Web Cryptography Python Samples
Web Python cryptography and security examples including hash computation, symmetric encryption, and Base64 encoding
Key Facts
- Category
- Python
- Items
- 3
- Format Families
- markdown
Sample Overview
Web Python cryptography and security examples including hash computation, symmetric encryption, and Base64 encoding This sample set belongs to Python and can be used to test related workflows inside Elysia Tools.
💻 Hash Computation python
🟢 simple
⭐⭐
Compute various hash values including MD5, SHA1, SHA256, SHA512, HMAC, and salted hashes using hashlib module
⏱️ 25 min
🏷️ python, web, cryptography, hash
Prerequisites:
Basic Python, hashlib module
# Web Python Hash Computation Examples
# Computing various hash values using hashlib module
# 1. Basic Hash Functions
import hashlib
import hmac
import os
from typing import Optional, Union
def compute_md5(data: Union[str, bytes]) -> str:
"""
Compute MD5 hash
Args:
data: Input data (string or bytes)
Returns:
Hexadecimal MD5 hash
"""
if isinstance(data, str):
data = data.encode('utf-8')
return hashlib.md5(data).hexdigest()
def compute_sha1(data: Union[str, bytes]) -> str:
"""
Compute SHA1 hash
Args:
data: Input data (string or bytes)
Returns:
Hexadecimal SHA1 hash
"""
if isinstance(data, str):
data = data.encode('utf-8')
return hashlib.sha1(data).hexdigest()
def compute_sha256(data: Union[str, bytes]) -> str:
"""
Compute SHA256 hash
Args:
data: Input data (string or bytes)
Returns:
Hexadecimal SHA256 hash
"""
if isinstance(data, str):
data = data.encode('utf-8')
return hashlib.sha256(data).hexdigest()
def compute_sha512(data: Union[str, bytes]) -> str:
"""
Compute SHA512 hash
Args:
data: Input data (string or bytes)
Returns:
Hexadecimal SHA512 hash
"""
if isinstance(data, str):
data = data.encode('utf-8')
return hashlib.sha512(data).hexdigest()
def compute_sha3_256(data: Union[str, bytes]) -> str:
"""
Compute SHA3-256 hash
Args:
data: Input data (string or bytes)
Returns:
Hexadecimal SHA3-256 hash
"""
if isinstance(data, str):
data = data.encode('utf-8')
return hashlib.sha3_256(data).hexdigest()
def compute_blake2b(data: Union[str, bytes]) -> str:
"""
Compute BLAKE2b hash
Args:
data: Input data (string or bytes)
Returns:
Hexadecimal BLAKE2b hash
"""
if isinstance(data, str):
data = data.encode('utf-8')
return hashlib.blake2b(data).hexdigest()
# 2. File Hashing
def compute_file_hash(filepath: str, algorithm: str = 'sha256') -> Optional[str]:
"""
Compute hash of a file
Args:
filepath: Path to file
algorithm: Hash algorithm ('md5', 'sha1', 'sha256', 'sha512')
Returns:
Hexadecimal hash or None if error
"""
hash_func = hashlib.new(algorithm)
try:
with open(filepath, 'rb') as f:
for chunk in iter(lambda: f.read(4096), b''):
hash_func.update(chunk)
return hash_func.hexdigest()
except FileNotFoundError:
return None
def compute_file_md5(filepath: str) -> Optional[str]:
"""Compute MD5 hash of file"""
return compute_file_hash(filepath, 'md5')
def compute_file_sha256(filepath: str) -> Optional[str]:
"""Compute SHA256 hash of file"""
return compute_file_hash(filepath, 'sha256')
def compute_file_sha512(filepath: str) -> Optional[str]:
"""Compute SHA512 hash of file"""
return compute_file_hash(filepath, 'sha512')
# 3. HMAC Computation
def compute_hmac_md5(key: Union[str, bytes], message: Union[str, bytes]) -> str:
"""
Compute HMAC-MD5
Args:
key: Secret key
message: Message to authenticate
Returns:
Hexadecimal HMAC
"""
if isinstance(key, str):
key = key.encode('utf-8')
if isinstance(message, str):
message = message.encode('utf-8')
return hmac.new(key, message, hashlib.md5).hexdigest()
def compute_hmac_sha1(key: Union[str, bytes], message: Union[str, bytes]) -> str:
"""
Compute HMAC-SHA1
Args:
key: Secret key
message: Message to authenticate
Returns:
Hexadecimal HMAC
"""
if isinstance(key, str):
key = key.encode('utf-8')
if isinstance(message, str):
message = message.encode('utf-8')
return hmac.new(key, message, hashlib.sha1).hexdigest()
def compute_hmac_sha256(key: Union[str, bytes], message: Union[str, bytes]) -> str:
"""
Compute HMAC-SHA256
Args:
key: Secret key
message: Message to authenticate
Returns:
Hexadecimal HMAC
"""
if isinstance(key, str):
key = key.encode('utf-8')
