An authenticated encryption mode. Works on Pythonista without installing any additional modules. (Pythonista includes, but does not document, the PyCrypto module.) To use with Python, do
pip install -r requirements.txt
To generate a keypair for yourself, do
k_curve25519.pub to whomever you want to message you.
To encrypt a message to a recipient, do
To decrypt a message encrypted under your public key, using a key saved in a keyfile, do
The public keys are just plain base64 files.
Encryption mode summary
Uses elliptic-curve Diffie-Hellman key exchange on djb's Curve25519, AES-256 in CTR mode, and HMAC-SHA512 over the encrypted message. The encryption and authentication keys are derived using a random nonce and the ECDH shared-secret. HMAC-SHA512 is used as the key-derivation-function.
This provides nonceless deniable encryption. Note that it leaks message length. This will be changed in a future version; a padding byte is included, so messages using this version are future-compatible.
The Curve25519 implementation in pure Python is directly adapted from djb's naclcrypto-20090310 spec.
(The Montgomery ladder routine has been converted to imperative form to avoid running out of stack-space on some Pythonista builds.)
encrypt generates an ephemeral keypair, derives an AES key and an HMAC
key, and encrypts and authenticates a message.