In [14]:
import cryptography
import secrets
import hashlib
import json

In [5]:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization

In [6]:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding

In [7]:
from Crypto.Cipher import AES

### AES SYMMETRIC ENCRYPTION

In [115]:
def random_phrase(length):
    return secrets.token_urlsafe(length)

In [29]:
def aes_encrypt(message):
    
    # CONVERT DICT TO STRING
    if type(message) == dict:
        message = json.dumps(message)
    
    # GENERATE RANDOM PHRASES
    password = random_phrase(12).encode()
    init_vector = random_phrase(12).encode()
    
    # CREATE CIPHER
    cipher = AES.new(password, AES.MODE_CBC, init_vector)
    
    # PAD MESSAGE TO APPROPARIATE LENGTH
    while len(message) % 16 != 0:
        message += " "
    
    # ENCRYPT ENCODED MESSAGE & RETURN
    encrypted = cipher.encrypt(message.encode())
    
    # CONSTRUCT INFO NEEDED FOR DECODING
    decode_info = {
        'password': password.decode(),
        'init_vector': init_vector.decode()
    }
    
    # STRINGIFY & ENCODE PARAMS
    params = json.dumps(decode_info).encode()
    
    return encrypted, params

In [27]:
def aes_decrypt(data, params):
    
    # DECONSTRUCT AES PARAMS
    password = params['password'].encode()
    init_vector = params['init_vector'].encode()
    
    # CREATE CIPHER
    cipher = AES.new(password, AES.MODE_CBC, init_vector)
    
    # DECRYPT DATA
    decrypted = cipher.decrypt(data)
    
    # DECODE & PARSE DATA AS JSON
    return json.loads(decrypted.decode('utf-8'))

### RSA ENCRYPTION KEYS

In [8]:
def generate_rsa_keys():
    
    # PRIVATE KEY
    private_key = rsa.generate_private_key(
        public_exponent=65537,
        key_size=2048,
        backend=default_backend()
    )
    
    # PRIVATE KEY PEM
    private_pem = private_key.private_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PrivateFormat.PKCS8,
        encryption_algorithm=serialization.NoEncryption()
    )
    
    # PUBLIC KEY
    public_key = private_key.public_key()
    
    # PUBLIC KEY PEM
    public_pem = public_key.public_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PublicFormat.SubjectPublicKeyInfo
    )
    
    # RETURN
    return sanitize_key(public_pem), sanitize_key(private_pem)

In [9]:
def sanitize_key(key):
    
    # DECODE BYTES
    key = key.decode('utf-8')
    
    # REMOVE RSA PUBLIC PREFIX & SUFFIX
    key = key.replace('-----BEGIN PUBLIC KEY-----\n', '')
    key = key.replace('\n-----END PUBLIC KEY-----\n', '')
    
    # REMOVE RSA PRIVATE PREFIX & SUFFIX
    key = key.replace('-----BEGIN PRIVATE KEY-----\n', '')
    key = key.replace('\n-----END PRIVATE KEY-----\n', '')
    
    return key

In [11]:
def serialize_key(santized_pem, category):
    
    # PUBLIC KEY PREFIX & SUFFIX
    if category == 'public':
        prefix = '-----BEGIN PUBLIC KEY-----\n'
        suffix = '\n-----END PUBLIC KEY-----\n'
    
    # PRIVATE KEY PREFIX & SUFFIX
    elif category == 'private':
        prefix = '-----BEGIN PRIVATE KEY-----\n'
        suffix = '\n-----END PRIVATE KEY-----\n'
        
    # OTHERWISE, THROW ERROR
    else:
        print('BAD RSA KEY CATEGORY')
    
    # CONSTRUCT COMPLETE PEM
    complete_pem = prefix + santized_pem + suffix
    
    # SERIALIZE PUBLIC KEY
    if category == 'public':
        return serialization.load_pem_public_key(
            complete_pem.encode(),
            backend=default_backend()
        )
    
    # PRIVATE PRIVATE KEY
    else:
        return serialization.load_pem_private_key(
            complete_pem.encode(),
            password=None,
            backend=default_backend()
        )

### RSA ASYMMETRIC ENCRYPTION

In [201]:
# https://nitratine.net/blog/post/asymmetric-encryption-and-decryption-in-python/

In [4]:
def rsa_encrypt(message, pub_key):

    # ENCRYPT WITH PUBKEY
    return pub_key.encrypt(
        message,
        padding.OAEP(
            mgf=padding.MGF1(algorithm=hashes.SHA256()),
            algorithm=hashes.SHA256(),
            label=None
        )
    )
    
    return encrypted

In [22]:
def rsa_decrypt(data, private_key):

    # DECRYPT WITH PRIVKEY
    decrypted = private_key.decrypt(
        data,
        padding.OAEP(
            mgf=padding.MGF1(algorithm=hashes.SHA256()),
            algorithm=hashes.SHA256(),
            label=None
        )
    )
    
    # DECODE AS STRING
    decoded = decrypted.decode('utf-8')
    
    # PARSE AS JSON & RETURN
    return json.loads(decoded)