description 0 - 14
salt, # salt 13 - 46
b'_HMAC_', # hmac label 46 - 52
base64.b64encode(hmac_), # hmac 52 - 84
b'_IV_', # iv label 84 - 88
base64.b64encode(iv), # iv 88 - 104
b'_CT_', # ct label 104 - 108
base64.b64encode(ct))) # cipher text 108 +

def decrypt_(data, password, mode = "aes256"):
data = data.split(b'_')
data[3] = base64.b64decode(data[3])
if mode == "fernet":
key = get_hmac_key(password, data[1])
f = Fernet(key)
return f.decrypt(data[3])

elif mode == "aes256":
data[5] = base64.b64decode(data[5])
data[7] = base64.b64decode(data[7])
key = get_scrypt_key(password, data[1])
h = hmac.HMAC(get_hmac_key(password, data[1]),
hashes.SHA256(),
backend=default_backend())
h.update(data[5] + data[7])
h.verify(data[3])
cipher = Cipher(algorithms.AES(key), modes.CBC(data[5]), backend = default_backend())
decryptor = cipher.decryptor()
return unpad_data(decryptor.update(data[7]) + decryptor.finalize())

def get_scrypt_key(password, salt):
kdf = Scrypt(salt = salt,
length = 32,
n = 2**14,
r = 8,
p = 1,
backend = default_backend())
return kdf.derive(password.encode())

def get_hmac_key(password, salt):
kdf = PBKDF2HMAC(algorithm = hashes.SHA256(),
length = 32,
salt = salt,
iterations = 100000,
backend = default_backend())
return base64.urlsafe_b64encode(kdf.derive(password.encode()))

def get_salt(length = 32):
chars = list("ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
return "".join([secrets.choice(chars) for i in range(length)]).encode()

def pad_data(data):
padder = padding.PKCS7(128).padder()
padded_data = padder.update(data)
padded_data += padder.finalize()
return padded_data

def unpad_data(padded_data):
unpadder = padding.PKCS7(128).unpadder()
data = unpadder.update(padded_data)
data += unpadder.finalize()
return data


def test_enc(s = "testingnline2", password = "key"):
x = encrypt_(s.encode(), password)
z = decrypt_(x, password).decode()
q = encrypt_(s.encode(), password, mode = "fernet")
p = decrypt_(q, password, mode = "fernet").decode()
if z == s and p == s:
return True
return False

print (test_enc())
#True









share|improve this question











$endgroup$




I wrote this code to make easy use of the Python library Cryptography to encrypt data



Is this safe and secure given the user inputs a strong password?



from cryptography.fernet import Fernet
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import padding, hashes, hmac
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
import base64
import os
import secrets

def encrypt_(data, password, mode = "aes256"):
salt = get_salt()
if mode == "fernet":
key = get_hmac_key(password, salt)
f = Fernet(key)
return b''.join((b'FERNET001SALT_', # description 0 - 14
salt, # salt 14 - 46
b'_CT_', # ct label 46 - 50
base64.b64encode(f.encrypt(data)))) # cipher text 50 +

elif mode == "aes256":
key = get_scrypt_key(password, salt) # get scrypt key
iv = os.urandom(16) # get secure random iv
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend = default_backend())# start cipher
encryptor = cipher.encryptor() # start encryptor
ct = encryptor.update(pad_data(data)) + encryptor.finalize() # produce cipher text, base64 encoded
h = hmac.HMAC(get_hmac_key(password, salt),
hashes.SHA256(),
backend=default_backend()) # start hmac
h.update(iv + ct) # produce hmac of iv + ct
hmac_ = h.finalize() # output hmac as hmac_ to avoid mixing names # base64 encode hmac_, iv and ct to allow .split() when decrypting
return b''.join((b'AES256001SALT_', # description 0 - 14
salt, # salt 13 - 46
b'_HMAC_', # hmac label 46 - 52
base64.b64encode(hmac_), # hmac 52 - 84
b'_IV_', # iv label 84 - 88
base64.b64encode(iv), # iv 88 - 104
b'_CT_', # ct label 104 - 108
base64.b64encode(ct))) # cipher text 108 +

