def saveToDisk(cls, data, logFile, token, compress=False):
if data is None or logFile is None or token is None:
raise InvalidLogFileException()
salt = get_random_bytes(cls._salt_size)
if len(salt) != cls._salt_size:
raise EncryptionException()
(enc_key, hmac_key) = cls._getKeys(token, salt)
nonce = get_random_bytes(cls._nonce_size)
if len(nonce) != cls._nonce_size:
raise EncryptionException()
ctr = Crypto.Util.Counter.new(cls._counter_size, prefix=nonce)
cipher = Crypto.Cipher.AES.new(enc_key, Crypto.Cipher.AES.MODE_CTR, counter=ctr)
if compress:
data = bz2.compress(bytes(data, 'utf-8'), cls._compression_level)
ciphertext = cipher.encrypt(data)
ciphertext_len = len(ciphertext)
new_hmac = hmac.new(hmac_key, salt + nonce + ciphertext + struct.pack(">I", ciphertext_len), cls._hmac_hash_algo)
(fd, temporary_file_name) = tempfile.mkstemp()
os.write(fd, salt)
os.write(fd, nonce)
os.write(fd, new_hmac.digest())
os.write(fd, ciphertext)
os.fsync(fd)
os.rename(temporary_file_name, logFile)
os.close(fd)
def main():
print 'enter input:'
inp = sys.stdin.readline()
inp = _normalize(inp, 16)
key8 = get_random_bytes(8)
key16 = get_random_bytes(16)
iv8 = get_random_bytes(8)
iv16 = get_random_bytes(16)
print 'key8\t', _to_hex(key8)
print 'key16\t', _to_hex(key16)
print 'iv8\t', _to_hex(iv8)
print 'iv16\t', _to_hex(iv16)
print 'DES, ECB mode'
des = DES.new(key8, DES.MODE_ECB)
enc = des.encrypt(inp)
print '\tencoded:', _to_hex(enc)
print '\tentropy:', _entropy_hex(_to_hex(enc))
print 'DES, CBC mode'
des = DES.new(key8, DES.MODE_CBC, iv8)
enc = des.encrypt(inp)
print '\tencoded:', _to_hex(enc)
print '\tentropy:', _entropy_hex(_to_hex(enc))
print 'AES, ECB mode'
aes = AES.new(key16, AES.MODE_ECB)
enc = aes.encrypt(inp)
print '\tencoded:', _to_hex(enc)
print '\tentropy:', _entropy_hex(_to_hex(enc))
print 'DES, CBC mode'
aes = AES.new(key16, AES.MODE_CBC, iv16)
enc = aes.encrypt(inp)
print '\tencoded:', _to_hex(enc)
print '\tentropy:', _entropy_hex(_to_hex(enc))
def write(self, filename=None):
''''
Write out DB to given filename with optional master key.
If no master key is given, the one used to create this DB is used.
'''
import hashlib
outfilename = filename or self.filename
self.header.ngroups = len(self.groups)
self.header.nentries = len(self.entries)
self.header.final_master_seed = get_random_bytes(16)
self.header.encryption_iv = get_random_bytes(16)
self.header.transform_seed = get_random_bytes(32)
header = DBHDR(self.header.encode())
# fixme: should regenerate encryption_iv, master_seed,
# master_seed2 and allow for the number of rounds to change
payload = self.encode_payload()
header.contents_hash = hashlib.sha256(payload).digest()
payload = self.encrypt_payload(payload, self.final_key(),
header.encryption_type(),
header.encryption_iv)
fp = open(outfilename,'w')
fp.write(header.encode())
fp.write(payload)
fp.close()
return
def encrypt(text):
salt = get_random_bytes(16)
passwd = get_random_bytes(32)
iv = get_random_bytes(iv_size)
key = PBKDF2(passwd, salt, dkLen=32, count=iterations)
cipher = AES.new(key, AES.MODE_CBC, iv)
return (clean((iv + cipher.encrypt(pad(text)))),
clean((key)))
def encrypt_and_sign(msg, senderPrivPem, receiverPubPem):
"""
Encrypts a message using AES256-CTR. The procedure first creates a new
random key/nonce for symmetric encryption and encrypt/signs that via RSA.
The procedure then symmatrically encrypts the actual message using that key/nonce.
:param msg: Message to be encrypted.
:type msg: str
:param senderPrivPem: Sender private RSA key in PEM format.
:type senderPrivPem: str
:param receiverPubPem: Receiver public RSA key in PEM format.
:type receiverPubPem: str
:returns tuple -- (AES256-CTR encrypted message, RSA Encrypted Key+IV, RSA Signature) all Base64 encoded.
