{"id":7222,"library":"fernet","title":"Fernet (Pure Python Implementation)","description":"This `fernet` library provides a simple, pure Python implementation of the Fernet symmetric encryption specification. Unlike the `cryptography.fernet` module, this package does not rely on C extensions, making it suitable for environments where C-based compiled modules are undesirable or for use as a simple reference. However, it is explicitly *not recommended* for production or security-sensitive applications due to its age and lack of active maintenance compared to the `cryptography` library's implementation. It was last updated in 2016.","status":"maintenance","version":"1.0.1","language":"en","source_language":"en","source_url":"https://github.com/oz123/python-fernet","tags":["cryptography","encryption","fernet","pure-python","symmetric-encryption","security-warning"],"install":[{"cmd":"pip install fernet","lang":"bash","label":"Install Fernet"}],"dependencies":[],"imports":[{"note":"This is the import for the pure Python 'fernet' package. For secure applications, you should use 'from cryptography.fernet import Fernet' from the 'cryptography' library.","wrong":"from cryptography.fernet import Fernet","symbol":"Fernet","correct":"from fernet import Fernet"}],"quickstart":{"code":"import os\nfrom fernet import Fernet\n\n# Generate a new Fernet key. This must be kept secret and securely stored.\n# In a real application, you would load this from a secure configuration.\nkey = Fernet.generate_key()\nprint(f\"Generated Key: {key.decode()}\")\n\n# Instantiate Fernet with the key\nf = Fernet(key)\n\n# Original message (must be bytes)\noriginal_message = b\"My super secret message\"\n\n# Encrypt the message\nencrypted_message = f.encrypt(original_message)\nprint(f\"Encrypted Message: {encrypted_message}\")\n\n# Decrypt the message\ndecrypted_message = f.decrypt(encrypted_message)\nprint(f\"Decrypted Message: {decrypted_message.decode()}\")\n\n# Verify decryption\nassert original_message == decrypted_message\nprint(\"Decryption successful!\")","lang":"python","description":"This quickstart demonstrates how to generate a key, encrypt a message, and decrypt it using the `fernet` library. Keys and messages must be bytes. Remember to store your generated key securely, as anyone with the key can decrypt your data. This example is for demonstration; for production, use `cryptography.fernet`."},"warnings":[{"fix":"For any secure or production use case, switch to `cryptography.fernet`. Install with `pip install cryptography` and use `from cryptography.fernet import Fernet`.","message":"This 'fernet' library (PyPI package 'fernet', GitHub 'oz123/python-fernet') is a *pure Python reference implementation* and is **NOT RECOMMENDED for production or security-sensitive applications**. The actively maintained, robust, and cryptographically secure Fernet implementation is provided by the `cryptography` library (import `from cryptography.fernet import Fernet`).","severity":"breaking","affected_versions":"All versions"},{"fix":"Migrate to `cryptography.fernet` which is actively developed and receives regular security audits and updates.","message":"The `fernet` library by `oz123` was last updated in September 2016 and is not actively maintained for security patches or new features. Using an unmaintained cryptographic library can expose your application to known and unknown vulnerabilities.","severity":"deprecated","affected_versions":"All versions (since 1.0.1 was released in 2016)"},{"fix":"Ensure all plaintext messages are encoded to bytes (e.g., `\"hello\".encode('utf-8')`) before encryption, and decrypted messages are decoded from bytes to string (e.g., `decrypted_message.decode('utf-8')`) for string manipulation.","message":"The `fernet` library's `encrypt()` and `decrypt()` methods strictly require `bytes` objects as input. Passing plain strings will result in a `TypeError` or incorrect behavior.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Ensure the encrypted token passed to `decrypt()` is a bytes object. If you loaded it from storage, ensure it's read in binary mode (e.g., `rb`) and not decoded prematurely.","cause":"The `decrypt()` method was called with a string instead of a bytes object.","error":"TypeError: token must be bytes."},{"fix":"Ensure the key is a bytes object. Keys are typically generated as bytes and should be handled as such. If loading from a file, read it in binary mode (`'rb'`).","cause":"The Fernet key provided during initialization (`Fernet(key)`) was a string instead of a bytes object.","error":"TypeError: key must be bytes."},{"fix":"Always use `Fernet.generate_key()` to create a valid key. If loading a key, ensure it hasn't been corrupted or modified and is still a 32-byte URL-safe base64-encoded bytes string.","cause":"The key used to initialize `Fernet()` is not the correct length (32 bytes) or is not properly URL-safe base64 encoded.","error":"ValueError: Fernet key must be 32 url-safe base64-encoded bytes."}]}