Keep It Simple Stupid. Started using the CherryPy server and made classes from the parts.
This commit is contained in:
kalzu rekku
61
kiss/toml-manager/utils/crypto_utils.py
Normal file
61
kiss/toml-manager/utils/crypto_utils.py
Normal file
@ -0,0 +1,61 @@
|
||||
import os
|
||||
from cryptography.hazmat.primitives.asymmetric import ec
|
||||
from cryptography.hazmat.primitives import hashes, serialization
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
|
||||
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
import json
|
||||
import base64
|
||||
from config.config_loader import load_config
|
||||
|
||||
def encrypt_data(data, symmetric_key):
|
||||
# Convert the data to a JSON string
|
||||
json_data = json.dumps(data).encode('utf-8')
|
||||
|
||||
# Generate a random IV for encryption
|
||||
iv = os.urandom(16)
|
||||
|
||||
# Create AES Cipher and encrypt the data
|
||||
cipher = Cipher(algorithms.AES(symmetric_key), modes.CFB(iv), backend=default_backend())
|
||||
encryptor = cipher.encryptor()
|
||||
encrypted_data = encryptor.update(json_data) + encryptor.finalize()
|
||||
|
||||
# Combine IV and encrypted data
|
||||
encrypted_payload = iv + encrypted_data
|
||||
|
||||
# Encode the result in base64 to make it JSON-compatible
|
||||
return base64.b64encode(encrypted_payload).decode('utf-8')
|
||||
|
||||
# AES Decryption
|
||||
def decrypt_data(encrypted_data, symmetric_key):
|
||||
# Decode base64
|
||||
encrypted_data = base64.b64decode(encrypted_data)
|
||||
|
||||
iv = encrypted_data[:16]
|
||||
cipher = Cipher(algorithms.AES(symmetric_key), modes.CFB(iv), backend=default_backend())
|
||||
decryptor = cipher.decryptor()
|
||||
decrypted_data = decryptor.update(encrypted_data[16:]) + decryptor.finalize()
|
||||
return decrypted_data.decode('utf-8')
|
||||
|
||||
def generate_ecc_key_pair():
|
||||
private_key = ec.generate_private_key(ec.SECP256R1(), default_backend())
|
||||
public_key = private_key.public_key()
|
||||
return private_key, public_key
|
||||
|
||||
def load_client_public_key(config):
|
||||
client_public_key_pem = config.get('client_keys', {}).get('public_key')
|
||||
if not client_public_key_pem:
|
||||
raise ValueError("Client public key not found")
|
||||
return serialization.load_pem_public_key(client_public_key_pem.encode(), backend=default_backend())
|
||||
|
||||
def decrypt_symmetric_key(encrypted_symmetric_key, private_key):
|
||||
return private_key.decrypt(
|
||||
encrypted_symmetric_key,
|
||||
ec.ECIES(hashes.SHA256())
|
||||
)
|
||||
|
||||
# Load server/client public and private keys
|
||||
SERVER_PRIVATE_KEY, SERVER_PUBLIC_KEY = generate_ecc_key_pair()
|
||||
CONFIG = load_config("config.toml")
|
||||
CLIENT_PUBLIC_KEY = load_client_public_key(CONFIG)
|
||||
Reference in New Issue
Block a user