KTVManager_Backend/ktvmanager/lib/encryption.py

import os
from Cryptodome.Cipher import AES
from Cryptodome.Protocol.KDF import PBKDF2
from Cryptodome.Random import get_random_bytes

# Use a new secret for the new encryption scheme
SECRET = "KTVM-NEW-ENCRYPTION-SECRET"
SALT_SIZE = 16
KEY_SIZE = 32
ITERATIONS = 100000
AUTH_TAG_LENGTH = 16

def encrypt_password(clear_string):
    """Encrypts a string using AES-GCM with a derived key."""
    salt = get_random_bytes(SALT_SIZE)
    # Derive a key from the master secret and a random salt
    key = PBKDF2(SECRET, salt, dkLen=KEY_SIZE, count=ITERATIONS)
    cipher = AES.new(key, AES.MODE_GCM)
    # Encrypt the data
    ciphertext, tag = cipher.encrypt_and_digest(clear_string.encode('utf-8'))
    # Return a single hex-encoded string containing all parts
    return (salt + cipher.nonce + tag + ciphertext).hex()

def decrypt_password(encrypted_string):
    """Decrypts a string encrypted with the above function."""
    data = bytes.fromhex(encrypted_string)
    # Extract the components from the encrypted string
    salt = data[:SALT_SIZE]
    nonce = data[SALT_SIZE:SALT_SIZE + 16]
    tag = data[SALT_SIZE + 16:SALT_SIZE + 16 + AUTH_TAG_LENGTH]
    ciphertext = data[SALT_SIZE + 16 + AUTH_TAG_LENGTH:]
    # Re-derive the same key using the stored salt
    key = PBKDF2(SECRET, salt, dkLen=KEY_SIZE, count=ITERATIONS)
    cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)
    # Decrypt and verify the data
    try:
        decrypted_bytes = cipher.decrypt_and_verify(ciphertext, tag)
        return decrypted_bytes.decode('utf-8')
    except ValueError:
        # This will be raised if the MAC check fails (tampered data or wrong key)
        raise ValueError("Decryption failed: MAC check failed. The data may be corrupt or the key is incorrect.")
latest working sample 2025-05-10 13:58:58 +01:00			`import os`
new encryption logic 2025-07-14 13:29:55 +01:00			`from Cryptodome.Cipher import AES`
			`from Cryptodome.Protocol.KDF import PBKDF2`
			`from Cryptodome.Random import get_random_bytes`
latest working sample 2025-05-10 13:58:58 +01:00
new encryption logic 2025-07-14 13:29:55 +01:00			`# Use a new secret for the new encryption scheme`
			`SECRET = "KTVM-NEW-ENCRYPTION-SECRET"`
refactor(security): improve encryption using PyCryptodome and PBKDF2 Replace the `cryptography` library with `pycryptodome` for password encryption. The previous implementation used AES-GCM with a static key derived from a hardcoded secret. This change introduces a more robust security model by: - Using PBKDF2 to derive the encryption key from the secret. - Adding a unique, randomly generated salt for each encrypted password. This significantly enhances security by protecting against rainbow table and pre-computation attacks. BREAKING CHANGE: The password encryption format has changed. All previously encrypted passwords stored in the database are now invalid and will need to be reset. 2025-07-14 11:55:13 +01:00			`SALT_SIZE = 16`
			`KEY_SIZE = 32`
			`ITERATIONS = 100000`
new encryption logic 2025-07-14 13:29:55 +01:00			`AUTH_TAG_LENGTH = 16`
latest working sample 2025-05-10 13:58:58 +01:00
			`def encrypt_password(clear_string):`
new encryption logic 2025-07-14 13:29:55 +01:00			`"""Encrypts a string using AES-GCM with a derived key."""`
refactor(security): improve encryption using PyCryptodome and PBKDF2 Replace the `cryptography` library with `pycryptodome` for password encryption. The previous implementation used AES-GCM with a static key derived from a hardcoded secret. This change introduces a more robust security model by: - Using PBKDF2 to derive the encryption key from the secret. - Adding a unique, randomly generated salt for each encrypted password. This significantly enhances security by protecting against rainbow table and pre-computation attacks. BREAKING CHANGE: The password encryption format has changed. All previously encrypted passwords stored in the database are now invalid and will need to be reset. 2025-07-14 11:55:13 +01:00			`salt = get_random_bytes(SALT_SIZE)`
new encryption logic 2025-07-14 13:29:55 +01:00			`# Derive a key from the master secret and a random salt`
refactor(security): improve encryption using PyCryptodome and PBKDF2 Replace the `cryptography` library with `pycryptodome` for password encryption. The previous implementation used AES-GCM with a static key derived from a hardcoded secret. This change introduces a more robust security model by: - Using PBKDF2 to derive the encryption key from the secret. - Adding a unique, randomly generated salt for each encrypted password. This significantly enhances security by protecting against rainbow table and pre-computation attacks. BREAKING CHANGE: The password encryption format has changed. All previously encrypted passwords stored in the database are now invalid and will need to be reset. 2025-07-14 11:55:13 +01:00			`key = PBKDF2(SECRET, salt, dkLen=KEY_SIZE, count=ITERATIONS)`
			`cipher = AES.new(key, AES.MODE_GCM)`
new encryption logic 2025-07-14 13:29:55 +01:00			`# Encrypt the data`
			`ciphertext, tag = cipher.encrypt_and_digest(clear_string.encode('utf-8'))`
			`# Return a single hex-encoded string containing all parts`
refactor(security): improve encryption using PyCryptodome and PBKDF2 Replace the `cryptography` library with `pycryptodome` for password encryption. The previous implementation used AES-GCM with a static key derived from a hardcoded secret. This change introduces a more robust security model by: - Using PBKDF2 to derive the encryption key from the secret. - Adding a unique, randomly generated salt for each encrypted password. This significantly enhances security by protecting against rainbow table and pre-computation attacks. BREAKING CHANGE: The password encryption format has changed. All previously encrypted passwords stored in the database are now invalid and will need to be reset. 2025-07-14 11:55:13 +01:00			`return (salt + cipher.nonce + tag + ciphertext).hex()`
latest working sample 2025-05-10 13:58:58 +01:00
			`def decrypt_password(encrypted_string):`
new encryption logic 2025-07-14 13:29:55 +01:00			`"""Decrypts a string encrypted with the above function."""`
feat(security): implement AES-GCM for password encryption Replaces the `pyeasyencrypt` library with a more robust and standard encryption implementation using `cryptography.hazmat`. This commit introduces AES-256-GCM for encrypting and decrypting user account passwords. The `add_account` endpoint now properly encrypts passwords before database insertion. Error handling has been added to the `get_user_accounts` endpoint to manage decryption failures for legacy passwords, which will be returned as "DECRYPTION_FAILED". BREAKING CHANGE: The password encryption algorithm has been changed. All previously stored passwords are now invalid and cannot be decrypted. 2025-07-14 11:12:13 +01:00			`data = bytes.fromhex(encrypted_string)`
new encryption logic 2025-07-14 13:29:55 +01:00			`# Extract the components from the encrypted string`
refactor(security): improve encryption using PyCryptodome and PBKDF2 Replace the `cryptography` library with `pycryptodome` for password encryption. The previous implementation used AES-GCM with a static key derived from a hardcoded secret. This change introduces a more robust security model by: - Using PBKDF2 to derive the encryption key from the secret. - Adding a unique, randomly generated salt for each encrypted password. This significantly enhances security by protecting against rainbow table and pre-computation attacks. BREAKING CHANGE: The password encryption format has changed. All previously encrypted passwords stored in the database are now invalid and will need to be reset. 2025-07-14 11:55:13 +01:00			`salt = data[:SALT_SIZE]`
			`nonce = data[SALT_SIZE:SALT_SIZE + 16]`
new encryption logic 2025-07-14 13:29:55 +01:00			`tag = data[SALT_SIZE + 16:SALT_SIZE + 16 + AUTH_TAG_LENGTH]`
			`ciphertext = data[SALT_SIZE + 16 + AUTH_TAG_LENGTH:]`
			`# Re-derive the same key using the stored salt`
refactor(security): improve encryption using PyCryptodome and PBKDF2 Replace the `cryptography` library with `pycryptodome` for password encryption. The previous implementation used AES-GCM with a static key derived from a hardcoded secret. This change introduces a more robust security model by: - Using PBKDF2 to derive the encryption key from the secret. - Adding a unique, randomly generated salt for each encrypted password. This significantly enhances security by protecting against rainbow table and pre-computation attacks. BREAKING CHANGE: The password encryption format has changed. All previously encrypted passwords stored in the database are now invalid and will need to be reset. 2025-07-14 11:55:13 +01:00			`key = PBKDF2(SECRET, salt, dkLen=KEY_SIZE, count=ITERATIONS)`
			`cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)`
new encryption logic 2025-07-14 13:29:55 +01:00			`# Decrypt and verify the data`
			`try:`
			`decrypted_bytes = cipher.decrypt_and_verify(ciphertext, tag)`
			`return decrypted_bytes.decode('utf-8')`
			`except ValueError:`
			`# This will be raised if the MAC check fails (tampered data or wrong key)`
			`raise ValueError("Decryption failed: MAC check failed. The data may be corrupt or the key is incorrect.")`