if isinstance(message, str):
message = message.encode('utf-8')
return hmac.new(key, message, hashlib.sha256).hexdigest()
def compute_hmac_sha512(key: Union[str, bytes], message: Union[str, bytes]) -> str:
"""
Compute HMAC-SHA512
Args:
key: Secret key
message: Message to authenticate
Returns:
Hexadecimal HMAC
"""
if isinstance(key, str):
key = key.encode('utf-8')
if isinstance(message, str):
message = message.encode('utf-8')
return hmac.new(key, message, hashlib.sha512).hexdigest()
# 4. Hash Comparison
def compare_hash(hash1: str, hash2: str) -> bool:
"""
Compare two hashes securely
Args:
hash1: First hash
hash2: Second hash
Returns:
True if equal
"""
return hmac.compare_digest(hash1, hash2)
def verify_hash(data: Union[str, bytes], expected_hash: str, algorithm: str = 'sha256') -> bool:
"""
Verify data against expected hash
Args:
data: Input data
expected_hash: Expected hash value
algorithm: Hash algorithm
Returns:
True if matches
"""
if isinstance(data, str):
data = data.encode('utf-8')
hash_func = hashlib.new(algorithm, data)
computed_hash = hash_func.hexdigest()
return compare_hash(computed_hash, expected_hash)
def verify_file_hash(filepath: str, expected_hash: str, algorithm: str = 'sha256') -> bool:
"""
Verify file hash
Args:
filepath: Path to file
expected_hash: Expected hash value
algorithm: Hash algorithm
Returns:
True if matches
"""
computed_hash = compute_file_hash(filepath, algorithm)
return compare_hash(computed_hash, expected_hash) if computed_hash else False
# 5. Salted Hashing
def generate_salt(length: int = 32) -> bytes:
"""
Generate random salt
Args:
length: Salt length in bytes
Returns:
Random salt bytes
"""
return os.urandom(length)
def compute_salted_hash(data: Union[str, bytes], salt: Optional[bytes] = None, algorithm: str = 'sha256') -> tuple:
"""
Compute salted hash
Args:
data: Input data
salt: Salt (auto-generated if None)
algorithm: Hash algorithm
Returns:
(salt, hash) tuple
"""
if isinstance(data, str):
data = data.encode('utf-8')
if salt is None:
salt = generate_salt()
hash_func = hashlib.new(algorithm)
hash_func.update(salt + data)
return salt, hash_func.hexdigest()
def verify_salted_hash(data: Union[str, bytes], salt: bytes, expected_hash: str, algorithm: str = 'sha256') -> bool:
"""
Verify salted hash
Args:
data: Input data
salt: Salt used
expected_hash: Expected hash
algorithm: Hash algorithm
Returns:
True if matches
"""
if isinstance(data, str):
data = data.encode('utf-8')
hash_func = hashlib.new(algorithm)
hash_func.update(salt + data)
computed_hash = hash_func.hexdigest()
return compare_hash(computed_hash, expected_hash)
# 6. Multiple Hashes
def compute_all_hashes(data: Union[str, bytes]) -> dict:
"""
Compute multiple hashes of data
Args:
data: Input data
Returns:
Dictionary with all hashes
"""
if isinstance(data, str):
data = data.encode('utf-8')
return {
'md5': hashlib.md5(data).hexdigest(),
'sha1': hashlib.sha1(data).hexdigest(),
'sha256': hashlib.sha256(data).hexdigest(),
'sha512': hashlib.sha512(data).hexdigest(),
'sha3_256': hashlib.sha3_256(data).hexdigest(),
'blake2b': hashlib.blake2b(data).hexdigest()
}
# 7. Hash-based Data Integrity
def create_checksum(data: Union[str, bytes]) -> str:
"""
Create checksum for data
Args:
data: Input data
Returns:
Checksum hash
"""
return compute_sha256(data)
def verify_checksum(data: Union[str, bytes], checksum: str) -> bool:
"""
Verify data checksum
Args:
data: Input data
checksum: Expected checksum
Returns:
True if valid
"""
return verify_hash(data, checksum, 'sha256')
def create_file_checksum(filepath: str) -> Optional[str]:
"""
Create checksum for file
Args:
filepath: Path to file
Returns:
Checksum hash or None
"""
return compute_file_sha256(filepath)
# 8. Progressive Hashing
def hash_multiple_chunks(chunks: list) -> str:
"""
Hash multiple data chunks
Args:
chunks: List of data chunks
Returns:
Combined hash
"""
hash_func = hashlib.sha256()
for chunk in chunks:
if isinstance(chunk, str):
chunk = chunk.encode('utf-8')
hash_func.update(chunk)
return hash_func.hexdigest()
# Usage Examples
def demonstrate_hash_computation():
print("=== Web Python Hash Computation Examples ===\n")
# 1. Basic hashes
print("--- 1. Basic Hash Functions ---")
data = "Hello, World!"
