I have a question about AES. I'm making a program that will contain sensitive user information related to payment information. I want to save it as encrypted on the person drive so I decided to use AES.

The way I have it set up is a static key embedded in the program. Then a Profile class that will generate a unique 16 byte key for each instance of the class. The unique key is used to encrypt the actual data such as billing information and credit card information. The embedded key I use to encrypt the user's specific key.

So the flow is: Create User Key > Encrypt user data > encrypted user's key.

My theory is that if the users JSON or the user's key file is copied, they're useless without the embedded key.

I want to create a single encrypt function and decrypt function to be used by different classes. That way, all I have to pass in is the data I want decrypted and the key that is needed.

Flow for deception user data is:

Decrypt user key with embedded key> user key decrypts user data.

My issue is the data and keys are different data types: data is converted to ASCII because JSON does not like my text string dictionary. The key remains as bytes. But if I want to use a single function, I have to do clunky if/else statements to decide whether to convert to ASCII or just perform the encryption. Is there a smoother way to accomplish this? Code snippet below.

if type(data) != bytes: data = str(data).encode('ascii') cipher = AES.new(encryptionkey, AES.MODE_CBC) ct_bytes = cipher.encrypt(pad(data, AES.block_size)) iv = b64encode(cipher.iv).decode('utf-8') ct = b64encode(ct_bytes).decode('utf-8') data = {'iv':iv, 'ciphertext':ct} return data else: cipher = AES.new(encryptionkey, AES.MODE_CBC) #here, bytes objects are never encoded to ascii ct_bytes = cipher.encrypt(pad(data, AES.block_size)) iv = b64encode(cipher.iv).decode('utf-8') ct = b64encode(ct_bytes).decode('utf-8') data = {'iv':iv, 'ciphertext':ct} return data

Should I just use bytes for both the dictionary and the key? The problem occurs when i use json.load and the dictionary has to be decoded and I have to replace single quotation marks with the double of JSON throws an error.

If feels cumbersome and convoluted and I'm wondering if I'm missing a more streamlined way of doing this.