def runTest(self): data = b"0123" key = b"9" * 32 nonce = b"t" * 8 # Encryption data_mv = memoryview(bytearray(data)) key_mv = memoryview(bytearray(key)) nonce_mv = memoryview(bytearray(nonce)) cipher1 = Salsa20.new(key=key, nonce=nonce) ct = cipher1.encrypt(data) cipher2 = Salsa20.new(key=key_mv, nonce=nonce_mv) key_mv[:1] = b'\xFF' nonce_mv[:1] = b'\xFF' ct_test = cipher2.encrypt(data_mv) self.assertEqual(ct, ct_test) self.assertEqual(cipher1.nonce, cipher2.nonce) # Decryption key_mv = memoryview(bytearray(key)) nonce_mv = memoryview(bytearray(nonce)) ct_mv = memoryview(bytearray(ct)) cipher3 = Salsa20.new(key=key_mv, nonce=nonce_mv) key_mv[:1] = b'\xFF' nonce_mv[:1] = b'\xFF' pt_test = cipher3.decrypt(ct_mv) self.assertEqual(data, pt_test)
def runTest(self): # Encrypt/Decrypt data and test output parameter key = b'4' * 32 nonce = b'5' * 8 cipher = Salsa20.new(key=key, nonce=nonce) pt = b'5' * 16 ct = cipher.encrypt(pt) output = bytearray(16) cipher = Salsa20.new(key=key, nonce=nonce) res = cipher.encrypt(pt, output=output) self.assertEqual(ct, output) self.assertEqual(res, None) cipher = Salsa20.new(key=key, nonce=nonce) res = cipher.decrypt(ct, output=output) self.assertEqual(pt, output) self.assertEqual(res, None) import sys if sys.version[:3] != '2.6': output = memoryview(bytearray(16)) cipher = Salsa20.new(key=key, nonce=nonce) cipher.encrypt(pt, output=output) self.assertEqual(ct, output) cipher = Salsa20.new(key=key, nonce=nonce) cipher.decrypt(ct, output=output) self.assertEqual(pt, output) cipher = Salsa20.new(key=key, nonce=nonce) self.assertRaises(TypeError, cipher.encrypt, pt, output=b'0'*16) cipher = Salsa20.new(key=key, nonce=nonce) self.assertRaises(TypeError, cipher.decrypt, ct, output=b'0'*16) shorter_output = bytearray(7) cipher = Salsa20.new(key=key, nonce=nonce) self.assertRaises(ValueError, cipher.encrypt, pt, output=shorter_output) cipher = Salsa20.new(key=key, nonce=nonce) self.assertRaises(ValueError, cipher.decrypt, ct, output=shorter_output)
def run(self): global recieved global salsakey global salsanonce while True: x = recieved salsaenc = Salsa20.new(salsakey, nonce=(salsanonce + bytes(str("%07d" % x), "utf_8"))) salsadec = Salsa20.new(salsakey, nonce=(salsanonce + bytes(str("%07d" % x), "utf_8"))) mlen = int(str(salsadec.decrypt(self.client.recv(20)), 'utf_8')) response = str(salsadec.decrypt(self.client.recv(mlen)), 'utf_8') lock.acquire() recieved += 1 lock.release() if not response == "BYE!": print(response) if response == "BYE!": final.set() break
def new_stream_cipher(key1, nonce=None, key2=None): """ returns a new cipher for encryption and returns a string of bytes containing the nonce and an HMAC checksum. the HMAC is solely to validate that the correct password is given before attempting to decrypt the content, and will not protect against modification of the cipher text. the cipher returned is a streaming cipher (Salsa20) meant to be used to encrypt or decrypt data in a streaming context key1 is intended to be the output from decryptkey, 32 bytes, and no password hardening is provided at this level key2 is a cryptographic randomly generate 32 bytes used to mix in with the given key. this ensures that a different key is used for the cipher and the mac, and that keys are not reused with different files. security / usefulness trade-off: files encrypted in this way are not encrypted in the best possible way a third party could tamper with the contents. """ if len(key1) != 32: raise ValueError("key1 should be 32 bytes") if key2 is None: key2 = get_random_bytes(32) if len(key2) != 32: raise ValueError("key2 should be 32 bytes") skey1, skey2 = sha512_kdf(key1, key2) cipher = Salsa20.new(skey1, nonce) hmac = HMAC.new(skey2, digestmod=SHA256) tag = b"EYUE" + struct.pack("<I", 1) hmac.update(tag) hmac.update(cipher.nonce) hmac.update(key2) # generate a 32 byte digest which will be used to validate that # the correct password was given at decryption time digest = hmac.digest() header = tag + cipher.nonce + key2 + digest return cipher, header