print(f"Data: {data}")
print(f"MD5: {compute_md5(data)}")
print(f"SHA1: {compute_sha1(data)}")
print(f"SHA256: {compute_sha256(data)}")
print(f"SHA512: {compute_sha512(data)}")
print(f"SHA3-256: {compute_sha3_256(data)}")
print(f"BLAKE2b: {compute_blake2b(data)}")
# 2. All hashes
print("\n--- 2. Compute All Hashes ---")
all_hashes = compute_all_hashes("Python Cryptography")
print("All hashes:")
for name, hash_value in all_hashes.items():
print(f" {name}: {hash_value}")
# 3. HMAC
print("\n--- 3. HMAC Computation ---")
key = "secret_key"
message = "authenticated message"
print(f"Key: {key}")
print(f"Message: {message}")
print(f"HMAC-SHA256: {compute_hmac_sha256(key, message)}")
print(f"HMAC-SHA512: {compute_hmac_sha512(key, message)}")
# 4. Hash comparison
print("\n--- 4. Hash Comparison ---")
hash1 = compute_sha256("data1")
hash2 = compute_sha256("data2")
hash3 = compute_sha256("data1")
print(f"Hash1 == Hash2: {compare_hash(hash1, hash2)}")
print(f"Hash1 == Hash3: {compare_hash(hash1, hash3)}")
# 5. Salted hashing
print("\n--- 5. Salted Hashing ---")
password = "secure_password"
salt, hash_value = compute_salted_hash(password)
print(f"Password: {password}")
print(f"Salt: {salt.hex()}")
print(f"Hash: {hash_value}")
print(f"Verified: {verify_salted_hash(password, salt, hash_value)}")
# 6. Checksum
print("\n--- 6. Data Integrity Checksum ---")
data = "important data"
checksum = create_checksum(data)
print(f"Data: {data}")
print(f"Checksum: {checksum}")
print(f"Verified: {verify_checksum(data, checksum)}")
# 7. Progressive hashing
print("\n--- 7. Progressive Hashing ---")
chunks = ["chunk1", "chunk2", "chunk3"]
combined_hash = hash_multiple_chunks(chunks)
print(f"Chunks: {chunks}")
print(f"Combined hash: {combined_hash}")
print("\n=== All Hash Computation Examples Completed ===")
# Export functions
# export { compute_md5, compute_sha1, compute_sha256, compute_sha512 }
# export { compute_sha3_256, compute_blake2b }
# export { compute_file_hash, compute_file_md5, compute_file_sha256, compute_file_sha512 }
# export { compute_hmac_md5, compute_hmac_sha1, compute_hmac_sha256, compute_hmac_sha512 }
# export { compare_hash, verify_hash, verify_file_hash }
# export { generate_salt, compute_salted_hash, verify_salted_hash }
# export { compute_all_hashes }
# export { create_checksum, verify_checksum, create_file_checksum }
# export { hash_multiple_chunks }
# export { demonstrate_hash_computation }
💻 Base64 Encoding python
🟢 simple
⭐⭐
Encode and decode data using Base64 with URL-safe variants, file support, and hex conversions
⏱️ 20 min
🏷️ python, web, cryptography, encoding
Prerequisites:
Basic Python, base64 module
# Web Python Base64 Encoding Examples
# Base64 encoding/decoding with various formats
# 1. Basic Base64 Encoding/Decoding
import base64
from typing import Union
def encode_base64(data: Union[str, bytes]) -> bytes:
"""
Encode data to Base64
Args:
data: Input data (string or bytes)
Returns:
Base64 encoded bytes
"""
if isinstance(data, str):
data = data.encode('utf-8')
return base64.b64encode(data)
def decode_base64(encoded: Union[bytes, str]) -> bytes:
"""
Decode Base64 data
Args:
encoded: Base64 encoded data
Returns:
Decoded bytes
Raises:
Error: If invalid Base64
"""
if isinstance(encoded, str):
encoded = encoded.encode('utf-8')
return base64.b64decode(encoded)
def encode_base64_string(data: Union[str, bytes]) -> str:
"""
Encode data to Base64 string
Args:
data: Input data
Returns:
Base64 encoded string
"""
return encode_base64(data).decode('utf-8')
def decode_base64_string(encoded: str) -> str:
"""
Decode Base64 string to string
Args:
encoded: Base64 encoded string
Returns:
Decoded string
"""
return decode_base64(encoded).decode('utf-8')
# 2. URL-Safe Base64
def encode_base64_url(data: Union[str, bytes]) -> bytes:
"""
Encode to URL-safe Base64
Args:
data: Input data
Returns:
URL-safe Base64 bytes
"""
if isinstance(data, str):