"""
## read in sender/receiver RSA keys
##
skey = RSA.importKey(senderPrivPem)
rkey = RSA.importKey(receiverPubPem)
## create new random key/nonce for AES
##
key = get_random_bytes(CIPHERBITS / 8)
nonce = get_random_bytes(8)
kv = key + nonce
# print binascii.b2a_hex(kv)
# print binascii.b2a_hex(key)
# print binascii.b2a_hex(nonce)
## encrypt key/nonce using RSA
##
emsg = rkey.encrypt(kv, 0)[0]
## encrypt msg using AES-256 in CTR mode
##
c = AES.new(key, AES.MODE_CTR, counter=Counter.new(64, prefix=nonce))
pmsg = c.encrypt(pad(msg))
## create a digest of the unencrypted message
##
md = hashlib.sha256()
md.update(msg)
dmsg = md.digest()
## create a RSA signature over encrypted message + key/nonce
##
ed = hashlib.sha256()
ed.update(pmsg)
ed.update(emsg)
sig = long_to_bytes(skey.sign(ed.digest(), 0)[0])
return (
binascii.b2a_base64(pmsg).strip(),
binascii.b2a_base64(emsg).strip(),
binascii.b2a_base64(dmsg).strip(),
binascii.b2a_base64(sig).strip(),
)
def encrypt_aes(string):
key_bytes = get_random_bytes(key_size)
pad = block_size - len(string.encode('utf-8')) % block_size
data = string.encode('utf-8') + pad * chr(pad)
iv_bytes = get_random_bytes(block_size)
encrypted_bytes = iv_bytes + AES.new(key_bytes, mode, iv_bytes).encrypt(data)
string_encrypted = base64.urlsafe_b64encode(str(encrypted_bytes))
key = base64.urlsafe_b64encode(str(key_bytes))
return (string_encrypted, key)
def create_msg(self, from_jid, jid, plaintext):
key = get_random_bytes(16)
iv = get_random_bytes(16)
encrypted_keys = {}
devices_list = self.device_list_for(jid)
if len(devices_list) == 0:
log.error('No known devices')
return
for dev in devices_list:
self.get_session_cipher(jid, dev)
session_ciphers = self.session_ciphers[jid]
if not session_ciphers:
log.warning('No session ciphers for ' + jid)
return
# Encrypt the message key with for each of receivers devices
for rid, cipher in session_ciphers.items():
try:
if self.isTrusted(cipher) == TRUSTED:
encrypted_keys[rid] = cipher.encrypt(key).serialize()
else:
log.debug('Skipped Device because Trust is: ' +
str(self.isTrusted(cipher)))
except:
log.warning('Failed to find key for device ' + str(rid))
if len(encrypted_keys) == 0:
log_msg = 'Encrypted keys empty'
log.error(log_msg)
raise NoValidSessions(log_msg)
my_other_devices = set(self.own_devices) - set({self.own_device_id})
# Encrypt the message key with for each of our own devices
for dev in my_other_devices:
try:
cipher = self.get_session_cipher(from_jid, dev)
if self.isTrusted(cipher) == TRUSTED:
encrypted_keys[dev] = cipher.encrypt(key).serialize()
else:
log.debug('Skipped own Device because Trust is: ' +
str(self.isTrusted(cipher)))
except:
log.warning('Failed to find key for device ' + str(dev))
payload = encrypt(key, iv, plaintext)
result = {'sid': self.own_device_id,
'keys': encrypted_keys,
'jid': jid,
'iv': iv,
'payload': payload}
log.debug('Finished encrypting message')
return result
def create_msg(self, from_jid, jid, plaintext):
key = get_random_bytes(16)
iv = get_random_bytes(16)
encrypted_keys = {}
devices_list = self.device_list_for(jid)
if len(devices_list) == 0:
log.error('No known devices')
return
payload, tag = encrypt(key, iv, plaintext)
key += tag
# Encrypt the message key with for each of receivers devices
for device in devices_list:
try:
if self.isTrusted(jid, device) == TRUSTED:
cipher = self.get_session_cipher(jid, device)
cipher_key = cipher.encrypt(key)
prekey = isinstance(cipher_key, PreKeyWhisperMessage)
encrypted_keys[device] = (cipher_key.serialize(), prekey)
else:
log.debug('Skipped Device because Trust is: ' +
str(self.isTrusted(jid, device)))
except:
log.warning('Failed to find key for device ' + str(device))
if len(encrypted_keys) == 0:
log.error('Encrypted keys empty')
raise NoValidSessions('Encrypted keys empty')
my_other_devices = set(self.own_devices) - set({self.own_device_id})
# Encrypt the message key with for each of our own devices
for device in my_other_devices:
try:
if self.isTrusted(from_jid, device) == TRUSTED:
cipher = self.get_session_cipher(from_jid, device)
cipher_key = cipher.encrypt(key)
prekey = isinstance(cipher_key, PreKeyWhisperMessage)
encrypted_keys[device] = (cipher_key.serialize(), prekey)
else:
log.debug('Skipped own Device because Trust is: ' +
str(self.isTrusted(from_jid, device)))
except:
log.warning('Failed to find key for device ' + str(device))
result = {'sid': self.own_device_id,
'keys': encrypted_keys,
'jid': jid,
'iv': iv,
'payload': payload}
log.debug('Finished encrypting message')
return result
def encrypt_blob(public_key, data, aes_bytes=32, aes_mode=AES_MODE):
public_crypto = PKCS1_OAEP.new(public_key)
aes_key = get_random_bytes(aes_bytes)
aes_iv = get_random_bytes(16)
aes_crypto = AES.new(aes_key, aes_mode, aes_iv)
data_pickle = pickle.dumps(data, protocol=-1)
data_enc = aes_crypto.encrypt(pad_data(data_pickle))
aes_key_enc = public_crypto.encrypt(aes_key)
aes_key_len = bytes([int(math.log2(len(aes_key_enc)))])
return aes_iv + aes_key_len + aes_key_enc + data_enc
def encrypt_blob(public_key, data, aes_bytes=32, aes_mode=AES_MODE):
public_crypto = PKCS1_OAEP.new(public_key)
aes_key = get_random_bytes(aes_bytes)
aes_iv = get_random_bytes(16)
# TODO: what AES mode should we use here?
aes_crypto = AES.new(aes_key, aes_mode, iv)
data_pickle = pickle.dumps(data, protocol=-1)
data_enc = aes_crypto.encrypt(pad_data(data_pickle))
aes_key_enc = public_crypto.encrypt(aes_key)
return iv + len(aes_key_enc) + aes_key_enc + data_enc
def encrypt(self, password):
from Crypto.Random import get_random_bytes
salt = get_random_bytes(self.block_size)
from Crypto.Cipher import AES
IV = get_random_bytes(AES.block_size)
cipher = self._create_cipher(self.keyring_key, salt, IV)
password_encrypted = cipher.encrypt(self.pw_prefix + password)
# Serialize the salt, IV, and encrypted password in a secure format
data = dict(salt=salt, IV=IV, password_encrypted=password_encrypted)
for key in data:
data[key] = base64.encodestring(data[key]).decode()
return json.dumps(data).encode()
def __init__(self,buf=None):
'Create a header, read self from binary string if given'
if buf:
self.decode(buf)
else:
(self.signature1, self.signature2) = self.signatures
self.flags = 3 # SHA2 + Rijndael seems to be the standard here
self.version = self.version1
self.final_master_seed = get_random_bytes(16)
self.encryption_iv = get_random_bytes(16)
self.transform_seed = get_random_bytes(32)
self.contents_hash = ''
self.transform_rounds = 50000
def sym_encrypt_cfb_128(secret_key, cleartext, hmac_algo="sha256", kdf_iterations=ITERATIONS):
"""perform AES-128 symmetric encryption on an arbitrary cleartext
using the given secret_key in CFB mode.
AES-CFB does not require padding the input, so simplifies the task a bit.
returns a dict of the base64-encoded ciphertext, base64-encoded IV,
the HMAC-digest-hex, the HMAC-digest-algorithm name,
the key-derivation function used/number of rounds.
presently, PBKDF2 is used for key-derivation.
