· 6 years ago · Apr 20, 2020, 01:44 PM
1import os
2import base64
3import getpass
4from cryptography.fernet import Fernet
5from cryptography.hazmat.backends import default_backend
6from cryptography.hazmat.primitives import hashes
7from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
8
9def generate_key():
10 # ask user for passphrase
11 passphrase_provided = getpass.getpass(prompt=f'Enter passphrase: ')
12 passphrase = passphrase_provided.encode()
13 # salt generated with os.urandom(16)
14 salt = b'\x18x\xe8\xd6\xaa\x13\xc6\xb3x\xe3\xf8\x90\x8fX\xc8F'
15 kdf = PBKDF2HMAC(
16 algorithm=hashes.SHA256(),
17 length=32,
18 salt=salt,
19 iterations=100000,
20 backend=default_backend()
21 )
22 key = base64.urlsafe_b64encode(kdf.derive(passphrase))
23 return key
24
25def create_encrypted_file(key, file_name):
26 # ask user for api key
27 api_key = getpass.getpass(prompt=f'Enter your API key: ').encode()
28 fernet = Fernet(key)
29 encrypted = fernet.encrypt(api_key)
30 # save encrypted api_key as file
31 with open(file_name, 'wb') as f:
32 f.write(encrypted)
33
34def read_from_decrypted_file(key, file_name):
35 # open encrypted file
36 with open(file_name, 'rb') as f:
37 data = f.read()
38 fernet = Fernet(key)
39 decrypted = fernet.decrypt(data)
40 message = decrypted.decode()
41 return message
42
43
44def main():
45 key = generate_key()
46 file_name = 'credentials.crypt'
47 if not os.path.exists(file_name):
48 create_encrypted_file(key, file_name)
49 elif os.path.exists(file_name):
50 print(read_from_decrypted_file(key, file_name))
51
52
53if __name__ == '__main__':
54 main()