A professional Streamlit-based web application that provides secure message and file encryption using AES-256 symmetric encryption and RSA-2048 asymmetric encryption.
The project demonstrates how modern encryption techniques work in a simple, interactive, and beginner-friendly way. It allows users to encrypt messages, generate required keys, download encrypted outputs, and decrypt messages using the correct keys.
🔗 Application Link: https://cyber-security-message-encryption-dl3w8dsunub3quh4er25dy.streamlit.app/
The Secure Message Encryption & Decryption Tool is designed to explain and demonstrate two important cryptographic techniques:
- AES-256 for fast symmetric encryption
- RSA-2048 for public/private key based asymmetric encryption
The application supports both direct text input and file upload. It also provides encrypted output, encryption keys, initialization vectors, public keys, and private keys based on the selected encryption method.
This project is useful for understanding:
- How messages are encrypted and decrypted
- How AES and RSA encryption differ
- Why AES is suitable for large data
- Why RSA is suitable for small messages and key exchange
- Why keys, IVs, padding, and Base64 encoding are required in real encryption workflows
| Method | Type | Best Used For |
|---|---|---|
| AES-256 | Symmetric Encryption | Large messages and files |
| RSA-2048 | Asymmetric Encryption | Small messages and secure key exchange |
The application supports:
- Direct message typing
- File upload for encryption and decryption
- Text-based encrypted input
- File-based encrypted input
The application allows users to download:
- Encrypted message
- AES encryption key
- AES initialization vector
- RSA public key
- RSA private key
- Decrypted message
The interface is built using Streamlit and includes:
- Clean tab-based layout
- Separate encryption and decryption sections
- Clear warnings and instructions
- Download buttons for generated outputs
- Custom CSS styling
| Technology | Purpose |
|---|---|
| Python | Main programming language |
| Streamlit | Web application framework |
| PyCryptodome | AES and RSA encryption library |
| Base64 | Converts encrypted bytes into readable text |
| HTML/CSS | Custom UI styling |
| Streamlit Session State | Temporarily stores encryption results |
| Concept | Explanation |
|---|---|
| AES-256 | Symmetric encryption using a 256-bit key |
| RSA-2048 | Asymmetric encryption using public and private keys |
| AES-CBC | AES encryption in Cipher Block Chaining mode |
| IV | Initialization Vector required for AES-CBC |
| Padding | Makes AES input size compatible with block size |
| Unpadding | Removes padding after decryption |
| PKCS1_OAEP | Secure padding scheme used with RSA encryption |
| Base64 | Converts binary encrypted data into readable text |
| Ciphertext | Encrypted unreadable output |
| Public Key | RSA key used for encryption |
| Private Key | RSA key used for decryption |
Cyber-Security-Message-Encryption-main/
│
├── app.py
├── requirements.txt
├── README.md
├── LICENSE
├── .gitignore
│
├── .streamlit/
│ └── config.toml
│
├── assets/
│ └── style.css
│
└── src/
├── constants.py
│
├── crypto/
│ ├── aes_crypto.py
│ ├── rsa_crypto.py
│ └── crypto_service.py
│
├── state/
│ └── session_state.py
│
├── ui/
│ ├── layout.py
│ ├── encrypt_tab.py
│ ├── decrypt_tab.py
│ └── result_components.py
│
└── utils/
├── css_loader.py
└── encoding.py| File / Folder | Purpose |
|---|---|
app.py |
Main controller of the Streamlit application |
requirements.txt |
Contains required Python libraries |
.streamlit/config.toml |
Controls Streamlit theme and server settings |
assets/style.css |
Contains custom CSS styling |
src/constants.py |
Stores fixed project constants |
src/crypto/aes_crypto.py |
Handles AES-256 encryption and decryption |
src/crypto/rsa_crypto.py |
Handles RSA-2048 encryption and decryption |
src/crypto/crypto_service.py |
Connects UI with AES/RSA logic |
src/state/session_state.py |
Stores encryption results temporarily |
src/ui/layout.py |
Handles page header and footer |
src/ui/encrypt_tab.py |
Builds encryption interface |
src/ui/decrypt_tab.py |
Builds decryption interface |
src/ui/result_components.py |
Displays encrypted results and download buttons |
src/utils/css_loader.py |
Loads custom CSS into Streamlit |
src/utils/encoding.py |
Converts bytes to Base64 and Base64 to bytes |
AES stands for:
Advanced Encryption StandardAES is a symmetric encryption algorithm.
This means the same secret key is used for both encryption and decryption.
Same AES key → Encrypts the message
Same AES key → Decrypts the messageIn this project, AES uses a 32-byte key.
1 byte = 8 bits
32 bytes = 256 bitsTherefore, the project uses:
AES-256AES is used in CBC mode.
AES-CBC = Advanced Encryption Standard - Cipher Block ChainingCBC mode connects encrypted blocks together. Each block depends on the previous encrypted block.
AES-CBC also requires an Initialization Vector.
IV stands for:
Initialization VectorThe IV is a random value used by AES-CBC for the first encryption block.
Important points:
IV is not a password.
IV is not the AES key.
IV is not secret.
IV is required for decryption.
IV must be saved with the encrypted message.The IV helps ensure that encrypting the same message multiple times produces different ciphertext outputs.
AES works on fixed-size blocks.
AES block size:
16 bytesIf the message size is not a multiple of 16 bytes, padding is added before encryption.
Example:
Original message = HELLO
Length = 5 bytes
AES needs = 16 bytes
Padding added = 11 bytesAfter decryption, the extra padding is removed using unpadding.
Padding → Added before encryption
Unpadding → Removed after decryptionRSA is an asymmetric encryption algorithm.
This means it uses two keys:
| Key | Purpose |
|---|---|
| Public Key | Used for encryption |
| Private Key | Used for decryption |
Basic RSA process:
Message + Public Key
↓
Encryption
↓
Ciphertext
Ciphertext + Private Key
↓
Decryption
↓
Original MessageThe project uses:
RSA-2048This means RSA keys are generated with a 2048-bit key size.
The public key is used to encrypt the message.
It can be shared with others.
The private key is used to decrypt the message.
It must be kept secret.
If the private key is lost, the RSA encrypted message cannot be decrypted.
Full form:
PKCS1 = Public-Key Cryptography Standards #1
OAEP = Optimal Asymmetric Encryption PaddingSo:
PKCS1_OAEP = Public-Key Cryptography Standards #1 - Optimal Asymmetric Encryption PaddingIn this project, PKCS1_OAEP is used with RSA to make encryption more secure.
OAEP adds:
Randomness
Security padding
Protection against predictable raw RSA encryptionRSA does not encrypt large data directly.
For RSA-2048:
2048 bits = 256 bytesHowever, the complete 256 bytes cannot be used only for the message because OAEP padding also needs space.
So the actual message size must be smaller than the total RSA block size.
This project uses a safe limit:
RSA_MAX_BYTES = 190That is why RSA is suitable for:
Small messages
Keys
Secure key exchangeFor larger messages and files, AES is the better choice.
Base64 is not encryption.
Base64 is encoding.
Encrypted data is usually generated as raw bytes. Raw bytes may contain unreadable characters, so they are difficult to copy, paste, display, or download as text.
Base64 converts bytes into readable text.
Encrypted bytes
↓
Base64 textBase64 is used for:
Encrypted message
AES key
Initialization Vector
RSA ciphertextCorrect flow:
Message string
↓
UTF-8 bytes
↓
Encryption
↓
Ciphertext bytes
↓
Base64 textThe message is not converted to Base64 before encryption. Base64 is applied after encryption.