def decrypt_(data, password, mode = "aes256"):
data = data.split(b'_')
data[3] = base64.b64decode(data[3])
if mode == "fernet":
key = get_hmac_key(password, data[1])
f = Fernet(key)
return f.decrypt(data[3])

elif mode == "aes256":
data[5] = base64.b64decode(data[5])
data[7] = base64.b64decode(data[7])
key = get_scrypt_key(password, data[1])
h = hmac.HMAC(get_hmac_key(password, data[1]),
hashes.SHA256(),
backend=default_backend())
h.update(data[5] + data[7])
h.verify(data[3])
cipher = Cipher(algorithms.AES(key), modes.CBC(data[5]), backend = default_backend())
decryptor = cipher.decryptor()
return unpad_data(decryptor.update(data[7]) + decryptor.finalize())

def get_scrypt_key(password, salt):
kdf = Scrypt(salt = salt,
length = 32,
n = 2**14,
r = 8,
p = 1,
backend = default_backend())
return kdf.derive(password.encode())

def get_hmac_key(password, salt):
kdf = PBKDF2HMAC(algorithm = hashes.SHA256(),
length = 32,
salt = salt,
iterations = 100000,
backend = default_backend())
return base64.urlsafe_b64encode(kdf.derive(password.encode()))

def get_salt(length = 32):
chars = list("ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
return "".join([secrets.choice(chars) for i in range(length)]).encode()

def pad_data(data):
padder = padding.PKCS7(128).padder()
padded_data = padder.update(data)
padded_data += padder.finalize()
return padded_data

def unpad_data(padded_data):
unpadder = padding.PKCS7(128).unpadder()
data = unpadder.update(padded_data)
data += unpadder.finalize()
return data


def test_enc(s = "testingnline2", password = "key"):
x = encrypt_(s.encode(), password)
z = decrypt_(x, password).decode()
q = encrypt_(s.encode(), password, mode = "fernet")
p = decrypt_(q, password, mode = "fernet").decode()
if z == s and p == s:
return True
return False

print (test_enc())
#True






python python-3.x security cryptography






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 46 mins ago









Jamal

30.4k11121227




30.4k11121227










asked 2 days ago









citizen2077citizen2077

1095




1095




migrated from crypto.stackexchange.com 2 days ago


This question came from our site for software developers, mathematicians and others interested in cryptography.









migrated from crypto.stackexchange.com 2 days ago


This question came from our site for software developers, mathematicians and others interested in cryptography.










  • 1




    $begingroup$
    Whilst folks here (on Crypto.SE) aren't keen on reviewing code, they may have opinions on your compression of the cipher text...
    $endgroup$
    – Paul Uszak
    2 days ago














  • 1




    $begingroup$
    Whilst folks here (on Crypto.SE) aren't keen on reviewing code, they may have opinions on your compression of the cipher text...
    $endgroup$
    – Paul Uszak
    2 days ago








1




1




$begingroup$
Whilst folks here (on Crypto.SE) aren't keen on reviewing code, they may have opinions on your compression of the cipher text...
$endgroup$
– Paul Uszak
2 days ago




$begingroup$
Whilst folks here (on Crypto.SE) aren't keen on reviewing code, they may have opinions on your compression of the cipher text...
$endgroup$
– Paul Uszak
2 days ago










0






active

oldest

votes











Your Answer





StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
});
});
}, "mathjax-editing");

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "196"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f215348%2fpython-3-x-cryptography-fernet-aes256%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Code Review Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


Use MathJax to format equations. MathJax reference.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f215348%2fpython-3-x-cryptography-fernet-aes256%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Сан-Квентин

8-я гвардейская общевойсковая армия

Алькесар