| Alex Gaynor | f6c47e9 | 2013-08-08 07:16:01 -0700 | [diff] [blame] | 1 | Symmetric Encryption |
| 2 | ==================== |
| 3 | |
| 4 | Symmetric encryption is a way to encrypt (hide the plaintext value) material |
| 5 | where the encrypter and decrypter both use the same key. |
| 6 | |
| 7 | Block ciphers |
| 8 | ------------- |
| 9 | |
| 10 | Block ciphers work by encrypting content in chunks, often 64- or 128-bits. They |
| 11 | combine an underlying algorithm (such as AES), with a mode (such as CBC, CTR, |
| 12 | or GCM). A simple example of encrypting content with AES is: |
| 13 | |
| 14 | .. code-block:: pycon |
| 15 | |
| 16 | >>> from cryptography.primitives import BlockCipher, CBC |
| 17 | >>> from cryptography.primitives.aes import AES |
| 18 | >>> cipher = BlockCipher(AES(key), CBC(iv)) |
| 19 | >>> cipher.encrypt("my secret message") + cipher.finalize() |
| 20 | # The ciphertext |
| 21 | [...] |
| 22 | |
| Alex Gaynor | 0ca7fdb | 2013-08-08 07:35:26 -0700 | [diff] [blame^] | 23 | Here ``key`` is the encryption key (which must be kept secret), and ``iv`` is |
| 24 | the initialization vector (which should be random). Exactly what form these |
| 25 | values should take is described for each of the ciphers and modes. |
| 26 | |
| 27 | ``encrypt()`` should be called repeatedly with additional plaintext, and it |
| 28 | will return the encrypted bytes, if there isn't enough data, it will buffer it |
| 29 | internally. ``finalize()`` should be called at the end, and will return |
| 30 | whatever data is left. |