def decryption_RSA_key(): for file in os.listdir('.'): if '-MANUAL.txt' in file: ext = file.split('-')[0].lower() ransom_path = os.getcwd() + '/' + file priv = CryptImportKey(rsa) if priv is None: print("[X] ERROR: unable to read private RSA master key", file=sys.stderr) sys.exit(1) rkey = get_ransom_data(ransom_path, "GANDCRAB KEY") privateKeySize = struct.unpack("<I", rkey[:4])[0] print("[+] Priv key size: %d" % privateKeySize) # Next 256 bytes are RSA-encrypted salsa key salsakey = rkey[4:(4 + 256)] salsakey = CryptDecrypt(priv, salsakey)[:32] print("[+] Salsa key: %s" % salsakey.hex()) # Next 256 bytes are RSA-encrypted salsanonce = rkey[(4 + 256):(4 + 2 * 256)] salsanonce = CryptDecrypt(priv, salsanonce)[:8] print("[+] Salsa nonce: %s" % salsanonce.hex()) print("[+] Decrypting RSA private user key...") encrRsaPriv = rkey[(4 + 2 * 256):] assert (len(encrRsaPriv) == privateKeySize) rsaPriv = Salsa20.new(key=salsakey, nonce=salsanonce).decrypt(encrRsaPriv) PK = CryptImportKey(rsaPriv) if not PK.valid: print( "[X] ERROR: invalid RSA private key after decryption. Has this ransom been generated by Gandcrab 5.2?" ) sys.exit(1) print("[+] RSA private key details:") print("[+] p = %s" % hex(PK.p)) print("[+] q = %s" % hex(PK.q)) print("[+] d = %s" % hex(PK.d)) print("[+] dp = %s" % hex(PK.dP)) print("[+] dq = %s" % hex(PK.dQ)) print("[+] iq = %s" % hex(PK.iQ)) print("[+] N = %s" % hex(PK.N)) print("[+] RSA private user key captured!") return rsaPriv, ext
def downloader(pk): url = "http://127.0.0.1:8000/api/v1/api-download/" + str(pk) + "/" r = client.get(url) #print(r) a = r.json() for f in a["files"]: url1 = "http://127.0.0.1:8000/files/download/?name=" + f[0] filename = wget.download(url1, out="./") print(filename) file_in = open(filename, "rb") print(str(f[3])) url5 = "http://127.0.0.1:8000/file/delete/" + str(f[3]) + "/" client.get(url5) if scho == '1': nonce, tag, ciphertext = [file_in.read(x) for x in (16, 16, -1)] cipher = AES.new(userkeyo, AES.MODE_EAX, nonce) plaintext = cipher.decrypt_and_verify(ciphertext, tag) if scho == '2': json_input = file_in.read() b64 = json.loads(json_input) nonce = b64decode(b64['nonce']) ciphertext = b64decode(b64['ciphertext']) cipher = ChaCha20.new(key=userkeyo, nonce=nonce) plaintext = cipher.decrypt(ciphertext) if scho == '3': msg = file_in.read() msg_nonce = msg[:8] ciphertext = msg[8:] cipher = Salsa20.new(key=userkeyo, nonce=msg_nonce) plaintext = cipher.decrypt(ciphertext) os.remove(filename) file_out = open(filename, 'wb') file_out.write(plaintext) for f in a["folders"]: os.mkdir(f[0]) os.chdir(f[0]) downloader(f[1]) os.chdir("..") url4 = "http://127.0.0.1:8000/file/delete/fol/" + str(f[1]) + "/" client.get(url4)
def encrypt_plaintext(plaintext, key): """Takes a plaintext message and encrypts it using a Salsa20 key Arguments: plaintext {string} -- unencrypted message key {bytes} -- a Salsa20 key Returns: encrypted_message {bytes} -- the encrypted message """ # encodes the plaintext into bytes so that it can be encrypted byte_plaintext = plaintext.encode() # makes a Salsa20 cipher from the key cipher = Salsa20.new(key) # turns the plaintext message into the encrtyped version encrypted_message = cipher.nonce + cipher.encrypt(byte_plaintext) return encrypted_message
def recv_message(self): m = hashlib.sha256() m.update(int_to_bytes(self._password)) m.update(int_to_bytes(self._R3)) password = m.digest() password = bytes_to_int(password) data = requests.post(SERVER_ADDR, data=json.dumps({"type": "recv", "login": self._login, "password": password})).json() if data["error"] != "OK": r = requests.post(SERVER_ADDR, data=json.dumps({"type": "getR3", "login": self._login})) data = r.json() self._R3 = data["R3"] m = hashlib.sha256() m.update(int_to_bytes(self._password)) m.update(int_to_bytes(self._R3)) password = m.digest() password = bytes_to_int(password) data = requests.post(SERVER_ADDR, data=json.dumps({"type": "recv", "login": self._login, "password": password})).json() if data["error"] != "OK": print(data["error"]) return self._R3 = data["R3"] if (data["message"].strip()): m = re.match( r"\s*(?P<name>\S+):\s*razrabotchyk_pidor90585355972355049027130019104418304977474815248020730362080159511218759452819\s+(?P<text>\d*)", data["message"].strip()) m2 = re.match(r"\s*(?P<name>\S+):\s*(?P<text>.*)", data["message"].strip()) if m: user = m.group("name") self._B[user] = int(m.group("text")) if not self._A.get(user): self.diffi_with_user(user) self._K[user] = fast_power(self._B[user], self._a[user], self._p) elif m2 and self._K.get(m2.group("name")): user = m2.group("name") text = m2.group("text") msg = b64decode(text) msg_nonce = msg[:8] ciphertext = msg[8:] cipher = Salsa20.new(key=int_to_bytes(self._K[user])[-32:], nonce=msg_nonce) plaintext = cipher.decrypt(ciphertext) print(user + ":_ ", plaintext.decode('utf-8')) else: print(data["message"].strip()) # fixme good enough for demo lol( 1 message per second)
def encrypt_file(self): start_setup_time = time.time() cipher = Salsa20.new(key=self.key) finish_setup_time = time.time() print("Setup completed in:", finish_setup_time - start_setup_time, "seconds") input_file_name = self.input_file_name input_file = open(input_file_name) start_cipher_file_time = time.time() for word in input_file.read().split(): self.gather_metrics() cipher.encrypt(word) self.gather_metrics() finish_cipher_file_time = time.time() print("File encrypted in:", finish_cipher_file_time - start_cipher_file_time, "seconds") input_file.close() self.metrics_file.close()
def dec(key, msg): """ key, msg are a bytes object returns bytes object """ if not msg: # bad, very bad, use exceptions return False msg_nonce = msg[:8] ciphertext = msg[8:] cipher = Salsa20.new(key=key, nonce=msg_nonce) plaintext = cipher.decrypt(ciphertext) md5hash = plaintext[:16] data = plaintext[16:] if md5hash != MD5.new(data).digest(): return False else: return data
def decryptSalsa(message, key): message = str(message.data) #Converts the message's ciphertext to a string message = message.split( "SPACE" ) #Splits the message by the word 'SPACE' to seperate the peer public key and ciphertext message peer_public_key = message[ 0] #Assigns the portion before SPACE to variable peer_public_key loaded_public_key = serialization.load_pem_public_key( peer_public_key, backend=default_backend( )) #Unserialized the peer public key so that is usable for decryption ciphertext = message[ 1] #Assigns the portion after SPACE to variable ciphertext shared_key = key.exchange( ec.ECDH(), loaded_public_key ) #Generates a shared key using the local private key and the senders public key mode = message[2] if mode == "1": derived_key = HKDF( #Derives key to be used for decryption from shared key algorithm=hashes.SHA256(), length=32, salt=None, info=None, backend=default_backend()).derive(shared_key) if mode == "2": derived_key = HKDF( #Derives key to be used for decryption from shared key algorithm=hashes.SHA256(), length=16, salt=None, info=None, backend=default_backend()).derive(shared_key) msg_nonce = ciphertext[:8] #Seperates the nonce from the ciphertext cipher_text = ciphertext[8:] #Seperates the cipher text from the nonce cipher = Salsa20.new( key=derived_key, nonce=msg_nonce ) #Creates Salsa20 cipher object from derived key and nonce result = cipher.decrypt( cipher_text ) #decrypts the message using the cipher object and stores result in variable named 'result' return result #returns plaintext message
def create_pok(): if db.session.query(Roles).filter_by(id_role=current_user.id_role).first().name != "Продавец" and \ db.session.query(Roles).filter_by(id_role=current_user.id_role).first().name != "Менеджер": return 'What are you doing here?' if request.method == 'GET': return render_template('create_pok.html', role=db.session.query(Roles).filter_by( id_role=current_user.id_role).first().name) if request.method == 'POST': cipher = Salsa20.new(key=secret) fio = request.form['fio'] created = time.strftime('%d/%m/%Y', time.localtime()) # использовать дату dob = request.form['dob'] # определить формат role = 0 email = request.form['email'] phone = request.form['phone'] company = request.form['company'] hash_password = generate_password_hash(request.form['password']) hash_address = request.form['address'] hash_card = str(cipher.nonce + cipher.encrypt(bytes(request.form['card'], 'utf-8'))) amount = request.form['amount'] new_Client = Clients(email=email, fio=fio, created=created, dob=dob, id_role=role) db.session.add(new_Client) db.session.commit() new_Contactdetailsclients = Contactdetailsclients( id_clients=new_Client.id_clients, phone=phone, company=company) new_Secretdate = Secretdate(id_clients=new_Client.id_clients, hash_password=hash_password, hash_address=hash_address) new_Card = Card(id_clients=new_Client.id_clients, hash_card=hash_card, amount=amount) db.session.add(new_Contactdetailsclients) db.session.add(new_Secretdate) db.session.add(new_Card) db.session.commit() return redirect('/login')
def tcp_echo_client(loop=None): if loop is None: loop = asyncio.get_event_loop() reader, writer = yield from asyncio.open_connection('127.0.0.1', 8887, loop=loop) # Envio e criação do protocolo de chaves Diffie Hellman # --------------------------------- a_pr, msg_pk, private_key = dhPK() writer.write(b'y' + msg_pk[0]) data = yield from reader.read(100) writer.write(b'p' + msg_pk[1]) data = yield from reader.read(100) writer.write(b'g' + msg_pk[2]) data = yield from reader.read(100) if data[:1] == b'K': servidor_public_key = int.from_bytes(data[1:], 'big') shared_key = dhShared(a_pr, servidor_public_key, private_key) # --------------------------------- data = b'S' client = Client("Cliente 1") msg = client.initmsg() while len(data) > 0: if msg: cipher = Salsa20.new(key=shared_key) msg = cipher.nonce + cipher.encrypt(msg) msg = b'M' + msg writer.write(msg) if msg[:1] == b'E': break data = yield from reader.read(100) if len(data) > 0: msg = client.respond(cipher.decrypt(data[1:])) else: break else: break writer.write(b'E') print('Socket closed!') writer.close()
def input_password(readData, inputMPW, readMode, siteName, siteID, sitePW): pwBin = bytearray(sitePW, encoding='utf-8') mpwHash = SHA256.new() mpwHash.update(bytearray(inputMPW, encoding='utf-8')) sal = Salsa20.new(key=mpwHash.digest()) pwEnc = sal.nonce + sal.encrypt(pwBin) idpwDict = {"id": siteID, "pw": pwEnc.hex()} readData["test"][siteName] = idpwDict if readMode == 'b': readData["view"][siteName] = idpwDict print(readData) with open(jsonName, 'w', encoding='utf-8') as json_f: json.dump(readData, json_f, ensure_ascii=False, indent=4, sort_keys=True)
def decrypt(self, packed_crypt_text: str, encoding: str = "utf-8") -> str: """ Decrypts the packed crypt text string, expecting the format from the encrypt method above. If the encryption payload start marker isn't found, it assumes the string isn't encrypted and returns it as is :param packed_crypt_text: :param encoding: :return: """ # If we can't find the encryption start marker, just return the string as is if not packed_crypt_text.startswith(self._payload.START_MARKER): return packed_crypt_text # Unpickle payload string payload = self._payload(pickle=packed_crypt_text) # Create new cipher instance, with our key and the payload nonce cipher = Salsa20.new(self._key, payload.nonce) # Decrypt the payload, apply the string encoding specified and return return cipher.decrypt(payload.crypt_text).decode(encoding)
def main(): with open(r'C:\Temp\testData\salsa20.dat', 'wb') as file: for i in range(1, 300 + 1): with BytesIO() as ms: key = get_random_bytes(32) iv = get_random_bytes(8) data = get_random_bytes(i) write_lv(ms, key) write_lv(ms, iv) write_lv(ms, data) cipher = Salsa20.new(key=key, nonce=iv) enc = cipher.encrypt(data) write_lv(ms, enc) ms.seek(0) record = ms.read() write_lv(file, record) write_lv(file, b'')
def decrypt_passwords(mpwd: str) -> Optional[Dict[str, str]]: salt: bytes = storage.read_salt() secret: bytes = hashlib.pbkdf2_hmac( 'sha512', mpwd.encode(), salt, 10**5)[:32] # Salsa20 key length must be 32 bytes # first 8 bytes of `pwds_encrypted` are cipher nonce pwds_encrypted: bytes = storage.read_encrypted_passwords() nonce: bytes = pwds_encrypted[:8] pwds_encrypted = pwds_encrypted[8:] cipher = Salsa20.new(key=secret, nonce=nonce) pwds_json: str = cipher.decrypt(pwds_encrypted).decode() # return None if JSON decoder throws exception try: pwds: Dict[str, str] = json.loads(pwds_json) return pwds except json.decoder.JSONDecodeError: return None
def validate(secret, token): b16mac = token[:64] b16nonce = token[64:80] b16text = token[80:] mac = bytes.fromhex(b16mac) nonce = bytes.fromhex(b16nonce) enctext = bytes.fromhex(b16text) key1, key2 = sha512_kdf(secret) hmac = HMAC.new(key1, digestmod=SHA256) cipher = Salsa20.new(key2, nonce) hmac.update(nonce) hmac.update(enctext) hmac.verify(mac) text = cipher.decrypt(enctext) return text
def decrypt_message(encrypted_message, key): """Takes an encrypted message and converts it back into plaintext using a Salsa20 key Arguments: encrypted_message {bytes} -- the encrypted message that needs to be converted into plaintext key {bytes} -- the Salsa20 key Returns: plaintext {string} -- the unencrypted message """ # takes the nonce from the message msg_nonce = encrypted_message[:8] # takes the actual ciphertext from the message ciphertext = encrypted_message[8:] # generates a cipher from the key and the nonce cipher = Salsa20.new(key, nonce=msg_nonce) # decrypts the encrypted message back into plaintext byte_plaintext = cipher.decrypt(ciphertext) # converts the plaintext bytes into a string plaintext = byte_plaintext.decode() return plaintext
def salsaEncypt(message, serial_peer_public_key): private_key = ec.generate_private_key(ec.SECP384R1(), default_backend()) #Generates private key public_key = private_key.public_key() #Generates public key from private key serial_public_key = public_key.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo) #Serializes public key so it can be sent as a ROS message peer_public_key = serialization.load_pem_public_key(serial_peer_public_key, backend=default_backend()) #Deserializes the public key from the peer so it can be used to derive shared key shared_key = private_key.exchange(ec.ECDH(), peer_public_key) #Shared key generated from local private key and the peer's public key derived_key = HKDF( algorithm=hashes.SHA256(), length=32, salt=None, info=None, backend=default_backend()).derive(shared_key) #Key to be used to encrypt the data is dericed using HKDF cipher = Salsa20.new(key=derived_key) #A new Salsa20 cipher object is created using the derived key msg = cipher.nonce + cipher.encrypt(message) #The ROS message is encrypted and the cipher's nonce is added to the beginning of the message return serial_public_key +"SPACE"+ msg #Return public key and encrypted message seperated with 'SPACE'
def _crypt_cipher(salt, password, nonce=None): """ derive a encryption key using a password, using bcrypt return an object implementing encrypt(x) and decrypt(x) """ # bcrypt has a maximum input length of 50-72 bytes # use the sha256 digest (32 bytes) then base 64 encode (44 bytes) # to prevent null bytes in the string digest = base64.b64encode(sha256(password.encode("utf-8"))) hashed = bcrypt.hashpw(digest, salt) # hash the bcrypt output, which is only 248 bits. # known values including the salt are 29 bytes # while the hashed value is 31 bytes # use sha512, so that two 256 bit keys can be derived. key = sha512(hashed) # the first 32 bytes are used as the hmac key # the digest is SHA256 to minimize the final output byte size key1 = key[:32] hmac = HMAC.new(key1, digestmod=SHA256) # the last 32 bytes are used for the cipher key key2 = key[32:] cipher = Salsa20.new(key2, nonce) return hmac, cipher
def registration(): if request.method == 'GET': return render_template('registration.html') if request.method == 'POST': cipher = Salsa20.new(key=secret) fio = request.form['fio'] created = time.strftime('%d/%m/%Y', time.localtime()) # использовать дату dob = request.form['dob'] # определить формат role = 0 email = request.form['email'] phone = request.form['phone'] company = request.form['company'] hash_password = generate_password_hash(request.form['password']) print(hash_password) hash_address = request.form['address'] hash_card = str(cipher.nonce + cipher.encrypt(bytes(request.form['card'], 'utf-8'))) amount = request.form['amount'] new_Client = Clients(email=email, fio=fio, created=created, dob=dob, id_role=role) db.session.add(new_Client) db.session.commit() new_Contactdetailsclients = Contactdetailsclients( id_clients=new_Client.id_clients, phone=phone, company=company) new_Secretdate = Secretdate(id_clients=new_Client.id_clients, hash_password=hash_password, hash_address=hash_address) new_Card = Card(id_clients=new_Client.id_clients, hash_card=hash_card, amount=amount) db.session.add(new_Contactdetailsclients) db.session.add(new_Secretdate) db.session.add(new_Card) db.session.commit() return redirect('/login')
def handle_echo(reader, writer): global conn_cnt conn_cnt += 1 srvwrk = ServerWorker(conn_cnt) while True: data = yield from reader.read(100) if data[:1] == b'E': break # Receber os dados para o protocolo Diffie Hellman # ------------------------------------- if data[:1] == b'y': y = int.from_bytes(data[1:], 'big') writer.write(b'OK') continue if data[:1] == b'p': p = int.from_bytes(data[1:], 'big') writer.write(b'OK') continue if data[:1] == b'g': g = int.from_bytes(data[1:], 'big') shared_key, b_y = dhPK(y, g, p) writer.write(b'K' + b_y.to_bytes(99, 'big')) continue # ------------------------------------- if not data: continue addr = writer.get_extra_info('peername') nonce = data[1:9] cipher = Salsa20.new(key=shared_key, nonce=nonce) msg = cipher.decrypt(data[9:]) res = srvwrk.respond(msg, addr) if not res: break res = b'M' + cipher.encrypt(res) writer.write(res) yield from writer.drain() print("[%d]" % srvwrk.id) writer.close()
def encrypt(self, plaintext: str) -> str: """ Encrypts the plaintext string, and packs it into a base64 encoded string which includes the nonce Empty strings are returned as is. :param plaintext: :return: """ # If the string is empty, return it as is if not plaintext: return plaintext # Create new cipher instance (new nonce) cipher = Salsa20.new(self._key) # Encode plaintext to bytes, and encrypt crypt_text = cipher.encrypt(plaintext.encode()) # Pack up message p = self._payload(crypt_text, cipher.nonce, self.REVISION) # Pickle the payload into a string and return return p.pickle()
def decrypt_image(file_name): global key, iv enc_file2 = open(file_name, 'rb') enc_data2 = enc_file2.read() enc_file2.close() msg_nonce = enc_data2[:8] rem_msg = enc_data2[8:] decipher = Salsa20.new(key=key, nonce=msg_nonce) plain_data = decipher.decrypt(rem_msg) image_stream = io.BytesIO(plain_data) image_file = PIL.Image.open(image_stream) output_path = 'output_' if '.jpg' in file_name: image_file.save(output_path + file_name[:-8] + '.jpg') elif '.png' in file_name: image_file.save(output_path + file_name[:-8] + '.png')
def new(secret, payload, nonce=None): key1, key2 = sha512_kdf(secret) hmac = HMAC.new(key1, digestmod=SHA256) cipher = Salsa20.new(key2, nonce) enctext = cipher.encrypt(payload) b16nonce = cipher.nonce.hex() b16text = enctext.hex() hmac.update(cipher.nonce) hmac.update(enctext) b16mac = hmac.hexdigest() length = 176 # 256 - 80 if len(b16text) > 176: raise ValueError("payload too long") token = b16mac + b16nonce + b16text return token
def edit2(): if db.session.query(Roles).filter_by( id_role=current_user.id_role).first().name != "Менеджер": return 'What are you doing here?' if request.method == 'POST': cipher = Salsa20.new(key=secret) fio = request.form['fio'] created = time.strftime('%d/%m/%Y', time.localtime()) id_clients = request.form['id_clients'] email = request.form['email'] phone = request.form['phone'] company = request.form['company'] hash_address = request.form['address'] hash_card = str(cipher.nonce + cipher.encrypt(bytes(request.form['card'], 'utf-8'))) amount = request.form['amount'] new_Client = Clients.query.filter_by(id_clients=id_clients).first() new_Client.email = email new_Client.fio = fio new_Client.created = created db.session.commit() new_Contactdetailsclients = Contactdetailsclients.query.filter_by( id_clients=id_clients).first() new_Contactdetailsclients.phone = phone new_Contactdetailsclients.company = company new_Secretdate = Secretdate.query.filter_by( id_clients=id_clients).first() new_Secretdate.hash_address = hash_address new_Card = Card.query.filter_by(id_clients=id_clients).first() new_Card.hash_card = hash_card new_Card.amount = amount db.session.commit() return redirect('/all') else: return 'What are you doing here?'
def test_default_nonce(self): cipher1 = Salsa20.new(bchr(1) * 16) cipher2 = Salsa20.new(bchr(1) * 16) self.assertEqual(len(cipher1.nonce), 8) self.assertNotEqual(cipher1.nonce, cipher2.nonce)
def setup(self): self.cipher = Salsa20.new(key=self.key, nonce=self.iv)
def cifarSalsa(key, cadena): cipher = Salsa20.new(key) msg = cipher.nonce + cipher.encrypt(cadena) return msg
General note: *Calling of encryption method can only be used to encrypt a single piece of plaintext *Python 3 only allows for text converted to bytes to be encrypted - Simply declare your variable and place a single 'b' before your single quoted data ex ====> data = b'this is my data turned into bytes!' The same goes for when you are decrypting a piece of data (assuming the use of a symmetric cipher) cipher.decrypt(your encrypted data) """ #basic encryption program from Crypto.Cipher import Salsa20 key = b'16 this the key!' cipher = Salsa20.new(key) ciphertext = cipher.encrypt(b'The secret message to be sent') print(ciphertext) """ There are two types of symmetric ciphers: - Stream Ciphers These are the most natural kinds of ciphers and encrypt one bit of data at a time (ex: Salsa20) - Block Ciphers These can only operate on fixed amounts of data and the most important block cipher algorithm is AES (Advanced Encryption Standard ====> block size 128 bits (16 bytes)) """
def salsa20_encrypt(self, plaintext): plaintext = bytes(plaintext, 'utf-8') secret = b'*Thirty-two byte (256 bits) key*' cipher = Salsa20.new(key=secret) msg = cipher.nonce + cipher.encrypt(plaintext) return binascii.hexlify(msg).decode("utf-8")
def setup(self): from Crypto.Cipher import Salsa20 self.cipher = Salsa20.new(key=self.key, nonce=self.iv)