-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathencrypt.py
More file actions
66 lines (49 loc) · 2.21 KB
/
encrypt.py
File metadata and controls
66 lines (49 loc) · 2.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.backends import default_backend
import os
# Function to encrypt data
def encrypt_aes_gcm(key, plaintext, associated_data):
# Generate a random 96-bit nonce
nonce = os.urandom(12)
# Create AES-GCM cipher
cipher = Cipher(algorithms.AES(key), modes.GCM(nonce), backend=default_backend())
encryptor = cipher.encryptor()
# Attach associated data (optional, for authenticity)
if associated_data:
encryptor.authenticate_additional_data(associated_data)
# Encrypt the plaintext
ciphertext = encryptor.update(plaintext) + encryptor.finalize()
return nonce, ciphertext, encryptor.tag
# Function to decrypt data
def decrypt_aes_gcm(key, nonce, ciphertext, tag, associated_data):
# Create AES-GCM cipher
cipher = Cipher(algorithms.AES(key), modes.GCM(nonce, tag), backend=default_backend())
decryptor = cipher.decryptor()
# Attach associated data (optional, for authenticity)
if associated_data:
decryptor.authenticate_additional_data(associated_data)
# Decrypt the ciphertext
plaintext = decryptor.update(ciphertext) + decryptor.finalize()
return plaintext
# Main function to test the encryption and decryption
if __name__ == "__main__":
# Key (must be 16, 24, or 32 bytes long for AES)
key = os.urandom(32) # 256-bit key
# Plaintext
plaintext = b"Sensitive data to encrypt"
# Associated data (optional, e.g., metadata)
associated_data = b"authenticated but not encrypted"
print("Original Plaintext:", plaintext)
# Encrypt the plaintext
nonce, ciphertext, tag = encrypt_aes_gcm(key, plaintext, associated_data)
print("Ciphertext (hex):", ciphertext.hex())
print("Nonce (hex):", nonce.hex())
print("Authentication Tag (hex):", tag.hex())
# Decrypt the ciphertext
try:
decrypted_plaintext = decrypt_aes_gcm(key, nonce, ciphertext, tag, associated_data)
print("Decrypted Plaintext:", decrypted_plaintext)
except Exception as e:
print("Decryption failed:", str(e))