Python Encryption / Decryption tool using NACL and SimpleCrypt

readme_encryption_tool.md

Encryption:

Encrypting a file requires a password, the file name for the output of the encrypted data and encrypted secret

• use a ket derivation function
• generate a salt
• generate the key using the keysize password and salt
• then encrypt
• combine the base64 encoded value of the key and password
• encrypt it with a user defined password and write the secret value to disk

this password will be used to decrypt the secret file to retrieve access to the initial password and key to decrypt the actual data.

$ python encrypto.py --password "mypassword" --filename data.enc --secret secret.key

$ cat data.enc
dgUQRqT6eErBfnCNhIH+7huXqK.....jZYTm+cNYEWA==

$ cat secret.key
c2MAAnbLlX3R32GOgbAmdu......5MKgpRMcCAlGPrIA..

Decryption:

Decrypting a file requires the user defined password used to encrypt the secret, the encrypted file name and secret file name

$ python decrypto.py --password "mypassword" --filename data.enc --secret secret.key
this is my secure string

Resources:

• https://medium.com/@authmane512/how-to-securely-encrypt-data-in-python-with-nacl-library-591d847e5789
• https://sysadmins.co.za/encryption-and-decryption-with-simple-crypt-using-python/

decrypt.py

import argparse
import simplecrypt
import nacl.secret
import nacl.utils
import nacl.pwhash
import base64
import random
import uuid
import sys

parser = argparse.ArgumentParser(description='encryption tool')
parser.add_argument('-p', '--password', help='your password (required)', required=True)
parser.add_argument('-f', '--filename', help='your file to encrypt', required=True)
parser.add_argument('-s', '--secret', help='your file that contains your secret', required=True)
args = parser.parse_args()

s = open(args.secret).read()
cipher = base64.b64decode(s)
try:
    pt = simplecrypt.decrypt(args.password, cipher)
except simplecrypt.DecryptionException:
    print("Error: Incorrect Passphrase to decrypt secret key")
    sys.exit(1)

password = base64.b64decode(pt.split(':')[0])
salt = base64.b64decode(pt.split(':')[1])

kdf = nacl.pwhash.argon2i.kdf
key = kdf(nacl.secret.SecretBox.KEY_SIZE, password, salt)

with open(args.filename, 'r') as x:
    file_data = x.read()
    decoded_data = base64.b64decode(file_data)

box = nacl.secret.SecretBox(key)
secret_msg = box.decrypt(decoded_data)
print(secret_msg)

encrypt.py

import argparse
import simplecrypt
import nacl.secret
import nacl.utils
import nacl.pwhash
import base64
import random
import uuid

def generate_password():
    response = uuid.uuid4().hex[:random.randint(28,32)] + '/' + uuid.uuid4().hex[:random.randint(4,8)].upper() + '/' + uuid.uuid4().hex[:random.randint(16,32)]
    return response

def secret_key(password, salt):
    p_hash = base64.b64encode(password)
    s_hash = base64.b64encode(salt)
    secret_key = "{p}:{s}".format(p=p_hash, s=s_hash)
    return secret_key

parser = argparse.ArgumentParser(description='encryption tool')
parser.add_argument('-p', '--password', help='your password (required)', required=True)
parser.add_argument('-f', '--filename', help='your file to encrypt', required=True)
parser.add_argument('-s', '--secret', help='your file that contains your secret', required=True)
args = parser.parse_args()

key_password = args.password
content_file = args.filename
secret_file = args.secret
password = generate_password()
my_secret_string = 'this is my secure string'

kdf = nacl.pwhash.argon2i.kdf
salt_size = nacl.pwhash.argon2i.SALTBYTES
salt = nacl.utils.random(salt_size)
key = kdf(nacl.secret.SecretBox.KEY_SIZE, password, salt)

box = nacl.secret.SecretBox(key)
encrypted = box.encrypt(my_secret_string)

with open(content_file, 'w') as x:
    file_content = base64.b64encode(encrypted)
    x.write(file_content)

with open(secret_file, 'w') as y:
    sk = secret_key(password, salt)
    cipher = simplecrypt.encrypt(key_password, sk)
    encoded_cipher = base64.b64encode(cipher)
    y.write(encoded_cipher)