In [1]:
!pip install cryptography



In [2]:
# aes_test.py
# Simple AES-256-CBC encryption/decryption demo using cryptography library

from cryptography.hazmat.primitives import padding
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
import os
import base64

def encrypt_aes(plaintext: str, key: bytes = None) -> dict:
    """
    Encrypts plaintext using AES-256-CBC with a random IV.
    Returns a dictionary with base64-encoded ciphertext and IV.
    """
    # Generate a random 32-byte (256-bit) key if not provided
    if key is None:
        key = os.urandom(32)
    
    # Generate a random 16-byte IV
    iv = os.urandom(16)
    
    # Pad the plaintext to be multiple of 16 bytes (AES block size)
    padder = padding.PKCS7(128).padder()  # 128 bits = 16 bytes
    padded_data = padder.update(plaintext.encode()) + padder.finalize()
    
    # Create cipher and encrypt
    cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
    encryptor = cipher.encryptor()
    ciphertext = encryptor.update(padded_data) + encryptor.finalize()
    
    # Return everything needed to decrypt later (in base64 for easy display/storage)
    return {
        "key": base64.b64encode(key).decode('utf-8'),
        "iv": base64.b64encode(iv).decode('utf-8'),
        "ciphertext": base64.b64encode(ciphertext).decode('utf-8')
    }

def decrypt_aes(encrypted_data: dict) -> str:
    """
    Decrypts data produced by encrypt_aes().
    """
    key = base64.b64decode(encrypted_data["key"])
    iv = base64.b64decode(encrypted_data["iv"])
    ciphertext = base64.b64decode(encrypted_data["ciphertext"])
    
    # Decrypt
    cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
    decryptor = cipher.decryptor()
    padded_plaintext = decryptor.update(ciphertext) + decryptor.finalize()
    
    # Unpad
    unpadder = padding.PKCS7(128).unpadder()
    plaintext = unpadder.update(padded_plaintext) + unpadder.finalize()
    
    return plaintext.decode('utf-8')

# ============================
# Demo
# ============================
if __name__ == "__main__":
    message = "Hello, this is a secret message! üîê"
    print(f"Original message: {message}\n")
    
    # Encrypt
    encrypted = encrypt_aes(message)
    print("Encrypted:")
    print(f"  Key (b64):       {encrypted['key']}")
    print(f"  IV (b64):        {encrypted['iv']}")
    print(f"  Ciphertext (b64): {encrypted['ciphertext']}\n")
    
    # Decrypt
    decrypted = decrypt_aes(encrypted)
    print(f"Decrypted message: {decrypted}")
    
    # Verify
    assert decrypted == message
    print("\nSuccess! Encryption and decryption worked perfectly.")

Original message: Hello, this is a secret message! üîê

Encrypted:
  Key (b64):       t67s5q08ZL9HXuTW/uEvYWUF+2rCNfZTADD6WZbyo08=
  IV (b64):        l0Agbk6hIGEt2CAN/mXyMw==
  Ciphertext (b64): e+KdYRQajhp23gFcCgQWzuw2wCpsFG4+smP5uKzY0bDe6KBUyfg/OZ4R5ZhM5P3Z

Decrypted message: Hello, this is a secret message! üîê

Success! Encryption and decryption worked perfectly.
