Navigation Menu

Skip to content

emartech/python-easy-crypto

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

EasyCrypto

Build Status

Provides simple wrappers around Python cryptography module. It is secure by default and compatible with the easy-crypto node module.

Example usage

from easycrypto import Crypto

plaintext = 'mysecretdata'
password = 'mypassword'

encrypted = Crypto.encrypt(password, plaintext)
decrypted = Crypto.decrypt(password, encrypted)
assert encrypted == decrypted

The crypto parts

The library is only a thin wrapper of python's own cryptography module. It uses well known and battle tested encryption techniques. It provides a convenient wrapper around these functions, taking away the details of using encryption correctly. Feel free to explore the source!

Encryption process

  1. A random so called password salt (12 random bytes) is used to create the 256 bit long encryption key from the password using pbkdf2 and 10000 as iteration count.
  2. The plaintext is encrypted using aes-256-gcm with the generated key and a 12 bytes long random initialization vector. The resulted ciphertext contains built-in integrity check as well.
  3. To enable decryption, the following data is concatenated into a buffer: password salt, initialization vector, ciphertext.
  4. It encodes the whole buffer using base64 and returns it.

Decryption process

  1. It decodes the base64 input to bytes
  2. It slices this data into: password salt, initialization vector, ciphertext.
  3. The password salt and the password are used to generate the 256 bit long encryption key using pbkdf2 and 10000 as iteration count (same as in encryption process).
  4. The ciphertext is decrypted using aes-256-gcm with the generated key and the initialization vector. During encryption the integrity of the data is also verified.

Found a bug? Have a comment?

Please find us, we would love your feedback!

Release

Tag your commit with x.y.z, then if all tests pass x.y.z version will be released on Pypi.

About

Provides a thin secure-by-default wrapper around Python's crypto functionality.

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages