How to encrypt text with a password in python?

by

Here’s how to do it properly in CBC mode, including PKCS#7 padding:

import base64
from Crypto.Cipher import AES
from Crypto.Hash import SHA256
from Crypto import Random

def encrypt(key, source, encode=True):
    key = SHA256.new(key).digest()  # use SHA-256 over our key to get a proper-sized AES key
    IV = Random.new().read(AES.block_size)  # generate IV
    encryptor = AES.new(key, AES.MODE_CBC, IV)
    padding = AES.block_size - len(source) % AES.block_size  # calculate needed padding
    source += bytes([padding]) * padding  # Python 2.x: source += chr(padding) * padding
    data = IV + encryptor.encrypt(source)  # store the IV at the beginning and encrypt
    return base64.b64encode(data).decode("latin-1") if encode else data

def decrypt(key, source, decode=True):
    if decode:
        source = base64.b64decode(source.encode("latin-1"))
    key = SHA256.new(key).digest()  # use SHA-256 over our key to get a proper-sized AES key
    IV = source[:AES.block_size]  # extract the IV from the beginning
    decryptor = AES.new(key, AES.MODE_CBC, IV)
    data = decryptor.decrypt(source[AES.block_size:])  # decrypt
    padding = data[-1]  # pick the padding value from the end; Python 2.x: ord(data[-1])
    if data[-padding:] != bytes([padding]) * padding:  # Python 2.x: chr(padding) * padding
        raise ValueError("Invalid padding...")
    return data[:-padding]  # remove the padding

It’s set to work with bytes data, so if you want to encrypt strings or use string passwords make sure you encode() them with a proper codec before passing them to the methods. If you leave the encode parameter to True the encrypt() output will be base64 encoded string, and decrypt() source should be also base64 string.

Now if you test it as:

my_password = b"secret_AES_key_string_to_encrypt/decrypt_with"
my_data = b"input_string_to_encrypt/decrypt"

print("key:  {}".format(my_password))
print("data: {}".format(my_data))
encrypted = encrypt(my_password, my_data)
print("\nenc:  {}".format(encrypted))
decrypted = decrypt(my_password, encrypted)
print("dec:  {}".format(decrypted))
print("\ndata match: {}".format(my_data == decrypted))
print("\nSecond round....")
encrypted = encrypt(my_password, my_data)
print("\nenc:  {}".format(encrypted))
decrypted = decrypt(my_password, encrypted)
print("dec:  {}".format(decrypted))
print("\ndata match: {}".format(my_data == decrypted))

your output would be similar to:

key:  b'secret_AES_key_string_to_encrypt/decrypt_with'
data: b'input_string_to_encrypt/decrypt'

enc:  7roSO+P/4eYdyhCbZmraVfc305g5P8VhDBOUDGrXmHw8h5ISsS3aPTGfsTSqn9f5
dec:  b'input_string_to_encrypt/decrypt'

data match: True

Second round....

enc:  BQm8FeoPx1H+bztlZJYZH9foI+IKAorCXRsMjbiYQkqLWbGU3NU50OsR+L9Nuqm6
dec:  b'input_string_to_encrypt/decrypt'

data match: True

Proving that same key and same data still produce different ciphertext each time.

Now, this is much better than ECB but… if you’re going to use this for communication – don’t! This is more to explain how it should be constructed, not really to be used in a production environment and especially not for communication as its missing a crucial ingredient – message authentication. Feel free to play with it, but you should not roll your own crypto, there are well vetted protocols that will help you avoid the common pitfalls and you should use those.

More Related Contents:

  1. Encrypting and decrypting a password raises ValueError
  2. Encrypt a Library Linux
  3. python building coder for ceasar cipher
  4. I need to securely store a username and password in Python, what are my options? [closed]
  5. Simple way to encode a string according to a password?
  6. Encrypt & Decrypt using PyCrypto AES 256
  7. How to decrypt OpenSSL AES-encrypted files in Python?
  8. Failed to install Python Cryptography package with PIP and setup.py
  9. How do I encrypt and decrypt a string in python?
  10. Remove ‘b’ character do in front of a string literal in Python 3 [duplicate]
  11. RSA encryption and decryption in Python
  12. How can I create a random number that is cryptographically secure in python?
  13. Encrypt and decrypt using PyCrypto AES-256
  14. How do you verify an RSA SHA1 signature in Python?
  15. Encrypted and secure docker containers
  16. What (pure) Python library to use for AES 256 encryption? [closed]
  17. What’s the purpose of Django setting ‘SECRET_KEY’?
  18. PyCrypto problem using AES+CTR
  19. How can I decode a SSL certificate using python?
  20. How to do PGP in Python (generate keys, encrypt/decrypt)
  21. Python Heads and Tails [closed]
  22. Pygame unresponsive display [duplicate]
  23. class variables is shared across all instances in python? [duplicate]
  24. How to delete columns in a CSV file?
  25. Right way to initialize an OrderedDict using its constructor such that it retains order of initial data?
  26. Combining lists into one [duplicate]
  27. What are “soft keywords”?
  28. Pandas to_csv call is prepending a comma
  29. Data tooltips in Bokeh don’t show data, showing ‘???’ instead
  30. How to handle the popup “Accepting all cookies” when the element is data-testid – Using Selenium in Python

Leave a Comment