I’m trying to write a simple Python solution to encrypt a file securely using a passphrase. I figured I would use something like bcrypt or pbkdf2 so that as time goes on, I could make my password hashes more and more difficult to brute force. I also figured I would use AES for the actual encryption, as it’s a pretty safe standard. I’m not fixed on the encryption cipher, but I really like bcrypt.

I’m having quite a difficult time figuring out how to actually perform the encryption. Let’s say I have a passphrase and a file I’d like to encrypt. I’d assume that I essentially need to do something like this:

from Crypto.Cipher import AES
from bcrypt import gensalt, hashpw
from hashlib import sha256

def encryptify(passphrase, file_name):
    target_file = open(file_name, 'r')

    # generate password, takes time
    passphrase_rounds = 15
    passphrase_salt = gensalt(rounds)
    passphrase = sha256(hashpw(passphrase, passphrase_salt)).hexdigest()

    # encrypt the file
    encrypted_file = AES.new(passphrase, AES.MODE_CBC).encrypt(target_file.read())

At the final step, it fails with a ValueError, telling me that my key must be 16, 24, or 32 bytes long. What I’m not understanding is if what I’m doing is secure and why the last step is failing. I thought that SHA256 outputs 32 characters of data?

I’m particularly concerned about taking a bcrypt passphrase and throwing it through sha256, are there any potential security risks by doing this? I wouldn’t imagine so, but then again, I’m not a cryptographer.