def test_extract_timestamp(self, monkeypatch, backend): f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend) current_time = 1526138327 token = f.encrypt_at_time(b"encrypt me", current_time) assert f.extract_timestamp(token) == current_time with pytest.raises(InvalidToken): f.extract_timestamp(b"nonsensetoken")
def test_extract_timestamp(self, monkeypatch, backend): f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend) current_time = 1526138327 monkeypatch.setattr(time, "time", lambda: current_time) token = f.encrypt(b'encrypt me') assert f.extract_timestamp(token) == current_time with pytest.raises(InvalidToken): f.extract_timestamp(b"nonsensetoken")
def is_user_authenticated(self, token): """ Check if the user is authenticated. Check the token validity and expiration. """ cipher = Fernet(self.SECRET_KEY) try: ts = cipher.extract_timestamp(token) except InvalidToken: # Token invalid, to be regenerated return False now = int(time.time()) if (now - ts) > DEFAULT_EXPIRY: return False b64 = cipher.decrypt(token) plain = base64.b64decode(b64) _json = json.loads(plain) user = self.USERS[_json['email']] if user is None: return False if user.is_authenticated(_json['token']): return user else: return False
def print_encryption_timestamp(fernet_object: Fernet, token: bytes) -> None: """ Print the encryption timestamp of a token in raw and human-readable form""" timestamp = fernet_object.extract_timestamp(token) print( f"Timestamp of encryption: {timestamp} \n" f"Date created: {time.ctime(timestamp)}" )
def decrypt(message: bytes, key: bytes) -> bytes: fernet = Fernet(key) timestamp = fernet.extract_timestamp(message) if timestamp: exp = datetime.fromtimestamp(timestamp) if exp and datetime.utcnow().replace(microsecond=0) > exp: raise TokenExpiredException("token has expired") data = fernet.decrypt(message) return data
class Cryptor: def __init__(self, secret=None, fernet_key=None): if secret is not None: assert fernet_key is None assert isinstance(secret, str) self.fernet = self._secret2fernet(secret=secret) else: assert fernet_key is not None assert isinstance(fernet_key, bytes) self.fernet = Fernet(fernet_key) def _secret2fernet(self, secret): key = secret2fernet_key(secret=secret) fernet = Fernet(key) return fernet def encrypt(self, *, data): assert isinstance(data, str) encrypted_data = self.fernet.encrypt(data.encode('utf-8')) return encrypted_data.decode('ASCII', errors='strict') def decrypt(self, *, encrypted_data): assert isinstance(encrypted_data, str) try: data = self.fernet.decrypt( encrypted_data.encode('ASCII', errors='strict')) except InvalidToken: # e.g.: password change without update or SECRET_KEY changed? log.error('Decrypt error: Invalid token!') raise DecryptError() return data.decode('utf-8') def extract_timestamp(self, *, encrypted_data): if encrypted_data is None: return assert isinstance(encrypted_data, str) try: return self.fernet.extract_timestamp( encrypted_data.encode('ASCII', errors='strict')) except InvalidToken: return def get_datetime(self, *, encrypted_data): timestamp = self.extract_timestamp(encrypted_data=encrypted_data) if not timestamp: return tz = timezone.get_current_timezone() dt = datetime.datetime.fromtimestamp(timestamp, tz=tz) return dt
def _verify_decode(secret: bytes, Y: bytes, ct: bytes, d_: bytes): P = Y[:16] Y = Y[16:] try: f = Fernet(base64.urlsafe_b64encode(secret + P)) # d_ = f.encrypt(j + k + e_r + h + d) z = f.decrypt(d_) except InvalidToken: return -1, None, None j = int.from_bytes(z[:4], byteorder='big') k = z[4:36] e_r = z[36:52] h = z[52:68] d = z[68:] emp_utils.init_decoder(Y, d, len(d)) y = [emp_utils.decode_bit() for _ in d] digest = hashlib.shake_128() for i in range(len(y)): L_yi = Y[i * 16:i * 16 + 16] if y[i]: if L_yi == b'\xff' * 16: digest.update(L_yi) else: digest.update(emp_utils.xor(L_yi, e_r)) else: digest.update(L_yi) h2 = digest.digest(16) k = base64.urlsafe_b64encode(k) f = Fernet(k) payload = f.decrypt(ct) t = f.extract_timestamp(ct) if t > time.time() + _accept_window or h2 != h: return -1, None, None y = [b'1' if yi else b'0' for yi in y] return j, y, payload
def encTimestamp(decKey, input): key = Fernet(str(decKey)) ts = str(input).encode(txt_mode) encrypted_data = str(input).encode(txt_mode) ts = key.extract_timestamp(encrypted_data) # get timestamp from file return str(datetime.utcfromtimestamp(ts).strftime("%Y-%m-%d %H:%M:%S"))
from cryptography.fernet import Fernet #Criando uma chave #Uma chave de 32 bytes codificada em base64 key = Fernet . generate_key () print('Chave : ', key) print('') f = Fernet ( key ) #O resultado dessa criptografia é conhecido como "token Fernet" token = f . encrypt (b'Ola mundo!') print('Criptografada : ',token) print('') print('Descriptografada : ',f . decrypt ( token )) #Retorna o registro de data e hora da criação do token,pode ser usado para expirar print(f.extract_timestamp(token)) ''' Uma exceção pode ser lançada caso a mensagem a ser criptografada não esteja em bytes '''
# Fernet Cryptography print("Fernet Cryptography") key = Fernet.generate_key() key_object = Fernet(key) print("Original String: %s" % string) encrypted_string = key_object.encrypt(string) print("Encrypted String: %s" % encrypted_string) timestamp = key_object.extract_timestamp(encrypted_string) print("Timestamp of the encrypted string: %s" % timestamp) decrypted_string = key_object.decrypt(encrypted_string) print("Decrypted String: %s" % decrypted_string) # Multi-Fernet Cryptography print("Multi-Fernet Cryptography") first_key = Fernet(Fernet.generate_key()) second_key = Fernet(Fernet.generate_key())