473,405 Members | 2,279 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,405 software developers and data experts.

encrypting files + filestreams?

Hi python people,

I am trying to figure out the best way to encrypt files in python.

I've build a small script (see below) that encrypts the ubuntu 7.04
iso file in 2 minutes (I like python :) ).

But I have some thoughts about it. By pure luck (?) this file happened
to be N*512 bytes long so I do not have to add crap at the end - but
on files of the size N*512 + M (M != 521) I will add some crap to make
it fit in the algorithm. When I later decrypt I will have the stuff I
do not want. How do people solve this? (By writing the number of
relevant bytes in readable text in the beginning of the file?)

Also I wonder if this can be solved with filestreams (Are there
streams in python? The only python file streams I found in the evil
search engine was stuff in other forums.)
Other comments are of course also welcome,
Per
# crypto_hardcoded.py starts here

from Crypto.Cipher import AES

def encrypt2(cryptor, infile, outfile):
"""enly encrypt a few bytes at a time"""

size = 512
bytes = infile.read(size)

seek = 0
interval = 97
ctr = 0

while len(bytes) == size:
seek += size
if ctr % interval == 0:
print '\r%15d bytes completed' % (seek),
ctr += 1

outfile.write(cryptor.encrypt(bytes))
# change to this to decrypt
# outfile.write(cryptor.decrypt(bytes))
bytes = infile.read(size)

if len(bytes) != 0:
bytes += "#" * (size - len(bytes))
outfile.write(cryptor.encrypt(bytes))
seek += len(bytes)

print '\r%15d bytes completed' % (seek)

if __name__ == "__main__":
crptz = AES.new("my-secret_passwd")
ifile = file('/tmp/ubuntu-7.04-desktop-i386.iso','r')
ofile = file('/tmp/ubuntu-7.04-desktop-i386.iso.out','w')

encrypt2(crptz, ifile, ofile)
ifile.close()
ofile.close()

# crypto_hardcoded.py ends here

Aug 15 '07 #1
4 2304
per9000 wrote:
Hi python people,

I am trying to figure out the best way to encrypt files in python.

I've build a small script (see below) that encrypts the ubuntu 7.04
iso file in 2 minutes (I like python :) ).

But I have some thoughts about it. By pure luck (?) this file happened
to be N*512 bytes long so I do not have to add crap at the end - but
on files of the size N*512 + M (M != 521) I will add some crap to make
it fit in the algorithm. When I later decrypt I will have the stuff I
do not want. How do people solve this? (By writing the number of
relevant bytes in readable text in the beginning of the file?)

Also I wonder if this can be solved with filestreams (Are there
streams in python? The only python file streams I found in the evil
search engine was stuff in other forums.)
Other comments are of course also welcome,
Per
# crypto_hardcoded.py starts here

from Crypto.Cipher import AES

def encrypt2(cryptor, infile, outfile):
"""enly encrypt a few bytes at a time"""

size = 512
bytes = infile.read(size)

seek = 0
interval = 97
ctr = 0

while len(bytes) == size:
seek += size
if ctr % interval == 0:
print '\r%15d bytes completed' % (seek),
ctr += 1

outfile.write(cryptor.encrypt(bytes))
# change to this to decrypt
# outfile.write(cryptor.decrypt(bytes))
bytes = infile.read(size)

if len(bytes) != 0:
bytes += "#" * (size - len(bytes))
outfile.write(cryptor.encrypt(bytes))
seek += len(bytes)

print '\r%15d bytes completed' % (seek)

if __name__ == "__main__":
crptz = AES.new("my-secret_passwd")
ifile = file('/tmp/ubuntu-7.04-desktop-i386.iso','r')
ofile = file('/tmp/ubuntu-7.04-desktop-i386.iso.out','w')

encrypt2(crptz, ifile, ofile)
ifile.close()
ofile.close()

# crypto_hardcoded.py ends here
Padding and keeping information in a header is how I solved the problem.

-Larry
Aug 15 '07 #2
per9000 <pe*****@gmail.comwrites:
I am trying to figure out the best way to encrypt files in python.
Looking at your code and questions, you probably want to pick up a
cryptography handbook of some sort (I'd recommend /Practical
Cryptography/) and give it a read.
But I have some thoughts about it. By pure luck (?) this file happened
to be N*512 bytes long so I do not have to add crap at the end - but
on files of the size N*512 + M (M != 521) I will add some crap to make
it fit in the algorithm.
BTW, AES has a block size of 16, not 512.
When I later decrypt I will have the stuff I do not want. How do
people solve this? (By writing the number of relevant bytes in
readable text in the beginning of the file?)
There are three basic ways of solving the problem with block ciphers.
Like you suggest, you can somehow store the actual size of the encrypted
data. The second option is to store the number of padding bytes
appended to the end of the data. The third is to use the block cipher
in cipher feedback (CFB) or output feedback (OFB) modes, both of which
transform the block cipher into a stream cipher. The simplest choice
coding-wise is to just use CFB mode, but the "best" choice depends upon
the requirements of your project.
Also I wonder if this can be solved with filestreams (Are there
streams in python? The only python file streams I found in the evil
search engine was stuff in other forums.)
Try looking for information on "file-like objects." Depending on the
needs of your application, one general solution would be to implement a
file-like object which decorates another file-like object with
encryption on its IO operations.
crptz = AES.new("my-secret_passwd")
I realize this is just toy code, but this is almost certainly not what
you want:

- You'll get a much higher quality key -- and allow arbitrary length
passphrases -- by producing the key from the passphrase instead of
using it directly as the key. For example, taking the SHA-256 hash
of the passphrase will produce a much higher entropy key of the
correct size for AES.

