Search code examples

How to make my code more secure and one more

I'm working at some project, where i need strong security, because it works with networks. So, I've made a class for token storage, which encrypts this token via pycrypto, encodes it in base64, and reverse.

Steps are following:

  • Set up AES encryption keys
  • Initialize token object
  • Encrypt it

I need to make sure that there's not any holes in security, and also I'm interested in knowledge: How to make any class/method/variable accessible in only one file?


from base64  import b64encode, b64decode
from Crypto.Cipher import AES
import sys
import math
class Token:
    print("[cobalt] setting up encrytion keys...")
    print("[cobalt] reading encryption key file")
    key = open('/usr/share/doc/cobalt/encryption', 'r')
    lines = key.readlines()[0].split(':')
    print("[cobalt] read values, writing private constants...")
    __COMMON_ENCRYPTION_KEY = lines[0].strip()
    __COMMON_AES_IV16 = lines[1].strip()
    del lines
    print("[cobalt] wrote constants, closing file stream...")
    print("[cobalt] setted up encryption keys, initializing token object...")
    def __init__(self, token:str):
        self._token = token
        self._encrypted = self.__encrypt()
        print("[cobalt] token object initialized")
    def __get_common(self):
        print("[cobalt] getting common AES...")
            return, AES.MODE_CBC, Token.__COMMON_AES_IV16)
        except ValueError as e:
            print(f"[cobalt]\033[1;31m error:\033[m {e}")
    def __encrypt(self) -> str:
        print("[cobalt] encrypting token...")
        common_cipher = self.__get_common(); print(f"[cobalt] got common AES: {common_cipher}")
        token_len = len(self._token); print(f"[cobalt] got token length: {token_len}")
        # padded token with next multiple of 16
        padded_token = self._token.rjust(16 * math.ceil(token_len / 16)); print("[cobalt] got padded token")
        raw_encrypted_token = common_cipher.encrypt(padded_token); print("[cobalt] encrypted, encoding...\n")
        return b64encode(raw_encrypted_token).decode('utf-8')
    def _decrypt(self) -> str:
        print("[cobalt] decrypting token...")
        common_cipher = self.__get_common(); print(f"[cobalt] got common AES: {common_cipher}")
        raw_token = b64decode(self._encrypted); print("[cobalt] decoded raw token")
        decrypted_wpadding = common_cipher.decrypt(raw_token); print("[cobalt] decrypted token\n")
        return decrypted_wpadding.decode('utf-8').strip()


  • For storage you should use one-way functions (sha-2, for example), because you will never need to have its actual value, so you will never need to decode it. Each time user try to get access and use his token (password, cvv code or etc), you just use the same function upon the token and waiting to get the exact same result.

    For accessibility you can use accessify

    from accessify import private, protected
    class Unit:
        def move(self):
        def run(self):

    Personal thoughts you probably should ignore:

    Also I noticed, you use "__". It's good practise, when you want to ship your library to the world. Competent user will not use this methods (and IDE will not provide information about them :)). But it won't save your from bad-bad people. So I personally don't see the point of usage this ugly notation here, when you're coding your server application.