AES-256-CBC encryption/decryption over a simple REST API.
Every encryption call produces a unique output thanks to a random salt + IV.
- Flask — web framework
- cryptography — AES-256-CBC + PBKDF2 key derivation (Python stdlib-backed)
pip install -r requirements.txt
python app.pyServer starts at http://localhost:5000.
Health check.
Response
{ "success": true, "message": "Encryption API is running.", "version": "1.0.0" }Encrypt a text string.
Request body
{
"text": "Hello, world!",
"passphrase": "my-secret-key"
}Response
{
"success": true,
"token": "abc123...:def456...:ghi789..."
}The token is base64(salt):base64(iv):base64(ciphertext).
Identical inputs produce different tokens every call.
Decrypt a token produced by /encrypt.
Request body
{
"token": "abc123...:def456...:ghi789...",
"passphrase": "my-secret-key"
}Response
{
"success": true,
"text": "Hello, world!"
}Error (wrong key)
{
"success": false,
"error": "Decryption failed — wrong passphrase or corrupted data."
}# Encrypt
curl -s -X POST http://localhost:5000/encrypt \
-H "Content-Type: application/json" \
-d '{"text":"Hello, world!","passphrase":"my-secret-key"}' | python -m json.tool
# Decrypt (paste token from above)
curl -s -X POST http://localhost:5000/decrypt \
-H "Content-Type: application/json" \
-d '{"token":"<paste-token-here>","passphrase":"my-secret-key"}' | python -m json.tool| Property | Value |
|---|---|
| Algorithm | AES-256-CBC |
| Key derivation | PBKDF2-HMAC-SHA256 |
| KDF iterations | 100,000 |
| Salt | 16 bytes, random per call |
| IV | 16 bytes, random per call |
| Padding | PKCS7 |
| Token format | base64url(salt):base64url(iv):base64url(ciphertext) |
Minimum passphrase length: 8 characters (enforced by the API).