Created
September 4, 2021 01:02
-
-
Save lloesche/2dcde91bc7453b70bfe21258cc5e0358 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import base64 | |
| import os | |
| from cryptography.fernet import Fernet, MultiFernet | |
| from cryptography.hazmat.primitives import hashes | |
| from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC | |
| psk = "superSecretPreSharedKey" | |
| salt = os.urandom(16) | |
| content = "Super secret data" | |
| print(f"PSK: {psk}") | |
| print(f"Secret content: {content}") | |
| print(f"Salt: {salt}") | |
| kdf = PBKDF2HMAC( | |
| algorithm=hashes.SHA256(), | |
| length=32, | |
| salt=salt, | |
| iterations=100000, | |
| ) | |
| psk_based_key = base64.urlsafe_b64encode(kdf.derive(psk.encode())) | |
| # Encrypt and decrypt using PSK | |
| f = Fernet(psk_based_key) | |
| print(f"PSK Key: {psk_based_key.decode()}") | |
| encrypted = f.encrypt(content.encode()) | |
| print(f"Encrypted: {encrypted.decode()}") | |
| decryted = f.decrypt(encrypted) | |
| print(f"Decrypted: {decryted.decode()}") | |
| assert decryted.decode() == content | |
| # Rotate key | |
| random_key = Fernet.generate_key() | |
| print(f"Random Key: {random_key.decode()}") | |
| f = MultiFernet([Fernet(random_key), Fernet(psk_based_key)]) | |
| rotated_encrypted = f.rotate(encrypted) | |
| print(f"Rotated: {rotated_encrypted.decode()}") | |
| # Decrypt using new key | |
| f = Fernet(random_key) | |
| rotated_decrypted = f.decrypt(rotated_encrypted) | |
| print(f"Rotated Decrypted: {rotated_decrypted.decode()}") | |
| assert rotated_decrypted.decode() == content |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment