How Can I Securely Encrypt Password-Protected Strings in Python?

Secure Encryption for Password-Protected Strings

Problem:

Python lacks a built-in mechanism to encrypt and decrypt strings using a password. This can be problematic for scenarios requiring data obfuscation without strong security measures.

Solution:

Cryptography libraries, such as cryptography, provide secure encryption schemes.

Using Fernet for Symmetric Key Encryption

Fernet is a best-practice recipe for using cryptography. It combines AES CBC encryption with an HMAC signature, timestamp, and version information to protect data.

<code class="python">from cryptography.fernet import Fernet

# Generate a random 32-byte key (securely store it)
key = Fernet.generate_key()

# Encrypt and decrypt messages using the key
def encrypt(message, key):
    return Fernet(key).encrypt(message.encode())

def decrypt(token, key):
    return Fernet(key).decrypt(token).decode()</code>

Alternative Approaches:

Data Obscuring:

If data integrity is not a concern, base64 encoding can be used for obscuring.

<code class="python">import base64

def obscure(data):
    return base64.urlsafe_b64encode(data)

def unobscure(obscured):
    return base64.urlsafe_b64decode(obscured)</code>

Data Integrity:

HMAC signing can ensure data integrity by calculating a signature using a key and hashing algorithm.

<code class="python">import hmac
import hashlib

def sign(data, key, algorithm=hashlib.sha256):
    return hmac.new(key, data, algorithm).digest()

def verify(signature, data, key, algorithm=hashlib.sha256):
    return hmac.compare_digest(expected, signature)</code>

Using AES-GCM for Encryption with Integrity

Similar to Fernet, AES-GCM provides encryption and integrity using the Galois / Counter mode block cipher.

<code class="python">from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend

def aes_gcm_encrypt(message, key):
    # ... (Implementation omitted for brevity)

def aes_gcm_decrypt(token, key):
    # ... (Implementation omitted for brevity)</code>

The above is the detailed content of How Can I Securely Encrypt Password-Protected Strings in Python?. For more information, please follow other related articles on the PHP Chinese website!