Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cryptography module is Fernet safe and can i do AES encryption with that module?

Can i do AES encryption with Cryptography module and what is Fernet and is it safe like AES encryption?

like image 751
Hormoz Avatar asked Mar 20 '16 17:03

Hormoz


People also ask

Does Fernet use AES?

Implementation. Fernet is built on top of a number of standard cryptographic primitives. Specifically it uses: AES in CBC mode with a 128-bit key for encryption; using PKCS7 padding.

How secure is Python Fernet?

However, fernet only uses 128-bit AES keys. 128-bit AES is considered more than secure enough for the vast majority of applications.

What is Fernet encryption?

Fernet guarantees that a message encrypted using it cannot be manipulated or read without the key. Fernet is an implementation of symmetric (also known as “secret key”) authenticated cryptography.

How do you do AES encryption in Python?

ciphertext = aes. encrypt(plaintext. encode('utf-8')) and the ciphertext would need the decode('utf-8') to complete the str, bytes roundtrip.


2 Answers

Fernet made more sense before GCM came around, as correctly implementing CBC + HMAC by yourself is difficult, and the CBC mode requires padding to 16 byte blocks.

It is still safe but I would not recommend it for new systems because AES256-GCM combines encryption and authentication into the same standard protocol, which can be en/decrypted by browsers (Javascript subtle crypto API) and all other crypto libraries and tools, not just the Python cryptography module. The GCM mode is also a lot faster, reaching several gigabytes per second with AES-NI.

It is unfortunate that it is hidden deep inside the hazmat module:

import secrets
from cryptography.hazmat.primitives.ciphers.aead import AESGCM

# Generate a random secret key (AES256 needs 32 bytes)
key = secrets.token_bytes(32)

# Encrypt a message
nonce = secrets.token_bytes(12)  # GCM mode needs 12 fresh bytes every time
ciphertext = nonce + AESGCM(key).encrypt(nonce, b"Message", b"")

# Decrypt (raises InvalidTag if using wrong key or corrupted ciphertext)
msg = AESGCM(key).decrypt(ciphertext[:12], ciphertext[12:], b"")

Even with the same key and the same message, the ciphertext will always be completely different (because of a different nonce). Do note that ciphertext is always exactly 28 bytes longer than the message, so if the message length needs to be hidden, you could pad all messages to same length before encryption.

like image 154
Tronic Avatar answered Oct 17 '22 22:10

Tronic


As Scott Arciszewski answered in a comment, Fernet is basically AES128 in CBC mode with a SHA256 HMAC message authentication code.

A full specification of the Fernet construction can be found here.

like image 29
user5207081 Avatar answered Oct 17 '22 23:10

user5207081