data = data.encode('utf-8')
return base64.urlsafe_b64encode(data)
def decode_base64_url(encoded: Union[bytes, str]) -> bytes:
"""
Decode URL-safe Base64
Args:
encoded: URL-safe Base64 data
Returns:
Decoded bytes
"""
if isinstance(encoded, str):
encoded = encoded.encode('utf-8')
return base64.urlsafe_b64decode(encoded)
def encode_base64_url_string(data: Union[str, bytes]) -> str:
"""
Encode to URL-safe Base64 string
Args:
data: Input data
Returns:
URL-safe Base64 string
"""
return encode_base64_url(data).decode('utf-8')
def decode_base64_url_string(encoded: str) -> str:
"""
Decode URL-safe Base64 string
Args:
encoded: URL-safe Base64 string
Returns:
Decoded string
"""
return decode_base64_url(encoded).decode('utf-8')
# 3. Base64 with Padding Control
def encode_base64_no_padding(data: Union[str, bytes]) -> str:
"""
Encode to Base64 without padding
Args:
data: Input data
Returns:
Base64 string without '=' padding
"""
encoded = encode_base64_string(data)
return encoded.rstrip('=')
def decode_base64_no_padding(encoded: str) -> bytes:
"""
Decode Base64 without padding
Args:
encoded: Base64 string without padding
Returns:
Decoded bytes
"""
# Add padding if necessary
padding = len(encoded) % 4
if padding:
encoded += '=' * (4 - padding)
return decode_base64(encoded)
# 4. Hex to Base64 Conversion
def hex_to_base64(hex_string: str) -> str:
"""
Convert hex string to Base64
Args:
hex_string: Hexadecimal string
Returns:
Base64 encoded string
"""
bytes_data = bytes.fromhex(hex_string)
return encode_base64_string(bytes_data)
def base64_to_hex(encoded: str) -> str:
"""
Convert Base64 to hex string
Args:
encoded: Base64 encoded string
Returns:
Hexadecimal string
"""
bytes_data = decode_base64(encoded)
return bytes_data.hex()
# 5. File Base64 Encoding
def encode_file_base64(filepath: str) -> str:
"""
Encode file to Base64 string
Args:
filepath: Path to file
Returns:
Base64 encoded string
"""
with open(filepath, 'rb') as f:
file_data = f.read()
return encode_base64_string(file_data)
def decode_base64_to_file(encoded: str, filepath: str) -> None:
"""
Decode Base64 string to file
Args:
encoded: Base64 encoded string
filepath: Output file path
"""
file_data = decode_base64(encoded)
with open(filepath, 'wb') as f:
f.write(file_data)
def encode_file_base64_chunked(filepath: str, chunk_size: int = 8192) -> str:
"""
Encode large file to Base64 in chunks
Args:
filepath: Path to file
chunk_size: Chunk size for processing
Returns:
Base64 encoded string
"""
import base64
encoded_chunks = []
with open(filepath, 'rb') as f:
while True:
chunk = f.read(chunk_size)
if not chunk:
break
encoded_chunks.append(base64.b64encode(chunk))
return b''.join(encoded_chunks).decode('utf-8')
# 6. Base64 Variants
def encode_base64_standard(data: Union[str, bytes]) -> str:
"""Standard Base64 encoding with padding"""
return encode_base64_string(data)
def encode_base64_url_safe(data: Union[str, bytes]) -> str:
"""URL-safe Base64 encoding"""
return encode_base64_url_string(data).rstrip('=')
def encode_base64_mime(data: Union[str, bytes], line_length: int = 76) -> str:
"""
MIME-compatible Base64 encoding with line breaks
Args:
data: Input data
line_length: Maximum line length
Returns:
MIME-formatted Base64 string
"""
encoded = encode_base64_string(data)
lines = [encoded[i:i+line_length] for i in range(0, len(encoded), line_length)]
return '\n'.join(lines)
# 7. Validation
def is_valid_base64(encoded: str) -> bool:
"""
Check if string is valid Base64
Args:
encoded: String to validate
Returns:
True if valid Base64
"""
import re
pattern = r'^[A-Za-z0-9+/]*={0,2}$'
return bool(re.match(pattern, encoded))
def is_valid_base64_url(encoded: str) -> bool:
"""
Check if string is valid URL-safe Base64
Args:
encoded: String to validate
Returns:
True if valid URL-safe Base64
"""
import re
pattern = r'^[A-Za-z0-9_-]*={0,2}$'
return bool(re.match(pattern, encoded))
