Simple way to encode a string according to a password?

java

encryption

security

key-storage

byAlex Kataev·Mar 6, 2025

Symmetric encryption with Fernet class from Python's cryptography package offers a quick way to encode a string using a password. The following code snippet provides an example:

from cryptography.fernet import Fernet
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from base64 import urlsafe_b64encode
import os

# Cast your "magic" password into bytes.
password = b"my_password"  
# Don't forget your "pinch of salt".
salt = os.urandom(16)

# Use PBKDF2HMAC to "cook" your key right.
kdf = PBKDF2HMAC(
    algorithm=hashes.SHA256(),
    length=32,
    salt=salt,
    iterations=100000,
    backend=default_backend()
)
# Ready key must be urlsafe base64 - no "spilling" allowed!
key = urlsafe_b64encode(kdf.derive(password))

# Time for Fernet "mixology"!
cipher_suite = Fernet(key)

# Mix your secret message into this cryptographic "cocktail".
message = b"Secret message"
encrypted_msg = cipher_suite.encrypt(message)

# To decrypt: Lift the "curse" with: decrypted_msg = cipher_suite.decrypt(encrypted_msg)

Here the encryption key is derived from the password with a KDF and then comes our friend Fernet to encrypt the message. Only the password holder can "unlock" or decode it.

Understanding encryption: Avoiding a "Titanic" situation

When you're creating your encryption "masterpiece", you need to be conscious of the "icebergs" that could sink your "ship". Here are some to watch out for:

Don't be predictable!

Stay clear of encryption modes like AES ECB. It may seem like a calm sea, but it's hiding predictable patterns that can haunt your security.

Change is good

Use a unique initialization vector (IV) for each ride on the encryption sea. It keeps things fresh!

Secure your Key

Don't just "hook" any key! Use a KDF like PBKDF2HMAC for deriving keys from passwords. Let’s keep things secure here!

Key storage: Don't just bury it!

How we handle keys is just as important as the lock they open. Be sure to store them safely using environment variables or secure key storage tools. No more "X marks the spot"!

Time-to-Live (TTL) Encryption: Not everything lasts forever

If you're dealing with encrypted data that has an "expiry date", AES-GCM", which includes a timestamp, is the treasure you're looking for. With a time-to-live "stamp", this data knows when it's time to say goodbye.

Encryption methods: finding the right path

Depending on your journey and the severity of the threats, you might need different maps, or encryption methods:

For calm seas: Data obfuscation

When you're just sailing in a pond and the only threats are "curious fish", base64 encoding with an added HMAC for integrity should suffice.

For stormy weather: Data integrity

When the seas are rough, you need to ensure your cargo is intact. HMAC ensures your data hasn't been tampered with.

For a quick trip: XOR encryption

If you're just doing a quick row around the lake, XOR encryption could do the job. Just remember: it's not for a trip on the open sea!

For the long voyage: Key derivation considerations

Planning for a long voyage across the cyber sea? Be sure to ensure passphrase length and complexity. Keys derived from passwords can involve trade-offs compared with using fancy cryptographic keys.

explain-codes / Java / Simple way to encode a string according to a password?

Linked

How to encrypt String in Java



Can local storage ever be considered secure?



Keystore Change Passwords



Javascript string encryption and decryption?



Java 256-bit AES Password-Based Encryption

