def detokenize_email(db_email):
db_email = db_email.split('@')
db_email_local = db_email[0]
db_email_domain = db_email[1]
db_email_domain = db_email_domain.split('.')
db_email_domain_server = db_email_domain[0]
db_email_domain_topleveldomain = db_email_domain[1]
ffx = pyffx.String(encr_key,
alphabet=email_chars,
length=len(db_email_local))
output_email_local = ffx.decrypt(db_email_local)
ffx = pyffx.String(encr_key,
alphabet=email_chars,
length=len(db_email_domain_server))
output_email_domain_server = ffx.decrypt(db_email_domain_server)
ffx = pyffx.String(encr_key,
alphabet=email_chars,
length=len(db_email_domain_topleveldomain))
output_email_domain_topleveldomain = ffx.decrypt(
db_email_domain_topleveldomain)
output_email = output_email_local + "@" + output_email_domain_server + "." + output_email_domain_topleveldomain
return output_email
def tokenize_email(input_email):
input_email = input_email.split('@')
input_email_local = input_email[0]
input_email_domain = input_email[1]
input_email_domain = input_email_domain.split('.')
input_email_domain_server = input_email_domain[0]
input_email_domain_topleveldomain = input_email_domain[1]
ffx = pyffx.String(encr_key,
alphabet=email_chars,
length=len(input_email_local))
db_email_local = ffx.encrypt(input_email_local)
ffx = pyffx.String(encr_key,
alphabet=email_chars,
length=len(input_email_domain_server))
db_email_domain_server = ffx.encrypt(input_email_domain_server)
ffx = pyffx.String(encr_key,
alphabet=email_chars,
length=len(input_email_domain_topleveldomain))
db_email_domain_topleveldomain = ffx.encrypt(
input_email_domain_topleveldomain)
db_email = db_email_local + "@" + db_email_domain_server + "." + db_email_domain_topleveldomain
return db_email
def Encryption_numeric_ID(df, col, length, Enc_key=Enc_key):
wrong_format = 0
empty = 0
key = Enc_key
alphabet = '1234567890'
e = pyffx.String(key, alphabet=alphabet, length=length)
encryptet_col = []
print(f'Encrypting: {col}')
for i in df[col]:
if len(str(i)) == 1:
empty += 1
encryptet_col.append(i)
elif len(str(i)) == length:
x = e.encrypt(str(i))
encryptet_col.append(x)
else:
wrong_length = len(str(i))
error_alphabet = 'qwertyuiopåasdfghjkløæzxcvbnmQWERTYUIOPÅASDFGHJKLØÆZXCVBNM1234567890_'
error_e = pyffx.String(key,
alphabet=error_alphabet,
length=wrong_length)
x = error_e.encrypt(str(i))
encryptet_col.append(x)
wrong_format += 1
print(f'Number of values in {col} with the wrong format: {wrong_format}')
print(f'Numert of entries without values in {col} : {empty}')
return encryptet_col
def Symmetric_Encryption(self, PlainText, SecretKey):
if isinstance(PlainText, str) == False:
PlainText = PlainText.decode()
if isinstance(SecretKey, bytes) == False:
SecretKey = SecretKey.encode()
cipher = pyffx.String(SecretKey, alphabet = Configuration().Charlib, length = len(PlainText)).encrypt(PlainText)
return cipher.encode()
def detokenize_mobile(db_mobile):
#if db_mobile == "+6594300664":
# return db_mobile
#else:
ffx = pyffx.String(encr_key, alphabet=mobile_chars, length=len(db_mobile[1:]))
output_mobile = "+" + ffx.decrypt(db_mobile[1:])
return output_mobile
def SymmetricDecryption(self, CipherText, SecretKey):
try:
outcome = pyffx.String(str(SecretKey),
alphabet=str(self.Charlib),
length=len(str(CipherText))).decrypt(
str(CipherText))
except ValueError:
outcome = False
return outcome
def Encryption_num_adr(df, col, Enc_key=Enc_key, length=None):
empty = 0
key = Enc_key
alphabet = 'qwertyuiopåasdfghjkløæzxcvbnmÅPOIUYTREWQÆØLKJHGFDSAMNBVCXZ0123456789'
encrypted_col = []
municipality = []
for i in df[col]:
municipality.append(i[:4])
if set(i) == {'0'}:
empty += 1
encrypted_col.append(i)
elif (length != None) & (len(i) != length):
i = i.ljust(length, '0')
e = pyffx.String(key, alphabet=alphabet, length=len(i))
x = e.encrypt(i)
encrypted_col.append(x)
else:
e = pyffx.String(key, alphabet=alphabet, length=len(i))
x = e.encrypt(i)
encrypted_col.append(x)
return encrypted_col, municipality
def Decryption_num_adr(df, col, Enc_key=Enc_key):
empty = 0
key = Enc_key
alphabet = 'qwertyuiopåasdfghjkløæzxcvbnmÅPOIUYTREWQÆØLKJHGFDSAMNBVCXZ0123456789'
encrypted_col = []
municipality = []
for i in df[col]:
if set(i) == {'0'}:
empty += 1
encrypted_col.append(i)
else:
e = pyffx.String(key, alphabet=alphabet, length=len(i))
x = e.decrypt(i)
encrypted_col.append(x)
return encrypted_col
def _update_row(self,
column_num,
column_type,
row,
not_allowed_chars=NOT_ALLOWED_CHARS):
logging.debug('Pseudonymize {}'.format(row[column_num - 1]))
if column_type == 'num':
#encrypter = pyffx.Integer(self.secret_key_bytes, len(row[column_num-1]))
# TODO: should there be a 'phone' column type?
encrypter = pyffx.String(self.secret_key_bytes,
alphabet="0123456789",
length=len(row[column_num - 1]))
row[column_num - 1] = encrypter.encrypt(row[column_num - 1])
elif column_type == 'asc':
# Using string.printable to specify valid alphabet. Remove any
# not allowed characters (for example delimiter char)
alphabetstring = string.printable
alphabetstring = alphabetstring.translate(
str.maketrans(dict.fromkeys(not_allowed_chars)))
encrypter = pyffx.String(self.secret_key_bytes,
alphabet=alphabetstring,
length=len(row[column_num - 1]))
row[column_num - 1] = encrypter.encrypt(row[column_num - 1])
return row
def get_login_password(domain, password):
try:
token = get_token()
if not valid_threshold(token):
print("[-] Exceeds the secure threshold")
exit(1)
hash_pwd = SHA256.new(data=password.encode()).hexdigest()
password = password + hash_pwd
session_key = AES.new(token[12:], AES.MODE_ECB).encrypt(
Padding.pad(domain.encode(), 64))
cipher = pyffx.String(session_key, alphabet=alphabet, length=16)
loginPassword = cipher.encrypt(password[:16])
return loginPassword
except:
print("[-] Unexpected Error! Exit")
exit(1)
def Decryption_string(df, col, Enc_key=Enc_key):
empty = 0
key = Enc_key
alphabet = 'qwertyuiopåasdfghjkløæzxcvbnmÅPOIUYTREWQÆØLKJHGFDSAMNBVCXZ -'
encrypted_col = []
for i in df[col]:
decrypted_sentance = []
for word in i:
e = pyffx.String(key, alphabet=alphabet, length=len(word))
x = e.decrypt(word)
decrypted_sentance.append(x)
sentance = ' '.join(word for word in decrypted_sentance)
encrypted_col.append(sentance)
return encrypted_col
def Encryption_string(df, col, Enc_key=Enc_key):
empty = 0
key = Enc_key
alphabet = 'qwertyuiopåasdfghjkløæzxcvbnmÅPOIUYTREWQÆØLKJHGFDSAMNBVCXZ -'
encrypted_col = []
for i in df[col]:
if len(str(i)) == 1:
empty += 1
encryptet_col.append(i)
else:
words = str.split(i)
Enc_sentance = []
for word in words:
e = pyffx.String(key, alphabet=alphabet, length=len(word))
x = e.encrypt(word)
Enc_sentance.append(x)
encrypted_col.append(Enc_sentance)
return encrypted_col
def detokenize_mobile(db_mobile):
ffx = pyffx.String(encr_key,
alphabet=mobile_chars,
length=len(db_mobile[1:]))
output_mobile = "+" + ffx.decrypt(db_mobile[1:])
return output_mobile
ap.add_argument('-k', dest='key', help='The cryptographic key')
ap.add_argument('-t', dest='text', help='The text to encrypt')
ap.add_argument('--silent',
dest='silent',
help='Do only print the result',
action='store_true')
ap.add_argument('--encrypt',
help='Encrypt the given text',
action="store_true")
ap.add_argument('--decrypt',
help='Decrypt the given text',
action="store_true")
args = ap.parse_args()
alphabet = 'abcdefghijklmnopqrstuvwxyz1234567890: |'
cipher = pyffx.String(args.key.encode(sys.getdefaultencoding()),
alphabet=alphabet,
length=50)
if args.encrypt and not args.decrypt:
entropy = ''
for i in range(50 - 1 - len(args.text)):
entropy += random.choice(alphabet)
text = args.text.lower() + '|' + entropy
encrypted = cipher.encrypt(text)
hexout = binascii.hexlify(encrypted)
if not args.silent:
print('Text to encrypt:\n' + text)
print('Encrypted:\n' + encrypted)
print('Encrypted text as hex string:\n' + hexout)
print('Bytes: ' + str(len(hexout) // 2))
else:
print(hexout)
def tokenize_mobile(input_mobile):
ffx = pyffx.String(encr_key,
alphabet=mobile_chars,
length=len(input_mobile[1:]))
db_mobile = "+" + ffx.encrypt(input_mobile[1:])
return db_mobile
def SymmetricDecryption(self, CipherText, SecretKey):
return pyffx.String(str(SecretKey),
alphabet=str(self.Charlib),
length=len(str(CipherText))).decrypt(
str(CipherText))
def SymmetricEncryption(self, PlainText, SecretKey=""):
Cypher = pyffx.String(str(SecretKey),
alphabet=str(self.Charlib),
length=len(PlainText)).encrypt(str(PlainText))
return str(Cypher)
next(csv_f, None) # skip the headers
for row in csv_f:
fname = row[1]
lname = row[2]
email = row[3]
company = row[4]
fnamelen = len(fname)
lnamelen = len(lname)
emaillen = len(email)
companylen = len(company)
e = pyffx.String(
b'secret-key',
alphabet=
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz- .@0123456789,\'',
length=fnamelen)
fnamedecrypt = e.decrypt(fname)
e = pyffx.String(
b'secret-key',
alphabet=
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz- .@0123456789,\'',
length=lnamelen)
lnamedecrypt = e.decrypt(lname)
e = pyffx.String(
b'secret-key',
alphabet=
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz- .@0123456789,\'',
length=emaillen)
emaildecrypt = e.decrypt(email)
def encrypt(self, val, addition: int = sys.maxsize):
""" Encrypt a value with FFX library. Negative values are currently not supported as integers.
:param val: Value to encrypt
:type val: Either an integer, a string or a floating point number (represented as a string)
:param addition: Value added to an integer number, which will be subtracted first, defaults to sys.maxsize
:param addition: int, optional
:return: Encrypted number fitting same format as input
:rtype: Either an int or a string depending on what was passed in
"""
n_val = 0
# If the value is none or if its numpy and nan then just return it
if val == None or (isinstance(val, np.float64) and np.isnan(val)):
return val
try:
logger.debug(type(val))
# Strings that are integers should just be int
if isinstance(val, str) and val.isdigit():
val = int(val)
if np.issubdtype(type(val),
np.int64) and val > 0: # If val is Integer
# If there's an addition do the new calculation
n_val = val - addition
logger.debug(
f"n_val = {n_val} val = {val} addition = {addition}")
if n_val > 0:
val = n_val
e = pyffx.Integer(self.ffx_secret, length=len(str(val)))
enc = e.encrypt(val)
else: # Either String or Decimal
val = str(val)
enc = ""
elems = re.split('(\W+|\d+)', val)
for elem in elems:
if len(elem) == 0:
continue
vlen = len(elem)
if elem.isdigit():
# encrypt integer part
e = pyffx.Integer(self.ffx_secret, length=vlen)
temp = str(e.encrypt(elem))
elif elem.isalpha():
# encrypt alphabet characters
if elem.islower():
e = pyffx.String(self.ffx_secret,
alphabet=string.ascii_lowercase,
length=vlen)
elif elem.isupper():
e = pyffx.String(self.ffx_secret,
alphabet=string.ascii_uppercase,
length=vlen)
else:
e = pyffx.String(self.ffx_secret,
alphabet=string.ascii_letters,
length=vlen)
temp = e.encrypt(elem)
else: # Escape special characters
temp = elem
enc += str(temp)
logger.debug(f"Out val {enc}")
# Return it as a string
if np.issubdtype(type(val), np.int64) and n_val > 0:
enc += addition
return enc
except Exception as e:
logger.exception(f"Cannot encrypt {val} {type(val)}")
return val
try:
print('Connecting using: {}'.format(connstring))
con = cx_Oracle.connect(connstring)
cur = con.cursor()
print(
'Format preserving encryption of column \'{}\' in \'{}\' using key: {}'
.format(colname, tablename, hexkey),
flush=True)
cur.execute('select {} from {}'.format(colname, tablename))
res = cur.fetchall()
updated_rows = 0
t = time.perf_counter()
for row in res:
origdata = row[0]
encrypter = pyffx.String(byteskey, ALPHABET, len(origdata))
encdata = encrypter.encrypt(origdata)
cur.execute(
'update {} set {} = :encdata where {} = :origdata'.format(
tablename, colname, colname), (encdata, origdata))
updated_rows += 1
#print('{} : {}'.format(origdata, encdata))
if (updated_rows % 1000 == 0):
con.commit()
con.commit()
print('Updated {} rows ({:.2f} s)'.format(updated_rows,
time.perf_counter() - t))
except cx_Oracle.DatabaseError as e:
# Format-preserving, Feistel-based encryption (FFX)
import pyffx
e = pyffx.Integer(b'secret-rsa_key', length=4)
x = e.encrypt(1001)
print(x)
y = e.decrypt(x)
print(y)
e = pyffx.String(b'secret-rsa_key', alphabet='abcdefghij', length=6)
x = e.encrypt('jibabc')
print(x)
y = e.decrypt(x)
print(y)
def __init__(self, data, secret):
self.data = data
self.alpha_string = self.get_alpha_str(data)
self.e = pyffx.String(bytes(secret), ALPHABET, len(self.alpha_string))
