Simple way to encode a string according to a password

Question

Does Python have a built-in  simple way of encoding decoding strings using a password   Something like this    gt  gt  gt  encode  John Doe   password    mypass    sjkl28cn2sx0   gt  gt  gt  decode  sjkl28cn2sx0   password    mypass    John Doe    So the string  John Doe  gets encrypted as  sjkl28cn2sx0   To get the original string  I would  unlock  that string with the key  mypass   which is a password in my source code  I d like this to be the way I can encrypt decrypt a Word document with a password   I would like to use these encrypted strings as URL parameters  My goal is obfuscation  not strong security  nothing mission critical is being encoded  I realize I could use a database table to store keys and values  but am trying to be minimalist

User · Answer

I ll give 4 solutions   1  Using Fernet encryption with cryptography library  Here is a solution using the package cryptography  that you can install as usual with pip install cryptography   import base64 from cryptography fernet import Fernet  InvalidToken from cryptography hazmat backends import default backend from cryptography hazmat primitives import hashes from cryptography hazmat primitives kdf pbkdf2 import PBKDF2HMAC  def cipherFernet password       key   PBKDF2HMAC algorithm hashes SHA256    length 32  salt b abcd   iterations 1000  backend default backend    derive password      return Fernet base64 urlsafe b64encode key    def encrypt1 plaintext  password       return cipherFernet password  encrypt plaintext   def decrypt1 ciphertext  password       return cipherFernet password  decrypt ciphertext     Example   print encrypt1 b John Doe   b mypass        b gAAAAABd53tHaISVxFO3MyUexUFBmE50DUV5AnIvc3LIgk5Qem1b3g Y hlI43DxH6CiK4YjYHCMNZ0V0ExdF10JvoDw8ejGjg    print decrypt1 b gAAAAABd53tHaISVxFO3MyUexUFBmE50DUV5AnIvc3LIgk5Qem1b3g Y hlI43DxH6CiK4YjYHCMNZ0V0ExdF10JvoDw8ejGjg     b mypass       b John Doe  try     test with a wrong password     print decrypt1 b gAAAAABd53tHaISVxFO3MyUexUFBmE50DUV5AnIvc3LIgk5Qem1b3g Y hlI43DxH6CiK4YjYHCMNZ0V0ExdF10JvoDw8ejGjg     b wrongpass     except InvalidToken      print  Wrong password     You can adapt with your own salt  iteration count  etc  This code is not very far from  HCLivess s answer but the goal is here to have ready-to-use encrypt and decrypt functions  Source  https   cryptography io en latest fernet  using-passwords-with-fernet   Note  use  encode   and  decode   everywhere if you want strings  John Doe  instead of bytes like b John Doe      2  Simple AES encryption with Crypto library  This works with Python 3   import base64 from Crypto import Random from Crypto Hash import SHA256 from Crypto Cipher import AES  def cipherAES password  iv       key   SHA256 new password  digest       return AES new key  AES MODE CFB  iv   def encrypt2 plaintext  password       iv   Random new   read AES block size      return base64 b64encode iv   cipherAES password  iv  encrypt plaintext    def decrypt2 ciphertext  password       d   base64 b64decode ciphertext      iv  ciphertext   d  AES block size   d AES block size       return cipherAES password  iv  decrypt ciphertext     Example       print encrypt2 b John Doe   b mypass    print decrypt2 b B 2dGPZTD8V22cIVKfp2gD2tTJG UfP    b mypass    print decrypt2 b B 2dGPZTD8V22cIVKfp2gD2tTJG UfP    b wrongpass       wrong password  no error  but garbled output   Note  you can remove base64 b64encode and  b64decode if you don t want text-readable output and or if you want to save the ciphertext to disk as a binary file anyway     3  AES using a better password key derivation function and the ability to test if  wrong password entered   with Crypto library  The solution 2  with AES  CFB mode  is ok  but has two drawbacks  the fact that SHA256 password  can be easily bruteforced with a lookup table  and that there is no way to test if a wrong password has been entered  This is solved here by the use of AES in  GCM mode   as discussed in AES  how to detect that a bad password has been entered  and Is this method to say    The password you entered is wrong    secure    import Crypto Random  Crypto Protocol KDF  Crypto Cipher AES  def cipherAES GCM pwd  nonce       key   Crypto Protocol KDF PBKDF2 pwd  nonce  count 100000      return Crypto Cipher AES new key  Crypto Cipher AES MODE GCM  nonce nonce  mac len 16   def encrypt3 plaintext  password       nonce   Crypto Random new   read 16      return nonce   b   join cipherAES GCM password  nonce  encrypt and digest plaintext      you case base64 b64encode it if needed  def decrypt3 ciphertext  password       nonce  ciphertext  tag   ciphertext  16   ciphertext 16 len ciphertext -16   ciphertext -16       return cipherAES GCM password  nonce  decrypt and verify ciphertext  tag     Example   print encrypt3 b John Doe   b mypass    print decrypt3 b  xbaN  x90R xdf xa9 xc7 xd6 x16  xbb  xf5Q xa9  xe5 xa5 xaf x81 xc3 n2e   I xb4 xab5 xa6ezu x8c  xa50   b mypass    try      print decrypt3 b  xbaN  x90R xdf xa9 xc7 xd6 x16  xbb  xf5Q xa9  xe5 xa5 xaf x81 xc3 n2e   I xb4 xab5 xa6ezu x8c  xa50   b wrongpass    except ValueError      print  Wrong password       4  Using RC4  no library needed   Adapted from https   github com bozhu RC4-Python blob master rc4 py   def PRGA S       i   0     j   0     while True          i    i   1    256         j    j   S i     256         S i   S j    S j   S i          yield S  S i    S j     256   def encryptRC4 plaintext  key  hexformat False       key  plaintext   bytearray key   bytearray plaintext     necessary for py2  not for py3     S   list range 256       j   0     for i in range 256           j    j   S i    key i   len key      256         S i   S j    S j   S i      keystream   PRGA S      return b   join b  02X     c   next keystream   for c in plaintext  if hexformat else bytearray c   next keystream  for c in plaintext   print encryptRC4 b John Doe   b mypass                                b  x88 xaf xc1 x04 x8b x98 x18 x9a  print encryptRC4 b  x88 xaf xc1 x04 x8b x98 x18 x9a   b mypass        b John Doe       Outdated since the latest edits  but kept for future reference   I had problems using Windows   Python 3 6   all the answers involving pycrypto  not able to pip install pycrypto on Windows  or pycryptodome  the answers here with from Crypto Cipher import XOR failed because XOR is not supported by this pycrypto fork   and the solutions using     AES failed too with TypeError  Object type  lt class  str  gt  cannot be passed to C code   Also  the library simple-crypt has pycrypto as dependency  so it s not an option

User · Answer

Adding one more code with decode and encode for reference  import base64  def encode key  string       encoded chars          for i in range len string            key c   key i   len key           encoded c   chr ord string i     ord key c    128          encoded chars append encoded c      encoded string      join encoded chars      arr2   bytes encoded string   utf-8       return base64 urlsafe b64encode arr2   def decode key  string       encoded chars          string   base64 urlsafe b64decode string      string   string decode  utf-8       for i in range len string            key c   key i   len key           encoded c   chr ord string i   - ord key c    128          encoded chars append encoded c      encoded string      join encoded chars      return encoded string  def main        answer   str input  EorD        if answer in   E              ENCODE         file   open  D  enc txt           line   file read   replace   n     NEWLINEHERE            file close           text   encode  4114458  line          fnew   open  D   new txt   w            fnew write text decode  utf-8            fnew close       else           DECODE         file   open  D   new txt   r            eline   file read   replace  NEWLINEHERE    n           file close           print eline          eline   eline encode  utf-8           dtext decode  4114458  eline          print dtext          fnew   open  D   newde txt   w            fnew write dtext          fnew close  if   name         main         main

User · Answer

Working encode decode functions in python3  adapted very little from qneill s answer    def encode key  clear       enc          for i in range len clear            key c   key i   len key           enc c    ord clear i     ord key c     256         enc append enc c      return base64 urlsafe b64encode bytes enc    def decode key  enc       dec          enc   base64 urlsafe b64decode enc      for i in range len enc            key c   key i   len key           dec c   chr  256   enc i  - ord key c     256          dec append dec c      return    join dec

User · Answer

You can use AES to encrypt your string with a password  Though  you ll want to chose a strong enough password so people can t easily guess what it is  sorry I can t help it  I m a wannabe security weenie    AES is strong with a good key size  but it s also easy to use with PyCrypto

User · Answer

An other implementation of  qneill code which include CRC checksum of the original message  it throw an exception if the check fail   import hashlib import struct import zlib  def vigenere encode text  key       text          format text  struct pack  i   zlib crc32 text         enc          for i in range len text            key c   key i   len key           enc c   chr  ord text i     ord key c     256          enc append enc c       return base64 urlsafe b64encode    join enc     def vigenere decode encoded text  key       dec          encoded text   base64 urlsafe b64decode encoded text      for i in range len encoded text            key c   key i   len key           dec c   chr  256   ord encoded text i   - ord key c     256          dec append dec c       dec      join dec      checksum   dec -4       dec   dec  -4       assert zlib crc32 dec     struct unpack  i   checksum  0    Decode Checksum Error       return dec

User · Answer

Disclaimer  As mentioned in the comments  this should not be used to protect data in a real application   What  39 s wrong with XOR encryption   https   crypto stackexchange com questions 56281 breaking-a-xor-cipher-of-known-key-length  https   github com hellman xortool    As has been mentioned the PyCrypto library contains a suite of ciphers  The XOR  cipher  can be used to do the dirty work if you don t want to do it yourself   from Crypto Cipher import XOR import base64  def encrypt key  plaintext     cipher   XOR new key    return base64 b64encode cipher encrypt plaintext    def decrypt key  ciphertext     cipher   XOR new key    return cipher decrypt base64 b64decode ciphertext     The cipher works as follows without having to pad the plaintext    gt  gt  gt  encrypt  notsosecretkey    Attack at dawn     LxsAEgwYRQIGRRAKEhdP    gt  gt  gt  decrypt  notsosecretkey   encrypt  notsosecretkey    Attack at dawn      Attack at dawn     Credit to https   stackoverflow com a 2490376 241294 for the base64 encode decode functions  I m a python newbie

User · Answer

Here s an implementation of URL Safe encryption and Decryption using AES PyCrypto  and base64    import base64 from Crypto import Random from Crypto Cipher import AES  AKEY   b mysixteenbytekey    AES key must be either 16  24  or 32 bytes long  iv   Random new   read AES block size   def encode message       obj   AES new AKEY  AES MODE CFB  iv      return base64 urlsafe b64encode obj encrypt message    def decode cipher       obj2   AES new AKEY  AES MODE CFB  iv      return obj2 decrypt base64 urlsafe b64decode cipher     If you face some issue like this https   bugs python org issue4329  TypeError  character mapping must return integer  None or unicode  use str cipher  while decoding as follows    return obj2 decrypt base64 urlsafe b64decode str cipher      Test   In  13   encode b Hello World   Out 13   b 67jjg-8 RyaJ-28    In  14    timeit encode  Hello World   100000 loops  best of 3  13 9   s per loop  In  15   decode b 67jjg-8 RyaJ-28    Out 15   b Hello World   In  16    timeit decode b 67jjg-8 RyaJ-28    100000 loops  best of 3  15 2   s per loop

User · Answer

So  as nothing mission critical is being encoded  and you just want to encrypt for obsfuscation   Let me present caeser s cipher      Caesar s cipher or Caesar shift  is one of the simplest and most widely known encryption techniques  It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions down the alphabet  For example  with a left shift of 3  D would be replaced by A  E would become B  and so on   Sample code for your reference     def encrypt text s            result                  traverse text          for i in range len text                 char   text i                  Encrypt uppercase characters              if  char isupper                      result    chr  ord char    s-65    26   65                  Encrypt lowercase characters              else                   result    chr  ord char    s - 97    26   97            return result       def decrypt text s            result                  traverse text          for i in range len text                 char   text i                  Encrypt uppercase characters              if  char isupper                      result    chr  ord char  - s-65    26   65                  Encrypt lowercase characters              else                   result    chr  ord char  - s - 97    26   97            return result        check the above function      text    ATTACKATONCE      s   4     print  Text        text       print  Shift       str s        print  Cipher      encrypt text s       print  Original text      decrypt encrypt text s  s     Advantages   it meets your requirements and is simple and does the encoding thing y    Disadvantage   can be cracked by simple brute force algorithms  highly unlikely anyone would attempt to go through all extra results

