AES CTR mode encryption with HMACAES encryption in PHPAES encryption wrapperAES CTR mode using pycryptoAES encryption classRecreating binary counter for arbitrary length arraysEncrypting a binary stream with RSA + AES in counter modeEncryption wrapperEncryption algorithm using CTR modeEncrypt and decrypt a message using AES-256 with GCM mode using Bouncy Castle C# libraryPyCrypto AES-CFB with SCrypt and HMAC

How to add power-LED to my small amplifier?

Can Medicine checks be used, with decent rolls, to completely mitigate the risk of death from ongoing damage?

Shell script can be run only with sh command

Are tax years 2016 & 2017 back taxes deductible for tax year 2018?

Patience, young "Padovan"

Why are 150k or 200k jobs considered good when there are 300k+ births a month?

Simulate Bitwise Cyclic Tag

Pronouncing Dictionary.com's W.O.D "vade mecum" in English

How to type dʒ symbol (IPA) on Mac?

What makes Graph invariants so useful/important?

How old can references or sources in a thesis be?

Banach space and Hilbert space topology

How is this relation reflexive?

I’m planning on buying a laser printer but concerned about the life cycle of toner in the machine

declaring a variable twice in IIFE

What is the command to reset a PC without deleting any files

Why has Russell's definition of numbers using equivalence classes been finally abandoned? ( If it has actually been abandoned).

What are these boxed doors outside store fronts in New York?

Validation accuracy vs Testing accuracy

How do you conduct xenoanthropology after first contact?

Possibly bubble sort algorithm

Japan - Plan around max visa duration

Is it possible to do 50 km distance without any previous training?

Copycat chess is back



AES CTR mode encryption with HMAC


AES encryption in PHPAES encryption wrapperAES CTR mode using pycryptoAES encryption classRecreating binary counter for arbitrary length arraysEncrypting a binary stream with RSA + AES in counter modeEncryption wrapperEncryption algorithm using CTR modeEncrypt and decrypt a message using AES-256 with GCM mode using Bouncy Castle C# libraryPyCrypto AES-CFB with SCrypt and HMAC






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








1












$begingroup$


I am trying to implement AES CTR encryption mode with HMAC authentication for messages.



It's encrypting and decrypting fine as long as the key length is 64 bytes, since AES key and HMAC key are being derived from this key.



Questions



  • Is it safe to append IV or nonce to the encrypted messages?

  • Is it safe to append HMAC digest to append to the messages?

  • Can you review it for best security coding practices?

Code



def encrypt(full_key, plaintext):

 if len(full_key) != 64:
 raise Exception("FULL key length shall be equal to 64")
 key = full_key[:len(full_key) //2]

 # Use the last half as the HMAC key
 hmac_key = full_key[len(full_key) // 2:]


 if isinstance(plaintext, str):
 plaintext = plaintext.encode()

 compressed = zlib.compress(plaintext, 5)
 print (f"compressed plaintext compressed")



 # Choose a random, 16-byte IV.
 iv = os.urandom(16)
 # Convert the IV to a Python integer.
 iv_int = int(binascii.hexlify(iv), 16) 
 # Create a new Counter object with IV = iv_int.
 ctr = Counter.new(128, initial_value=iv_int)
 # Create AES-CTR cipher.
 aes = AES.new(key, AES.MODE_CTR, counter=ctr)
 # Encrypt and return IV and ciphertext.
 ciphertext = aes.encrypt(compressed)


 hmac_obj = HMAC.new(hmac_key, compressed, SHA256)
 mac = hmac_obj.digest()

 return iv+ciphertext+mac


def decrypt(key, ciphertext):
 # Initialize counter for decryption. iv should be the same as the output of
 # encrypt().


 if len(full_key) != 64:
 raise Exception("FULL key length shall be equal to 64")

 key = full_key[:len(full_key) //2]

 # Use the last half as the HMAC key
 hmac_key = full_key[len(full_key) // 2:]

 mac_length = 32
 iv_length = 16
 iv = ciphertext[:16]
 mac = ciphertext[-mac_length:] 

 _ciphertext = ciphertext[iv_length:-mac_length]


 iv_int = int(iv.hex(), 16) 
 ctr = Counter.new(128, initial_value=iv_int)
 # Create AES-CTR cipher.
 aes = AES.new(key, AES.MODE_CTR, counter=ctr)

 ciphertext = aes.decrypt(_ciphertext)

 # Extract the MAC from the end of the file
 hmac_obj = HMAC.new(hmac_key, ciphertext, SHA256)
 computed_mac = hmac_obj.digest()

 if computed_mac != mac:
 raise Exception("Messege integrity violated")





 plaintext= zlib.decompress(ciphertext)

 # Decrypt and return the plaintext.


 return plaintext





python python-3.x security authentication aes







share|improve this question









New contributor




saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







$endgroup$


















    1












    $begingroup$


    I am trying to implement AES CTR encryption mode with HMAC authentication for messages.



    It's encrypting and decrypting fine as long as the key length is 64 bytes, since AES key and HMAC key are being derived from this key.



    Questions



    • Is it safe to append IV or nonce to the encrypted messages?

    • Is it safe to append HMAC digest to append to the messages?

    • Can you review it for best security coding practices?

    Code



    def encrypt(full_key, plaintext):

     if len(full_key) != 64:
     raise Exception("FULL key length shall be equal to 64")
     key = full_key[:len(full_key) //2]

     # Use the last half as the HMAC key
     hmac_key = full_key[len(full_key) // 2:]


     if isinstance(plaintext, str):
     plaintext = plaintext.encode()

     compressed = zlib.compress(plaintext, 5)
     print (f"compressed plaintext compressed")



     # Choose a random, 16-byte IV.
     iv = os.urandom(16)
     # Convert the IV to a Python integer.
     iv_int = int(binascii.hexlify(iv), 16) 
     # Create a new Counter object with IV = iv_int.
     ctr = Counter.new(128, initial_value=iv_int)
     # Create AES-CTR cipher.
     aes = AES.new(key, AES.MODE_CTR, counter=ctr)
     # Encrypt and return IV and ciphertext.
     ciphertext = aes.encrypt(compressed)


     hmac_obj = HMAC.new(hmac_key, compressed, SHA256)
     mac = hmac_obj.digest()

     return iv+ciphertext+mac


    def decrypt(key, ciphertext):
     # Initialize counter for decryption. iv should be the same as the output of
     # encrypt().


     if len(full_key) != 64:
     raise Exception("FULL key length shall be equal to 64")

     key = full_key[:len(full_key) //2]

     # Use the last half as the HMAC key
     hmac_key = full_key[len(full_key) // 2:]

     mac_length = 32
     iv_length = 16
     iv = ciphertext[:16]
     mac = ciphertext[-mac_length:] 

     _ciphertext = ciphertext[iv_length:-mac_length]


     iv_int = int(iv.hex(), 16) 
     ctr = Counter.new(128, initial_value=iv_int)
     # Create AES-CTR cipher.
     aes = AES.new(key, AES.MODE_CTR, counter=ctr)

     ciphertext = aes.decrypt(_ciphertext)

     # Extract the MAC from the end of the file
     hmac_obj = HMAC.new(hmac_key, ciphertext, SHA256)
     computed_mac = hmac_obj.digest()

     if computed_mac != mac:
     raise Exception("Messege integrity violated")





     plaintext= zlib.decompress(ciphertext)

     # Decrypt and return the plaintext.


     return plaintext





    python python-3.x security authentication aes







    share|improve this question









    New contributor




    saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.







    $endgroup$














      1












      1








      1





      $begingroup$


      I am trying to implement AES CTR encryption mode with HMAC authentication for messages.



      It's encrypting and decrypting fine as long as the key length is 64 bytes, since AES key and HMAC key are being derived from this key.



      Questions



      • Is it safe to append IV or nonce to the encrypted messages?

      • Is it safe to append HMAC digest to append to the messages?

      • Can you review it for best security coding practices?

      Code



      def encrypt(full_key, plaintext):

       if len(full_key) != 64:
       raise Exception("FULL key length shall be equal to 64")
       key = full_key[:len(full_key) //2]

       # Use the last half as the HMAC key
       hmac_key = full_key[len(full_key) // 2:]


       if isinstance(plaintext, str):
       plaintext = plaintext.encode()

       compressed = zlib.compress(plaintext, 5)
       print (f"compressed plaintext compressed")



       # Choose a random, 16-byte IV.
       iv = os.urandom(16)
       # Convert the IV to a Python integer.
       iv_int = int(binascii.hexlify(iv), 16) 
       # Create a new Counter object with IV = iv_int.
       ctr = Counter.new(128, initial_value=iv_int)
       # Create AES-CTR cipher.
       aes = AES.new(key, AES.MODE_CTR, counter=ctr)
       # Encrypt and return IV and ciphertext.
       ciphertext = aes.encrypt(compressed)


       hmac_obj = HMAC.new(hmac_key, compressed, SHA256)
       mac = hmac_obj.digest()

       return iv+ciphertext+mac


      def decrypt(key, ciphertext):
       # Initialize counter for decryption. iv should be the same as the output of
       # encrypt().


       if len(full_key) != 64:
       raise Exception("FULL key length shall be equal to 64")

       key = full_key[:len(full_key) //2]

       # Use the last half as the HMAC key
       hmac_key = full_key[len(full_key) // 2:]

       mac_length = 32
       iv_length = 16
       iv = ciphertext[:16]
       mac = ciphertext[-mac_length:] 

       _ciphertext = ciphertext[iv_length:-mac_length]


       iv_int = int(iv.hex(), 16) 
       ctr = Counter.new(128, initial_value=iv_int)
       # Create AES-CTR cipher.
       aes = AES.new(key, AES.MODE_CTR, counter=ctr)

       ciphertext = aes.decrypt(_ciphertext)

       # Extract the MAC from the end of the file
       hmac_obj = HMAC.new(hmac_key, ciphertext, SHA256)
       computed_mac = hmac_obj.digest()

       if computed_mac != mac:
       raise Exception("Messege integrity violated")





       plaintext= zlib.decompress(ciphertext)

       # Decrypt and return the plaintext.


       return plaintext





      python python-3.x security authentication aes







      share|improve this question









      New contributor




      saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.







      $endgroup$




      I am trying to implement AES CTR encryption mode with HMAC authentication for messages.



      It's encrypting and decrypting fine as long as the key length is 64 bytes, since AES key and HMAC key are being derived from this key.



      Questions



      • Is it safe to append IV or nonce to the encrypted messages?

      • Is it safe to append HMAC digest to append to the messages?

      • Can you review it for best security coding practices?

      Code



      def encrypt(full_key, plaintext):

       if len(full_key) != 64:
       raise Exception("FULL key length shall be equal to 64")
       key = full_key[:len(full_key) //2]

       # Use the last half as the HMAC key
       hmac_key = full_key[len(full_key) // 2:]


       if isinstance(plaintext, str):
       plaintext = plaintext.encode()

       compressed = zlib.compress(plaintext, 5)
       print (f"compressed plaintext compressed")



       # Choose a random, 16-byte IV.
       iv = os.urandom(16)
       # Convert the IV to a Python integer.
       iv_int = int(binascii.hexlify(iv), 16) 
       # Create a new Counter object with IV = iv_int.
       ctr = Counter.new(128, initial_value=iv_int)
       # Create AES-CTR cipher.
       aes = AES.new(key, AES.MODE_CTR, counter=ctr)
       # Encrypt and return IV and ciphertext.
       ciphertext = aes.encrypt(compressed)


       hmac_obj = HMAC.new(hmac_key, compressed, SHA256)
       mac = hmac_obj.digest()

       return iv+ciphertext+mac


      def decrypt(key, ciphertext):
       # Initialize counter for decryption. iv should be the same as the output of
       # encrypt().


       if len(full_key) != 64:
       raise Exception("FULL key length shall be equal to 64")

       key = full_key[:len(full_key) //2]

       # Use the last half as the HMAC key
       hmac_key = full_key[len(full_key) // 2:]

       mac_length = 32
       iv_length = 16
       iv = ciphertext[:16]
       mac = ciphertext[-mac_length:] 

       _ciphertext = ciphertext[iv_length:-mac_length]


       iv_int = int(iv.hex(), 16) 
       ctr = Counter.new(128, initial_value=iv_int)
       # Create AES-CTR cipher.
       aes = AES.new(key, AES.MODE_CTR, counter=ctr)

       ciphertext = aes.decrypt(_ciphertext)

       # Extract the MAC from the end of the file
       hmac_obj = HMAC.new(hmac_key, ciphertext, SHA256)
       computed_mac = hmac_obj.digest()

       if computed_mac != mac:
       raise Exception("Messege integrity violated")





       plaintext= zlib.decompress(ciphertext)

       # Decrypt and return the plaintext.


       return plaintext





      python python-3.x security authentication aes




      python python-3.x security authentication aes






      share|improve this question









      New contributor




      saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited 2 mins ago









      200_success

      131k17157422




      131k17157422






      New contributor




      saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 11 hours ago









      saurav vermasaurav verma

      1065




      1065




      New contributor




      saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




















          0






          active

          oldest

          votes












          Your Answer





          StackExchange.ifUsing("editor", function ()
          return StackExchange.using("mathjaxEditing", function ()
          StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
          StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
          );
          );
          , "mathjax-editing");

          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "196"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );






          saurav verma is a new contributor. Be nice, and check out our Code of Conduct.









