Today I wanted to encrypt sensitive information to not expose passwords, hostnames etc. I wanted to have a way to encrypt my strings with a master password and stumbled upon Simple Crypt.
Simple Crypt
Why simple-crypt? Referenced from their docs:
- Simple Crypt uses standard, well-known algorithms following the recommendations from this link.
- The PyCrypto library provides the algorithm implementation, where AES256 cipher is used.
- It includes a check (an HMAC with SHA256) to warn when ciphertext data are modified.
- It tries to make things as secure as possible when poor quality passwords are used (PBKDF2 with SHA256, a 256 bit random salt, and 100,000 rounds).
- Using a library, rather than writing your own code, means that we have less solutions to the same problem.
Installing Simple-Crypt:
From a base alpine image:
1 2 3 4 |
|
Simple Examples:
Two simple examples to encrypt and decrypt data with simple-crypt. We will use a password sekret
and we will encrypt the string: this is a secure message
:
1 2 3 4 5 6 7 |
|
Now that we have our encrypted string, lets decrypt it. First we will use the wrong password, so that you will see how the expected output should look when using a different password, than was used when it was encrypted:
1 2 3 4 5 6 7 8 |
|
Now using the correct password to decrypt:
1 2 |
|
SimpleCrypt Base64 and Getpass
I wanted to store the encrypted string in a database, but the ciphertext has a combination of random special characters, so I decided to encode the ciphertext with base64. And the password input will be used with the getpass module.
Our encryption app:
1 2 3 4 5 6 7 8 9 10 11 |
|
Our decryption app:
1 2 3 4 5 6 7 8 9 10 11 |
|
Encrypt and Decrypting Data using our Scripts:
Encrypting the string this is a secret message
:
1 2 3 |
|
Now that we have our encoded ciphertext, lets decrypt it with the password that we encrypted it with:
1 2 3 |
|
This is one way of working with sensitive info that you would like to encrypt/decrypt.