Scribd
Upload
25 views2 pages

Script

The document provides a Python script for encrypting and decrypting files using AES-256-GCM. It requires a 32-byte secret key stored in an environment variable and handles both encryption and decryption processes, including the generation of a nonce and authentication tag. Users can choose to encrypt or decrypt a file by entering 'E' or 'D' when prompted.

Uploaded by

mrgods.home
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
25 views2 pages

Script

The document provides a Python script for encrypting and decrypting files using AES-256-GCM. It requires a 32-byte secret key stored in an environment variable and handles both encryption and decryption processes, including the generation of a nonce and authentication tag. Users can choose to encrypt or decrypt a file by entering 'E' or 'D' when prompted.

Uploaded by

mrgods.home
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

import os

import base64
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend

# 32-byte AES-256 key (MUST be kept secret)


SECRET_KEY = os.getenv("SECRET_CRYPTO_KEY") # Set this in the environment variable

if not SECRET_KEY:
raise ValueError("ERROR: SECRET_CRYPTO_KEY environment variable is not set!")

SECRET_KEY = base64.b64decode(SECRET_KEY) # Decode key from base64


if len(SECRET_KEY) != 32:
raise ValueError("ERROR: Key must be 32 bytes (AES-256).")

# AES Block size


NONCE_SIZE = 12 # GCM recommended 12-byte IV
TAG_SIZE = 16 # AES-GCM tag is 16 bytes

def encrypt_file(input_file, output_file):


""" Encrypts main.txt using AES-256-GCM """
with open(input_file, "rb") as f:
plaintext = f.read()

# Generate a random 12-byte IV (Nonce)


nonce = os.urandom(NONCE_SIZE)

# AES-GCM Encryption
cipher = Cipher(algorithms.AES(SECRET_KEY), modes.GCM(nonce),
backend=default_backend())
encryptor = cipher.encryptor()
ciphertext = encryptor.update(plaintext) + encryptor.finalize()

# Store IV + Encrypted Data + Authentication Tag


with open(output_file, "wb") as f:
f.write(nonce + encryptor.tag + ciphertext)

print(f"[+] Encrypted {input_file} -> {output_file}")

def decrypt_file(input_file, output_file):


""" Decrypts main.enc using AES-256-GCM """
with open(input_file, "rb") as f:
data = f.read()

nonce = data[:NONCE_SIZE] # Extract IV


tag = data[NONCE_SIZE:NONCE_SIZE+TAG_SIZE] # Extract authentication tag
ciphertext = data[NONCE_SIZE+TAG_SIZE:] # Extract encrypted data

# AES-GCM Decryption
cipher = Cipher(algorithms.AES(SECRET_KEY), modes.GCM(nonce, tag),
backend=default_backend())
decryptor = cipher.decryptor()
plaintext = decryptor.update(ciphertext) + decryptor.finalize()

with open(output_file, "wb") as f:


f.write(plaintext)

print(f"[+] Decrypted {input_file} -> {output_file}")


if __name__ == "__main__":
mode = input("Type 'E' to Encrypt or 'D' to Decrypt: ").strip().upper()

if mode == "E":
encrypt_file("main.txt", "main.enc")
elif mode == "D":
decrypt_file("main.enc", "main_decrypted.txt")
else:
print("[ERROR] Invalid option! Use 'E' or 'D'.")

You might also like