Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 09515f00076fa9cc709183d3e15393a9ce579974 / . / docs / primitives / symmetric-encryption.rst
blob: fb1a7cfc70e0142bdd15a75ef80ccfa8c12b47e7 [file] [log] [blame]
Alex Gaynorf6c47e92013-08-08 07:16:01 -0700[diff] [blame]1Symmetric Encryption
2====================
3
4Symmetric encryption is a way to encrypt (hide the plaintext value) material
5where the encrypter and decrypter both use the same key.
6
Alex Gaynor65678d02013-08-08 15:19:19 -0700[diff] [blame]7.. class:: cryptography.primitives.block.BlockCipher(cipher, mode)
Alex Gaynorf6c47e92013-08-08 07:16:01 -0700[diff] [blame]8
Alex Gaynor65678d02013-08-08 15:19:19 -0700[diff] [blame]9 Block ciphers work by encrypting content in chunks, often 64- or 128-bits.
10 Theycombine an underlying algorithm (such as AES), with a mode (such as CBC,
11 CTR, or GCM). A simple example of encrypting content with AES is:
Alex Gaynorf6c47e92013-08-08 07:16:01 -0700[diff] [blame]12
Alex Gaynor65678d02013-08-08 15:19:19 -0700[diff] [blame]13 .. code-block:: pycon
Alex Gaynorf6c47e92013-08-08 07:16:01 -0700[diff] [blame]14
Alex Gaynor65678d02013-08-08 15:19:19 -0700[diff] [blame]15 >>> from cryptography.primitives.block import BlockCipher, cipher, mode
16 >>> cipher = BlockCipher(cipher.AES(key), mode.CBC(iv))
17 >>> cipher.encrypt("my secret message") + cipher.finalize()
18 # The ciphertext
19 [...]
Alex Gaynorf6c47e92013-08-08 07:16:01 -0700[diff] [blame]20
Alex Gaynore62aa402013-08-08 15:23:11 -0700[diff] [blame]21 :param cipher: One of the ciphers described below.
22 :param mode: One of the modes described below.
Alex Gaynor0ca7fdb2013-08-08 07:35:26 -0700[diff] [blame]23
Alex Gaynor09515f02013-08-08 15:26:55 -0700[diff] [blame^]24 ``encrypt()`` should be called repeatedly with new plaintext, and once the
25 full plaintext is fed in, ``finalize()`` should be called.
26
Alex Gaynore62aa402013-08-08 15:23:11 -0700[diff] [blame]27 .. method:: encrypt(plaintext)
28
29 :param bytes plaintext: The text you wish to encrypt.
30 :return bytes: Returns the ciphertext that was added.
31
32 .. method:: finalize()
33
34 :return bytes: Returns the remainder of the ciphertext.
Alex Gaynord96d1002013-08-08 07:37:26 -0700[diff] [blame]35
36Ciphers
37~~~~~~~
38
Alex Gaynor4dd1c272013-08-08 11:39:21 -0700[diff] [blame]39.. class:: cryptography.primitives.block.cipher.AES(key)
Alex Gaynor5ba2dfa2013-08-08 11:04:44 -0700[diff] [blame]40
Alex Gaynor1e3f81f2013-08-08 11:31:43 -0700[diff] [blame]41 AES (Advanced Encryption Standard) is a block cipher standardized by NIST.
Alex Gaynor5ba2dfa2013-08-08 11:04:44 -0700[diff] [blame]42 AES is both fast, and cryptographically strong. It is a good default
43 choice for encryption.
44
45 :param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits.
Alex Gaynor48ec9a32013-08-08 11:13:46 -0700[diff] [blame]46 This must be kept secret.
Alex Gaynor5ba2dfa2013-08-08 11:04:44 -0700[diff] [blame]47
Alex Gaynord96d1002013-08-08 07:37:26 -0700[diff] [blame]48
49Modes
50~~~~~
51
Alex Gaynor4dd1c272013-08-08 11:39:21 -0700[diff] [blame]52.. class:: cryptography.primitives.block.mode.CBC(initialization_vector)
Alex Gaynor48ec9a32013-08-08 11:13:46 -0700[diff] [blame]53
54 CBC (Cipher block chaining) is a mode of operation for block ciphers. It is
55 considered cryptographically strong.
56
57 :param bytes initialization_vector: Must be random bytes. They do not need
58 to be kept secret (they can be included
Alex Gaynor2dc2b862013-08-08 11:58:04 -0700[diff] [blame]59 in a transmitted message). Must be the
60 same number of bytes as the
Alex Gaynor6badd9b2013-08-08 14:59:53 -0700[diff] [blame]61 ``block_size`` of the cipher. Do not
62 reuse an ``initialization_vector`` with
63 a given ``key``.