from Crypto.Cipher import Blowfish
from Crypto.Random import get_random_bytes
from flask import Flask, request
@app.route('/encrypt', methods=['POST'])
def encrypt_data():
# Vulnerable: Blowfish with small block size
key = get_random_bytes(16)
cipher = Blowfish.new(key, Blowfish.MODE_CBC)
data = request.form.get('data').encode()
# Padding needed for block cipher
padded_data = data + b'\0' * (8 - len(data) % 8)
encrypted = cipher.encrypt(padded_data)
return encrypted.hex()
@app.route('/decrypt', methods=['POST'])
def decrypt_data():
# Vulnerable: Blowfish decryption
key = bytes.fromhex(request.form.get('key'))
encrypted_hex = request.form.get('encrypted')
cipher = Blowfish.new(key, Blowfish.MODE_CBC)
decrypted = cipher.decrypt(bytes.fromhex(encrypted_hex))
return decrypted.decode()
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
from Crypto.Util.Padding import pad, unpad
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import SHA256
from flask import Flask, request
import base64
@app.route('/encrypt', methods=['POST'])
def encrypt_data():
"""Secure encryption using AES-GCM."""
try:
data = request.form.get('data', '').encode('utf-8')
password = request.form.get('password', '')
if not data or not password:
return {'error': 'Data and password required'}, 400
# Generate random salt and nonce
salt = get_random_bytes(16)
nonce = get_random_bytes(12) # 96-bit nonce for GCM
# Derive key using PBKDF2
key = PBKDF2(password, salt, 32, count=100000, hmac_hash_module=SHA256)
# Secure: Use AES-GCM for authenticated encryption
cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)
ciphertext, tag = cipher.encrypt_and_digest(data)
# Combine all components
result = salt + nonce + tag + ciphertext
return {
'encrypted': base64.b64encode(result).decode(),
'algorithm': 'AES-256-GCM'
}
except Exception as e:
return {'error': 'Encryption failed'}, 500
@app.route('/decrypt', methods=['POST'])
def decrypt_data():
"""Secure decryption using AES-GCM."""
try:
encrypted_data = request.form.get('encrypted', '')
password = request.form.get('password', '')
if not encrypted_data or not password:
return {'error': 'Encrypted data and password required'}, 400
# Decode and extract components
data = base64.b64decode(encrypted_data)
salt = data[:16]
nonce = data[16:28]
tag = data[28:44]
ciphertext = data[44:]
# Derive key using same parameters
key = PBKDF2(password, salt, 32, count=100000, hmac_hash_module=SHA256)
# Decrypt and verify
cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)
plaintext = cipher.decrypt_and_verify(ciphertext, tag)
return {
'decrypted': plaintext.decode('utf-8'),
'algorithm': 'AES-256-GCM'
}
except ValueError:
return {'error': 'Decryption failed - invalid data or password'}, 400
except Exception as e:
return {'error': 'Decryption failed'}, 500