pip install pycryptodome
pip install cryptography
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
key = RSA.generate(2048)
pub = PKCS1_OAEP.new(key.publickey())
priv = PKCS1_OAEP.new(key)
encrypted_message = pub.encrypt(b"salut")
decrypted_message = priv.decrypt(encrypted_message)
from Crypto.Signature import pkcs1_15
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
key = RSA.generate(2048)
# sign
message = b"mon message à signer"
h = SHA256.new(message)
signature = pkcs1_15.new(key).sign(h)
# verify
h = SHA256.new(message)
try:
pkcs1_15.new(key.publickey()).verify(h, signature)
print("La signature est valide")
except(ValueError,TypeError):
print("La signature est invalide.")
from Crypto.PublicKey import RSA
key = RSA.generate(2048)
private_key = key.export_key()
file_out = open("private.pem", "wb")
file_out.write(private_key)
file_out.close()
public_key = key.publickey().export_key()
file_out = open("public.pem", "wb")
file_out.write(public_key)
file_out.close()
priv = RSA.import_key(open("private.pem").read())
pub = RSA.import_key(open("public.pem").read())
Avec pycryptodome:
from Crypto.Random import get_random_bytes
import base64
key = get_random_bytes(32)
key = base64.urlsafe_b64encode(key) # return 44 bytes key uniquement pour Fernet
key = key[:32] # pycryptodome AES necessite une 32 bytes key
Avec Fernet:
from cryptography.fernet import Fernet
key = Fernet.generate_key() # return 44 bytes key uniquement pour Fernet
Par dérivation d’un mot de passe avec PBKDF2:
from Crypto.Protocol.KDF import PBKDF2
from Crypto import Random
import base64
pwd = "my_secret_password"
salt = Random.new().read(8)
key = PBKDF2(pwd, salt, 32)
key = base64.urlsafe_b64encode(key) # return 44 bytes key uniquement pour Fernet
key = key[:32] # pycryptodome AES necessite une 32 bytes key
Avec secrets:
import secrets
import base64
key = secrets.token_bytes(32)
key = base64.urlsafe_b64encode(key) # return 44 bytes key uniquement pour Fernet
key = key[:32] # pycryptodome AES necessite une 32 bytes key
from cryptography.fernet import Fernet
key = Fernet.generate_key()
f = Fernet(key)
m = "message à chiffrer"
e = f.encrypt(m.encode())
d = f.decrypt(e)
d = d.decode()
from Crypto.Protocol.KDF import PBKDF2
from cryptography.fernet import Fernet
from Crypto import Random
import base64
salt = Random.new().read(8)
def encrypt(pwd, msg):
"""
param pwd: password or passphrase (type: str)
param msg: message to encrypt (type: str or bytes)
return base64 encoded encrypted message
"""
try:
msg = msg.encode()
except:
pass
key = PBKDF2(pwd, salt, 32)
key = base64.urlsafe_b64encode(key)
f = Fernet(key)
e = f.encrypt(msg)
return base64.b64encode(e)
def decrypt(pwd, msg):
"""
param pwd: password or passphrase (type: str)
param msg: message to uncrypt (type: bytes)
return uncrypted decoded message (str)
"""
msg = base64.b64decode(msg)
key = PBKDF2(pwd, salt, 32)
key = base64.urlsafe_b64encode(key)
f = Fernet(key)
d = f.decrypt(msg)
return d.decode()
from Crypto.Cipher import AES
from Crypto.Protocol.KDF import PBKDF2
import base64
salt = Random.new().read(8)
def encrypt(pwd, msg):
"""
param pwd: password or passphrase (type: str)
param msg: message to encrypt (type: str or bytes)
return base64 encoded encrypted message
"""
try:
msg = msg.encode()
except:
pass
key = PBKDF2(pwd, salt, 32)
key = base64.urlsafe_b64encode(key)
cipher = AES.new(key[:32], AES.MODE_EAX)
nonce = cipher.nonce
e, tag = cipher.encrypt_and_digest(msg)
r = tag + nonce + e
return base64.b64encode(r)
def decrypt(pwd, msg):
"""
param pwd: password or passphrase (type: str)
param msg: message to uncrypt (type: bytes)
return uncrypted decoded message (str)
"""
msg = base64.b64decode(msg)
tag = msg[:16]
nonce = msg[16:32]
e = msg[32:]
key = PBKDF2(pwd, salt, 32)
key = base64.urlsafe_b64encode(key)
cipher = AES.new(key[:32], AES.MODE_EAX, nonce=nonce)
d = cipher.decrypt(e)
try:
cipher.verify(tag)
return d.decode()
except ValueError:
return ""
Contrairement à AES qui est une méthode de chiffrement symétrique par blocs, Salsa20 permet de réaliser un chiffrement symétrique par flot (ou chiffrement par flux).
from Crypto.Cipher import Salsa20
from Crypto.Protocol.KDF import PBKDF2
import base64
salt = Random.new().read(8)
def encrypt(pwd, msg):
"""
param pwd: password or passphrase (type: str)
param msg: message to encrypt (type: str or bytes)
return base64 encoded encrypted message
"""
try:
msg = msg.encode()
except:
pass
key = PBKDF2(pwd, salt, 32)
key = base64.urlsafe_b64encode(key)
key = key[:32]
cipher = Salsa20.new(key=key)
e = cipher.nonce + cipher.encrypt(msg)
return base64.b64encode(e)
def decrypt(pwd, msg):
"""
param pwd: password or passphrase (type: str)
param msg: message to uncrypt (type: bytes)
return uncrypted decoded message (str)
"""
if len(msg) > 0:
msg = base64.b64decode(msg)
key = PBKDF2(pwd, salt, 32)
key = base64.urlsafe_b64encode(key)
key = key[:32]
msg_nonce = msg[:8]
ciphertext = msg[8:]
cipher = Salsa20.new(key=key, nonce=msg_nonce)
d = cipher.decrypt(ciphertext)
return d.decode()
else:
return ""