# 8. Utility Functions
def get_base64_length(original_length: int) -> int:
"""
Calculate Base64 encoded length
Args:
original_length: Original data length in bytes
Returns:
Base64 encoded length (with padding)
"""
return ((original_length + 2) // 3) * 4
def safe_base64_encode(data: Union[str, bytes]) -> str:
"""
Safely encode to Base64 (handles errors)
Args:
data: Input data
Returns:
Base64 string or empty string on error
"""
try:
return encode_base64_string(data)
except Exception:
return ""
def safe_base64_decode(encoded: str) -> bytes:
"""
Safely decode Base64 (handles errors)
Args:
encoded: Base64 string
Returns:
Decoded bytes or empty bytes on error
"""
try:
return decode_base64(encoded)
except Exception:
return b''
# 9. Advanced Operations
def encode_base64_with_prefix(data: Union[str, bytes], prefix: str = 'data:') -> str:
"""
Encode with data URI prefix
Args:
data: Input data
prefix: URI prefix
Returns:
Data URI string
"""
encoded = encode_base64_string(data)
return f"{prefix};base64,{encoded}"
def decode_base64_from_uri(uri: str) -> bytes:
"""
Decode Base64 from data URI
Args:
uri: Data URI string
Returns:
Decoded bytes
"""
# Extract Base64 part
if ',' in uri:
encoded = uri.split(',', 1)[1]
return decode_base64(encoded)
return b''
def compare_base64_data(data1: Union[str, bytes], data2: Union[str, bytes]) -> bool:
"""
Compare two data via Base64 encoding
Args:
data1: First data
data2: Second data
Returns:
True if Base64 encoded values match
"""
return encode_base64_string(data1) == encode_base64_string(data2)
# Usage Examples
def demonstrate_base64_encoding():
print("=== Web Python Base64 Encoding Examples ===\n")
# 1. Basic encoding
print("--- 1. Basic Base64 Encoding ---")
data = "Hello, World!"
encoded = encode_base64_string(data)
decoded = decode_base64_string(encoded)
print(f"Original: {data}")
print(f"Encoded: {encoded}")
print(f"Decoded: {decoded}")
print(f"Match: {data == decoded}")
# 2. Bytes encoding
print("\n--- 2. Bytes Encoding ---")
bytes_data = b"Binary data \x00\x01\x02"
encoded = encode_base64_string(bytes_data)
print(f"Original bytes: {bytes_data}")
print(f"Encoded: {encoded}")
# 3. URL-safe encoding
print("\n--- 3. URL-Safe Base64 ---")
data = "[email protected]?param=value"
standard = encode_base64_string(data)
url_safe = encode_base64_url_string(data)
print(f"Original: {data}")
print(f"Standard: {standard}")
print(f"URL-safe: {url_safe}")
print(f"URL decoded: {decode_base64_url_string(url_safe)}")
# 4. No padding
print("\n--- 4. Base64 Without Padding ---")
data = "Test"
with_padding = encode_base64_string(data)
without_padding = encode_base64_no_padding(data)
print(f"Original: {data}")
print(f"With padding: {with_padding}")
print(f"Without padding: {without_padding}")
print(f"Both decode correctly: {decode_base64_string(with_padding) == decode_base64_no_padding(without_padding)}")
# 5. Hex conversion
print("\n--- 5. Hex <-> Base64 Conversion ---")
hex_data = "48656c6c6f" # "Hello" in hex
b64_from_hex = hex_to_base64(hex_data)
hex_from_b64 = base64_to_hex(b64_from_hex)
print(f"Hex: {hex_data}")
print(f"Base64: {b64_from_hex}")
print(f"Back to hex: {hex_from_b64}")
print(f"Match: {hex_data == hex_from_b64}")
# 6. MIME format
print("\n--- 6. MIME-Compatible Encoding ---")
data = "This is a longer string that will be split into multiple lines for MIME compatibility"
mime_encoded = encode_base64_mime(data, line_length=20)
print(f"Original: {data}")
print(f"MIME encoded:\n{mime_encoded}")
# 7. Validation
print("\n--- 7. Base64 Validation ---")
valid_b64 = "SGVsbG8sIFdvcmxkIQ=="
invalid_b64 = "Hello@World!"
print(f"'{valid_b64}' is valid: {is_valid_base64(valid_b64)}")
print(f"'{invalid_b64}' is valid: {is_valid_base64(invalid_b64)}")
# 8. Data URI
print("\n--- 8. Data URI Encoding ---")
data = "Sample text content"
uri = encode_base64_with_prefix(data, prefix="data:text/plain")
print(f"Data URI: {uri[:50]}...")
