# Fernet Module

The fernet module guarantees that data encrypted using it cannot be further manipulated or read without the key. The fernet module of the cryptography package has inbuilt functions for the generation of the key, encryption of plaintext into ciphertext, and decryption of ciphertext into plaintext using the encrypt and decrypt methods respectively.

## Key Generation

### `generate_key()`

This method generates a new fernet key. The key must be kept safe as it is the most important component to decrypt the ciphertext. If the key is lost then the user can no longer decrypt the message. Also, if an intruder or hacker gets access to the key, they can not only read the data but also forge the data. 

In [2]:
from cryptography.fernet import Fernet

In [19]:
# Generate key
key = Fernet.generate_key()
f = Fernet(key)
print ("Token: ", key)

Token:  b'G5noW_n1c0iPbhhk5F7DcFEgkhoxLt9bKuxbXH8xpKc='


In [None]:
# Exercise


## Encryption

Fernet module provides two encryption functions.

### 1. `encrypt(data)`

The message that need to be encrypted should be pass as the parameter as bytes. The encrypt() function returns the secure encrypted data that cannot be altered or read without the key. The encrypted data is refered as Fernet Token.

Parameter: data (bytes)

Return: encrypted data(bytes)

Exception raises if data is not in bytes. 

In [None]:
from cryptography.fernet import Fernet

In [5]:
# Generate key
key = Fernet.generate_key()
f = Fernet(key)

# Encrypting the plaintext with the generated kay
token = f.encrypt(b"my deep dark secret")

print("Encrypted data: ", token)

Encrypted data:  b'gAAAAABgRw6k7Uj-s7bzorkDAClWiBL5jMTbVTo8S8eiOa6cSjnxlML3SCisa08n76rtQwneU17jnwMpgTXzu_-NDPmSod45GUJej7cMfvfT4MRkbhe40fI='


In [18]:
#########  Exercise   ###########

###generate key
key = Fernet.generate_key()
f = Fernet(key)

### Set a plaintext to be encrypted
plaintext = # set a plaintext in bytes

# Encrypting the plaintext with the generated kay
token = f.encrypt(plaintext)

print("Encrypted data: ", token)

Encrypted data:  b'gAAAAABgRyV1QTIeMCcx54fWNNwQDvqr3YFdg6hyjaUEoUHUhu_NmvpF4xXabXxbr-k-MkGT9Fgu1ebOkotNcAithj5yrdOaAw=='


### 2.`encrypt_at_time(data, current_time)`

The message that need to be encrypted and current time should be pass as the parameter.
Data is encrypted using the current time and data type of time should be int. The goal is that the client code can check the token expiration. 
Return type and exception are same as encrypt().

Since this method can be used in an insecure manner one should make sure the correct time (int(time.time())) is passed as current_time outside testing.


In [7]:
from cryptography.fernet import Fernet
import time

In [11]:
#generate key
key = Fernet.generate_key()
f = Fernet(key)

# Encrypting the plaintext with the generated kay
token = f.encrypt_at_time(b"my deep dark secret", int(time.time()))

print("Encrypted data: ", token)

Encrypted data:  b'gAAAAABgRxyoeoB7zzxtA_GloYf_ie51TXcPdqdItSu9GowmUGBe0CEO6EKa9VoHDqEJc4ZYcuy2h3i3JisBkbqWW2LpcXlBFAf_1_cqbe_XS8QXQgbh4-Y='


In [None]:
#########  Exercise   ###########

###generate key
key = Fernet.generate_key()
f = Fernet(key)

### Set a plaintext to be encrypted
plaintext = # set a plaintext in bytes
current_time = # set the time

# Encrypting the plaintext with the generated kay
token = f.encrypt_at_time(plaintext, current_time)

print("Encrypted data: ", token)

## Decryption

### decrypt(token, ttl=None)

It decrypts the fernet token. If successfully decrypted you will receive the original plaintext as the result, otherwise an exception will be raised. Here, we pass the encrypted data along with time to live(ttl). ttl is the number of seconds old a message may be to be valid. If the message is older than ttl seconds an exception will be raised. If ttl is not provided (or is None), the age of the message is not considered.

Parameters: token(bytes)
            <br>  ttl(int)
            
Return: Original Plaintext

Exceptions: cryptography.fernet.InvalidToken – If the token is in any way invalid, this exception is raised. 
            TypeError – This exception is raised if token is not bytes.

In [12]:
from cryptography.fernet import Fernet
import time

In [14]:
# generate key
key = Fernet.generate_key()
f = Fernet(key)

# Encrypting the plaintext with the generated kay
token = f.encrypt_at_time(b"my deep dark secret", int(time.time()))
print("Encrypted data: ", token)

# Decrypting the fernet token

plaintext = f.decrypt(token)
print("Original data: ", plaintext)

Encrypted data:  b'gAAAAABgRyKi-XqiqyjltEtFv9RtKaciZ9ASz8ZcmkNLOjXrTXwLRrep8-TFGjaTNit_KkwEOcwemzrM2cDgRfSctX8RXMyawfyTFLyK86cylAT8zxUyuSc='
Original data:  b'my deep dark secret'


In [None]:
#########  Exercise   ###########

###generate key
key = Fernet.generate_key()
f = Fernet(key)

### Set a plaintext to be encrypted
plaintext = # set a plaintext in bytes
current_time = # set the time

# Encrypting the plaintext with the generated kay
token = f.encrypt_at_time(plaintext, current_time)

print("Encrypted data: ", token)

# Decrypting the fernet token
plaintext = f.decrypt(token)

print("Original data: ", plaintext)

# Excercise

Fernet.generate_key() everytime generates different key. So, let's see how the different keys encrypt the same plaintext and see how unique it is.

In [None]:
from cryptography.fernet import Fernet
import time

###generate key
key1 = Fernet.generate_key()
f1 = Fernet(key1)

key2 = Fernet.generate_key()
f2 = Fernet(key2)

print ("Token1: ", key1)
print ("Token2: ", key2)

### Set a plaintext to be encrypted
plaintext = # set a plaintext in bytes
current_time = # set the time

# Encrypting the plaintext with the generated kay
token1 = f1.encrypt_at_time(plaintext, current_time)
token2 = f2.encrypt_at_time(plaintext, current_time)

print("Encrypted data1: ", token1)
print("Encrypted data2: ", token2)

# Decrypting the fernet token
plaintext1 = f1.decrypt(token1)
plaintext2 = f2.decrypt(token2)


print("Original data1: ", plaintext1)
print("Original data2: ", plaintext2)