"""
secret_key = force_bytes(secret_key)
cleartext = force_bytes(cleartext)
assert hmac_algo in getattr(
hashlib,
"algorithms_available", # See [PEP0466](https://www.python.org/dev/peps/pep-0466/)
getattr(hashlib, "algorithms", []),
)
# Generate the AES initialisation vector, and the salt used by the key-derivation algo
salt = get_random_bytes(8)
iv = get_random_bytes(16)
# AES-CFB-128 needs a 16byte key.
# Use PBKDF2 to generate a 16byte key regardless of the secret_key length.
key = pbkdf2_derive_key("sha1", secret_key, salt, kdf_iterations, 16)
# we're using AES-128 because Bruce Schneier says not to use 192/256.
# Who are we to argue?
# https://www.schneier.com/blog/archives/2009/07/another_new_aes.html#c386957
crypt = AES.new(key, mode=AES.MODE_CFB, IV=iv)
ciphertext_64 = base64.b64encode(crypt.encrypt(cleartext))
# generate the Message Authentication Code according to @hmac_algo
# The MAC function is passed the cleartext + iv, and password.
# use the IV to avoid the same cleartext / pw combination giving the same MAC
hash_fn = getattr(hashlib, hmac_algo)
h = hmac.new(secret_key, cleartext + iv, hash_fn)
return {
"ciphertext_64": ciphertext_64,
"aes_iv_64": base64.b64encode(iv),
"kdf_salt_64": base64.b64encode(salt),
"kdf_algo": "PBKDF2", # this is currently the only choice
"kdf_iter": kdf_iterations,
"hmac_hex": h.hexdigest(),
"hmac_algo": hmac_algo,
}
def generate_secret():
"""Make a secret key suitable for use in TOTP."""
from Crypto.Random import get_random_bytes
bytes = get_random_bytes(20)
encoded = base64.b32encode(bytes)
return encoded
def _aes_encrypt(data, algorithm, key):
'''AES encrypt'''
if algorithm['subtype'] == 'cbc':
mode = AES.MODE_CBC
else:
raise Exception('AES subtype not supported: %s'
% algorithm['subtype'])
iv_size = algorithm['iv_size']
block_size = iv_size
include_iv = True
if 'iv'in algorithm and algorithm['iv']:
if len(algorithm['iv']) != algorithm['iv_size']:
raise Exception('Invalid IV size')
iv_value = algorithm['iv']
include_iv = False
else:
iv_value = get_random_bytes(iv_size)
numpad = block_size - (len(data) % block_size)
data = data + numpad * chr(numpad)
enc = AES.new(key, mode, iv_value).encrypt(data)
if include_iv:
enc = iv_value + enc
return enc
def verify(self, received_mac_tag):
"""Validate the *binary* MAC tag.
The caller invokes this function at the very end.
This method checks if the decrypted message is indeed valid
(that is, if the key is correct) and it has not been
tampered with while in transit.
:Parameters:
received_mac_tag : byte string
This is the *binary* MAC, as received from the sender.
:Raises MacMismatchError:
if the MAC does not match. The message has been tampered with
or the key is incorrect.
"""
if self.verify not in self._next:
raise TypeError("verify() cannot be called"
" when encrypting a message")
self._next = [self.verify]
if not self._mac_tag:
tag = bchr(0) * self.block_size
for i in range(3):
tag = strxor(tag, self._omac[i].digest())
self._mac_tag = tag[:self._mac_len]
secret = get_random_bytes(16)
mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=self._mac_tag)
mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=received_mac_tag)
if mac1.digest() != mac2.digest():
raise ValueError("MAC check failed")
def _create_ocb_cipher(factory, **kwargs):
"""Create a new block cipher, configured in OCB mode.
:Parameters:
factory : module
A symmetric cipher module from `Crypto.Cipher`
(like `Crypto.Cipher.AES`).
:Keywords:
nonce : byte string
A value that must never be reused for any other encryption.
Its length can vary from 1 to 15 bytes.
If not specified, a random 15 bytes long nonce is generated.
mac_len : integer
Length of the MAC, in bytes.
It must be in the range ``[8..16]``.
The default is 16 (128 bits).
Any other keyword will be passed to the underlying block cipher.
See the relevant documentation for details (at least ``key`` will need
to be present).
"""
try:
nonce = kwargs.pop("nonce", None)
if nonce is None:
nonce = get_random_bytes(15)
mac_len = kwargs.pop("mac_len", 16)
except KeyError, e:
raise TypeError("Keyword missing: " + str(e))
def new(**kwargs):
"""Create a new ChaCha20 cipher
:keyword key: The secret key to use. It must be 32 bytes long.
:type key: byte string
:keyword nonce:
A mandatory value that must never be reused for any other encryption
done with this key. It must be 8 bytes long.
If not provided, a random byte string will be generated (you can read
it back via the ``nonce`` attribute of the returned object).
:type nonce: byte string
:Return: a :class:`Crypto.Cipher.ChaCha20.ChaCha20Cipher` object
"""
try:
key = kwargs.pop("key")
except KeyError as e:
raise TypeError("Missing parameter %s" % e)
nonce = kwargs.pop("nonce", None)
if nonce is None:
nonce = get_random_bytes(8)
if len(key) != 32:
raise ValueError("ChaCha20 key must be 32 bytes long")
if len(nonce) != 8:
raise ValueError("ChaCha20 nonce must be 8 bytes long")
if kwargs:
raise TypeError("Unknown parameters: " + str(kwargs))
return ChaCha20Cipher(key, nonce)
def verify(self, received_mac_tag):
"""Validate the *binary* MAC tag.
The caller invokes this function at the very end.
This method checks if the decrypted message is indeed valid
(that is, if the key is correct) and it has not been
tampered with while in transit.
:Parameters:
received_mac_tag : bytes/bytearray/memoryview
This is the *binary* MAC, as received from the sender.
:Raises ValueError:
if the MAC does not match. The message has been tampered with
or the key is incorrect.
"""
if self.verify not in self._next:
raise TypeError("verify() cannot be called"
" when encrypting a message")
self._next = [self.verify]
if self._mac_tag is None:
self._mac_tag = self._kdf.derive()
secret = get_random_bytes(16)
mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=self._mac_tag)
mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=received_mac_tag)
if mac1.digest() != mac2.digest():
raise ValueError("MAC check failed")
def _create_ofb_cipher(factory, **kwargs):
"""Instantiate a cipher object that performs OFB encryption/decryption.