decoded_from_uri = decode_base64_from_uri(uri).decode('utf-8')
print(f"Decoded from URI: {decoded_from_uri}")
print(f"Match: {data == decoded_from_uri}")
# 9. Length calculation
print("\n--- 9. Base64 Length Calculation ---")
data = "A" * 10
encoded = encode_base64_string(data)
expected_length = get_base64_length(len(data))
print(f"Original length: {len(data)} bytes")
print(f"Encoded length: {len(encoded)} chars")
print(f"Expected length: {expected_length} chars")
print(f"Match: {len(encoded) == expected_length}")
# 10. Safe operations
print("\n--- 10. Safe Encoding/Decoding ---")
print(f"Safe encode: {safe_base64_encode('Safe data')}")
print(f"Safe decode valid: {safe_base64_decode('SGVsbG8=')}")
print(f"Safe decode invalid: {safe_base64_decode('Invalid!')}")
print("\n=== All Base64 Encoding Examples Completed ===")
# Export functions
# export { encode_base64, decode_base64 }
# export { encode_base64_string, decode_base64_string }
# export { encode_base64_url, decode_base64_url }
# export { encode_base64_url_string, decode_base64_url_string }
# export { encode_base64_no_padding, decode_base64_no_padding }
# export { hex_to_base64, base64_to_hex }
# export { encode_file_base64, decode_base64_to_file, encode_file_base64_chunked }
# export { encode_base64_standard, encode_base64_url_safe, encode_base64_mime }
# export { is_valid_base64, is_valid_base64_url }
# export { get_base64_length, safe_base64_encode, safe_base64_decode }
# export { encode_base64_with_prefix, decode_base64_from_uri, compare_base64_data }
# export { demonstrate_base64_encoding }
💻 Symmetric Encryption python
🟡 intermediate
⭐⭐⭐
Implement AES symmetric encryption/decryption with various modes (CBC, GCM) using cryptography library
⏱️ 35 min
🏷️ python, web, cryptography, encryption
Prerequisites:
Intermediate Python, cryptography library, security concepts
# Web Python Symmetric Encryption Examples
# AES encryption/decryption using cryptography library
# 1. Key Generation
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2
from cryptography.hazmat.backends import default_backend
import os
import secrets
from typing import Tuple, Union
def generate_random_key(key_size: int = 32) -> bytes:
"""
Generate random encryption key
Args:
key_size: Key size in bytes (16=AES-128, 24=AES-192, 32=AES-256)
Returns:
Random key bytes
"""
return secrets.token_bytes(key_size)
def generate_key_from_password(password: Union[str, bytes], salt: Optional[bytes] = None, iterations: int = 100000) -> Tuple[bytes, bytes]:
"""
Derive encryption key from password using PBKDF2
Args:
password: User password
salt: Salt (generated if None)
iterations: PBKDF2 iterations
Returns:
(key, salt) tuple
"""
if isinstance(password, str):
password = password.encode('utf-8')
if salt is None:
salt = secrets.token_bytes(16)
kdf = PBKDF2(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
iterations=iterations,
backend=default_backend()
)
key = kdf.derive(password)
return key, salt
# 2. IV/Nonce Generation
def generate_iv(block_size: int = 16) -> bytes:
"""
Generate initialization vector
Args:
block_size: Block size in bytes
Returns:
Random IV bytes
"""
return secrets.token_bytes(block_size)
def generate_nonce(size: int = 12) -> bytes:
"""
Generate nonce for GCM mode
Args:
size: Nonce size in bytes
Returns:
Random nonce bytes
"""
return secrets.token_bytes(size)
# 3. AES-256-CBC Encryption/Decryption
def encrypt_aes_cbc(plaintext: Union[str, bytes], key: bytes, iv: Optional[bytes] = None) -> Tuple[bytes, bytes]:
"""
Encrypt using AES-256-CBC
Args:
plaintext: Data to encrypt
key: Encryption key (32 bytes for AES-256)
iv: Initialization vector (generated if None)
Returns:
(ciphertext, iv) tuple
"""
if isinstance(plaintext, str):
plaintext = plaintext.encode('utf-8')
# Pad plaintext to block size
pad_length = 16 - (len(plaintext) % 16)
plaintext = plaintext + bytes([pad_length] * pad_length)
if iv is None:
iv = generate_iv()
cipher = Cipher(
algorithms.AES(key),
modes.CBC(iv),
backend=default_backend()
)
encryptor = cipher.encryptor()
ciphertext = encryptor.update(plaintext) + encryptor.finalize()
return ciphertext, iv
def decrypt_aes_cbc(ciphertext: bytes, key: bytes, iv: bytes) -> bytes:
"""
Decrypt AES-256-CBC ciphertext
Args:
ciphertext: Data to decrypt
key: Decryption key
iv: Initialization vector
Returns:
Decrypted plaintext
"""
cipher = Cipher(
algorithms.AES(key),
modes.CBC(iv),
backend=default_backend()
)
decryptor = cipher.decryptor()
padded_plaintext = decryptor.update(ciphertext) + decryptor.finalize()
# Remove padding
pad_length = padded_plaintext[-1]
plaintext = padded_plaintext[:-pad_length]
return plaintext
# 4. AES-256-GCM Encryption/Decryption (Authenticated)
def encrypt_aes_gcm(plaintext: Union[str, bytes], key: bytes, nonce: Optional[bytes] = None, associated_data: Optional[bytes] = None) -> Tuple[bytes, bytes, bytes]:
"""
Encrypt using AES-256-GCM with authentication
Args:
plaintext: Data to encrypt
key: Encryption key (32 bytes for AES-256)
nonce: Nonce (generated if None)
associated_data: Additional authenticated data
Returns:
(ciphertext, nonce, tag) tuple
"""
if isinstance(plaintext, str):
plaintext = plaintext.encode('utf-8')
if nonce is None:
nonce = generate_nonce()
cipher = Cipher(
algorithms.AES(key),
modes.GCM(nonce),
backend=default_backend()
)
encryptor = cipher.encryptor()
if associated_data:
if isinstance(associated_data, str):
associated_data = associated_data.encode('utf-8')
encryptor.authenticate_additional_data(associated_data)
ciphertext = encryptor.update(plaintext) + encryptor.finalize()
return ciphertext, nonce, encryptor.tag
def decrypt_aes_gcm(ciphertext: bytes, key: bytes, nonce: bytes, tag: bytes, associated_data: Optional[bytes] = None) -> bytes:
"""
Decrypt AES-256-GCM ciphertext with authentication
Args:
ciphertext: Data to decrypt
key: Decryption key
nonce: Nonce used for encryption
tag: Authentication tag
associated_data: Additional authenticated data
Returns:
Decrypted plaintext
Raises:
InvalidTag: If authentication fails
"""
cipher = Cipher(
algorithms.AES(key),
modes.GCM(nonce, tag),
backend=default_backend()
)
decryptor = cipher.decryptor()
if associated_data:
if isinstance(associated_data, str):
associated_data = associated_data.encode('utf-8')
decryptor.authenticate_additional_data(associated_data)
plaintext = decryptor.update(ciphertext) + decryptor.finalize()
return plaintext
# 5. AES-128/192/256 Support
def encrypt_aes(plaintext: Union[str, bytes], key: bytes, mode: str = 'CBC') -> Tuple[bytes, bytes]:
"""
Encrypt using AES with specified key size
Args:
plaintext: Data to encrypt
key: Encryption key (16/24/32 bytes for AES-128/192/256)
mode: Encryption mode ('CBC' or 'GCM')
Returns:
(ciphertext, iv/nonce) tuple
"""
if mode == 'GCM':
ciphertext, nonce, tag = encrypt_aes_gcm(plaintext, key)
return ciphertext, nonce
else:
return encrypt_aes_cbc(plaintext, key)
def decrypt_aes(ciphertext: bytes, key: bytes, iv: bytes, mode: str = 'CBC', tag: Optional[bytes] = None) -> bytes:
"""
Decrypt using AES with specified key size
Args:
ciphertext: Data to decrypt
key: Decryption key
iv: IV or nonce
mode: Encryption mode ('CBC' or 'GCM')
tag: Authentication tag (for GCM mode)
Returns:
Decrypted plaintext
"""
if mode == 'GCM':
return decrypt_aes_gcm(ciphertext, key, iv, tag)
else:
return decrypt_aes_cbc(ciphertext, key, iv)
# 6. File Encryption/Decryption
def encrypt_file(input_path: str, output_path: str, key: bytes) -> None:
"""
Encrypt file using AES-256-CBC
Args:
input_path: Input file path
output_path: Output file path
key: Encryption key
"""
with open(input_path, 'rb') as f_in:
plaintext = f_in.read()
ciphertext, iv = encrypt_aes_cbc(plaintext, key)
with open(output_path, 'wb') as f_out:
f_out.write(iv)
f_out.write(ciphertext)
def decrypt_file(input_path: str, output_path: str, key: bytes) -> None:
"""
Decrypt file using AES-256-CBC
Args:
input_path: Input file path
output_path: Output file path
key: Decryption key
"""
with open(input_path, 'rb') as f_in:
iv = f_in.read(16)
ciphertext = f_in.read()
plaintext = decrypt_aes_cbc(ciphertext, key, iv)
with open(output_path, 'wb') as f_out:
f_out.write(plaintext)
# 7. High-Level Encryption Functions
def encrypt_message(message: str, password: str, mode: str = 'GCM') -> dict:
"""
Encrypt message with password
Args:
message: Message to encrypt
password: User password
mode: Encryption mode
Returns:
Dictionary with encrypted data
"""
key, salt = generate_key_from_password(password)
if mode == 'GCM':
