ENCYPT

mail@pastecode.io avatar
unknown
python
2 years ago
5.4 kB
4
Indexable
from bcrypt import gensalt, hashpw, checkpw
from ecies import encrypt, decrypt
from config import PRIVKEYHEX, PUBKEYHEX, CLOUDFRONT_KEY_BASE64, APP_MODE, FRONTEND_TO_SERVER_PRV_KEY_BASE64, SERVER_TO_FRONTEND_PUB_KEY_BASE64, SERVER_TO_FRONTEND_PRV_KEY_BASE64
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
import os
import base64
from codecs import decode
"""
Method :Generate Password hash
@Param :
    1.password : type -> str
Return : Hashed password
"""


def generate_password_hash(password: str) -> str:
    passwd = bytes(password, 'latin-1')
    salt = gensalt()
    hashed = hashpw(passwd, salt)
    return hashed.decode('latin-1')


"""
Method :check user input password with hashedPassword stored in database
@Param :
    1.password : type -> str
    2. hashedPassword : type -> str
Return : True or False
"""


def check_password_hash(password: str, hasedPassword: str) -> bool:
    if checkpw(password.encode('latin-1'), hasedPassword.encode('latin-1')):
        return True
    else:
        return False


"""
Method :Encrypt data , if None don't encrypt
@Param :
    1.plaintext : type -> str
Return : Encrypted hex data
"""


def encrypt_data(plaintext: str) -> bytes:
    if plaintext is None:
        return plaintext
    encrypted = encrypt(PUBKEYHEX, plaintext.encode())
    return encrypted.hex()


"""
Method :Decrypted data , if None return Null
@Param :
    1.encrypted: type -> str
Return : Decrypted data
"""


def decrypt_data(encrypted) -> bytes:
    if encrypted is None:
        return None
    decrypted = decrypt(PRIVKEYHEX, bytes.fromhex(encrypted))
    return decrypted.decode()

"""
Method :Decrypted front end data , if None return Null
@Param :
    1.encrypted: type -> str
Return : Decrypted data
"""


def decrypt_frontend_data_to_server(encrypted):

    if encrypted is None:
        return None

    else:     

        java_out = encrypted.encode('UTF-8')    
        ciphertext = decode(java_out, 'base64')
        private_key_string = base64.b64decode(FRONTEND_TO_SERVER_PRV_KEY_BASE64)
        private_key_ascii = private_key_string.decode('ascii')

        private_key = serialization.load_pem_private_key(
                private_key_ascii.encode('UTF-8'),
                password=None,
                backend=default_backend()
            )

        #Decrypt the front end data
        decrypted = private_key.decrypt(
            ciphertext,
            padding.OAEP(
                mgf=padding.MGF1(algorithm=hashes.SHA256()),
                algorithm=hashes.SHA256(),
                label=None
                )
            )
        return decrypted.decode()


"""
Method :Encrypt server to  frontend data , if None return Null
@Param :
    1.text: type -> str
Return : Encrypted data
"""


def encrypt_server_data_to_frontend(plaintext: str):
    
    if plaintext is None:
        return None
    
    # if APP_MODE == "dev":
    #     return plaintext

    else:


        plaintext = plaintext.encode('UTF-8')
        public_key_string = base64.b64decode(SERVER_TO_FRONTEND_PUB_KEY_BASE64)
        public_key_ascii = public_key_string.decode('ascii')
        #Pem file kept in config
        pub_key = serialization.load_pem_public_key(
                public_key_ascii.encode('UTF-8'),
                backend=default_backend()
            )
        
        #Encrypt the server data
        encrypted = pub_key.encrypt(
                plaintext,
                padding.OAEP(
                mgf=padding.MGF1(algorithm=hashes.SHA256()),
                algorithm=hashes.SHA256(),
                label=None
        )
    )
        
        return base64.b64encode(encrypted).decode("utf-8")

"""
Method :Decrypted server end data (use at endpoint) , if None return Null
@Param :
    1.encrypted: type -> str
Return : Decrypted data
"""


def decrypt_server_data_to_frontend(encrypted):

    if encrypted is None:
        return None

    else:     

        endpoint_out = encrypted.encode('UTF-8')    
        ciphertext = decode(endpoint_out, 'base64')
        private_key_string = base64.b64decode(SERVER_TO_FRONTEND_PRV_KEY_BASE64)
        private_key_ascii = private_key_string.decode('ascii')

        private_key = serialization.load_pem_private_key(
                private_key_ascii.encode('UTF-8'),
                password=None,
                backend=default_backend()
            )

        #Decrypt the front end data
        decrypted = private_key.decrypt(
            ciphertext,
            padding.OAEP(
                mgf=padding.MGF1(algorithm=hashes.SHA256()),
                algorithm=hashes.SHA256(),
                label=None
                )
            )
        return decrypted.decode()

"""
Method :Check cloudfront key file
@Param :
    1.message 
Return : Private Key signer 
"""


def rsa_signer(message):  

    #Using env pem file
    
    private_key_string = base64.b64decode(CLOUDFRONT_KEY_BASE64)
    private_key_ascii = private_key_string.decode('ascii')
    private_key = serialization.load_pem_private_key(
            private_key_ascii.encode('UTF-8'),
            password=None,
            backend=default_backend()
        )
    return private_key.sign(message, padding.PKCS1v15(), hashes.SHA1())