Code Review Stack Exchange
My long term goal is to make a tool similar to but first I need to learn how to program and how to properly implement AES.So far I've been using Python for simplicity but I plan to use a compiled (memory safe) language in the future.As far as I understand, 'rolling your own crypto' is a bad idea and should be left to experts. storing the IV, ciphertext and checksum alongside each other and being able to take them appart when decrypting (currently separated using commas and split using text.split(','), 3 comma's in case 1 or 2 comma's appear in the ciphertext?)The IV is always the same size as the block size, and the block size of AES stays fixed. So you would generally just prefix it to the ciphertext (using 16 bytes, possibly converted to 32 hexadecimal characters).Your code shows you do not make a clear distinction between bytes and encoding of bytes. Encoding mistakes are one the most common mistakes made by programmers starting cryptography. dividing the data into chunks of 16 bytes (128 bits), specifically padding the last chunk to get equal sized chunks. (e.g 63 chars can be divided into 3 chunks of 16 with some leftover, so I would have to add random data to make a full chunk.
Code Review Tool
How do I get rid of this when decrypting again?)This is called padding, which is not required for all modes of operation (e.g. CTR, counter mode, doesn't require it).
Code Review Stack Exchange Program
For CBC you'd generally use PKCS#7 compatible padding. outputting ciphertext and hashes in readable form (currently using hex-encoding)Hex encoding is fine, but you might wonder why you would do this in the first place. The values will be indistinguishable from random anyway.
Code Review Stack Exchange Calculator
Base 64 is more efficient if the ciphertext has to be transported.Other notes ( on the removed implementation):. SHA-256 is not a Password Based Key Derivation Function, don't use it on passwords (with insufficient entropy);. random.randint(0, 0xFF) is indeed insecure, so why use it? You need a cryptographically secure RNG;. using a hash as checksum may not be secure, use a (H)MAC or authenticated cipher.