User · Answer

Python has no built-in encryption schemes  no  You also should take encrypted data storage serious  trivial encryption schemes that one developer understands to be insecure and a toy scheme may well be mistaken for a secure scheme by a less experienced developer  If you encrypt  encrypt properly    You don   t need to do much work to implement a proper encryption scheme however  First of all  don   t re-invent the cryptography wheel  use a trusted cryptography library to handle this for you  For Python 3  that trusted library is cryptography   I also recommend that encryption and decryption applies to bytes  encode text messages to bytes first  stringvalue encode   encodes to UTF8  easily reverted again using bytesvalue decode     Last but not least  when encrypting and decrypting  we talk about keys  not passwords  A key should not be human memorable  it is something you store in a secret location but machine readable  whereas a password often can be human-readable and memorised  You can derive a key from a password  with a little care    But for a web application or process running in a cluster without human attention to keep running it  you want to use a key  Passwords are for when only an end-user needs access to the specific information  Even then  you usually secure the application with a password  then exchange encrypted information using a key  perhaps one attached to the user account   Symmetric key encryption  Fernet     AES CBC   HMAC  strongly recommended  The cryptography library includes the Fernet recipe  a best-practices recipe for using cryptography  Fernet is an open standard    with ready implementations in a wide range of programming languages and it packages AES CBC encryption for you with version information  a timestamp and an HMAC signature to prevent message tampering    Fernet makes it very easy to encrypt and decrypt messages and keep you secure  It is the ideal method for encrypting data with a secret   I recommend you use Fernet generate key   to generate a secure key  You can use a password too  next section   but a full 32-byte secret key  16 bytes to encrypt with  plus another 16 for the signature  is going to be more secure than most passwords you could think of   The key that Fernet generates is a bytes object with URL and file safe base64 characters  so printable   from cryptography fernet import Fernet  key   Fernet generate key      store in a secure location print  Key    key decode      To encrypt or decrypt messages  create a Fernet   instance with the given key  and call the Fernet encrypt   or Fernet decrypt    both the plaintext message to encrypt and the encrypted token are bytes objects   encrypt   and decrypt   functions would look like   from cryptography fernet import Fernet  def encrypt message  bytes  key  bytes  - gt  bytes      return Fernet key  encrypt message   def decrypt token  bytes  key  bytes  - gt  bytes      return Fernet key  decrypt token    Demo    gt  gt  gt  key   Fernet generate key    gt  gt  gt  print key decode    GZWKEhHGNopxRdOHS4H4IyKhLQ8lwnyU7vRLrM3sebY   gt  gt  gt  message    John Doe   gt  gt  gt  encrypt message encode    key   gAAAAABciT3pFbbSihD HZBZ8kqfAj94UhknamBuirZWKivWOukgKQ03qE2mcuvpuwCSuZ-X Xkud0uWQLZ5e-aOwLC0Ccnepg     gt  gt  gt  token      gt  gt  gt  decrypt token  key  decode    John Doe    Fernet with password     key derived from password  weakens the security somewhat  You can use a password instead of a secret key  provided you use a strong key derivation method  You do then have to include the salt and the HMAC iteration count in the message  so the encrypted value is not Fernet-compatible anymore without first separating salt  count and Fernet token   import secrets from base64 import urlsafe b64encode as b64e  urlsafe b64decode as b64d  from cryptography fernet import Fernet from cryptography hazmat backends import default backend from cryptography hazmat primitives import hashes from cryptography hazmat primitives kdf pbkdf2 import PBKDF2HMAC  backend   default backend   iterations   100 000  def  derive key password  bytes  salt  bytes  iterations  int   iterations  - gt  bytes         Derive a secret key from a given password and salt        kdf   PBKDF2HMAC          algorithm hashes SHA256    length 32  salt salt          iterations iterations  backend backend      return b64e kdf derive password    def password encrypt message  bytes  password  str  iterations  int   iterations  - gt  bytes      salt   secrets token bytes 16      key    derive key password encode    salt  iterations      return b64e          b  b b b                  salt              iterations to bytes 4   big                b64d Fernet key  encrypt message                     def password decrypt token  bytes  password  str  - gt  bytes      decoded   b64d token      salt  iter  token   decoded  16   decoded 16 20   b64e decoded 20        iterations   int from bytes iter   big       key    derive key password encode    salt  iterations      return Fernet key  decrypt token    Demo    gt  gt  gt  message    John Doe   gt  gt  gt  password    mypass   gt  gt  gt  password encrypt message encode    password  b 9Ljs-w8IRM3XT1NDBbSBuQABhqCAAAAAAFyJdhiCPXms2vQHO7o81xZJn5r8 PAtro8Qpw48kdKrq4vt-551BCUbcErb GyYRz8SVsu8hxTXvvKOn9QdewRGDfwx   gt  gt  gt  token      gt  gt  gt  password decrypt token  password  decode    John Doe    Including the salt in the output makes it possible to use a random salt value  which in turn ensures the encrypted output is guaranteed to be fully random regardless of password reuse or message repetition  Including the iteration count ensures that you can adjust for CPU performance increases over time without losing the ability to decrypt older messages    A password alone can be as safe as a Fernet 32-byte random key  provided you generate a properly random password from a similar size pool  32 bytes gives you 256   32 number of keys  so if you use an alphabet of 74 characters  26 upper  26 lower  10 digits and 12 possible symbols   then your password should be at least math ceil math log 256    32  74      42 characters long  However  a well-selected larger number of HMAC iterations can mitigate the lack of entropy somewhat as this makes it much more expensive for an attacker to brute force their way in   Just know that choosing a shorter but still reasonably secure password won   t cripple this scheme  it just reduces the number of possible values a brute-force attacker would have to search through  make sure to pick a strong enough password for your security requirements   Alternatives  Obscuring  An alternative is not to encrypt  Don t be tempted to just use a low-security cipher  or a home-spun implementation of  say Vignere  There is no security in these approaches  but may give an inexperienced developer that is given the task to maintain your code in future the illusion of security  which is worse than no security at all   If all you need is obscurity  just base64 the data  for URL-safe requirements  the base64 urlsafe b64encode   function is fine  Don t use a password here  just encode and you are done  At most  add some compression  like zlib    import zlib from base64 import urlsafe b64encode as b64e  urlsafe b64decode as b64d  def obscure data  bytes  - gt  bytes      return b64e zlib compress data  9    def unobscure obscured  bytes  - gt  bytes      return zlib decompress b64d obscured     This turns b Hello world   into b eNrzSM3JyVcozy KSVEEAB0JBF4     Integrity only  If all you need is a way to make sure that the data can be trusted to be unaltered after having been sent to an untrusted client and received back  then you want to sign the data  you can use the hmac library for this with SHA1  still considered secure for HMAC signing  or better   import hmac import hashlib  def sign data  bytes  key  bytes  algorithm hashlib sha256  - gt  bytes      assert len key   gt   algorithm   digest size             Key must be at least as long as the digest size of the            hashing algorithm            return hmac new key  data  algorithm  digest    def verify signature  bytes  data  bytes  key  bytes  algorithm hashlib sha256  - gt  bytes      expected   sign data  key  algorithm      return hmac compare digest expected  signature    Use this to sign data  then attach the signature with the data and send that to the client  When you receive the data back  split data and signature and verify   I ve set the default algorithm to SHA256  so you ll need a 32-byte key   key   secrets token bytes 32    You may want to look at the itsdangerous library  which packages this all up with serialisation and de-serialisation in various formats   Using AES-GCM encryption to provide encryption and integrity  Fernet builds on AEC-CBC with a HMAC signature to ensure integrity of the encrypted data  a malicious attacker can t feed your system nonsense data to keep your service busy running in circles with bad input  because the ciphertext is signed   The Galois   Counter mode block cipher produces ciphertext and a tag to serve the same purpose  so can be used to serve the same purposes  The downside is that unlike Fernet there is no easy-to-use one-size-fits-all recipe to reuse on other platforms  AES-GCM also doesn t use padding  so this encryption ciphertext matches the length of the input message  whereas Fernet   AES-CBC encrypts messages to blocks of fixed length  obscuring the message length somewhat    AES256-GCM takes the usual 32 byte secret as a key   key   secrets token bytes 32    then use  import binascii  time from base64 import urlsafe b64encode as b64e  urlsafe b64decode as b64d  from cryptography hazmat primitives ciphers import Cipher  algorithms  modes from cryptography hazmat backends import default backend from cryptography exceptions import InvalidTag  backend   default backend    def aes gcm encrypt message  bytes  key  bytes  - gt  bytes      current time   int time time    to bytes 8   big       algorithm   algorithms AES key      iv   secrets token bytes algorithm block size    8      cipher   Cipher algorithm  modes GCM iv   backend backend      encryptor   cipher encryptor       encryptor authenticate additional data current time      ciphertext   encryptor update message    encryptor finalize               return b64e current time   iv   ciphertext   encryptor tag   def aes gcm decrypt token  bytes  key  bytes  ttl None  - gt  bytes      algorithm   algorithms AES key      try          data   b64d token      except  TypeError  binascii Error           raise InvalidToken     timestamp  iv  tag   data  8   data 8 algorithm block size    8   8   data -16       if ttl is not None          current time   int time time            time encrypted    int from bytes data  8    big           if time encrypted   ttl  lt  current time or current time   60  lt  time encrypted                too old or created well before our current time   1 h to account for clock skew             raise InvalidToken     cipher   Cipher algorithm  modes GCM iv  tag   backend backend      decryptor   cipher decryptor       decryptor authenticate additional data timestamp      ciphertext   data 8   len iv  -16      return decryptor update ciphertext    decryptor finalize     I ve included a timestamp to support the same time-to-live use-cases that Fernet supports   Other approaches on this page  in Python 3  AES CFB - like CBC but without the need to pad  This is the approach that All    V    y follows  albeit incorrectly  This is the cryptography version  but note that I include the IV in the ciphertext  it should not be stored as a global  reusing an IV weakens the security of the key  and storing it as a module global means it ll be re-generated the next Python invocation  rendering all ciphertext undecryptable    import secrets from base64 import urlsafe b64encode as b64e  urlsafe b64decode as b64d  from cryptography hazmat primitives ciphers import Cipher  algorithms  modes from cryptography hazmat backends import default backend  backend   default backend    def aes cfb encrypt message  key       algorithm   algorithms AES key      iv   secrets token bytes algorithm block size    8      cipher   Cipher algorithm  modes CFB iv   backend backend      encryptor   cipher encryptor       ciphertext   encryptor update message    encryptor finalize       return b64e iv   ciphertext   def aes cfb decrypt ciphertext  key       iv ciphertext   b64d ciphertext      algorithm   algorithms AES key      size   algorithm block size    8     iv  encrypted   iv ciphertext  size   iv ciphertext size       cipher   Cipher algorithm  modes CFB iv   backend backend      decryptor   cipher decryptor       return decryptor update encrypted    decryptor finalize     This lacks the added armoring of an HMAC signature and there is no timestamp  you   d have to add those yourself   The above also illustrates how easy it is to combine basic cryptography building blocks incorrectly  All    V    y   s incorrect handling of the IV value can lead to a data breach or all encrypted messages being unreadable because the IV is lost  Using Fernet instead protects you from such mistakes    AES ECB     not secure  If you previously implemented AES ECB encryption and need to still support this in Python 3  you can do so still with cryptography too  The same caveats apply  ECB is not secure enough for real-life applications  Re-implementing that answer for Python 3  adding automatic handling of padding   from base64 import urlsafe b64encode as b64e  urlsafe b64decode as b64d  from cryptography hazmat primitives ciphers import Cipher  algorithms  modes from cryptography hazmat primitives import padding from cryptography hazmat backends import default backend  backend   default backend    def aes ecb encrypt message  key       cipher   Cipher algorithms AES key   modes ECB    backend backend      encryptor   cipher encryptor       padder   padding PKCS7 cipher algorithm block size  padder       padded   padder update msg text encode      padder finalize       return b64e encryptor update padded    encryptor finalize     def aes ecb decrypt ciphertext  key       cipher   Cipher algorithms AES key   modes ECB    backend backend      decryptor   cipher decryptor       unpadder   padding PKCS7 cipher algorithm block size  unpadder       padded   decryptor update b64d ciphertext     decryptor finalize       return unpadder update padded    unpadder finalize     Again  this lacks the HMAC signature  and you shouldn   t use ECB anyway  The above is there merely to illustrate that cryptography can handle the common cryptographic building blocks  even the ones you shouldn   t actually use

