Skip to content

Instantly share code, notes, and snippets.

Last active January 18, 2022 15:43
Show Gist options
  • Save noqqe/cd9f8dc6477c7929f8b3 to your computer and use it in GitHub Desktop.
Save noqqe/cd9f8dc6477c7929f8b3 to your computer and use it in GitHub Desktop.
An example code for pynacl encryption and decryption (Salsa20+poly1305)
#!/usr/bin/env python2.7
# -*- coding: utf-8 -*-
import nacl.secret
import nacl.utils
import base64
from pyblake2 import blake2b
import getpass
print "### ENCRYPTION"
# Fill password input into a blake2b key
# and use 32 byte as Salsa20 key
key = blake2b(digest_size=16)
key = key.hexdigest()
print "key: %s" % key
# This is your safe, you can use it to encrypt or decrypt messages
box = nacl.secret.SecretBox(key)
# This is our message to send, it must be a bytestring as SecretBox will
# treat is as just a binary blob of data.
msg = b"whohooäööppöööo"
print "msg: %s" % msg
# This is a nonce, it *MUST* only be used once, but it is not considered
# secret and can be transmitted or stored alongside the ciphertext. A
# good source of nonce is just 24 random bytes.
nonce = nacl.utils.random(nacl.secret.SecretBox.NONCE_SIZE)
print "nonce: %s" % nacl.encoding.HexEncoder.encode(nonce)
# Encrypt our message, it will be exactly 40 bytes longer than the original
# message as it stores authentication information and nonce alongside it.
encrypted = box.encrypt(msg, nonce, encoder=nacl.encoding.HexEncoder)
print "cipher: %s " % encrypted
print "### DECRYPTION"
# new blake2b hash
key = blake2b(digest_size=16)
key = key.hexdigest()
# just to be safe its really empty and not reused
# to demonstrate nonce is really not required for decryption
nonce = None
print "nonce: %s" % nonce
print "key: %s" % key
# init box with key
box = nacl.secret.SecretBox(key)
# for readability reasons, write enc content into msg var
msg = encrypted
print "msg: %s" % msg
# fun part. Only msg being used in box that was initialized only with the key
plain = box.decrypt(ciphertext=msg,encoder=nacl.encoding.HexEncoder)
print "plain: %s" % plain
key: 04136e24f85d470465c3db66e58ed56c
msg: whohooäööppöööo
nonce: 8b301eea59af72487c61ea9d6e722e0a6ffee88cc9f65375
cipher: 8b301eea59af72487c61ea9d6e722e0a6ffee88cc9f65375f053e785f85c6f200c90dbbb295df3ac3c7ed9d0620f62f3d41be76a755f663cbd3cf7bc2f
nonce: None
key: 04136e24f85d470465c3db66e58ed56c
msg: 8b301eea59af72487c61ea9d6e722e0a6ffee88cc9f65375f053e785f85c6f200c90dbbb295df3ac3c7ed9d0620f62f3d41be76a755f663cbd3cf7bc2f
plain: whohooäööppöööo
Copy link

hello, May i know if i will store the encrypted text in the database then am i also storing the key with the encrypted text... Please help me i am confused .... Thanku

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment