def write_file_base64(file_bytes, salt, iv, destination):
while True:
# generate a random filename to minimize guesses
out_file_name = passgenerator.complexpass(length=rand_filename_string,
upper=True,
lower=True,
numbers=True,
special=False)
out_file = os.path.join(destination, out_file_name)
# loop to make sure there are not filename collisions
if not os.path.isfile(out_file):
break
# make sure destination directory exists
validate_directory(destination)
output = ''
output = output + base64.b64encode(salt).decode() + '.'
output = output + base64.b64encode(iv).decode() + '.'
output = output + base64.b64encode(file_bytes).decode()
with open(out_file, 'w') as f:
f.write(output)
return out_file_name # return name of written file
def store_file(request_files, destination):
# make sure only a file was uploaded
if len(request_files) < 1:
error_message = {'error': 'missing file to encrypt'}
error_code = 400
return False, error_message, error_code
# make sure only 1 file is uploaded
if len(request_files) > 1:
error_message = {'error': 'more than one file uploaded'}
error_code = 400
return False, error_message, error_code
# get file from request
for upload in request_files:
if type(upload) == str: # only for field keys
uploaded_file = request_files[upload] # get the file
# generate a random string to prepend to the filename to minimize collisions
random_string = passgenerator.complexpass(
length=rand_filename_string,
upper=True,
lower=True,
numbers=True,
special=False)
# generate filename
uploaded_filename = random_string + ' ' + secure_filename(
uploaded_file.filename)
# make sure destination directory exists
validate_directory(destination)
# full path of saved file
uploaded_file_path = os.path.join(destination, uploaded_filename)
# save file to destination directory
try:
uploaded_file.save(uploaded_file_path)
except IOError as e:
print('Error: ' + str(e.filename) + ' - ' + str(e.strerror))
error_message = {'error': 'server error'}
error_code = 500
return False, error_message, error_code
return uploaded_file_path
def write_file_text(outdata, destination):
while True:
# generate a random filename to minimize guesses
out_file_name = passgenerator.complexpass(length=rand_filename_string,
upper=True,
lower=True,
numbers=True,
special=False)
out_file = os.path.join(destination, out_file_name)
# loop to make sure there are not filename collisions
if not os.path.isfile(out_file):
break
# make sure destination directory exists
validate_directory(destination)
with open(out_file, 'w') as f:
f.write(outdata)
return out_file_name # return name of written file
def encrypt_aes_cbc(input_file,
destination,
encryption_bits=256,
password='',
outform='base64',
salt_in_output=True,
iv_in_output=True):
backend = default_backend() # set encryption backend
if password == '':
password = passgenerator.complexpass(default_password_length,
special=False)
salt = passgenerator.complexpass(
encryption_bits //
16).encode() # defaults to 128 bits (half the key size)
# setup key derivation function
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=encryption_bits //
8, # encryption bits expressed as bytes (8 bits per byte)
salt=salt,
iterations=kdf_iterations,
backend=backend)
key = kdf.derive(password.encode())
# generate key if it was not provided
#if encryption_key == '':
# decoded_key = passgenerator.complexpass(encryption_bits//8)
# key = decoded_key.encode()
#else:
# key = encryption_key.encode()
# create initialization vector
iv = passgenerator.complexpass(encryption_bits // 16).encode()
# instantiate cipher
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=backend)
# instantiate padder
padder = PKCS7(128).padder() # AES uses 128 bit blocks
# get bytes from input file
file_bytes = read_file_bytes(input_file)
# do the padding
padded_data = padder.update(file_bytes) + padder.finalize()
# instantiate the encryptor
encryptor = cipher.encryptor()
# do the encryption
cipher_text = encryptor.update(padded_data) + encryptor.finalize()
# write output file
if outform == 'bytes':
output_file = write_file_bytes(cipher_text, destination)
else:
output_file = write_file_base64(cipher_text, salt, iv, destination)
base64_key = base64.urlsafe_b64encode(key).decode()
base64_iv = base64.urlsafe_b64encode(iv).decode()
base64_salt = base64.urlsafe_b64encode(salt).decode()
return output_file, base64_key, base64_iv, password, base64_salt