How to Safely Encrypt and Obscure Strings Using Passwords in Python?

Encrypting Strings with a Password in Python

Disclaimer:

Encryption is a critical aspect of data security, and it should be handled with utmost care. Implementing encryption incorrectly can leave your data vulnerable to attack. Consider using well-established libraries and following best practices for secure encryption.

Using a Cryptography Library: Fernet

Python's cryptography library provides a user-friendly and secure solution for encrypting strings using a password. Fernet is a built-in recipe within cryptography that simplifies the encryption process.

Generating a Key:

To use Fernet, you first need to generate a secret key. It is crucial to keep this key a secret.

<code class="python">from cryptography.fernet import Fernet

key = Fernet.generate_key()  # Store this securely</code>

Encrypting:

<code class="python">from cryptography.fernet import Fernet

def encrypt(message: bytes, key: bytes) -> bytes:
    return Fernet(key).encrypt(message)</code>

Decrypting:

<code class="python">from cryptography.fernet import Fernet

def decrypt(token: bytes, key: bytes) -> bytes:
    return Fernet(key).decrypt(token)</code>

Example Usage:

<code class="python">message = "John Doe"
encrypted_token = encrypt(message.encode(), key)
decrypted_message = decrypt(encrypted_token, key).decode()

print(decrypted_message)  # Output: John Doe</code>

Obscuring Data

If you need to obscure data rather than encrypt it, you can use base64 encoding:

<code class="python">import base64

def obscure(data: bytes) -> bytes:
    return base64.b64encode(data)

def unobscure(obscured: bytes) -> bytes:
    return base64.b64decode(obscured)</code>

Example Usage:

<code class="python">data = b"Hello world!"
obscured = obscure(data)
unobscured = unobscure(obscured)

print(unobscured.decode())  # Output: Hello world!</code>

Verifying Data Integrity

If you need to ensure data integrity without encryption, you can use HMAC signatures:

<code class="python">import hmac
import hashlib

def sign(data: bytes, key: bytes) -> bytes:
    return hmac.new(key, data, hashlib.sha256).digest()

def verify(signature: bytes, data: bytes, key: bytes) -> bool:
    return hmac.compare_digest(hmac.new(key, data, hashlib.sha256).digest(), signature)</code>

Example Usage:

<code class="python">data = b"Hello world!"
key = secrets.token_bytes(32)
signature = sign(data, key)

if verify(signature, data, key):
    print("Signature is valid")
else:
    print("Signature is invalid")</code>

The above is the detailed content of How to Safely Encrypt and Obscure Strings Using Passwords in Python?. For more information, please follow other related articles on the PHP Chinese website!