tasos-py / aes-encryption-classes Goto Github PK

View Code? Open in Web Editor NEW

143.0 5.0 58.0 172 KB

AES encryption in Python, PHP, C#, Java, C++, F#, Ruby, Scala, Node.js

License: MIT License

C# 13.94% Java 13.02% PHP 12.12% Python 7.74% C++ 17.92% F# 10.70% Ruby 6.67% Scala 9.18% JavaScript 8.71%

encryption aes python php csharp java cpp fsharp ruby scala nodejs

aes-encryption-classes's Introduction

AES Encryption Classes

AES encryption in Python, PHP, C#, Java, C++, F#, Ruby, Scala, Node.js

Description

The goal of this project is to provide simple, portable and compatible code (data encrypted in Python can be decrypted in PHP, and so on). The encryption algorithm used is AES in CBC and CFB mode. Other modes are not provided mostly for compatibility reasons (.NET Framework). Ciphertext authenticity is verified with HMAC SHA256. The encrypted data contains the salt, iv and mac, in this format: salt[16] + iv[16] + ciphertext[n] + mac[32].
Although the algorithms used are secure, this code hasn't been revised by professional cryptographers, so the use of a better established library may be preferable.

Languages

Python, versions 2.7 - 3.6. Requires PyCryptodome
PHP, versions 5.5 - 7.2
C#, versions 4, 7.2, with .NET Framework 4, 4.6
Java, versions 8, 10. Only 128 bit keys are supported before Java 9
C++, versions 11, 17. Requires CryptoPP
F#, versions 3.0, 4.1, with .NET Framework 4, 4.6
Ruby, versions 1.9.2 - 2.5.1
Scala, versions 2.12.6. Only 128 bit keys are supported before Java 9
Node.js, versions 5.10.0 - 10.13.0

Features

Encryption:
AES with 128/192/256 bit key, in CBC and CFB mode.

Keys:
Password-based: PBKDF2 with SHA512, 20000 iterations by default.
Key-based: HKDF with SHA256.

Authentication:
HMAC with SHA256.

Examples

Python AES-128-CBC (the default) encryption, password-based.

data = 'my data'
password = 'my super strong password'
aes = AesEncryption()
enc = aes.encrypt(data, password)

print(enc)
#b'jDY94lq4C84RXD4uPohrqUZvyZNJg3L+KBl7d9S6hPufBCBeUcrsYoialAR+M+nJt4rWwWvB41ScQQOrlc3OzKukLqlP0Zir/z7yaiYQwB4='

PHP AES-128-CBC (the default) decryption, password-based.

$data = "jDY94lq4C84RXD4uPohrqUZvyZNJg3L+KBl7d9S6hPufBCBeUcrsYoialAR+M+nJt4rWwWvB41ScQQOrlc3OzKukLqlP0Zir/z7yaiYQwB4=";
$password = "my super strong password";
$aes = new AesEncryption();
$dec = $aes->decrypt($data, $password);

echo $dec;
//my data

C# AES-128-CFB encryption, password-based.

string data = "my data";
string password = "my super strong password";
AesEncryption aes = new AesEncryption("cfb");
byte[] enc = aes.Encrypt(data, password);

Console.WriteLine(Encoding.ASCII.GetString(enc));
//NDVqzcBopFejULtlhK0vy66kFI2UiI3mEiu6XrfW0D3Qjf66cQES9PBk28Jhyc0QWk6XpBD4Fsth9EJStxXw7UgIerZ4OyM=

Java AES-128-CFB decryption, password-based.

String data = "NDVqzcBopFejULtlhK0vy66kFI2UiI3mEiu6XrfW0D3Qjf66cQES9PBk28Jhyc0QWk6XpBD4Fsth9EJStxXw7UgIerZ4OyM=";
String password = "my super strong password";
AesEncryption aes = new AesEncryption("cfb");
byte[] dec = aes.decrypt(data, password);

System.out.println(new String(dec));
//my data

C++ AES-256-CBC encryption, password-based.

std::string data = "my data";
std::string password = "my super strong password";
AesEncryption aes("cbc", 256);
CryptoPP::SecByteBlock enc = aes.encrypt(data, password);

std::cout << std::string(enc.begin(), enc.end()) << std::endl;
//xDl8P0fKwL2pgi6WQPvd5iLUjT9IuBiZKBrH2DXdPT/wwKiQILnn/daaCYvu7cNv9894ap3HzgmgaOcIzT1TOWwUISAmMGqqOosLPl5Qu6o=

F# AES-256-CBC decryption, password-based.

let data = "xDl8P0fKwL2pgi6WQPvd5iLUjT9IuBiZKBrH2DXdPT/wwKiQILnn/daaCYvu7cNv9894ap3HzgmgaOcIzT1TOWwUISAmMGqqOosLPl5Qu6o="
let password = "my super strong password"
let aes = new AesEncryption("cbc", 256)
let dec = aes.Decrypt(data, password)

printfn "%A" (Encoding.UTF8.GetString dec)
#my data

Ruby AES-128-CBC encryption, key-based.

aes = AesEncryption.new()
key = aes.random_key_gen()
enc = aes.encrypt('my data')

puts key
#kC4y8+6dFS8uhPmIU0d+KjYT1nc7gGXiphT0p9Ax0as=
puts enc
#NXOjXel/xtIDgb+LMnIseCSQB6Mv/LRfMP1bMiqtCGRGd/t6uR0zSV8zDShmZhY4z4xFSX/hxGwGh/jQhvMA53qBnEyhquf3b7PEhdHvMKs=

Scala AES-128-CBC decryption, key-based.

val data = "NXOjXel/xtIDgb+LMnIseCSQB6Mv/LRfMP1bMiqtCGRGd/t6uR0zSV8zDShmZhY4z4xFSX/hxGwGh/jQhvMA53qBnEyhquf3b7PEhdHvMKs="
val aes = new AesEncryption()
aes.setMasterKey("kC4y8+6dFS8uhPmIU0d+KjYT1nc7gGXiphT0p9Ax0as=")
val dec = aes.decrypt(data)

println(new String(dec))
//my data

Node.js AES-128-CBC, file encryption and decryption, key-based.

const aes = new AesEncryption();
const key = aes.randomKeyGen();

var path = '/path/to/file.txt';
var encPath = aes.encryptFile(path);
var decPath = aes.decryptFile(encPath);

aes-encryption-classes's People

Contributors

Stargazers

Watchers

aes-encryption-classes's Issues

Feature Request: URL Safe

Add something like Base64url

Ref: https://docs.microsoft.com/en-us/dotnet/api/microsoft.identitymodel.tokens.base64urlencoder.encode?view=azure-dotnet#Microsoft_IdentityModel_Tokens_Base64UrlEncoder_Encode_System_String_

"The following functions perform base64url encoding which differs from regular base64 encoding as follows

padding is skipped so the pad character '=' doesn't have to be percent encoded
the 62nd and 63rd regular base64 encoding characters ('+' and '/') are replace with ('-' and '_') The changes make the encoding alphabet file and URL safe."

Objective-C support request

AES-Encryption-Classes already supports variety of languages and for that, like me, all the users of this library will definitely be grateful to you.

My humble request is that if you please add Objective-C support in this library then it will not only help me but this library will also become yet more general.

Thank you!

Problem with encrypt/decrypt

Hi Tasos,
when I use your example in c# and php I receive an error massage in php:
error:0606508A:digital envelope routines:EVP_DecryptFinal_ex:data not multiple of block length

c# code is:
string data = "my data";
string passphrase = "my super strong password";
AesEncryption aes = new AesEncryption("cfb");
byte[] enc = aes.Encrypt(data, passphrase);
Debug.WriteLine(Encoding.ASCII.GetString(enc));
//1cFI7AVmg/M7Z84ALEKVC2ZEOfof5qHP5CrIqYF3+1j7OOzDcM8BPjh1IZeVj4wyKDryRKwpIxmfzKI7xXixC2ZYmnl+JP4=

php code is:
$data = "1cFI7AVmg/M7Z84ALEKVC2ZEOfof5qHP5CrIqYF3+1j7OOzDcM8BPjh1IZeVj4wyKDryRKwpIxmfzKI7xXixC2ZYmnl+JP4=";
$password = "my super strong password";
$aes = new AesEncryption();
$dec = $aes->decrypt($data, $password);
echo $dec;
//error:0606508A:digital envelope routines:EVP_DecryptFinal_ex:data not multiple of block length

Do you have any idea?
Regards Horst

AesEncryption aes = new AesEncryption("cbc", 256);
byte[] encryptedData = aes.encrypt("Hello", "PASSWORD");
String encryptedString = new String(encryptedData);

Now when I try to decrypt encryptedString in PHP using the same password, I get this error:

MAC check failed!

Mac Check Failed

Hey! I'm encrypting data with the C++ library and decrypting it with the NodeJS one.

My code is following:
C++

AesEncryption aes("cbc", 256);
CryptoPP::SecByteBlock enc = aes.encrypt("hello world!", "CsXamjES6yFqPK5SnE8eEYy9xmcukmdj");
std::string output(enc.begin(), enc.end());

NodeJS

console.log(new aes("cbc", 256).decrypt("uGIGGWzNyLaGPfKnCvk8wZRegciYx6hWjMemR0VEmOcvPgZ3hdmiK1UPS2TGgH1ORMOprISIcqfPL4xlF6paLXobLuxdzV8pJr0z8idXcxI=", "CsXamjES6yFqPK5SnE8eEYy9xmcukmdj"));

When I call the NodeJS function, I get Mac check failed! - Both passwords are the same so I'm confused as to why this happens.