ciphertext, nonce, tag = encrypt_aes_gcm(message, key)
return {
'ciphertext': ciphertext.hex(),
'nonce': nonce.hex(),
'tag': tag.hex(),
'salt': salt.hex(),
'mode': 'GCM'
}
else:
ciphertext, iv = encrypt_aes_cbc(message, key)
return {
'ciphertext': ciphertext.hex(),
'iv': iv.hex(),
'salt': salt.hex(),
'mode': 'CBC'
}
def decrypt_message(encrypted_data: dict, password: str) -> str:
"""
Decrypt message with password
Args:
encrypted_data: Dictionary with encrypted data
password: User password
Returns:
Decrypted message
"""
salt = bytes.fromhex(encrypted_data['salt'])
key, _ = generate_key_from_password(password, salt)
mode = encrypted_data['mode']
ciphertext = bytes.fromhex(encrypted_data['ciphertext'])
if mode == 'GCM':
nonce = bytes.fromhex(encrypted_data['nonce'])
tag = bytes.fromhex(encrypted_data['tag'])
plaintext = decrypt_aes_gcm(ciphertext, key, nonce, tag)
else:
iv = bytes.fromhex(encrypted_data['iv'])
plaintext = decrypt_aes_cbc(ciphertext, key, iv)
return plaintext.decode('utf-8')
# 8. Key Management
def save_key(key: bytes, filepath: str) -> None:
"""
Save key to file
Args:
key: Key bytes
filepath: Output file path
"""
with open(filepath, 'wb') as f:
f.write(key)
def load_key(filepath: str) -> bytes:
"""
Load key from file
Args:
filepath: Key file path
Returns:
Key bytes
"""
with open(filepath, 'rb') as f:
return f.read()
# Usage Examples
def demonstrate_symmetric_encryption():
print("=== Web Python Symmetric Encryption Examples ===\n")
# 1. Key generation
print("--- 1. Key Generation ---")
key = generate_random_key(32)
print(f"Random key (hex): {key.hex()}")
print(f"Key size: {len(key)} bytes (AES-256)")
password = "secure_password_123"
derived_key, salt = generate_key_from_password(password)
print(f"\nPassword: {password}")
print(f"Derived key: {derived_key.hex()}")
print(f"Salt: {salt.hex()}")
# 2. AES-CBC encryption
print("\n--- 2. AES-256-CBC Encryption ---")
plaintext = "Secret message to encrypt"
key = generate_random_key(32)
ciphertext, iv = encrypt_aes_cbc(plaintext, key)
print(f"Plaintext: {plaintext}")
print(f"Ciphertext (hex): {ciphertext.hex()}")
print(f"IV (hex): {iv.hex()}")
decrypted = decrypt_aes_cbc(ciphertext, key, iv)
print(f"Decrypted: {decrypted.decode('utf-8')}")
print(f"Match: {plaintext == decrypted.decode('utf-8')}")
# 3. AES-GCM encryption
print("\n--- 3. AES-256-GCM Encryption (Authenticated) ---")
plaintext = "Authenticated secret message"
associated_data = "metadata"
ciphertext, nonce, tag = encrypt_aes_gcm(plaintext, key, associated_data=associated_data)
print(f"Plaintext: {plaintext}")
print(f"Associated data: {associated_data}")
print(f"Ciphertext (hex): {ciphertext.hex()}")
print(f"Nonce (hex): {nonce.hex()}")
print(f"Tag (hex): {tag.hex()}")
decrypted = decrypt_aes_gcm(ciphertext, key, nonce, tag, associated_data)
print(f"Decrypted: {decrypted.decode('utf-8')}")
print(f"Match: {plaintext == decrypted.decode('utf-8')}")
# 4. High-level password encryption
print("\n--- 4. Password-Based Encryption ---")
message = "Top secret data"
password = "my_secure_pass"
encrypted = encrypt_message(message, password, mode='GCM')
print(f"Original: {message}")
print(f"Encrypted data:")
for k, v in encrypted.items():
print(f" {k}: {v}")
decrypted = decrypt_message(encrypted, password)
print(f"Decrypted: {decrypted}")
print(f"Match: {message == decrypted}")
# 5. Different key sizes
print("\n--- 5. AES Key Sizes ---")
for size, name in [(16, 'AES-128'), (24, 'AES-192'), (32, 'AES-256')]:
key = generate_random_key(size)
plaintext = f"Test with {name}"
ciphertext, iv = encrypt_aes(plaintext, key, mode='CBC')
decrypted = decrypt_aes(ciphertext, key, iv, mode='CBC')
print(f"{name}: {plaintext} -> {decrypted.decode('utf-8')} (Match: {plaintext == decrypted.decode('utf-8')})")
print("\n=== All Symmetric Encryption Examples Completed ===")
# Export functions
# export { generate_random_key, generate_key_from_password }
# export { generate_iv, generate_nonce }
# export { encrypt_aes_cbc, decrypt_aes_cbc }
# export { encrypt_aes_gcm, decrypt_aes_gcm }
# export { encrypt_aes, decrypt_aes }
# export { encrypt_file, decrypt_file }
# export { encrypt_message, decrypt_message }
# export { save_key, load_key }
# export { demonstrate_symmetric_encryption }