Python: Encrypting file contents using a password and decrypting it by users

Question

I already read a lot about this topic but I don't really understand how I should implement this. I want to encrypt a (text) file of a user A. The user has set up a password for his/her account and the text file is being encrypted with this password. Now the user shares his encrypted file with another user B. This user, of course, has another password set for his/her account. However, he/she and just he/she, should be able to decrypt the text without knowing user A's password.

I guess I have to use a private/public key algorithm. I already looked at PyCrypto but I don't really understand how to create a public/private key from user A's password.

I'd prefer a real python solution that does not include a pgp executable or dll.

Some pseudo code:

key, encrypted = generate_public_key_and_encrypt(userA.password, "Hello World!")
userA.share_data(userB, key)
decrypted = decrypt(userB.password, key, encrypted)

What exactly is your question? We generally expect a [mcve] and a **specific issue** for these questions. — Luke Joshua Park, Jan 18 '18 at 07:26
How do I encrypt a string using a user's password? How can another user decrypt it after the first user has shared it? — fameman, Jan 18 '18 at 07:27
Generally you derive a random symmetric key, encrypt this with the other users public key, encrypt the file with the symmetric key and then transmit both over to the other user. Your question is a bit too broad for StackOverflow, however, so it will likely be closed. — Luke Joshua Park, Jan 18 '18 at 07:30
It isn't. You should generate a private key for each user when the user is created. — Luke Joshua Park, Jan 18 '18 at 07:36
Hm... OK. So I would need another database to store the keys, right? — fameman, Jan 18 '18 at 07:51
What keys? The users private keys? Store them alongside the users information in the database. Encrypt them with the users password. — Luke Joshua Park, Jan 18 '18 at 07:54

Koshik Raj · Accepted Answer · 2018-02-22T11:11:23.753

First of all, password authentication (password based) and encryption (key based) are completely different. Basically, if you want to implement an encryption/decryption, you have to be able to have a mechanism to exchange keys between the users. If you plan to use public/private keys for this purpose, private key is always used to decrypt not to encrypt. If you want to map password to private key, you should use your own password to decrypt the message not to encrypt.

If you still want to use password for this kind of mechanism, you can map your private key to the password and use this password indirectly to decrypt the message everytime. And, all the other users should be aware of the public key which maps to this user.

If you plan on using PyCrypto as you mentioned you might need to do the following for encryption/decryption.

>>> from Crypto.PublicKey import RSA
>>> key = RSA.generate(2048)
>>> public = key.publickey()

Let's say you want to encrypt a message 1234

# Encrypting using public key of user which is broadcasted   
>>> cipher = public.encrypt(1234, 22)

# Decrypting using users own secret private key
>>> message = key.decrypt(cipher)

As far as your requirement is considered, maintain a map for your password and private key somewhere. Whenever user wants to decrypt the message, you can ask him for the password and use the exported key to decrypt the message.

# exporting private key
>>> private_key = key.exportKey()

# exporting public key
public = key.publickey()
public_key = public.exportKey()

Python: Encrypting file contents using a password and decrypting it by users

1 Answers1