          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f217014%2faes-ctr-mode-encryption-with-hmac%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          saurav verma is a new contributor. Be nice, and check out our Code of Conduct.









          draft saved

          draft discarded


















          saurav verma is a new contributor. Be nice, and check out our Code of Conduct.












          saurav verma is a new contributor. Be nice, and check out our Code of Conduct.











          saurav verma is a new contributor. Be nice, and check out our Code of Conduct.














          Thanks for contributing an answer to Code Review Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          Use MathJax to format equations. MathJax reference.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f217014%2faes-ctr-mode-encryption-with-hmac%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          名間水力發電廠 目录 沿革 設施 鄰近設施 註釋 外部連結 导航菜单23°50′10″N 120°42′41″E / 23.83611°N 120.71139°E / 23.83611; 120.7113923°50′10″N 120°42′41″E / 23.83611°N 120.71139°E / 23.83611; 120.71139計畫概要原始内容臺灣第一座BOT 模式開發的水力發電廠-名間水力電廠名間水力發電廠 水利署首件BOT案原始内容《小檔案》名間電廠 首座BOT水力發電廠原始内容名間電廠BOT - 經濟部水利署中區水資源局

          Image
          東螺溪清水溪加走寮溪阿里山溪東埔蚋溪獅尾堀清水溪清水溝溪水里溪陳有蘭溪郡坑溪十八重溪那馬嘎班溪松柏坑溪卓棍溪瓠瓢坑溪益則坑溪玉崙溪丹大溪郡大溪巒大溪卡社溪栗栖溪萬大溪萬大北溪萬大南溪霧社溪塔羅灣溪馬赫坡溪萬大發電廠大觀發電廠日月潭第一發電所明潭發電廠...
          Read more

          Prove that NP is closed under karp reduction?Space(n) not closed under Karp reductions - what about NTime(n)?Class P is closed under rotation?Prove or disprove that $NL$ is closed under polynomial many-one reductions$mathbfNC_2$ is closed under log-space reductionOn Karp reductionwhen can I know if a class (complexity) is closed under reduction (cook/karp)Check if class $PSPACE$ is closed under polyonomially space reductionIs NPSPACE also closed under polynomial-time reduction and under log-space reduction?Prove PSPACE is closed under complement?Prove PSPACE is closed under union?

          Image
          Is a conference paper whose proceedings will be published in IEEE Xplore counted as a publication? Prove that NP is closed under karp reduction? Is it important to consider tone, melody, and musical form while writing a song? How is it possible to have an ability score that is less than 3? Can I make popcorn with any corn? Mathematical cryptic clues tikz: show 0 at the axis origin Minkowski space can i play a electric guitar through a bass amp? Why not use SQL instead of GraphQL? How can I prevent hyper evolved versions of regular creatures from wiping out their cousins? How old can references or sources in a thesis be? Do VLANs within a subnet need to have their own subnet for router on a stick? How to add double frame in tcolorbox? How much RAM could one put in a typical 80386 setup? "You are your self first supporter", a more proper way to say it How is the claim "I am in New York only if I am in America" the same as "If I am ...
          Read more

          Is my guitar’s action too high? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)Strings too stiff on a recently purchased acoustic guitar | Cort AD880CEIs the action of my guitar really high?Μy little finger is too weak to play guitarWith guitar, how long should I give my fingers to strengthen / callous?When playing a fret the guitar sounds mutedPlaying (Barre) chords up the guitar neckI think my guitar strings are wound too tight and I can't play barre chordsF barre chord on an SG guitarHow to find to the right strings of a barre chord by feel?High action on higher fret on my steel acoustic guitar

          Image
          Is the Mordenkainen's Sword spell underpowered? Escaping $ in listings environment Short story about astronauts fertilizing soil with their own bodies No invitation for tourist visa but I want to visit Do regular languages belong to Space(1)? Can I take recommendation from someone I met at a conference? How to name indistinguishable henchmen in a screenplay? Found this skink in my tomato plant bucket. Is he trapped? Or could he leave if he wanted? How can I prevent/balance waiting and turtling as a response to cooldown mechanics Can I feed enough spin up electron to a black hole to affect it's angular momentum? Why does BitLocker not use RSA? Is my guitar’s action too high? Does GDPR cover the collection of data by websites that crawl the web and resell user data Trying to enter the Fox's den How to achieve cat-like agility? "Destructive power" carried by a B-52? Should man-made satellites feature an intelligent inverted "cow c...
          Read more