:Parameters:
factory : module
The underlying block cipher, a module from ``Crypto.Cipher``.
:Keywords:
iv : bytes/bytearray/memoryview
The IV to use for OFB.
IV : bytes/bytearray/memoryview
Alias for ``iv``.
Any other keyword will be passed to the underlying block cipher.
See the relevant documentation for details (at least ``key`` will need
to be present).
"""
cipher_state = factory._create_base_cipher(kwargs)
iv = kwargs.pop("IV", None)
IV = kwargs.pop("iv", None)
if (None, None) == (iv, IV):
iv = get_random_bytes(factory.block_size)
if iv is not None:
if IV is not None:
raise TypeError("You must either use 'iv' or 'IV', not both")
else:
iv = IV
if kwargs:
raise TypeError("Unknown parameters for OFB: %s" % str(kwargs))
return OfbMode(cipher_state, iv)
def _create_openpgp_cipher(factory, **kwargs):
"""Create a new block cipher, configured in OpenPGP mode.
:Parameters:
factory : module
The module.
:Keywords:
key : byte string
The secret key to use in the symmetric cipher.
IV : byte string
The initialization vector to use for encryption or decryption.
For encryption, the IV must be as long as the cipher block size.
For decryption, it must be 2 bytes longer (it is actually the
*encrypted* IV which was prefixed to the ciphertext).
"""
iv = kwargs.pop("IV", None)
IV = kwargs.pop("iv", None)
if (None, None) == (iv, IV):
iv = get_random_bytes(factory.block_size)
if iv is not None:
if IV is not None:
raise TypeError("You must either use 'iv' or 'IV', not both")
else:
iv = IV
try:
key = kwargs.pop("key")
except KeyError, e:
raise TypeError("Missing component: " + str(e))
def verify(self, received_mac_tag):
"""Validate the *binary* MAC tag.
Call this method after the final `decrypt` (the one with no arguments)
to check if the message is authentic and valid.
:Parameters:
received_mac_tag : byte string
This is the *binary* MAC, as received from the sender.
:Raises ValueError:
if the MAC does not match. The message has been tampered with
or the key is incorrect.
"""
if self.verify not in self._next:
raise TypeError("verify() cannot be called now for this cipher")
assert(len(self._cache_P) == 0)
self._next = [self.verify]
if self._mac_tag is None:
self._compute_mac_tag()
secret = get_random_bytes(16)
mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=self._mac_tag)
mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=received_mac_tag)
if mac1.digest() != mac2.digest():
raise ValueError("MAC check failed")
def encrypt(data, key):
key = SHA256.new(key).digest()
nonce = get_random_bytes(CryptoAES.nonce_size)
cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)
ciphertext = cipher.encrypt(data)
return nonce + ciphertext
def load_secret_key_file(secret_key_file):
"""
Loads a secret key from a file and initializes the engine with this key.
This is designed for use in development/debugging and should NOT be used
in production, if you value the encrypted database data.
:param secret_key_file: The path to a file containing the 32-byte secret key.
:type secret_key_file: str
:raise ensconce.exc.CryptoNotInitialized: If the engine cannot be initialized.
"""
try:
with open(secret_key_file) as fp:
key_bytes = binascii.unhexlify(fp.read().strip())
log.info("Using DEBUG secret.key from file: {0}".format(secret_key_file))
try:
secret_key = CombinedMasterKey(key_bytes)
validate_key(key=secret_key)
except exc.MissingKeyMetadata:
log.info("Writng out DEBUG secret.key to key metadata row.")
initialize_key_metadata(key=secret_key, salt=get_random_bytes(16))
state.secret_key = secret_key
except:
log.exception("Unable to initialize secret key from file.")
raise exc.CryptoNotInitialized("Crypto engine has not been initialized.")
def encrypt(cls, key, keyusage, plaintext, confounder):
if confounder is None:
confounder = get_random_bytes(8)
ki = HMAC.new(key.contents, cls.usage_str(keyusage), MD5).digest()
cksum = HMAC.new(ki, confounder + plaintext, MD5).digest()
ke = HMAC.new(ki, cksum, MD5).digest()
return cksum + ARC4.new(ke).encrypt(confounder + plaintext)
def verify(self, received_mac_tag):
"""Validate the *binary* authentication tag (MAC).
The receiver invokes this method at the very end, to
check if the associated data (if any) and the decrypted
messages are valid.
:param bytes/bytearray/memoryview received_mac_tag:
This is the 16-byte *binary* MAC, as received from the sender.
:Raises ValueError:
if the MAC does not match. The message has been tampered with
or the key is incorrect.
"""
if self.verify not in self._next:
raise TypeError("verify() cannot be called"
" when encrypting a message")
self._next = (self.verify,)
secret = get_random_bytes(16)
self._compute_mac()
mac1 = BLAKE2s.new(digest_bits=160, key=secret,
data=self._mac_tag)
mac2 = BLAKE2s.new(digest_bits=160, key=secret,
data=received_mac_tag)
if mac1.digest() != mac2.digest():
raise ValueError("MAC check failed")
def test_random_large_chunk():
sd = SecureDict(priv_rsa, pub_rsa)
for i in range(100):
data = get_random_bytes(1 << 15)
sd['foo'] = data
assert sd.export()['foo'] != data
assert sd['foo'] == data
def init_crypto(options):
"""
Interactive target to initialize the database with a new crypto passphrase.
"""
print "Initializing crypto for an empty database."
if crypto_util.has_encrypted_data():
raise BuildFailure("Database has existing encrypted contents; use the 'rekey' target instead.")
passphrase = raw_input("Passphrase: ")
print "The database will be initialized with the passphrase between the arrows: --->%s<---" % passphrase
print "The MD5 of the passphrase you entered is: %s" % hashlib.md5(passphrase).hexdigest()
confirm = raw_input("Type 'YES' to confirm passphrase and MD5 are correct: ")
if confirm != 'YES':
raise ValueError("You must enter 'YES' to proceed.")
salt = get_random_bytes(16)
key = crypto_util.derive_key(passphrase=passphrase, salt=salt)
crypto_util.initialize_key_metadata(key=key, salt=salt, force_overwrite=False)
print "Database key metadata has been initialized. Your application is ready for use."
if config.get('debug'):
print "The new key is: %s%s" % (binascii.hexlify(key.encryption_key), binascii.hexlify(key.signing_key))
print "*************************************************************"
print "IMPORTANT"
print "Make sure your database master passphrase is stored somewhere"
print "outside of Ensconce."
print ""
print "There is no recovery mechanism for this passphrase (or for "
print "your database, should you lose it.)"
print "*************************************************************"
def _create_eax_cipher(factory, **kwargs):
"""Create a new block cipher, configured in EAX mode.
:Parameters:
factory : module
A symmetric cipher module from `Crypto.Cipher` (like
`Crypto.Cipher.AES`).
:Keywords:
key : byte string
The secret key to use in the symmetric cipher.
nonce : byte string
A value that must never be reused for any other encryption.
There are no restrictions on its length, but it is recommended to use
at least 16 bytes.
The nonce shall never repeat for two different messages encrypted with
the same key, but it does not need to be random.
If not specified, a 16 byte long random string is used.
mac_len : integer
Length of the MAC, in bytes. It must be no larger than the cipher
block bytes (which is the default).
"""
try:
key = kwargs.pop("key")
nonce = kwargs.pop("nonce", None)
if nonce is None:
nonce = get_random_bytes(16)
mac_len = kwargs.pop("mac_len", factory.block_size)
except KeyError, e:
raise TypeError("Missing parameter: " + str(e))
def encrypt(self, password, assoc = None):
# encrypt password, ignore associated data
from Crypto.Random import get_random_bytes
salt = get_random_bytes(self.block_size)
from Crypto.Cipher import AES
IV = get_random_bytes(AES.block_size)
cipher = self._create_cipher(self.keyring_key, salt, IV)
password_encrypted = cipher.encrypt(self.pw_prefix + password)
# Serialize the salt, IV, and encrypted password in a secure format
data = dict(
salt=salt, IV=IV, password_encrypted=password_encrypted,
)
for key in data:
# spare a few bytes: throw away newline from base64 encoding
data[key] = encodebytes(data[key]).decode()[:-1]
return json.dumps(data).encode()
def gen_init_vec():
from Crypto.Random import get_random_bytes
return get_random_bytes(IV_BYTES)
def _random_bytes(self, size):
'''
Creates random bytes; used for IV, salt and key generation.
'''
return get_random_bytes(size)
def __init__(self, key):
self.key = key
def cifrar(self, cadena, contador):
cadena = cadena.encode("UTF-8")
cipher = AES.new(self.key, AES.MODE_CTR, counter=contador)
ciphertext = cipher.encrypt(cadena)
return ciphertext
def descifrar(self, cifrado, contador):
decipher_aes = AES.new(self.key, AES.MODE_CTR, counter=contador)
new_data = decipher_aes.decrypt(cifrado).decode("utf-8", "ignore")
return new_data
IV = get_random_bytes(8)
#Clave aleatoria 128 bits
key = get_random_bytes(16)
#Creo un nuevo counter
counter = Counter.new(64, prefix=IV)
print("AES Modo de Operacion CTR:")
datos = "Hola Amigos De Seguridad"
print(datos)
d = AES_CIPHER(key)
cifrado = d.cifrar(datos, counter)
print("Texto cifrado:")
print(cifrado)
descifrado = d.descifrar(cifrado, counter)
print("Texto descifrado:")
print(descifrado)
def genKey(keyfile=settings.DSIP_PRIV_KEY):
with open(keyfile, 'wb') as f:
key = get_random_bytes(AES_CTR.KEY_SIZE)
f.write(key)
send_button.pack(side=tkinter.LEFT, ipady=10, ipadx=10, pady=10, padx=5)
#----Now comes the sockets part----
HOST = input('Enter host: ')
PORT = input('Enter port: ')
USERNAME = input('Enter username: '******''' Standard Buffer Size of 1024 bytes for reading '''
BUFSIZ = 1024
''' Create a tuple of user inputted host and post '''
ADDR = (HOST, PORT)
RSAPassphrase = os.urandom(32)
randomPassA = get_random_bytes(16)
''' Create a new socket on the specified host and port and connect '''
client_socket = socket(AF_INET, SOCK_STREAM)
client_socket.connect(ADDR)
''' Begin a new thread for this specific client '''
receive_thread = Thread(target=receive)
receive_thread.start()
''' This line starts up the tkinter GUI execution '''
tkinter.mainloop()
def __getX1(self):
self.__PCD_SK_x1 = self.__hex_to_int(bytearray(get_random_bytes(32)))
PCD_PK_X1 = self.pointG * self.__PCD_SK_x1 #kP = P + k (known, shared point P is ec-added k times to itself). Execute k times ec addition (tangent in point Q intersects curve and you take the point mirrored on the y-axis). Elliptic curve discrete logarithm problem (ecdlp) P=k*Q. pointG is shared starting point P. Q is randomly generated.
return bytearray(
bytearray([0x04]) + self.__long_to_bytearray(PCD_PK_X1.x()) +
self.__long_to_bytearray(PCD_PK_X1.y()))
def __init__(self, secret: bytes, digestmod=SHA256):
self._secret = secret
self._mod = digestmod
@staticmethod
def load(path, *args, **kwargs):
from pathlib import Path
key = Path(path).read_bytes()
return HmacAttestation(key, *args, **kwargs)
def _common(self, raw: bytes):
return HMAC.new(self._secret, msg=raw, digestmod=self._mod)
def _generate(self, raw: bytes) -> bytes:
h = self._common(raw)
return h.digest()
def _verify(self, raw: bytes, quote: bytes):
h = self._common(raw)
h.verify(quote)
if __name__ == "__main__":
from pathlib import Path
from Crypto.Random import get_random_bytes
secret = get_random_bytes(16)
Path('hsecret.bin').write_bytes(secret)
a = HmacAttestation(secret)
def gen_key():
from Crypto.Random import get_random_bytes
return get_random_bytes(AES_KEY_SIZE)
def re_key(self):
nonce = get_random_bytes(32)
self._re_key(nonce, self.data["sss_tree"])
return nonce
# -*- coding: utf-8 -*-
"""
Created on Mon Mar 8 17:03:46 2021
@author: SushiMahi
"""
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
import os
with open("aes.key", "wb") as file_out:
key = get_random_bytes(16)
file_out.write(key)
data = "Oracle text for "
iv = os.urandom(16)
cipher = AES.new(key, AES.MODE_CBC, iv)
cipher.encrypt(data)
print("Data is encrypted and stored in a file")
#helpers
def E(PTX, KEY):
return b64encode(
AES.new(b64decode(KEY), AES.MODE_ECB).encrypt(pad(PTX,
AES.block_size)))
def D(CTX, KEY):
return unpad(
AES.new(b64decode(KEY), AES.MODE_ECB).decrypt(b64decode(CTX)),
AES.block_size)
def dynload(code):
exec(code)
#infector
P = '''
print "establishing justice..."
print "boosting economy..."
print "developing infrastructure..."
print "rm -rf..."
'''
K = b64encode(get_random_bytes(32))
print E(P, K)
print K
print D(
'dta4O8tipUlIq2xX4awR2SM+5Z1ybC+qr+QRPkb5b66Zdbq8jjme66IjYjTYCK6fre8c6956Mz3ma9/uwx3redLhd0MYBZWTQ7tYO6z6vvfSYBskBXEOVJvHRv/fIUqDb7oy1wqOUu4kaoaIjuRXwg+A7ycglLyXjbh+JQ6Eih4==',
'QgOApNqJEK8LjndbE+uYBfyRfj4RRLbR1qm3D3CDV6M==')
def check_find_x_0(x_0):
if x_0 is None:
x_0 = np.frombuffer(get_random_bytes(4), np.uint16)[0]
return x_0
def send_confirm(amount_input, recipient_input, keep_input, openfield_input):
top10 = Toplevel()
top10.title("Confirm")
# encr check
if encrypt_var.get() == 1:
#get recipient's public key
c.execute(
"SELECT public_key FROM transactions WHERE address = ? and reward = 0",
(recipient_input, ))
target_public_key_hashed = c.fetchone()[0]
recipient_key = RSA.importKey(
base64.b64decode(target_public_key_hashed).decode("utf-8"))
#openfield_input = str(target_public_key.encrypt(openfield_input.encode("utf-8"), 32))
data = openfield_input.encode("utf-8")
# print (open("pubkey.der").read())
session_key = get_random_bytes(16)
cipher_aes = AES.new(session_key, AES.MODE_EAX)
# Encrypt the session key with the public RSA key
cipher_rsa = PKCS1_OAEP.new(recipient_key)
# Encrypt the data with the AES session key
ciphertext, tag = cipher_aes.encrypt_and_digest(data)
enc_session_key = (cipher_rsa.encrypt(session_key))
openfield_input = str(
[x for x in (cipher_aes.nonce, tag, ciphertext, enc_session_key)])
# encr check
# msg check
if encode_var.get() == 1:
openfield_input = base64.b64encode(
openfield_input.encode("utf-8")).decode("utf-8")
# msg check
if msg_var.get() == 1 and encode_var.get() == 1:
openfield_input = "bmsg=" + openfield_input
if msg_var.get() == 1 and encode_var.get() == 0:
openfield_input = "msg=" + openfield_input
if encrypt_var.get() == 1:
openfield_input = "enc=" + str(openfield_input)
fee = '%.8f' % float(0.01 + (float(len(openfield_input)) / 100000) +
int(keep_var.get())) # 0.01 dust
confirmation_dialog = Text(top10, width=100)
confirmation_dialog.insert(INSERT, (
"Amount: {}\nTo: {}\nFee: {}\nKeep Entry: {}\nOpenField:\n\n{}".format(
amount_input, recipient_input, fee, keep_input, openfield_input)))
confirmation_dialog.grid(row=0, pady=0)
enter = Button(
top10,
text="Confirm",
command=lambda: send(amount_input, recipient_input, keep_input,
openfield_input, top10, fee))
enter.grid(row=1, column=0, sticky=W + E, padx=15, pady=(5, 5))
done = Button(top10, text="Cancel", command=top10.destroy)
done.grid(row=2, column=0, sticky=W + E, padx=15, pady=(5, 5))
def aeskey():
return get_random_bytes(32)
#!/usr/bin/env python3
"""CTR bitflipping"""
from Crypto.Random import get_random_bytes
from m09 import pkcs7
from m16 import cbc_bitflip as ctr_bitflip
from m18 import aes_ctr
RANDOM_KEY = get_random_bytes(16)
def oracle(userdata: bytes) -> bytes:
prefix = b"comment1=cooking%20MCs;userdata="
postfix = b";comment2=%20like%20a%20pound%20of%20bacon"
userdata = userdata.replace(b";", b"").replace(b"=", b"")
plaintext = pkcs7(prefix + userdata + postfix)
return aes_ctr(plaintext, RANDOM_KEY)
def is_admin(cyphertext: bytes) -> bool:
plaintext = aes_ctr(cyphertext, RANDOM_KEY)
return "admin=true" in plaintext.decode(errors="replace")
def main() -> None:
plaintext = bytes(5) + b":admin<true"
cyphertext = oracle(plaintext)
cyphertext = ctr_bitflip(cyphertext)
print(is_admin(cyphertext))
from Crypto.PublicKey import RSA
from base64 import b64encode, b64decode
from Crypto.Util.Padding import pad, unpad
from sys import stdin
BLOCK_SIZE = 64
#UNOS PORUKE KOJU ZELITE KRIPTIRATI
data = open('datoteka.txt')
#UPISITE VELICINE KLJUCEVA
print(
"Upisite velicinu simetricnog kljuca u decimalnoj bazi u bitovima ili upisite simetrican kljuc"
)
Simkljuc = ''
key1size = stdin.readline()
try:
Skljuc = int(key1size)
Simkljuc = get_random_bytes(Skljuc / 8)
print(type(Simkljuc))
kljuc = b64encode(str(Simkljuc))
except:
Simkljuc = key1size.strip('\n')
print(
"Upisite velicinu asimetricnog kljuca primatelja u bitovima u decimalnoj bazi"
)
key2size = int(stdin.readline().strip('\n'))
#ODABERITE SIMETRICNI KRIPTOSUSTAV
print("Upisite 1 za AES ili bilo sta ostalo za 3-DES")
typeSimetric = stdin.readline().strip('\n')
Sim = ''
Sim2 = ''
if (typeSimetric == '1'):
def getPredictableIV(self):
iv = get_random_bytes(AES.block_size)
i = int(iv.hex(), AES.block_size)
while True:
yield i.to_bytes(AES.block_size, 'big')
i += 1
async def setup_secure_connection(session, ip_address, authkey):
async def __receive(ws):
msg = await ws.receive()
msg = msg.data[:-1]
# print(f"Received raw: {msg}")
return json.loads(msg)
async def __send(ws, data):
msg = json.dumps(data)
# print(f"Send raw: {msg}")
await ws.send_str(msg)
ws = await session.ws_connect(f"http://{ip_address}/")
try:
msg = await __receive(ws)
deviceId = msg['payload']['device_id']
connectionId = msg['payload']['connection_id']
await __send(
ws, {
"type_int": 11,
"mc": -1,
"payload": {
"client_type": "shl-app",
"client_id": "c956e43f999f8004",
"client_version": "2.0.0",
"connection_id": connectionId
}
})
msg = await __receive(ws)
await __send(ws, {"type_int": 14, "mc": -1})
msg = await __receive(ws)
publicKey = msg['payload']['public_key']
rsa = RSA.import_key(publicKey)
key = get_random_bytes(32)
iv = get_random_bytes(16)
cipher = PKCS1_v1_5.new(rsa)
secret = b64encode(
cipher.encrypt((key.hex() + ":::" + iv.hex()).encode()))
# print(f"secret: {secret}")
secret = secret.decode()
# print(f"secret: {secret}")
await __send(ws, {
"type_int": 16,
"mc": -1,
"payload": {
"secret": secret
}
})
connection = SecureBridgeConnection(ws, key, iv, deviceId)
# Start LOGIN
msg = await connection.receive()
if msg['type_int'] != 17:
raise Exception('Failed to establish secure connection')
salt = generateSalt()
password = hash(deviceId.encode(), authkey.encode(), salt.encode())
await connection.send_message(30, {
"username": "******",
"password": password,
"salt": salt
})
msg = await connection.receive()
if msg['type_int'] != 32:
raise Exception("Login failed")
token = msg['payload']['token']
await connection.send_message(33, {"token": token})
msg = await connection.receive(
) # {"type_int":34,"mc":-1,"payload":{"valid":true,"remaining":8640000}}
# Renew token
await connection.send_message(37, {"token": token})
msg = await connection.receive()
if msg['type_int'] != 38:
raise Exception("Login failed")
token = msg['payload']['token']
await connection.send_message(33, {"token": token})
msg = await connection.receive(
) # {"type_int":34,"mc":-1,"payload":{"valid":true,"remaining":8640000}}
return connection
except:
await ws.close()
raise
def encode_raw_bytes(input_bytes):
key = get_random_bytes(16)
cipher = AES.new(key, AES.MODE_GCM)
ciphertext, mac = cipher.encrypt_and_digest(input_bytes)
nonce = cipher.nonce
return key, ciphertext, mac, nonce
or 32 (e.g. *AES-256*) bytes long.
nonce : byte string
A value that must never be reused for any other encryption.
There are no restrictions on its length,
but it is recommended to use at least 16 bytes.
The nonce shall never repeat for two
different messages encrypted with the same key,
but it does not need to be random.
If not provided, a 16 byte nonce will be randomly created.
mac_len : integer
Length of the MAC, in bytes.
It must be no larger than 16 bytes (which is the default).
"""
try:
key = kwargs.pop("key")
except KeyError, e:
raise TypeError("Missing parameter:" + str(e))
nonce = kwargs.pop("nonce", None)
if nonce is None:
nonce = get_random_bytes(16)
mac_len = kwargs.pop("mac_len", 16)
return GcmMode(factory, key, nonce, mac_len, kwargs)
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
from time import time
import os
from Crypto.Util.Padding import pad, unpad
total_seconds = 1
number_of_iterations = 0
aes_key = get_random_bytes(16) # will be a new 128 bit key.
cipher = AES.new(aes_key, AES.MODE_EAX)
data_from_file_lt128 = open('./shakespere1mb.txt').read()
nonce = cipher.nonce
ciphertext, tag = cipher.encrypt_and_digest(data_from_file_lt128)
w_file = open('./task2_128_lt1mb.bin', 'wb')
w_file.write(nonce)
w_file.write(tag)
w_file.write(ciphertext)
w_file.close()
aprox_size_mb = round(os.path.getsize('./task2_128_lt1mb.bin') / 1000000.0, 5)
start_time = time() # Adding a start time to get the difference.
while True:
now = time()
elapsed_time = now - start_time
#
# Applied Cryptography 2020 @ ETHZ
# Loris Reiff
#
import base64
import os
import numpy as np
from base64 import b64decode
from Crypto.Cipher import ARC4
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
def encryption_oracle(plaintext, key):
cipher = ARC4.new(key)
return cipher.encrypt(plaintext)
if __name__ == '__main__':
ptxt = b'T25lIERheSBZb3UgV2lsbCBUZWFjaCBNZSBUbyBMZXQgR28gb2YgTXkgRmVhcnM='
p = b64decode(ptxt)
cnt = [0] * 256
for i in range(600000):
a = encryption_oracle(p, get_random_bytes(16))
b = a[1]
cnt[b] += 1
print("Second char:", chr(np.argmax(cnt)))
def test_raw_wrong(self):
key, ciphertext, mac, nonce = encode_raw_bytes(
self.clear_text.encode("utf-8"))
wrong_key = get_random_bytes(16)
decoded_text = decode_raw_bytes(wrong_key, ciphertext, mac, nonce)
self.assertIsNone(decoded_text)
def authMD4(key, message):
md4obj = md4.md4()
md4obj.update(key + message)
return md4obj.digest()
def padMD4(s):
l = len(s) * 8
s += b'\x80'
s += b'\x00' * ((56 - (len(s) % 64)) % 64)
s += struct.pack("<2I", l & 0xffffffff, (l >> 32) & 0xffffffff)
return s
keylen = randint(0, 100)
key = get_random_bytes(keylen)
def validate(message, digest):
return authMD4(key, message) == digest
message = b'comment1=cooking%20MCs;userdata=foo;comment2=%20like%20a%20pound%20of%20bacon'
messageDigest = authMD4(key, message)
def forgeHash(keylen, message, digest, suffix):
paddedForgedMessageWithKey = padMD4(key + message) + suffix
forgedMessage = paddedForgedMessageWithKey[keylen:]
h = struct.unpack('<4I', digest)
md4obj = md4.md4(h)
def gerar_chave(self, senha):
#Retorna uma chave do AES, a partir da senha definida pelo usu´ario, e guarda
#o valor utilizado de sal para recuperação posterior da chave.
