Reputation: 7404
Encrypting with AES-256 and PKCS7 padding
I want to use python to encrypt some data and have come across pycrypto as a possible tool. In order to encrypt the data, I need to:
- Input passphrase string
- SHA-256 the string, giving key for AES-256
- Represent sensitive data as string of 9 digit characters (ascii), with leading ascii 0s if present (the data will always be in this format).
- Encrypt data string using AES-256, NO SALT, using PKCS7 padding from RFC2315, in ecb mode.
- Represent ciphertext as Base64 (RFC 4648), needing 24 characters
Using pycrypto, steps 1-3 are fairly easy. 4 is giving me a little bit of trouble. I'm not sure what PKCS7 padding is, and I am not sure how to ensure that the encryption is not using a SALT. I was hoping someone could point me in the right direction re: step 4.
Upvotes: 4
Views: 26948
Answers (3)
Reputation: 161
You might want to visit https://pycryptodome.readthedocs.io/en/latest/src/util/util.html?highlight=Cryppto.Util.Padding#module-Crypto.Util.Padding
pycryptodome has padding and unpadding functions
Upvotes: 2
Reputation: 21
If the message is a bytearray
def pkcs7padding(data, block_size=16):
if type(data) != bytearray and type(data) != bytes:
raise TypeError("Only support bytearray/bytes !")
pl = block_size - (len(data) % block_size)
return data + bytearray([pl for i in range(pl)])
def pkcs5padding(data):
return pkcs7padding(data, 8)
Upvotes: 2
Reputation: 624
PyCrypto does not have inbuilt feature for padding. But it is quite easy to implement it. Note: PKCS7 Padding will add an extra byte block when the input is already the correct size, which this function does as well.
PKCS#7 padding is explained here.
def pad(m):
return m+chr(16-len(m)%16)*(16-len(m)%16)
KEY = sha256(passphrase).digest() #returns 256 bit key
cipher = AES.new(KEY,AES.MODE_ECB) #creates a AES-256 instance using ECB mode
ciphertext = cipher.encrypt(pad(data)).encode('base64')
Hopefully, this is what you are looking for.
During the process of Decryption, the unpad function might come handy.
def unpad(ct):
return ct[:-ct[-1]]
In Python 3, the unpad function may need to cast (depending on usage), looking like this:
def unpad(ct):
return ct[:-ord(ct[-1])]
P.S,
ECB mode of encryption is not cryptographic secure. Please use higher modes such as CBC, OFB or GCM.
GCM or Galois/Counter Mode provides both data confidentiality as well as authentication (Even for associated data, which need not be encrypted).
It is the most secure mode yet unless you use the same nonce twice
Upvotes: 9
Related Questions
- Encrypt and decrypt using PyCrypto AES-256
- How to add a padding to the data to make it acceptable for AES256 encryption algorithm in pycrypto library
- Padding is incorrect. AES Python encryption
- Decrypting (in python) the encrypted data using AES256 (CBC + PKCS7 padding) is resulting extra characters in the end
- Bad PKCS7 padding. Invalid length 0. Python Encryption to C# Decryption
- Python Encrypt AES MODE_CBC with PKCS#5 Padding
- Python Encrypting with PyCrypto AES
- AES-CBC 128, 192 and 256 encryption decryption in Python 3 using PKCS#7 padding
- AES decryption padding with PKCS5 Python
- Implement PKCS #7 Padding Scheme for AES in Python