Last active
January 18, 2022 15:43
-
-
Save noqqe/cd9f8dc6477c7929f8b3 to your computer and use it in GitHub Desktop.
An example code for pynacl encryption and decryption (Salsa20+poly1305)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2.7 | |
| # -*- coding: utf-8 -*- | |
| import nacl.secret | |
| import nacl.utils | |
| import base64 | |
| from pyblake2 import blake2b | |
| import getpass | |
| print "### ENCRYPTION" | |
| # Fill password input into a blake2b key | |
| # and use 32 byte as Salsa20 key | |
| key = blake2b(digest_size=16) | |
| key.update(getpass.getpass("PASSWORD:")) | |
| key = key.hexdigest() | |
| print "key: %s" % key | |
| # This is your safe, you can use it to encrypt or decrypt messages | |
| box = nacl.secret.SecretBox(key) | |
| # This is our message to send, it must be a bytestring as SecretBox will | |
| # treat is as just a binary blob of data. | |
| msg = b"whohooäööppöööo" | |
| print "msg: %s" % msg | |
| # This is a nonce, it *MUST* only be used once, but it is not considered | |
| # secret and can be transmitted or stored alongside the ciphertext. A | |
| # good source of nonce is just 24 random bytes. | |
| nonce = nacl.utils.random(nacl.secret.SecretBox.NONCE_SIZE) | |
| print "nonce: %s" % nacl.encoding.HexEncoder.encode(nonce) | |
| # Encrypt our message, it will be exactly 40 bytes longer than the original | |
| # message as it stores authentication information and nonce alongside it. | |
| encrypted = box.encrypt(msg, nonce, encoder=nacl.encoding.HexEncoder) | |
| print "cipher: %s " % encrypted | |
| print "### DECRYPTION" | |
| # new blake2b hash | |
| key = blake2b(digest_size=16) | |
| key.update(getpass.getpass("PASSWORD:")) | |
| key = key.hexdigest() | |
| # just to be safe its really empty and not reused | |
| # to demonstrate nonce is really not required for decryption | |
| nonce = None | |
| print "nonce: %s" % nonce | |
| print "key: %s" % key | |
| # init box with key | |
| box = nacl.secret.SecretBox(key) | |
| # for readability reasons, write enc content into msg var | |
| msg = encrypted | |
| print "msg: %s" % msg | |
| # fun part. Only msg being used in box that was initialized only with the key | |
| plain = box.decrypt(ciphertext=msg,encoder=nacl.encoding.HexEncoder) | |
| print "plain: %s" % plain |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### ENCRYPTION | |
| PASSWORD: | |
| key: 04136e24f85d470465c3db66e58ed56c | |
| msg: whohooäööppöööo | |
| nonce: 8b301eea59af72487c61ea9d6e722e0a6ffee88cc9f65375 | |
| cipher: 8b301eea59af72487c61ea9d6e722e0a6ffee88cc9f65375f053e785f85c6f200c90dbbb295df3ac3c7ed9d0620f62f3d41be76a755f663cbd3cf7bc2f | |
| ### DECRYPTION | |
| PASSWORD: | |
| nonce: None | |
| key: 04136e24f85d470465c3db66e58ed56c | |
| msg: 8b301eea59af72487c61ea9d6e722e0a6ffee88cc9f65375f053e785f85c6f200c90dbbb295df3ac3c7ed9d0620f62f3d41be76a755f663cbd3cf7bc2f | |
| plain: whohooäööppöööo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hello, May i know if i will store the encrypted text in the database then am i also storing the key with the encrypted text... Please help me i am confused .... Thanku