| Alex Gaynor | f6c47e9 | 2013-08-08 07:16:01 -0700 | [diff] [blame] | 1 | Symmetric Encryption |
| 2 | ==================== |
| 3 | |
| 4 | Symmetric encryption is a way to encrypt (hide the plaintext value) material |
| 5 | where the encrypter and decrypter both use the same key. |
| 6 | |
| Alex Gaynor | 65678d0 | 2013-08-08 15:19:19 -0700 | [diff] [blame] | 7 | .. class:: cryptography.primitives.block.BlockCipher(cipher, mode) |
| Alex Gaynor | f6c47e9 | 2013-08-08 07:16:01 -0700 | [diff] [blame] | 8 | |
| Alex Gaynor | 65678d0 | 2013-08-08 15:19:19 -0700 | [diff] [blame] | 9 | Block ciphers work by encrypting content in chunks, often 64- or 128-bits. |
| 10 | Theycombine an underlying algorithm (such as AES), with a mode (such as CBC, |
| 11 | CTR, or GCM). A simple example of encrypting content with AES is: |
| Alex Gaynor | f6c47e9 | 2013-08-08 07:16:01 -0700 | [diff] [blame] | 12 | |
| Alex Gaynor | 65678d0 | 2013-08-08 15:19:19 -0700 | [diff] [blame] | 13 | .. code-block:: pycon |
| Alex Gaynor | f6c47e9 | 2013-08-08 07:16:01 -0700 | [diff] [blame] | 14 | |
| Alex Gaynor | 65678d0 | 2013-08-08 15:19:19 -0700 | [diff] [blame] | 15 | >>> from cryptography.primitives.block import BlockCipher, cipher, mode |
| 16 | >>> cipher = BlockCipher(cipher.AES(key), mode.CBC(iv)) |
| 17 | >>> cipher.encrypt("my secret message") + cipher.finalize() |
| 18 | # The ciphertext |
| 19 | [...] |
| Alex Gaynor | f6c47e9 | 2013-08-08 07:16:01 -0700 | [diff] [blame] | 20 | |
| Alex Gaynor | e62aa40 | 2013-08-08 15:23:11 -0700 | [diff] [blame^] | 21 | :param cipher: One of the ciphers described below. |
| 22 | :param mode: One of the modes described below. |
| Alex Gaynor | 0ca7fdb | 2013-08-08 07:35:26 -0700 | [diff] [blame] | 23 | |
| Alex Gaynor | e62aa40 | 2013-08-08 15:23:11 -0700 | [diff] [blame^] | 24 | .. method:: encrypt(plaintext) |
| 25 | |
| 26 | :param bytes plaintext: The text you wish to encrypt. |
| 27 | :return bytes: Returns the ciphertext that was added. |
| 28 | |
| 29 | .. method:: finalize() |
| 30 | |
| 31 | :return bytes: Returns the remainder of the ciphertext. |
| Alex Gaynor | d96d100 | 2013-08-08 07:37:26 -0700 | [diff] [blame] | 32 | |
| 33 | Ciphers |
| 34 | ~~~~~~~ |
| 35 | |
| Alex Gaynor | 4dd1c27 | 2013-08-08 11:39:21 -0700 | [diff] [blame] | 36 | .. class:: cryptography.primitives.block.cipher.AES(key) |
| Alex Gaynor | 5ba2dfa | 2013-08-08 11:04:44 -0700 | [diff] [blame] | 37 | |
| Alex Gaynor | 1e3f81f | 2013-08-08 11:31:43 -0700 | [diff] [blame] | 38 | AES (Advanced Encryption Standard) is a block cipher standardized by NIST. |
| Alex Gaynor | 5ba2dfa | 2013-08-08 11:04:44 -0700 | [diff] [blame] | 39 | AES is both fast, and cryptographically strong. It is a good default |
| 40 | choice for encryption. |
| 41 | |
| 42 | :param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits. |
| Alex Gaynor | 48ec9a3 | 2013-08-08 11:13:46 -0700 | [diff] [blame] | 43 | This must be kept secret. |
| Alex Gaynor | 5ba2dfa | 2013-08-08 11:04:44 -0700 | [diff] [blame] | 44 | |
| Alex Gaynor | d96d100 | 2013-08-08 07:37:26 -0700 | [diff] [blame] | 45 | |
| 46 | Modes |
| 47 | ~~~~~ |
| 48 | |
| Alex Gaynor | 4dd1c27 | 2013-08-08 11:39:21 -0700 | [diff] [blame] | 49 | .. class:: cryptography.primitives.block.mode.CBC(initialization_vector) |
| Alex Gaynor | 48ec9a3 | 2013-08-08 11:13:46 -0700 | [diff] [blame] | 50 | |
| 51 | CBC (Cipher block chaining) is a mode of operation for block ciphers. It is |
| 52 | considered cryptographically strong. |
| 53 | |
| 54 | :param bytes initialization_vector: Must be random bytes. They do not need |
| 55 | to be kept secret (they can be included |
| Alex Gaynor | 2dc2b86 | 2013-08-08 11:58:04 -0700 | [diff] [blame] | 56 | in a transmitted message). Must be the |
| 57 | same number of bytes as the |
| Alex Gaynor | 6badd9b | 2013-08-08 14:59:53 -0700 | [diff] [blame] | 58 | ``block_size`` of the cipher. Do not |
| 59 | reuse an ``initialization_vector`` with |
| 60 | a given ``key``. |