The application follows a modular workflow:
User Interface
↓
Encryption / Decryption Tab
↓
Crypto Service Layer
↓
AES or RSA Crypto Module
↓
Base64 Encoding / Decoding Utility
↓
Result Display and DownloadWhen AES encryption is selected:
1. User enters a message or uploads a file
2. Application generates a random 32-byte AES key
3. AES-CBC mode is initialized
4. A random 16-byte IV is generated
5. Message is converted into bytes
6. Padding is applied
7. Message is encrypted using AES-CBC
8. Ciphertext, AES key, and IV are converted to Base64
9. Encrypted message, key, and IV are displayed/downloadedFor AES decryption:
1. User provides encrypted message
2. User provides AES key
3. User provides IV
4. Base64 values are converted back to bytes
5. AES-CBC decryption is performed
6. Padding is removed
7. Original message is displayedWhen RSA encryption is selected:
1. User enters a small message
2. Application generates RSA-2048 public/private key pair
3. Public key is used for encryption
4. Message is converted into bytes
5. PKCS1_OAEP padding is applied
6. Message is encrypted using RSA public key
7. Ciphertext is converted to Base64
8. Encrypted message, public key, and private key are displayed/downloadedFor RSA decryption:
1. User provides encrypted message
2. User provides private key
3. Base64 ciphertext is converted back to bytes
4. Private key is imported
5. RSA-OAEP decryption is performed
6. Original message is displayed| Feature | AES-256 | RSA-2048 |
|---|---|---|
| Encryption Type | Symmetric | Asymmetric |
| Number of Keys | One key | Two keys |
| Encryption Key | Secret AES key | Public key |
| Decryption Key | Same AES key | Private key |
| Speed | Fast | Slower |
| Best For | Large messages/files | Small messages/key exchange |
| IV Required | Yes | No |
| Padding Used | pad() / unpad() |
PKCS1_OAEP |
| Output Encoding | Base64 | Base64 |
| Large File Support | Suitable | Not suitable |
git clone <your-repository-url>
cd Cyber-Security-Message-Encryption-mainpython -m venv venvActivate the environment:
venv\Scripts\activatesource venv/bin/activatepip install -r requirements.txtstreamlit run app.pyThe project mainly requires:
streamlit
pycryptodomeThese are stored inside requirements.txt.
1. Open the application
2. Go to the Encrypt tab
3. Select AES-256 encryption
4. Type a message or upload a file
5. Click Encrypt
6. Download:
- Encrypted message
- AES key
- IVTo decrypt AES encrypted data, the following are required:
Encrypted message
AES key
IV1. Open the application
2. Go to the Encrypt tab
3. Select RSA-2048 encryption
4. Type a small message
5. Click Encrypt
6. Download:
- Encrypted message
- Public key
- Private keyTo decrypt RSA encrypted data, the following are required:
Encrypted message
Private keyThis project is created for educational and demonstration purposes.
Important points:
1. Never share the AES key publicly.
2. Never share the RSA private key publicly.
3. Losing the AES key means the AES encrypted message cannot be recovered.
4. Losing the RSA private key means the RSA encrypted message cannot be recovered.
5. IV is required for AES-CBC decryption.
6. Base64 is not encryption; it only converts bytes into readable text.
7. RSA should not be used for large files or long messages.
8. AES is better for large data encryption.AES-CBC provides confidentiality, but it does not automatically provide strong tamper detection. For production-level systems, authenticated encryption modes such as AES-GCM are commonly preferred.
Possible future enhancements:
1. Add AES-GCM mode for authenticated encryption
2. Add hybrid encryption using RSA + AES together
3. Add password-based encryption
4. Add user authentication
5. Add encrypted file storage
6. Add better error handling for invalid keys
7. Add dark mode and advanced UI themes
8. Add encryption history section
9. Add QR code export for keys
10. Add automated tests for encryption and decryption modulesThis project helps understand:
AES symmetric encryption
RSA asymmetric encryption
Public/private key cryptography
AES-CBC mode
Initialization Vector
Padding and unpadding
PKCS1_OAEP padding
Base64 encoding
Streamlit web app development
Modular Python project structureThe Secure Message Encryption & Decryption Tool is a Python and Streamlit-based web application that demonstrates AES-256 and RSA-2048 encryption.
AES-256 is used for fast symmetric encryption and is suitable for large messages and files. It uses a 32-byte secret key, CBC mode, padding, and an initialization vector.
RSA-2048 is used for asymmetric encryption. It generates a public/private key pair where the public key encrypts the message and the private key decrypts it. RSA uses PKCS1_OAEP padding for improved security and is suitable only for small messages.
Base64 encoding is used to convert encrypted bytes, keys, and IV values into readable text format so they can be displayed, copied, and downloaded easily.
This project provides a practical and beginner-friendly demonstration of how secure message encryption and decryption works.
This project is licensed under the terms included in the LICENSE file.
STATUS: PROTECTED
AES-256: ACTIVE
RSA-2048: ACTIVE
STREAMLIT APP: DEPLOYED