AES 256 Encryption and Decryption in Python
The following python program demonstrates how to perform AES 256 encryption and decryption using the pycrypto library. Please note that this example is written in Python 3.
First ensure that pycrypto library is installed on your system by running the following command,
In the following python 3 program, we use pycrypto classes for AES 256 encryption and decryption. The program asks the user for a password (passphrase) for encrypting the data. This passphrase is converted to a hash value before using it as the key for encryption. The following program encrypts a sample text and then prints both the encrypted message and decrypted message on the console.
# AES 256 encryption/decryption using pycrypto library import base64 import hashlib from Crypto.Cipher import AES from Crypto import Random BLOCK_SIZE = 16 pad = lambda s: s + (BLOCK_SIZE - len(s) % BLOCK_SIZE) * chr(BLOCK_SIZE - len(s) % BLOCK_SIZE) unpad = lambda s: s[:-ord(s[len(s) - 1:])] password = input("Enter encryption password: ") def encrypt(raw, password): private_key = hashlib.sha256(password.encode("utf-8")).digest() raw = pad(raw) iv = Random.new().read(AES.block_size) cipher = AES.new(private_key, AES.MODE_CBC, iv) return base64.b64encode(iv + cipher.encrypt(raw)) def decrypt(enc, password): private_key = hashlib.sha256(password.encode("utf-8")).digest() enc = base64.b64decode(enc) iv = enc[:16] cipher = AES.new(private_key, AES.MODE_CBC, iv) return unpad(cipher.decrypt(enc[16:])) # First let us encrypt secret message encrypted = encrypt("This is a secret message", password) print(encrypted) # Let us decrypt using our original password decrypted = decrypt(encrypted, password) print(bytes.decode(decrypted))
Here is the above program in action,
Enter encryption password: my password
b'sYjpPpTpPFSvdsvhTRQrNnyD669siUFtpziX8JrdFDF1zM9PF8kWbjDUnC9uS7lp'
This is a secret message
Note that the above program uses SHA256 algorithm to generate the key from the passphrase. If you want high level of security, this should be replaced with password based key derivation function PBKDF2. The following example uses the PBKDF2 to generate the key,
# AES 256 encryption/decryption using pycrypto library import base64 from Crypto.Cipher import AES from Crypto import Random from Crypto.Protocol.KDF import PBKDF2 BLOCK_SIZE = 16 pad = lambda s: s + (BLOCK_SIZE - len(s) % BLOCK_SIZE) * chr(BLOCK_SIZE - len(s) % BLOCK_SIZE) unpad = lambda s: s[:-ord(s[len(s) - 1:])] password = input("Enter encryption password: ") def get_private_key(password): salt = b"this is a salt" kdf = PBKDF2(password, salt, 64, 1000) key = kdf[:32] return key def encrypt(raw, password): private_key = get_private_key(password) raw = pad(raw) iv = Random.new().read(AES.block_size) cipher = AES.new(private_key, AES.MODE_CBC, iv) return base64.b64encode(iv + cipher.encrypt(raw)) def decrypt(enc, password): private_key = get_private_key(password) enc = base64.b64decode(enc) iv = enc[:16] cipher = AES.new(private_key, AES.MODE_CBC, iv) return unpad(cipher.decrypt(enc[16:])) # First let us encrypt secret message encrypted = encrypt("This is a secret message", password) print(encrypted) # Let us decrypt using our original password decrypted = decrypt(encrypted, password) print(bytes.decode(decrypted))