User · Answer

Assuming you are only looking for simple obfuscation that will obscure things from the very casual observer  and you aren t looking to use third party libraries  I d recommend something like the Vigenere cipher  It is one of the strongest of the simple ancient ciphers   Vigen  re cipher  It s quick and easy to implement  Something like   import base64  def encode key  string       encoded chars          for i in xrange len string            key c   key i   len key           encoded c   chr ord string i     ord key c    256          encoded chars append encoded c      encoded string      join encoded chars      return base64 urlsafe b64encode encoded string    Decode is pretty much the same  except you subtract the key   It is much harder to break if the strings you are encoding are short  and or if it is hard to guess the length of the passphrase used    If you are looking for something cryptographic  PyCrypto is probably your best bet  though previous answers overlook some details  ECB mode in PyCrypto requires your message to be a multiple of 16 characters in length  So  you must pad  Also  if you want to use them as URL parameters  use base64 urlsafe b64 encode    rather than the standard one  This replaces a few of the characters in the base64 alphabet with URL-safe characters  as it s name suggests    However  you should be ABSOLUTELY certain that this very thin layer of obfuscation suffices for your needs before using this  The Wikipedia article I linked to provides detailed instructions for breaking the cipher  so anyone with a moderate amount of determination could easily break it

User · Answer

The  encoded c  mentioned in the  smehmood s Vigenere cipher answer should be  key c    Here are working encode decode functions   import base64 def encode key  clear       enc          for i in range len clear            key c   key i   len key           enc c   chr  ord clear i     ord key c     256          enc append enc c      return base64 urlsafe b64encode    join enc    def decode key  enc       dec          enc   base64 urlsafe b64decode enc      for i in range len enc            key c   key i   len key           dec c   chr  256   ord enc i   - ord key c     256          dec append dec c      return    join dec    Disclaimer  As implied by the comments  this should not be used to protect data in a real application  unless you read this and don t mind talking with lawyers   What  39 s wrong with XOR encryption

User · Answer

Thanks for some great answers  Nothing original to add  but here are some progressive rewrites of qneill s answer using some useful Python facilities  I hope you agree they simplify and clarify the code   import base64   def qneill encode key  clear       enc          for i in range len clear            key c   key i   len key           enc c   chr  ord clear i     ord key c     256          enc append enc c      return base64 urlsafe b64encode    join enc     def qneill decode key  enc       dec          enc   base64 urlsafe b64decode enc      for i in range len enc            key c   key i   len key           dec c   chr  256   ord enc i   - ord key c     256          dec append dec c      return    join dec       enumerate  -- pair the items in a list with their index      iterate over the characters in a string   def encode enumerate key  clear       enc          for i  ch in enumerate clear           key c   key i   len key           enc c   chr  ord ch    ord key c     256          enc append enc c      return base64 urlsafe b64encode    join enc     def decode enumerate key  enc       dec          enc   base64 urlsafe b64decode enc      for i  ch in enumerate enc           key c   key i   len key           dec c   chr  256   ord ch  - ord key c     256          dec append dec c      return    join dec       build lists using a list comprehension   def encode comprehension key  clear       enc    chr  ord clear char    ord key i   len key       256                  for i  clear char in enumerate clear       return base64 urlsafe b64encode    join enc     def decode comprehension key  enc       enc   base64 urlsafe b64decode enc      dec    chr  256   ord ch  - ord key i   len key       256             for i  ch in enumerate enc       return    join dec       Often in Python there s no need for list indexes at all  Eliminate loop index variables entirely using zip and cycle    from itertools import cycle   def encode zip cycle key  clear       enc    chr  ord clear char    ord key char     256                  for clear char  key char in zip clear  cycle key        return base64 urlsafe b64encode    join enc     def decode zip cycle key  enc       enc   base64 urlsafe b64decode enc      dec    chr  256   ord enc char  - ord key char     256                  for enc char  key char in zip enc  cycle key        return    join dec       and some tests      msg    The quick brown fox jumps over the lazy dog   key    jMG6JV3QdtRh3EhCHWUi  print  cleartext   0   format msg   print  ciphertext   0   format encode zip cycle key  msg     encoders    qneill encode  encode enumerate  encode comprehension  encode zip cycle  decoders    qneill decode  decode enumerate  decode comprehension  decode zip cycle     round-trip check for each pair of implementations matched pairs   zip encoders  decoders  assert all  decode key  encode key  msg      msg for encode  decode in matched pairs   print  Round-trips for encoder-decoder pairs  all tests passed      round-trip applying each kind of decode to each kind of encode to prove equivalent from itertools import product all combinations   product encoders  decoders  assert all decode key  encode key  msg      msg for encode  decode in all combinations  print  Each encoder and decoder can be swapped with any other  all tests passed     gt  gt  gt  python crypt py cleartext  The quick brown fox jumps over the lazy dog  ciphertext  vrWsVrvLnLTPlLTaorzWY67GzYnUwrSmvXaix8nmctybqoivqdHOic68rmQ  Round-trips for encoder-decoder pairs  all tests passed Each encoder and decoder can be swapped with any other  all tests passed

User · Answer

Here s a Python 3 version of the functions from  qneill  s answer   import base64 def encode key  clear       enc          for i in range len clear            key c   key i   len key           enc c   chr  ord clear i     ord key c     256          enc append enc c      return base64 urlsafe b64encode    join enc  encode    decode    def decode key  enc       dec          enc   base64 urlsafe b64decode enc  decode       for i in range len enc            key c   key i   len key           dec c   chr  256   ord enc i   - ord key c     256          dec append dec c      return    join dec    The extra encode decodes are needed because Python 3 has split strings byte arrays into two different concepts  and updated their APIs to reflect that

