In [None]:
!pip install cryptography

In [1]:
import os
import base64
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives.ciphers.aead import AESGCM

def encrypt(password: str, plaintext: str) -> str:
    # 1. Generate a random 16-byte salt
    # You MUST store the salt with the ciphertext to decrypt later.
    salt = os.urandom(16)
    
    # 2. Derive a key from the password using PBKDF2
    kdf = PBKDF2HMAC(
        algorithm=hashes.SHA256(),
        length=32, # 32 bytes = 256 bits for AES-256
        salt=salt,
        iterations=600000, # High iteration count to slow down brute-force
    )
    key = kdf.derive(password.encode())

    # 3. Encrypt using AES-GCM
    aesgcm = AESGCM(key)
    nonce = os.urandom(12) # A unique 12-byte initialization vector
    ciphertext = aesgcm.encrypt(nonce, plaintext.encode(), None)

    # 4. Bundle salt, nonce, and ciphertext together for storage
    # We encode in base64 so it's easy to print/save as text
    combined = salt + nonce + ciphertext
    return base64.b64encode(combined).decode('utf-8')

def decrypt(password: str, b64_ciphertext: str) -> str:
    # 1. Decode and extract components
    data = base64.b64decode(b64_ciphertext)
    salt, nonce, ciphertext = data[:16], data[16:28], data[28:]

    # 2. Re-derive the SAME key using the password and the SAVED salt
    kdf = PBKDF2HMAC(
        algorithm=hashes.SHA256(),
        length=32,
        salt=salt,
        iterations=600000,
    )
    key = kdf.derive(password.encode())

    # 3. Decrypt
    aesgcm = AESGCM(key)
    decrypted_data = aesgcm.decrypt(nonce, ciphertext, None)
    return decrypted_data.decode('utf-8')

# --- TEST RUN ---
try:
    my_pwd = "SuperSecretPassword123!"
    message = "This is a secret message for your eyes only."

    print(f"Original: {message}")
    
    # Encrypt
    encrypted_bundle = encrypt(my_pwd, message)
    print(f"Encrypted (Base64): {encrypted_bundle}")

    # Decrypt
    decrypted_message = decrypt(my_pwd, encrypted_bundle)
    print(f"Decrypted: {decrypted_message}")

except Exception as e:
    print(f"Authentication Failed: {e}")

Original: This is a secret message for your eyes only.
Encrypted (Base64): aKbEbhG21VvfNj5ZIdjwmPXh456aB249tJI0aRCmAU3ysH+W8BAbUzeYfOE2crMUF9gWeO1HyCUvvUParbq/u0Roe5ubSp90dShXGoufUq48V6TbTEcp+g==
Decrypted: This is a secret message for your eyes only.
