Fernet Encryption/Decryption

The fernet key should be using urls safe base64 encoding format

Thanks for using this software, for Cofee/Beer/Amazon bill and further development of this project please Share.

Any private key value that you enter or we generate is not stored on this site, this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen, for extra security run this software on your network, no cloud dependency

Asking for donation sound bad to me, so i'm raising fund from by offering all my Nine book for just $9


Fernet guarantees that a message encrypted using it cannot be manipulated or read without the key. All encryption in this version is done with AES 128 in CBC mode.

Key format

A fernet key is the base64url encoding of the following fields:

Signing-key || Encryption-key
  • Signing-key, 128 bits
  • Encryption-key, 128 bits

Token format

A fernet token is the base64url encoding of the concatenation of the following fields:

Version || Timestamp || IV || Ciphertext || HMAC
  • Version, 8 bits : with the value 128 (0x80)
  • Timestamp, 64 bits : It records the number of seconds elapsed between January 1, 1970 UTC and the time the token was created
  • IV, 128 bits
  • Ciphertext, variable length, multiple of 128 bits
  • HMAC, 256 bits : This field is the 256-bit SHA256 HMAC Version || Timestamp || IV || Ciphertext


fernet python example

>>> from cryptography.fernet import Fernet
>>> key = Fernet.generate_key()
>>> key
>>> f = Fernet(key)
>>> token = f.encrypt(b"Hello 8gwifi.org")
>>> token
>>> f.decrypt(token)
'Hello 8gwifi.org'

Using password with Fernet

>>> import base64
>>> import os
>>> from cryptography.fernet import Fernet
>>> from cryptography.hazmat.primitives import hashes
>>> from cryptography.hazmat.backends import default_backend
>>> from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
>>> password = b"password"
>>> salt = os.urandom(16)
>>> kdf = PBKDF2HMAC(
... algorithm=hashes.SHA256(),
... length=32,
... salt=salt,
... iterations=100000,
... backend=default_backend()
... )
>>> key = base64.urlsafe_b64encode(kdf.derive(password))
>>> key
>>> f = Fernet(key)
>>> token = f.encrypt(b"Hello 8gwifi.org")
>>> token
>>> f.decrypt(token)
'Hello 8gwifi.org'


Fernet is ideal for encrypting data that easily fits in memory. As a design feature it does not expose unauthenticated bytes. This means that the complete message contents must be available in memory, making Fernet generally unsuitable for very large files at this time

The Modern Cryptography Book

Kubernetes for DevOps

Cryptography for Python Developers

Cryptography for JavaScript Developers

Go lang Cryptography for Developers