Skip to content

Latest commit

 

History

History
139 lines (90 loc) · 3.85 KB

api.rst

File metadata and controls

139 lines (90 loc) · 3.85 KB
Raw

Library reference

pep272_encryption

The PEP272Cipher class

Subclass and overwrite the PEP272Cipher.encrypt_block and PEP272Cipher.decrypt_block methods and the block_size attribute.

pep272_encryption.PEP272Cipher

Block cipher mode of operation

Note

For mote details about different modes of operation, see Discussions/discussion-modes.

Block ciphers can be used in different modes of operation. The mode of operation can be set by passing one of the constants to the cipher object. Different modes of operation may require to pass extra arguments to the constructor.

Below is an example from the mostly PEP-272 compliant PyCryptodome.

>>> from Crypto.Cipher import AES
>>> iv = b'random 16 bytes!'
>>> key = b'0123456789abcdef'
>>> cipher = AES.new(key, mode=AES.MODE_CBC, IV=iv)
>>> cipher.encrypt(b'\00'*16)
b'j\xa2\xb5\x80\xf7\xbd\xb4I\xda\xea\x9aN\x9d\xb5\x9a\x17'

This library supports following modes of operation:

  • Electronic code book (ECB)
  • Cipher Block Chaining (CBC)
  • Cipher Feedback (CFB)
  • Output Feedback (OFB)
  • Counter (CTR)

Not supported is, but may be implemented in the future:

  • PGP variant of CFB (PGP)

Planned modes are (extending to PEP-272):

  • Propagating Cipher Block Chaining (PCBC), used in older Kerberos versions
  • Infinite Garble Extension (IGE), used by Telegram.
  • OpenPGP mode, compatible to PyCrypto or PyCryptodome.

Authenticated encryption (AE) or authenticated encryption with associated data (AEAD) will probably not be supported, as they would require additional methods to finalize the encryption and sometimes have special requirements.

Electronic Code Book Mode (ECB)

pep272_encryption.MODE_ECB

Warning

The ECB mode is not semantically secure.

The ECB mode of operation is the simplest one - each plaintext block is independently encrypted.

param test

bla

Cipher Block Chaining Mode (CBC)

pep272_encryption.MODE_CBC

To solve the problems of the ECB mode, a plaintext block is xored to the previous ciphertext block. For the very "first" ciphertext an initialization vector (IV) is used.

Plain- / ciphertexts must be multiple of blocksize in length.

Cipher Feedback Mode (CFB)

pep272_encryption.MODE_CFB

The CFB mode of operation makes a stream cipher out of the block cipher. The block size of the cipher is reduced to segment_size.

Plain- and ciphertext must be a multiple of segment_size in length.

Output Feedback (OFB)

pep272_encryption.MODE_OFB

OFB uses a CBC encryption of a stream of null bytes to create a keystream.

Counter mode of operation

pep272_encryption.MODE_CTR

CTR encrypts a counter to create a keystream.

Utility functions

pep272_encryption.util

Version information and metadata

pep272_encryption.version

pep272_encryption.version.__version__

pep272_encryption.version.__author__

pep272_encryption.version.__email__

pep272_encryption.version.__license__

pep272_encryption.version.__url__