Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Generating own key with Python Fernet

Tags:

cryptography

python-2.7

from cryptography.fernet import Fernet

import base64
# Put this somewhere safe!
key = Fernet.generate_key()

f = Fernet()
token = f.encrypt(b"A really secret message. Not for prying eyes.")
token
print f.decrypt(token)

How can I generate my own key instead of fernet.genrate_key()?

like image 406
Anonymous Avatar asked Jun 08 '17 10:06

Anonymous

People also ask

How do you generate a key using Fernet in Python?

If you need to generate a new fernet key you can use the following code snippet. from cryptography. fernet import Fernet fernet_key = Fernet. generate_key() print(fernet_key.

What is Fernet key in Python?

Fernet makes it easy for Python developers to implement encryption and authentication into their applications. Fernet is a useful tool in the arsenal of a Python developer. It aims to help them secure data without running into all of the risks that come with implementing cryptographic primitives yourself.

How do I store my Fernet key?

The key can not be memorized and people would typically store it somewhere in a file and use copy-paste to enter it. This increases the risk that the key will leak. As an alternative, a so-called key-derivation mechanism can be used. In that case, the key bytes are not generated randomly with the Fernet.

2 Answers

The implementation shows how this is done:

return base64.urlsafe_b64encode(os.urandom(32))

So to generate your own you'll want to generate 32 cryptographically secure random bytes and then urlsafe base64 encode them. Of course, since generate_key already does this you should probably just call that unless you need to generate the key outside of your Python process.

like image 150
Paul Kehrer Avatar answered Sep 19 '22 09:09

Paul Kehrer

In fernet a key can be generated using one of fernet's Key Derivation Functions

One of the functions provided by fernet is the 'Password Based Key Derivation Function 2'. An example that uses PBKDF2HMAC can be found at Using Passwords with Fernet. This is discussed in git issue #1333 of pyca/cryptography, maebert points out that the example uses salt=os.urandom(16) and will generate a new key from a password each time the kdf class is constructed with a different salt value.

If you need to use a custom key derivation function look at source code for kdf and pbkdf2 to have an example of a class that implements the KeyDerivationFunction interface.

A class that matches its signature and implements the interface should be able to be dropped in as a custom key derivation function.

like image 37
James Avatar answered Sep 20 '22 09:09

James
Sign in to Comment

Related questions

Counting number of documents in an index in elasticsearch
Python hasattr vs getattr
Instancing a class - difference between with and without brackets
'WSGIRequest' object has no attribute 'get'
Why does hasattr execute the @property decorator code block
Where is 'pyximport'?
sudo pip install setuptools --upgrade error
How to get random Decimal number from range? [duplicate]
LineSegmentDetector in Opencv 3 with Python
Find a value within nested json dictionary in python
How can I open two consoles from a single script
Numpy: Index 3D array with index of last axis stored in 2D array
Python pandas merge keyerror
How to get the 3 items with the highest value from dictionary? [duplicate]
Why do I get "UserWarning: Module dap was already imported from None ..."
Getting <generator object <genexpr>
Divide an image into 5x5 blocks in python and compute histogram for each block
I can't install Gevent
How to create JSON object in Python
When trying to invoke def, I get: parameter 'self' unfilled [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!