User · Answer

If you want to be safe  you can use Fernet  which is cryptographically sound  You can use a static  salt  if you don t want to store it separately - you will only lose dictionary and rainbow attack prevention  I chose it because I can pick long or short passwords    which is not so easy with AES   from cryptography fernet import Fernet from cryptography hazmat backends import default backend from cryptography hazmat primitives import hashes from cryptography hazmat primitives kdf pbkdf2 import PBKDF2HMAC import base64   set password password    mysecretpassword   set message message    secretmessage   kdf   PBKDF2HMAC algorithm hashes SHA256    length 32  salt  staticsalt   iterations 100000  backend default backend    key   base64 urlsafe b64encode kdf derive password   f   Fernet key    encrypt encrypted   f encrypt message  print encrypted   decrypt decrypted   f decrypt encrypted  print decrypted   If that s too complicated  someone suggested simplecrypt   from simplecrypt import encrypt  decrypt ciphertext   encrypt  password   plaintext  plaintext   decrypt  password   ciphertext

User · Answer

External libraries provide secret-key encryption algorithms   For example  the Cypher module in PyCrypto offers a selection of many encryption algorithms    Crypto Cipher AES Crypto Cipher ARC2 Crypto Cipher ARC4 Crypto Cipher Blowfish Crypto Cipher CAST Crypto Cipher DES Crypto Cipher DES3 Crypto Cipher IDEA Crypto Cipher RC5 Crypto Cipher XOR   MeTooCrypto is a Python wrapper for OpenSSL  and provides  among other functions  a full-strength general purpose cryptography library  Included are symmetric ciphers  like AES

User · Answer

if you want secure encryption   for python 2  you should use keyczar http   www keyczar org   for python 3  until keyczar is available  i have written simple-crypt http   pypi python org pypi simple-crypt  both these will use key strengthening which makes them more secure than most other answers here   and since they re so easy to use you might want to use them even when security is not critical

User · Answer

As you explicitly state that you want obscurity not security  we ll avoid reprimanding you for the weakness of what you suggest     So  using PyCrypto   import base64 from Crypto Cipher import AES  msg text   b test some plain text here  rjust 32  secret key   b 1234567890123456   cipher   AES new secret key AES MODE ECB    never use ECB in strong systems obviously encoded   base64 b64encode cipher encrypt msg text   print encoded  decoded   cipher decrypt base64 b64decode encoded   print decoded    If someone gets a hold of your database and your code base  they will be able to decode the encrypted data  Keep your secret key safe

User · Answer

Whoever came here  and the bountier  seemed to be looking for one-liners with not much setup  which other answers don t provide  So I m putting forward base64   Now  keep in mind that this is basic obfuscation only  and is in   NO WAY OK FOR SECURITY    but here are some one-liners   from base64 import urlsafe b64encode  urlsafe b64decode  def encode data  key       return urlsafe b64encode bytes key data   utf-8     def decode enc  key       return urlsafe b64decode enc  len key    decode  utf-8    print encode  hi    there      b dGhlcmVoaQ    print decode encode  hi    there     there       hi    A few things to note    you will want to deal with more less byte-to-string encoding decoding on your own  depending on your I O  Look into bytes   and bytes  decode   base64 is easily recognizable by the types of characters used  and often ending with   characters  People like me absolutely go around decoding them in the javascript console when we see them on websites  It s as easy as btoa string   js  the order is key data  as in b64  what characters appear at the end depends on what characters are at the beginning  because of byte offsets  Wikipedia has some nice explanations   In this scenario  the beginning of the encoded string will be the same for everything encoded with that key  The plus is that the data will be more obfuscated  Doing it the other way around will result on the data part being exactly the same for everyone  regardless of key    Now  if what you wanted didn t even need a key of any kind  but just some obfuscation  you can yet again just use base64  without any kinds of key   from base64 import urlsafe b64encode  urlsafe b64decode  def encode data       return urlsafe b64encode bytes data   utf-8     def decode enc       return urlsafe b64decode enc  decode    print encode  hi      b aGk   print decode encode  hi        hi

User · Answer

This works but password length should be exactly 8  This is simple and requires pyDes   from pyDes import    def encode data password       k   des password  CBC    0 0 0 0 0 0 0 0   pad None  padmode PAD PKCS5      d   k encrypt data      return d  def decode data password       k   des password  CBC    0 0 0 0 0 0 0 0   pad None  padmode PAD PKCS5      d   k decrypt data      return d  x   encode  John Doe    mypass12   y   decode x  mypass12    print x print y   OUTPUT            S            John Doe

[python] Simple way to encode a string according to a password?

1) Using Fernet encryption with `cryptography` library

2) Simple AES encryption with `Crypto` library

3) AES using a better password key derivation function and the ability to test if "wrong password entered", with `Crypto` library

4) Using RC4 (no library needed)

Examples related to python

Examples related to encryption

Examples related to passwords