devBylund.com

Fernet Key Generator

Generate cryptographically secure keys for Fernet symmetric encryption

Fernet is a high-level symmetric encryption recipe that provides authenticated encryption with built-in key rotation support. Perfect for API tokens, secure cookies, and any data that needs to be encrypted and decrypted by the same system.

Your Fernet Key
32-byte key encoded in URL-safe base64
Generating key...
256-bit Security
URL-Safe Base64
Cryptographically Secure
What is Fernet?

Fernet is a symmetric encryption standard that ensures encrypted messages cannot be manipulated or read without the key. It's designed to be simple, secure, and foolproof - perfect for developers who need encryption without being cryptography experts.

Key Features:

  • Authenticated encryption (protects both confidentiality and integrity)
  • Built-in timestamp prevents replay attacks
  • No configuration required - it just works securely
  • URL-safe tokens can be used in web applications

Technical Details:

  • Encryption: AES 128-bit in CBC mode
  • Authentication: HMAC using SHA256
  • Encoding: URL-safe base64 (no padding)
  • Key size: 256 bits (32 bytes)
  • IV: 128 bits, randomly generated

๐Ÿ’ก Why use Fernet? Unlike raw AES encryption, Fernet includes authentication, handles encoding, and prevents common mistakes. It's a complete solution that's hard to misuse.

Common Use Cases
  • ๐Ÿ”
    API Tokens: Encrypt user IDs or session data in tokens
  • ๐Ÿ“ง
    Email Verification: Create secure, time-limited verification links
  • ๐Ÿ—„๏ธ
    Database Encryption: Encrypt sensitive fields before storage
  • ๐Ÿช
    Secure Cookies: Store encrypted data in browser cookies
  • ๐Ÿ“
    File Encryption: Protect configuration files or backups
Security Best Practices
  • โš ๏ธ
    Never hardcode keys: Store them in environment variables or secure key management systems
  • ๐Ÿ”„
    Rotate keys regularly: Implement key rotation for long-lived systems
  • ๐Ÿ”’
    Use HTTPS: Always transmit encrypted tokens over secure connections
  • โฑ๏ธ
    Set TTL: Use Fernet's built-in TTL feature for time-sensitive data
Python Usage Example
from cryptography.fernet import Fernet
import time

# Use the generated key
key = b'<your-generated-key-here>'
f = Fernet(key)

# Basic encryption/decryption
message = b"Secret message"
encrypted = f.encrypt(message)
decrypted = f.decrypt(encrypted)

# With TTL (time-to-live)
encrypted_ttl = f.encrypt_at_time(message, int(time.time()))
# This will raise an exception if decrypted after 60 seconds
try:
    decrypted_ttl = f.decrypt_at_time(encrypted_ttl, ttl=60, current_time=int(time.time()))
except Exception as e:
    print("Token expired!")

Install the Python library: pip install cryptography

Other Language Examples

Node.js / JavaScript

// npm install fernet
const fernet = require('fernet');
const secret = new fernet.Secret('<your-generated-key-here>');
const token = new fernet.Token({ secret: secret });

// Encrypt
const encrypted = token.encode('Secret message');

// Decrypt
const decrypted = token.decode(encrypted);

Ruby

# gem install fernet
require 'fernet'

key = '<your-generated-key-here>'
fernet = Fernet.new(key)

# Encrypt
token = fernet.generate('Secret message')

# Decrypt
message = fernet.decrypt(token)

Go

// go get github.com/fernet/fernet-go
import "github.com/fernet/fernet-go"

key := fernet.MustDecodeKey("<your-generated-key-here>")
encrypted, _ := fernet.EncryptAndSign([]byte("Secret message"), key)
decrypted := fernet.VerifyAndDecrypt(encrypted, 0, []*fernet.Key{key})