Base Module#

hycrypt is a module with functions for basic encrypt & decrypt and password-based hybrid cryptosystem

hycrypt.decrypt(ciphertext, encrypted_symmetric_key, private_key, padding_hash_algorithm=SHA256())[source]#

Decrypt ciphertext into plaintext.

Parameters:

ciphertext (bytes) – The message you want to decrypt
encrypted_symmetric_key (bytes) – The encrypted symmetric key used to encrypt the message
private_key (RSAPrivateKey) – The private key for decrypting the encrypted symmetric key
padding_hash_algorithm (HashAlgorithm, optional) – Hash algorithm for asymmetric padding. Defaults to SHA256().

Returns:

plaintext

Return type:

bytes

hycrypt.decrypt_data(encrypted_data, private_key, padding_hash_algorithm=SHA256())[source]#

Parse the encrypted data into encrypted symmetric key and ciphertext, then decrypt into plaintext.

Parameters:

encrypted_data (bytes) – The encrypted data consisting of encrypted symmetric key concatenated to ciphertext
private_key (RSAPrivateKey) – The private key for decrypting the encrypted symmetric key
padding_hash_algorithm (HashAlgorithm) – Hash algorithm for asymmetric padding. Defaults to SHA256().

Raises:

ValueError – Unrecognized encryption format. Raises when the data is not splited by —ENDKEY— into

:raises encrypted symmetric key` and :py:class:`ciphertext.:

Returns:: plaintext
Return type:: bytes

hycrypt.decrypt_with_password(encrypted_data, password, padding_hash_algorithm=SHA256())[source]#

Use password to decrypt the data into plaintext and the public key.

Parameters:

encrypted_data (bytes) – The data you want to decrypt
password (bytes) – The password used to encrypt
padding_hash_algorithm (HashAlgorithm) – Hash algorithm for asymmetric padding. Defaults to SHA256().

Raises:

ValueError – Decryption failed. Raises when the private key stored does not correspond to the public key used to encrypt the data. This suggests that the data had been modified or encrypt using unrelated public key.

Returns:

plaintext RSAPublicKey: public_key

Return type:

bytes

hycrypt.encrypt(plaintext, public_key, padding_hash_algorithm=SHA256())[source]#

Encrypt plaintext into encrypted_symmetric_key and ciphertext.

Parameters:

plaintext (bytes) – The message you want to encrypt
public_key (RSAPublicKey) – The recipient RSA public key
padding_hash_algorithm (HashAlgorithm, optional) – Hash algorithm for asymmetric padding. Defaults to SHA256().

Returns:

encrypted_symmetric_key, ciphertext

Return type:

tuple[bytes, bytes]

hycrypt.encrypt_data(plaintext, public_key, padding_hash_algorithm=SHA256())[source]#

Encrypt plaintext and concatenate the ciphertext to the encrypted symmetric key.

Parameters:

plaintext (bytes) – The message you want to encrypt
public_key (RSAPublicKey) – The recipient RSA public key
padding_hash_algorithm (HashAlgorithm, optional) – Hash algorithm for asymmetric padding. Defaults to SHA256().

Returns:

encrypted_data

Return type:

bytes

hycrypt.encrypt_with_password(plaintext, password, padding_hash_algorithm=SHA256(), salt_length=16, public_exponent=65537, key_size=2048)[source]#

Use password to encrypt plaintext using hybrid encryption.

This function will generate a random RSA key pair. - Salt is a random bytes added to the password protecting the encrypted private key to defend against precomputed table attacks. - The public key can be stored and used to encrypt data at other times. Public keys can be shared. The encryption is one way, which means other people or you can encrypt the new data using this public key, and you can decrypt the message with password. - The key should be at least 2048 bits. The larger the key, the more secure, at the expense of computation time to derive the key which increases non-linearly. For security beyond 2030, 3072-bit is recommended.

Parameters:

plaintext (bytes) – The message you want to encrypt
password (bytes) – The password for hybrid encryption
padding_hash_algorithm (HashAlgorithm, optional) – Hash algorithm for asymmetric padding. Defaults to SHA256().
salt_length (int, optional) – The length of salt in bytes. Defaults to 16.
public_exponent (int, optional) – The public exponent of the key. You should always use 65537. Defaults to 65537.
key_size (int, optional) – The size of the new asymmetric key in bits. Defaults to 2048.

Returns:

encrypted_data, public_key

Return type:

tuple[bytes, RSAPublicKey]

hycrypt.encrypt_with_public_key(previous_data, plaintext, public_key, padding_hash_algorithm=SHA256())[source]#

Use public key to encrypt plaintext using hybrid encryption.

The encrypted data can later be decrypt with corresponding password. The data that was previously encrypted using password or re-encrypted using this function is required to parse the salt and private serial to later allow decryption with password. This function will not generate a new RSA key pair.

Parameters:

previous_data (bytes) – The data previously encrypted using password
plaintext (bytes) – The message you want to encrypt
public_key (RSAPublicKey) – The RSA public key to use in the encryption.
padding_hash_algorithm (HashAlgorithm) – Hash algorithm for asymmetric padding. Defaults to SHA256().

Returns:

encrypted_data

Return type:

bytes

hycrypt.generate_key_pair(public_exponent=65537, key_size=2048)[source]#

Generate an RSA key pair.

The key should be at least 2048 bits. The larger the key, the more secure, at the expense of computation time to derive the key which increases non-linearly. For security beyond 2030, 3072-bit is recommended.

Parameters:

public_exponent (int, optional) – The public exponent of the key. You should always use 65537. Defaults to 65537.
key_size (int, optional) – The size of the new asymmetric key in bits. The key should be at least 2048 bits. The computation time for the key increases non-linearly by the key size. For security beyond 2030, 3072-bit is recommended. Defaults to 2048.

Returns:

private_key, public_key

Return type:

tuple[RSAPrivateKey, RSAPublicKey]

Base Module#

This Page