-
Notifications
You must be signed in to change notification settings - Fork 0
/
hasher.py
60 lines (46 loc) · 1.83 KB
/
hasher.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
import bcrypt
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.backends import default_backend
import base64
import os
import hashlib
def generate_salt():
"""Generate a secure random salt."""
return os.urandom(16)
def hash_password(password, salt):
"""Hash a password using bcrypt and a provided salt."""
return bcrypt.hashpw(password.encode(), salt)
def check_password(password, hashed):
"""Check if the password matches the hashed value."""
return bcrypt.checkpw(password.encode(), hashed)
def generate_encryption_key(password, salt):
"""Generate an encryption key from a password and salt using PBKDF2HMAC."""
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
iterations=100000,
backend=default_backend(),
)
key = base64.urlsafe_b64encode(kdf.derive(password.encode()))
return key
def encrypt_data(data, key):
"""Encrypt data using a Fernet cipher and the provided key."""
f = Fernet(key)
encrypted_data = f.encrypt(data) # Directly encrypt bytes
return encrypted_data
def decrypt_data(encrypted_data, key):
"""Decrypt data using a Fernet cipher and the provided key."""
f = Fernet(key)
try:
decrypted_data = f.decrypt(encrypted_data)
return decrypted_data.decode()
except Exception as e:
raise ValueError(f"Failure to decrypt data: {e}")
def verify_data_integrity(encrypted_data, expected_hash):
"""Verify the integrity of the encrypted data by comparing its hash with the expected hash."""
data_hash = hashlib.sha256(encrypted_data).hexdigest()
if data_hash != expected_hash:
raise ValueError("Data integrity check failed. The data may be corrupted.")