Skip to content

Instantly share code, notes, and snippets.

@lloesche

lloesche/encrypt.py

Created September 4, 2021 01:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save lloesche/2dcde91bc7453b70bfe21258cc5e0358 to your computer and use it in GitHub Desktop.
Save lloesche/2dcde91bc7453b70bfe21258cc5e0358 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
encrypt.py
#!/usr/bin/env python
import base64
import os
from cryptography.fernet import Fernet, MultiFernet
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
psk = "superSecretPreSharedKey"
salt = os.urandom(16)
content = "Super secret data"
print(f"PSK: {psk}")
print(f"Secret content: {content}")
print(f"Salt: {salt}")
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
iterations=100000,
)
psk_based_key = base64.urlsafe_b64encode(kdf.derive(psk.encode()))
# Encrypt and decrypt using PSK
f = Fernet(psk_based_key)
print(f"PSK Key: {psk_based_key.decode()}")
encrypted = f.encrypt(content.encode())
print(f"Encrypted: {encrypted.decode()}")
decryted = f.decrypt(encrypted)
print(f"Decrypted: {decryted.decode()}")
assert decryted.decode() == content
# Rotate key
random_key = Fernet.generate_key()
print(f"Random Key: {random_key.decode()}")
f = MultiFernet([Fernet(random_key), Fernet(psk_based_key)])
rotated_encrypted = f.rotate(encrypted)
print(f"Rotated: {rotated_encrypted.decode()}")
# Decrypt using new key
f = Fernet(random_key)
rotated_decrypted = f.decrypt(rotated_encrypted)
print(f"Rotated Decrypted: {rotated_decrypted.decode()}")
assert rotated_decrypted.decode() == content
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment