def test_extract_timestamp(self, monkeypatch, backend):
f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend)
current_time = 1526138327
token = f.encrypt_at_time(b"encrypt me", current_time)
assert f.extract_timestamp(token) == current_time
with pytest.raises(InvalidToken):
f.extract_timestamp(b"nonsensetoken")
def test_extract_timestamp(self, monkeypatch, backend):
f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend)
current_time = 1526138327
monkeypatch.setattr(time, "time", lambda: current_time)
token = f.encrypt(b'encrypt me')
assert f.extract_timestamp(token) == current_time
with pytest.raises(InvalidToken):
f.extract_timestamp(b"nonsensetoken")
def is_user_authenticated(self, token):
"""
Check if the user is authenticated. Check the token validity
and expiration.
"""
cipher = Fernet(self.SECRET_KEY)
try:
ts = cipher.extract_timestamp(token)
except InvalidToken:
# Token invalid, to be regenerated
return False
now = int(time.time())
if (now - ts) > DEFAULT_EXPIRY:
return False
b64 = cipher.decrypt(token)
plain = base64.b64decode(b64)
_json = json.loads(plain)
user = self.USERS[_json['email']]
if user is None:
return False
if user.is_authenticated(_json['token']):
return user
else:
return False
def print_encryption_timestamp(fernet_object: Fernet, token: bytes) -> None:
""" Print the encryption timestamp of a token in raw and human-readable form"""
timestamp = fernet_object.extract_timestamp(token)
print(
f"Timestamp of encryption: {timestamp} \n"
f"Date created: {time.ctime(timestamp)}"
)
def decrypt(message: bytes, key: bytes) -> bytes:
fernet = Fernet(key)
timestamp = fernet.extract_timestamp(message)
if timestamp:
exp = datetime.fromtimestamp(timestamp)
if exp and datetime.utcnow().replace(microsecond=0) > exp:
raise TokenExpiredException("token has expired")
data = fernet.decrypt(message)
return data
class Cryptor:
def __init__(self, secret=None, fernet_key=None):
if secret is not None:
assert fernet_key is None
assert isinstance(secret, str)
self.fernet = self._secret2fernet(secret=secret)
else:
assert fernet_key is not None
assert isinstance(fernet_key, bytes)
self.fernet = Fernet(fernet_key)
def _secret2fernet(self, secret):
key = secret2fernet_key(secret=secret)
fernet = Fernet(key)
return fernet
def encrypt(self, *, data):
assert isinstance(data, str)
encrypted_data = self.fernet.encrypt(data.encode('utf-8'))
return encrypted_data.decode('ASCII', errors='strict')
def decrypt(self, *, encrypted_data):
assert isinstance(encrypted_data, str)
try:
data = self.fernet.decrypt(
encrypted_data.encode('ASCII', errors='strict'))
except InvalidToken:
# e.g.: password change without update or SECRET_KEY changed?
log.error('Decrypt error: Invalid token!')
raise DecryptError()
return data.decode('utf-8')
def extract_timestamp(self, *, encrypted_data):
if encrypted_data is None:
return
assert isinstance(encrypted_data, str)
try:
return self.fernet.extract_timestamp(
encrypted_data.encode('ASCII', errors='strict'))
except InvalidToken:
return
def get_datetime(self, *, encrypted_data):
timestamp = self.extract_timestamp(encrypted_data=encrypted_data)
if not timestamp:
return
tz = timezone.get_current_timezone()
dt = datetime.datetime.fromtimestamp(timestamp, tz=tz)
return dt
def _verify_decode(secret: bytes, Y: bytes, ct: bytes, d_: bytes):
P = Y[:16]
Y = Y[16:]
try:
f = Fernet(base64.urlsafe_b64encode(secret + P))
# d_ = f.encrypt(j + k + e_r + h + d)
z = f.decrypt(d_)
except InvalidToken:
return -1, None, None
j = int.from_bytes(z[:4], byteorder='big')
k = z[4:36]
e_r = z[36:52]
h = z[52:68]
d = z[68:]
emp_utils.init_decoder(Y, d, len(d))
y = [emp_utils.decode_bit() for _ in d]
digest = hashlib.shake_128()
for i in range(len(y)):
L_yi = Y[i * 16:i * 16 + 16]
if y[i]:
if L_yi == b'\xff' * 16:
digest.update(L_yi)
else:
digest.update(emp_utils.xor(L_yi, e_r))
else:
digest.update(L_yi)
h2 = digest.digest(16)
k = base64.urlsafe_b64encode(k)
f = Fernet(k)
payload = f.decrypt(ct)
t = f.extract_timestamp(ct)
if t > time.time() + _accept_window or h2 != h:
return -1, None, None
y = [b'1' if yi else b'0' for yi in y]
return j, y, payload
def encTimestamp(decKey, input):
key = Fernet(str(decKey))
ts = str(input).encode(txt_mode)
encrypted_data = str(input).encode(txt_mode)
ts = key.extract_timestamp(encrypted_data) # get timestamp from file
return str(datetime.utcfromtimestamp(ts).strftime("%Y-%m-%d %H:%M:%S"))
from cryptography.fernet import Fernet
#Criando uma chave
#Uma chave de 32 bytes codificada em base64
key = Fernet . generate_key ()
print('Chave : ', key)
print('')
f = Fernet ( key )
#O resultado dessa criptografia é conhecido como "token Fernet"
token = f . encrypt (b'Ola mundo!')
print('Criptografada : ',token)
print('')
print('Descriptografada : ',f . decrypt ( token ))
#Retorna o registro de data e hora da criação do token,pode ser usado para expirar
print(f.extract_timestamp(token))
'''
Uma exceção pode ser lançada caso a mensagem a ser criptografada não esteja em bytes
'''
# Fernet Cryptography
print("Fernet Cryptography")
key = Fernet.generate_key()
key_object = Fernet(key)
print("Original String: %s" % string)
encrypted_string = key_object.encrypt(string)
print("Encrypted String: %s" % encrypted_string)
timestamp = key_object.extract_timestamp(encrypted_string)
print("Timestamp of the encrypted string: %s" % timestamp)
decrypted_string = key_object.decrypt(encrypted_string)
print("Decrypted String: %s" % decrypted_string)
# Multi-Fernet Cryptography
print("Multi-Fernet Cryptography")
first_key = Fernet(Fernet.generate_key())
second_key = Fernet(Fernet.generate_key())
