def _encrypt(self, plaintext: str, password: str) -> str: """Encrypt data with AES-256-CBC.""" salt = os.urandom(SALT_SIZE) iv = os.urandom(IV_SIZE) key = self._derive_key(password, salt) cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend()) encryptor = cipher.encryptor() # Pad plaintext to multiple of 16 bytes padded = plaintext.encode() + b"\x00" * (16 - len(plaintext) % 16) ciphertext = encryptor.update(padded) + encryptor.finalize() # Store: salt + iv + ciphertext combined = salt + iv + ciphertext return base64.b64encode(combined).decode()
This feature is **complete, runnable, and ready to integrate** into a larger application or use as a standalone password manager. </code></pre> breezip password
def _decrypt(self, enc_data: str, password: str) -> str: """Decrypt AES-256-CBC encrypted data.""" raw = base64.b64decode(enc_data) salt = raw[:SALT_SIZE] iv = raw[SALT_SIZE:SALT_SIZE + IV_SIZE] ciphertext = raw[SALT_SIZE + IV_SIZE:] key = self._derive_key(password, salt) cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend()) decryptor = cipher.decryptor() decrypted_padded = decryptor.update(ciphertext) + decryptor.finalize() # Remove padding return decrypted_padded.rstrip(b"\x00").decode() def _encrypt(self, plaintext: str, password: str) -> str:
