Implementing Symmetric Encryption in API Automation Testing with Python

In API automation testing, symmetric encryption is commonly used to protect data transmitted through interfaces by using the same key for encryption and decryption.

1. Basic concepts of symmetric encryption Symmetric algorithms such as AES, DES, and 3DES use a single secret key; AES supports 128/192/256‑bit keys, DES uses a 56‑bit key, and 3DES improves DES security at the cost of speed.

2. Implementing symmetric encryption with Python

2.1 AES encryption The following Python code uses the pycryptodome library to encrypt and decrypt data with AES in CBC mode, handling padding and base64 encoding.

from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
import base64

def aes_encrypt(data, key):
    cipher = AES.new(key.encode('utf-8'), AES.MODE_CBC, iv=b'1234567890123456')
    padded_data = pad(data.encode('utf-8'), AES.block_size)
    encrypted_data = cipher.encrypt(padded_data)
    return base64.b64encode(encrypted_data).decode('utf-8')

def aes_decrypt(encrypted_data, key):
    encrypted_data_bytes = base64.b64decode(encrypted_data)
    cipher = AES.new(key.encode('utf-8'), AES.MODE_CBC, iv=b'1234567890123456')
    decrypted_padded_data = cipher.decrypt(encrypted_data_bytes)
    decrypted_data = unpad(decrypted_padded_data, AES.block_size)
    return decrypted_data.decode('utf-8')

# 示例使用
key = "thisisaverysecurekey1234"  # 密钥长度必须为 16、24 或 32 字节
data = "Hello, Secure World!"
encrypted_data = aes_encrypt(data, key)
print(f"加密结果: {encrypted_data}")

decrypted_data = aes_decrypt(encrypted_data, key)
print(f"解密结果: {decrypted_data}")

2.2 DES encryption Similar code demonstrates DES encryption/decryption with an 8‑byte key.

from Crypto.Cipher import DES
from Crypto.Util.Padding import pad, unpad
import base64

def des_encrypt(data, key):
    cipher = DES.new(key.encode('utf-8'), DES.MODE_CBC, iv=b'12345678')
    padded_data = pad(data.encode('utf-8'), DES.block_size)
    encrypted_data = cipher.encrypt(padded_data)
    return base64.b64encode(encrypted_data).decode('utf-8')

def des_decrypt(encrypted_data, key):
    encrypted_data_bytes = base64.b64decode(encrypted_data)
    cipher = DES.new(key.encode('utf-8'), DES.MODE_CBC, iv=b'12345678')
    decrypted_padded_data = cipher.decrypt(encrypted_data_bytes)
    decrypted_data = unpad(decrypted_padded_data, DES.block_size)
    return decrypted_data.decode('utf-8')

# 示例使用
key = "8bytekey"  # 密钥长度必须为 8 字节
data = "Hello, DES Encryption!"
encrypted_data = des_encrypt(data, key)
print(f"加密结果: {encrypted_data}")

decrypted_data = des_decrypt(encrypted_data, key)
print(f"解密结果: {decrypted_data}")

3. Using symmetric encryption in API automation Shows how to encrypt request parameters with AES, send the encrypted payload via requests.post , and handle the response.

import requests

# Re‑use the aes_encrypt function defined earlier
key = "thisisaverysecurekey1234"  # 密钥长度必须为 16、24 或 32 字节

data = '{"name": "John Doe", "password": "123456"}'
encrypted_data = aes_encrypt(data, key)
print(f"加密后的请求参数: {encrypted_data}")

# Send encrypted request
url = "https://api.example.com/login"
headers = {"Content-Type": "application/json"}
response = requests.post(url, json={"encrypted_data": encrypted_data}, headers=headers)
print(f"响应状态码: {response.status_code}")
print(f"响应内容: {response.json()}")

4. Precautions Emphasizes key management, choosing appropriate algorithms (AES is recommended), and performance considerations when processing large data volumes.

5. Summary Symmetric encryption, implemented with Python’s pycryptodome library, enables secure API testing by encrypting request data and verifying responses, helping protect data integrity and confidentiality.