def encrypt(data, password, padding=0):
"""Encrypts data using the password.
Encrypts the data using the provided password using the cryptography module.
The password is converted into a base64-encoded key which is then used in a
symmetric encryption algorithm.
"""
if padding < 0:
print "Image too small to encode the file. \
You can store 1 byte per pixel."
exit()
password = bytes(password)
#Use key stretching to generate a secure key
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=32,
salt=bytes(password),
iterations=100000,
backend=default_backend())
key = kdf.derive(bytes(password))
nonce = os.urandom(16)
cipher = Cipher(algorithms.AES(key),\
modes.CTR(nonce), backend=default_backend())
enc = cipher.encryptor()
ct = enc.update(data) + enc.finalize()
#Add padding if needed
ct += os.urandom(padding-16)
#add nonce to data to allow decryption later (nonce does not need to be kept
#secret and is indistinguishable from random noise)
return bytes(nonce) + ct
评论列表
文章目录
