AES Implementation in Python
Walkthrough to implement AES in Python
You’ve probably heard of the Houseparty scandal that has taken place during the quarantine. Houseparty was an excellent time killer app during the long days of the quarantine, it gathered friends and allowed them to play mini-games while video chatting with each other on their phones, all of this provided freely by Houseparty themselves. It was all fun and games till vast numbers of Netflix and Spotify accounts started to get hacked.
Rumor has it that Houseparty suffered a data breach, where their data was stolen by a third party and used by hackers to gain access to personal accounts. Houseparty has it that they have nothing to do with the wave of hackers sneaking into people’s accounts. We will probably never now for sure what happened here but the damage has already been done. I think we can all learn something from this whole incident to prevent and reduce the impact of future data breaches:
We are not being responsible enough
We are not taking our internet privacy seriously. The average user reuses passwords and emails throughout several apps, which may have vastly varying degrees of reputation and security , with out being aware of the dangers it implies. But users can only be accounted for so much. We as developers must ensure that all data we obtain from our users is treated responsibly: data should not only be stored in a secure environment, it should also be encrypted with a a secure algorithm, such as AES.
Implementing AES in Python
Fortunately, we don’t have to implement AES from scratch, but you can give it a try if you’re feeling spicy. In order to avoid doing so, we first need to install the pycrypto library, which can be done via pip with the following command:
pip install pycrypto
which should run without errors. Once pycrypto is installed, create a python file and write the following to import everything we need:
Now we are going to create a class for our AES cipher with the following constructor:
Lets take a quick walk through the constructor, it receives a key which can be of any length. Then we proceed to generate a 256 bit hash from that key. A hash is basically a unique identifier of a given length, 32 characters in this case, of any input no matter its length. This enables that you can pass the constructor your name or a phrase, and it will generate an unique 256 bit key for your cipher. We also set block_size
to 128, which is the block size of AES.
Before we proceed to define the encrypt
and decrypt
methods for our AESCipher class, lets first create the __pad
and __unpad
methods. Also, beginners in Python can learn from the best Python tutorials to enhance their learning.
Pad
The __pad
method receives theplain_text
to be encrypted and adds a number bytes for the text to be a multiple of 128 bits. This number is stored in number_of_bytes_to_pad
. Then in ascii_string
we generate our padding character, and padding_str
will contain that character times number_of_bytes_to_pad
. So we only have to add padding_str
at the end of our plain_text so that it is now a multiple of 128 bits.
Unpad
In an opposite manner, __unpad
method will receive the decrypted text, also known as plain_text
and will remove all the extra added characters in the __pad
method. For that we first must identify the last character and store in bytes_to_remove
how many bytes we need to trim of the end of plain_text
in order to unpad it.
Encrypt
With these two methods out of the way, lets implement the encrypt
method
The encrypt
method receives the plain_text
to be encrypted. First we pad that plain_text
in order to be able to encrypt it. After we generate a new random iv
with the size of an AES block, 128bits. We now create our AES cipher with AES.new
with our key
, in mode CBC
and with our just generated iv
. We now invoke the encrypt
function of our cipher
, passing it our plain_text
converted to bits. The encrypted output is then placed after our iv
and converted back from bits to readable characters.
Decrypt
Now that we can encrypt text, but I’m sure we would like to be able to decrypt it:
In order to decrypt, we must backtrack all the steps done in the encrypt
method. First we convert our encrypted_text
to bits and extract the iv
, which will be the first 128 bits of our encrypted_text
. Much like before, we now create a new AES cipher with our key, in mode CBC and with the extracted iv
. We now invoke the decrypt
method of our cipher
and convert it to text from bits. We remove the padding with __unpad
and that’s it!
The AESCipher
class should end up looking as the following:
Final Thoughts
You can now encrypt and decrypt your data! If you want to play with AES or just check that your implementation was correct, try out this online AES Cipher. If you are intrigued about how AES works, feel free to pass by my article about it.
As always, feel free to contact me if you need to. All the code found in this tutorial is freely available on GitHub.
I hope you all found this tutorial useful, happy encryption!
Thank you.