-
Notifications
You must be signed in to change notification settings - Fork 0
/
encryption.py
105 lines (87 loc) · 2.86 KB
/
encryption.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
"""
encryption.py uses the fernet module to encrypt the configuration file - including
the API passwords - in TrackMapper
"""
# https://cryptography.io/en/latest/
# https://www.pythoninformer.com/python-libraries/cryptography/fernet/
import base64
import os
from os.path import expanduser
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
import json
debug=False
# encrypts a text using a key, which is derived from a password
def encrypt(pw,clear_data) -> str:
password = pw.encode()
# then we create a SHA256 hash of that PW
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
salt=b"",
length=32,
iterations=480000,
)
# and convert the hash to a key suitable for Fernet
hashed=kdf.derive(password);
if (debug): print ("hashed password is:",hashed)
key = base64.urlsafe_b64encode(hashed)
# create a Fernet object
f = Fernet(key)
# and encrypt something
token = f.encrypt(clear_data.encode())
if (debug): print ("token is ",token)
return token.decode()
# decrypts a text using a key, which is derived from a password
def decrypt(pw,encrypted_data) -> str:
password = pw.encode()
# then we create a SHA256 hash of that PW
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
salt=b"",
length=32,
iterations=480000,
)
# and convert the hash to a key suitable for Fernet
hashed=kdf.derive(password);
if (debug): print ("hashed password is:",hashed)
key = base64.urlsafe_b64encode(hashed)
# create a Fernet object
f = Fernet(key)
# and encrypt something
try:
cleartext = f.decrypt(encrypted_data)
if (debug): print ("cleartext is ",cleartext.decode())
return cleartext.decode()
except:
print ("wrong password or token was tampered with!")
def rd_dec_dict(pw, fn) -> dict:
try:
f=open(fn,"r")
encrypted=f.read()
f.close()
return json.loads(decrypt(pw,encrypted))
except:
print (f'failed to read {fn}, invalid password or format')
return {}
def wr_enc_dict(pw, fn, dct):
try:
f=open(fn,"w")
print(encrypt(pw,json.dumps(dct)),file=f)
f.close()
except:
print (f'failed to write {fn} or invalid format')
if (__name__ == "__main__"):
st="die waldfee"
print (f'"{st}"')
print ("should be the same as")
encrypted=encrypt("holla",st)
decrypted=decrypt("holla",encrypted)
print (f'"{decrypted}"\n')
dictis={"a string":"das ist ein Geheimnis", "and a number": 5.1}
print (dictis)
print ("should be the same as")
fp=expanduser('~')+'/Documents/python/'+"scrambled.enc".replace("\\","/")
wr_enc_dict("wurzel",fp,dictis)
dictos=rd_dec_dict("wurzel",fp)
print (dictos)