I'm currently drafting an upcoming Python project, where I'm required to securely send a Python dictionary form a client to a server over the internet.
As of now, I'm considering a simple TCP communication and use AES to encrypt the dictionary before sending it.
My question is, whether this is possible. When I receive the information on the server, then decrypt it with a shared key, is the outcome still a dictionary?
There are some libraries that support the encryption of arbitrary objects, because they internally have a serializer/unserializer, but PyCrypto is not such a library. You will need to provide a binary string in Python 2 or a bytes object in Python 3.
In order to get those, you need to serialize a complex data structure such as a dictionary. After that, you can encrypt it and send through the socket. At the other end, you will need to decrypt it and unserialize. There are lots of ways for serialization. The answers to this question contain a few of them.
Unserializing foreign data can be quite dangerous, because some algorithms/formats are not designed to be resistant against fault attacks, such as Python's pickle. So it is very important to authenticate ciphertexts with a message authentication code, which must be verified before attempting decryption or even unserialization. This question contains an example.
