diff options
| author |  jesopo | 2020-02-24 13:14:05 +0000 |
|---|---|---|
| committer | jesopo | 2020-02-24 13:14:05 +0000 |
| commit | 6535ec731c936eb1bb5c3eb6f19b424183907e2f (patch) | |
| tree | e0bae374b5437636cb9486a9dce3ec9b29938057 /src/utils | |
| parent | fix security.py typehints (diff) | |
| signature | ||
change encrypted channel logs to use RSA -> AES (CBC)
closes #248
Diffstat (limited to 'src/utils')
| -rw-r--r-- | src/utils/security.py | 32 |
1 files changed, 19 insertions, 13 deletions
diff --git a/src/utils/security.py b/src/utils/security.py index ae1da81c..0e54a439 100644 --- a/src/utils/security.py +++ b/src/utils/security.py @@ -39,24 +39,30 @@ def hash_verify(salt: str, data: str, compare: str): from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives import hashes -from cryptography.hazmat.primitives.asymmetric import padding +from cryptography.hazmat.primitives.asymmetric import padding as a_padding -def a_encrypt(key_filename: str, data: str): +def rsa_encrypt(key_filename: str, data: bytes) -> str: with open(key_filename, "rb") as key_file: key_content = key_file.read() key = serialization.load_pem_public_key( key_content, backend=default_backend()) - out = key.encrypt(data.encode("utf8"), padding.OAEP( - mgf=padding.MGF1(algorithm=hashes.SHA256()), + out = key.encrypt(data, a_padding.OAEP( + mgf=a_padding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)) return base64.b64encode(out).decode("iso-8859-1") -def a_decrypt(key_filename: str, data: str): - with open(key_filename, "rb") as key_file: - key_content = key_file.read() - key = serialization.load_pem_private_key( - key_content, password=None, backend=default_backend()) - out = key.decrypt(base64.b64decode(data), padding.OAEP( - mgf=padding.MGF1(algorithm=hashes.SHA256()), - algorithm=hashes.SHA256(), label=None)) - return out.decode("utf8") +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes +from cryptography.hazmat.primitives import padding + +def aes_key() -> bytes: + return os.urandom(32) +def aes_encrypt(key: bytes, data: str) -> str: + iv = os.urandom(16) + padder = padding.PKCS7(256).padder() + + data_bytes = padder.update(data.encode("utf8"))+padder.finalize() + encryptor = Cipher(algorithms.AES(key), modes.CBC(iv), + backend=default_backend()).encryptor() + + ct = encryptor.update(data_bytes)+encryptor.finalize() + return base64.b64encode(iv+ct).decode("latin-1") |