Hello there, just got a question.
I'm working at some project, where i need strong security, because it works with networks. So, I've made a class for token storage, which encrypts this token via pycrypto, encodes it in base64, and reverse.
I'm not quite sure about code's security, so I decided to ask a question, because I know, that here I can always get help.
Steps are following:
- Set up AES encryption keys
- Initialize token object
- Encrypt it
I need to make sure that there's not any holes in security, and also I'm interested in knowledge: How to make any class/method/variable accessible in only one file?
About me: Victoria, 22, learning Python and C for half-o-year, Ukraine.
Code:
from base64 import b64encode, b64decode
from Crypto.Cipher import AES
import sys
import math
class Token:
print("[cobalt] setting up encrytion keys...")
print("[cobalt] reading encryption key file")
key = open('/usr/share/doc/cobalt/encryption', 'r')
lines = key.readlines()[0].split(':')
print("[cobalt] read values, writing private constants...")
__COMMON_ENCRYPTION_KEY = lines[0].strip()
__COMMON_AES_IV16 = lines[1].strip()
del lines
key.close()
print("[cobalt] wrote constants, closing file stream...")
print("[cobalt] setted up encryption keys, initializing token object...")
def __init__(self, token:str):
self._token = token
self._encrypted = self.__encrypt()
print("[cobalt] token object initialized")
def __get_common(self):
print("[cobalt] getting common AES...")
try:
return AES.new(Token.__COMMON_ENCRYPTION_KEY, AES.MODE_CBC, Token.__COMMON_AES_IV16)
except ValueError as e:
print(f"[cobalt]\033[1;31m error:\033[m {e}")
sys.exit(1)
def __encrypt(self) -> str:
print("[cobalt] encrypting token...")
common_cipher = self.__get_common(); print(f"[cobalt] got common AES: {common_cipher}")
token_len = len(self._token); print(f"[cobalt] got token length: {token_len}")
# padded token with next multiple of 16
padded_token = self._token.rjust(16 * math.ceil(token_len / 16)); print("[cobalt] got padded token")
raw_encrypted_token = common_cipher.encrypt(padded_token); print("[cobalt] encrypted, encoding...\n")
return b64encode(raw_encrypted_token).decode('utf-8')
def _decrypt(self) -> str:
print("[cobalt] decrypting token...")
common_cipher = self.__get_common(); print(f"[cobalt] got common AES: {common_cipher}")
raw_token = b64decode(self._encrypted); print("[cobalt] decoded raw token")
decrypted_wpadding = common_cipher.decrypt(raw_token); print("[cobalt] decrypted token\n")
return decrypted_wpadding.decode('utf-8').strip()
CodePudding user response:
For storage you should use one-way functions (sha-2, for example), because you will never need to have its actual value, so you will never need to decode it. Each time user try to get access and use his token (password, cvv code or etc), you just use the same function upon the token and waiting to get the exact same result.
For accessibility you can use accessify
from accessify import private, protected
class Unit:
@protected
def move(self):
pass
@private
def run(self):
pass
Personal thoughts you probably should ignore:
Also I noticed, you use "__". It's good practise, when you want to ship your library to the world. Competent user will not use this methods (and IDE will not provide information about them :)). But it won't save your from bad-bad people. So I personally don't see the point of usage this ugly notation here, when you're coding your server application.