- Instantiating the cipher without specifying a mode and
initialization vector will cause the resulting cipher object to use
ECB (electronic codebook) mode. This causes each identical block in
the input stream to result in an identical block in the output
stream, which opens the door for all sorts of attacks.

Hope this helps!

-Marshall

Aug 15 '07 #3
On 8/15/07, per9000 <pe*****@gmail.comwrote:
Hi python people,

I am trying to figure out the best way to encrypt files in python.

I've build a small script (see below) that encrypts the ubuntu 7.04
iso file in 2 minutes (I like python :) ).

But I have some thoughts about it. By pure luck (?) this file happened
to be N*512 bytes long so I do not have to add crap at the end - but
on files of the size N*512 + M (M != 521) I will add some crap to make
it fit in the algorithm. When I later decrypt I will have the stuff I
do not want. How do people solve this? (By writing the number of
relevant bytes in readable text in the beginning of the file?)
The term you're looking for is "padding". See
http://en.wikipedia.org/wiki/Padding_%28cryptography%29 for a brief
introduction, and especially the two RFCs mentioned about halfway
down.
Also I wonder if this can be solved with filestreams (Are there
streams in python? The only python file streams I found in the evil
search engine was stuff in other forums.)
I don't know how to answer this, because it's not clear what you mean
by "file streams". Python's file objects act similarly to things
called streams in other languages, such as Java's InputStreams and
Readers, if that's what you're asking.
Other comments are of course also welcome,
Per
# crypto_hardcoded.py starts here
[snip]

I notice there's some repeated code in your main loop. This generally
means there's room for improvement in your program flow. Here's one
possible way you could structure it: separate out the file reading and
padding logic into a generator function that takes a filename or file
object, and yields blocks one at a time, padded to the correct block
size. Then your main loop can be simplified to something like this:

for plaintext_block in read_as_blocks(in_file, block_size):
ciphertext_block = cryptor.encrypt(plaintext_block)
out_file.write(ciphertext_block)

Techniques like these can make it easier to follow what's going on,
especially as your programs get more complicated. Don't be afraid to
experiment!

-- David
Aug 15 '07 #4
In message <11**********************@19g2000hsx.googlegroups. com>, per9000
wrote:
crptz = AES.new("my-secret_passwd")
You're using ECB mode. Never use ECB mode. At a minimum, use CBC mode.

Also, another common thing is, don't use the actual password to encrypt the
entire file. Instead, randomly generate a "session key" to use for the
actual encryption, and only use the password to encrypt that.
def encrypt2(cryptor, infile, outfile):
"""enly encrypt a few bytes at a time"""

size = 512
bytes = infile.read(size)

seek = 0
interval = 97
ctr = 0

while len(bytes) == size:
seek += size
if ctr % interval == 0:
print '\r%15d bytes completed' % (seek),
ctr += 1

outfile.write(cryptor.encrypt(bytes))
# change to this to decrypt
# outfile.write(cryptor.decrypt(bytes))
bytes = infile.read(size)

if len(bytes) != 0:
bytes += "#" * (size - len(bytes))
outfile.write(cryptor.encrypt(bytes))
seek += len(bytes)
Finally, it is recommended that you also compute and encrypt a cryptographic
hash of the plaintext. That way, you can check that still matches after
decryption, to guard against tampering.

Aug 18 '07 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Piotr | last post by:
MS has published on its sites javascript encoder, which enables "encrypting" javascript code. It allows hiding js code from being seen as a text file. There is a decoder for it, available in the...
6
by: Dayne | last post by:
Guys, I am writing a database application(vb.net , sql server) and is presently storing the connection settings in a xml file...not very secure though. What is a safer method in a dynamic...
2
by: SP | last post by:
Hi All, I need to compare two files line by line and copy the differing lines to a new files. I.e. Compare file1 and file2 line by line. Copy only differing lines to file3. I tried a couple...
4
by: BostonNole | last post by:
I am looking for suggestions on the most efficient way to import 7 different fixed width files into a DataSet. Not all at the same time. One file at a time, but the format could change from file...
7
by: Bob Weiner | last post by:
Hi, I'm an IT guy who likes to think he can program. I have a generic question about filestreams. I'm putting together an application and need to write certain activities out to a log file. ...
4
by: rsm | last post by:
Hi, We want to encrypt MS Sql Server data files - .mdf and .ldf with logged in user certificate and make sure that MS Sql Server service (running as Local System Account) can decrypt it. Is...
3
by: dfa_geko | last post by:
Hi All, I had a question about encrypting and decrypting XML files using asymmetric keys. I copied some sample code from MSDN, here are the samples: ...
2
by: SeeSharp Bint | last post by:
Visual Studio 2005, dotnet, c#. Microsoft SQL Server. Windows XP forms application. Temporarily, for my database application, I have been storing the various elements of database connection...
2
by: Elikhom | last post by:
Is there any way to open multiple files concurrently and for example read the first line of each and the do some task with them, then read the second line of all of them and do some task again with...
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
0
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
0
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
0
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
0
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.