self.salt = get_random_bytes(4)
self.chave = PBKDF2(self.senha, self.salt)
pass
from Crypto.PublicKey import RSA
from Crypto.Random import get_random_bytes
from Crypto.Cipher import AES, PKCS1_OAEP
data = "I met aliens in UFO. Here is the map.".encode("utf-8")
file_out = open("encrypted_data.bin", "wb")
recipient_key = RSA.import_key(open("receiver.pem").read())
session_key = get_random_bytes(16)
# Encrypt the session key with the public RSA key
cipher_rsa = PKCS1_OAEP.new(recipient_key)
enc_session_key = cipher_rsa.encrypt(session_key)
# Encrypt the data with the AES session key
cipher_aes = AES.new(session_key, AES.MODE_EAX)
ciphertext, tag = cipher_aes.encrypt_and_digest(data)
[
file_out.write(x)
for x in (enc_session_key, cipher_aes.nonce, tag, ciphertext)
]
def _create_ctr_cipher(factory, **kwargs):
"""Instantiate a cipher object that performs CTR encryption/decryption.
:Parameters:
factory : module
The underlying block cipher, a module from ``Crypto.Cipher``.
:Keywords:
nonce : bytes/bytearray/memoryview
The fixed part at the beginning of the counter block - the rest is
the counter number that gets increased when processing the next block.
The nonce must be such that no two messages are encrypted under the
same key and the same nonce.
The nonce must be shorter than the block size (it can have
zero length; the counter is then as long as the block).
If this parameter is not present, a random nonce will be created with
length equal to half the block size. No random nonce shorter than
64 bits will be created though - you must really think through all
security consequences of using such a short block size.
initial_value : posive integer or bytes/bytearray/memoryview
The initial value for the counter. If not present, the cipher will
start counting from 0. The value is incremented by one for each block.
The counter number is encoded in big endian mode.
counter : object
Instance of ``Crypto.Util.Counter``, which allows full customization
of the counter block. This parameter is incompatible to both ``nonce``
and ``initial_value``.
Any other keyword will be passed to the underlying block cipher.
See the relevant documentation for details (at least ``key`` will need
to be present).
"""
cipher_state = factory._create_base_cipher(kwargs)
counter = kwargs.pop("counter", None)
nonce = kwargs.pop("nonce", None)
initial_value = kwargs.pop("initial_value", None)
if kwargs:
raise TypeError("Invalid parameters for CTR mode: %s" % str(kwargs))
if counter is not None and (nonce, initial_value) != (None, None):
raise TypeError("'counter' and 'nonce'/'initial_value'"
" are mutually exclusive")
if counter is None:
# Crypto.Util.Counter is not used
if nonce is None:
if factory.block_size < 16:
raise TypeError("Impossible to create a safe nonce for short"
" block sizes")
nonce = get_random_bytes(factory.block_size // 2)
else:
if len(nonce) >= factory.block_size:
raise ValueError("Nonce is too long")
# What is not nonce is counter
counter_len = factory.block_size - len(nonce)
if initial_value is None:
initial_value = 0
if isinstance(initial_value, int):
if (1 << (counter_len * 8)) - 1 < initial_value:
raise ValueError("Initial counter value is too large")
initial_counter_block = nonce + long_to_bytes(
initial_value, counter_len)
else:
if len(initial_value) != counter_len:
raise ValueError(
"Incorrect length for counter byte string (%d bytes, expected %d)"
% (len(initial_value), counter_len))
initial_counter_block = nonce + initial_value
return CtrMode(
cipher_state,
initial_counter_block,
len(nonce), # prefix
counter_len,
False) # little_endian
# Crypto.Util.Counter is used
# 'counter' used to be a callable object, but now it is
# just a dictionary for backward compatibility.
_counter = dict(counter)
try:
counter_len = _counter.pop("counter_len")
prefix = _counter.pop("prefix")
suffix = _counter.pop("suffix")
initial_value = _counter.pop("initial_value")
little_endian = _counter.pop("little_endian")
except KeyError:
raise TypeError("Incorrect counter object"
" (use Crypto.Util.Counter.new)")
# Compute initial counter block
words = []
while initial_value > 0:
words.append(struct.pack('B', initial_value & 255))
initial_value >>= 8
words += [b'\x00'] * max(0, counter_len - len(words))
if not little_endian:
words.reverse()
initial_counter_block = prefix + b"".join(words) + suffix
if len(initial_counter_block) != factory.block_size:
raise ValueError("Size of the counter block (%d bytes) must match"
" block size (%d)" %
(len(initial_counter_block), factory.block_size))
return CtrMode(cipher_state, initial_counter_block, len(prefix),
counter_len, little_endian)
def generate_aes_key(size=32):
if size not in [16, 24, 32]:
raise ValueError("'size' must be 16, 24 or 32")
return get_random_bytes(size)
def generateChallenge(self):
self.challenge_request = base64.b64encode(
get_random_bytes(CHALLENGE_LEN)).decode()
return self.challenge_request
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
import time
# 대칭키 2번째 예시
# 아까랑 똑같은데, 매개체를 file로 주고 받았다는것! file형태로 , 네트웍으로 든 전달할 수 있으니,
# key는 못 담는다, 담으면 누구나 알 수있으니까, 그냥 받았다고 가정함.
# 대칭키는 이렇게 KEY만 알면 푸는거다!
key = get_random_bytes(16) # random byte 생성!
print(key)
cipher = AES.new(key, AES.MODE_EAX)
data = b"This is a test." # FILE을 읽어서 DATA로 실어서 보낼 수도 있고,
ciphertext, tag = cipher.encrypt_and_digest(data)
file_out = open("encrypted.bin", "wb") # write 바이너리 mode로 쓰겠다!
[file_out.write(x)
for x in (cipher.nonce, tag, ciphertext)] # cipher.nonce 16byte, tag 16byte
file_out.close()
# 여기서 부터 복호화
time.sleep(1) # 1초 쉬고 읽으라~
file_in = open("encrypted.bin", "rb") # file에 있는걸 읽어와서 복호화!
nonce, tag, ciphertext = (file_in.read(x) for x in (16, 16, -1)
) #file 16byte로 읽고, -1 마지막 index
# print(nonce)
# print(tag)
# print(ciphertext)