Encrypting and decrypting data in Python | Andros Fenollosa
At certain times we need to encrypt data in the backend to protect it. If you are in the Python ecosystem, you have a fantastic library for this: cryptography. Under the hood it uses OpenSSL, so it is fast and secure. On top of that there is Fernet, which is an abstraction layer that makes it very easy to use.
To use it, first add the dependency to your project:
cryptography>=42<br>Or install it with pip:
pip install cryptography<br>The next step is critical. You need to generate an encryption key and store it in a safe place. If you lose it, you will not be able to recover the data. And obviously, if someone else gets it, they will be able to decrypt everything. It is worth remembering that it would be a good idea to store it in an environment variable and/or in a secure vault.
To generate it you can use a script:
python -c 'from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())' > encryption_key.txt<br>Fernet uses symmetric encryption (AES-128-CBC + HMAC-SHA256). The generated 32-byte key is split into two halves: one for encryption and one for authentication. Internally, the key is generated with os.urandom(32) encoded in base64 url-safe.
With that we are ready to work.
Import the Fernet class:
from cryptography.fernet import Fernet<br>Load our key. Ideally, we will have stored it in an environment variable:
from os import getenv<br>encryption_key = getenv("ENCRYPTION_KEY").encode()<br>And we can already encrypt our first text:
fernet = Fernet(encryption_key)<br>cipher_text = fernet.encrypt(b"Text I want to protect")<br>To decrypt it, we just need to use the same Fernet object:
plain_text = fernet.decrypt(cipher_text)<br>print(plain_text.decode()) # "Text I want to protect"<br>Now let us focus on the case where we want to protect a binary, such as a file. The process is the same, but with files:
# Encrypt a file<br>with open("original_file.pdf", "rb") as file:<br>original_data = file.read()<br>cipher_data = fernet.encrypt(original_data)<br>with open("encrypted_file.enc", "wb") as file:<br>file.write(cipher_data)<br>And with this we already have the basics to encrypt and decrypt data. Use it in your database columns, in the files you store, or in whatever you need. Just remember: the security of your data depends on the security of your key. Guard it like gold.
This work is under a Attribution-NonCommercial-NoDerivatives 4.0 International license.
Will you buy me a coffee?
Support me on Ko-fi
Comments
page#run"<br>data-liveview-function="show_comment_email"<br>data-id="158e0835"<br>data-type="article"<br>>Leave a comment
There are no comments yet.
You may also like
page#run"<br>data-liveview-function="navigate_article"<br>data-uuid="dd5a0746">
web
python
django
django liveview
My website is now ~2.8x faster after converting it to a Django LiveView SPA
page#run"<br>data-liveview-function="navigate_article"<br>data-uuid="6e9e4485">
python
django
django liveview
I created a game engine for Django?
page#run"<br>data-liveview-function="navigate_article"<br>data-uuid="b5ba872a">
videojuegos
python
terminal
experiencia
streamlit
ai
Making UIs like text adventure games
Visitors in real time
You are alone: 🐱