Skip to content

Instantly share code, notes, and snippets.

Last active December 18, 2018 09:44
  • Star 0 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save tmarthal/cf5a610c5c5ab1e661a6351c96200706 to your computer and use it in GitHub Desktop.
PyCrypto AES256 Encoding with Initialization Vectors Matching Spring Security
class AesCrypt256:
#Based on
# To use the null/x00 byte array for the IV
default_initialization_vector = False
def __init__(self, default_initialization_vector=False):
self.default_initialization_vector = default_initialization_vector
def pkcs5_pad(self,s):
return s + (self.BLOCK_SIZE - len(s) % self.BLOCK_SIZE) * chr(self.BLOCK_SIZE - len(s) % self.BLOCK_SIZE)
def pkcs5_unpad(self, s):
# from
return "".join(chr(e) for e in s[:-s[-1]])
def _encrypt(self, key, value, iv):
cipher =, AES.MODE_CBC, iv)
crypted = cipher.encrypt(self.pkcs5_pad(value).encode('utf-8'))
# check if empty/null initialization vector, and do not prepend if null
if all(v == 0 for v in iv):
return crypted
# prepend the initialization vector
return iv+crypted
def _decrypt(self, key, value, iv):
cipher =, AES.MODE_CBC, iv)
# unpad the bytes, throw away garbage at end
return self.pkcs5_unpad(cipher.decrypt(value))
def encrypt(self, key, value):
if self.default_initialization_vector:
return self._encrypt(key, value, bytes(bytearray(16)))
iv = Random.get_random_bytes(16)
return self._encrypt(key, value, iv)
def decrypt(self, key, value):
if self.default_initialization_vector:
# we do not have an IV present
default_iv = bytes(bytearray(16))
return self._decrypt(key, value, default_iv)
iv = value[:16]
crypted = value[16:]
return self._decrypt(key, crypted, iv)
def encryptHex(self, key, value):
return binascii.hexlify(self.encrypt(key, value))
def decryptHex(self, key, value):
return self.decrypt(key, binascii.unhexlify(value))
>>> encryptor = AesCrypt256(default_initialization_vector=False)
>>> encryptor.decryptHex(key,'98937740c652f6a17febce5013d7d13aed67a8867365e5a89374e658ad74f742')
>>> encryptor.decryptHex(key,'e3673e05560e1d24f26b4a6ed300a298c17cb9d7be9a52f11d9358421a79c015')
>>> encryptor = AesCrypt256(default_initialization_vector=True)
>>> encryptor.decryptHex(key,'a070fa1b40dafa6d7c55ee697c4cb448')
encryptor = AesCrypt256(default_initialization_vector=True)
for _ in range(3):
print(encryptor.encryptHex(key, 'foo'))
# Random symmetric test
password = 'password'
salt = binascii.unhexlify('5c0744940b5c369b')
iterations = 1024
# AES uses 256 bit encryption, 32 bytes
key = PBKDF2(password=password, salt=salt, dkLen=32, count=iterations)
encryptor = AesCrypt256(default_initialization_vector=False)
for _ in range(3):
print(encryptor.encryptHex(key, 'foo'))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment