Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 0d0896319f59fe7b03d8ef6a153275f87816976b / . / docs / fernet.rst
blob: 0122e364da6001118c55d6b0ca99dbbebce151e3 [file] [log] [blame]
Alex Gaynore9083292013-12-17 16:56:29 -0800[diff] [blame]1Fernet (Symmetric encryption)
2=============================
Alex Gaynor333fb102013-10-31 10:27:35 -0700[diff] [blame]3
4.. currentmodule:: cryptography.fernet
5
Alex Gaynor333fb102013-10-31 10:27:35 -0700[diff] [blame]6`Fernet`_ is an implementation of symmetric (also known as "secret key")
Alex Gaynor43307c72013-11-21 21:50:14 -0800[diff] [blame]7authenticated cryptography. Fernet provides guarantees that a message encrypted
Alex Gaynor333fb102013-10-31 10:27:35 -0700[diff] [blame]8using it cannot be manipulated or read without the key.
9
10.. class:: Fernet(key)
11
12 This class provides both encryption and decryption facilities.
13
14 .. doctest::
15
16 >>> from cryptography.fernet import Fernet
Alex Gaynor36597b42013-11-22 10:25:13 -0800[diff] [blame]17 >>> key = Fernet.generate_key()
Alex Gaynor333fb102013-10-31 10:27:35 -0700[diff] [blame]18 >>> f = Fernet(key)
Alex Gaynor0d089632013-12-17 20:23:43 -0800[diff] [blame^]19 >>> token = f.encrypt(b"my deep dark secret")
20 >>> token
Alex Gaynorde475eb2013-10-31 10:35:19 -0700[diff] [blame]21 '...'
Alex Gaynor0d089632013-12-17 20:23:43 -0800[diff] [blame^]22 >>> f.decrypt(token)
Alex Gaynor333fb102013-10-31 10:27:35 -0700[diff] [blame]23 'my deep dark secret'
24
Alex Gaynor7a121fc2013-11-22 10:18:30 -0800[diff] [blame]25 :param bytes key: A URL-safe base64-encoded 32-byte key. This **must** be
26 kept secret. Anyone with this key is able to create and
27 read messages.
Alex Gaynor333fb102013-10-31 10:27:35 -0700[diff] [blame]28
Alex Gaynor36597b42013-11-22 10:25:13 -0800[diff] [blame]29 .. classmethod:: generate_key()
30
31 Generates a fresh fernet key. Keep this some place safe! If you lose it
32 you'll no longer be able to decrypt messages; if anyone else gains
Alex Gaynor6cf242b2013-12-16 11:17:07 -0800[diff] [blame]33 access to it, they'll be able to decrypt all of your messages, and
34 they'll also be able forge arbitrary messages which will be
35 authenticated and decrypted.
Alex Gaynor333fb102013-10-31 10:27:35 -0700[diff] [blame]36
37 .. method:: encrypt(plaintext)
38
39 :param bytes plaintext: The message you would like to encrypt.
40 :returns bytes: A secure message which cannot be read or altered
Alex Gaynor0d089632013-12-17 20:23:43 -0800[diff] [blame^]41 without the key. It is URL-safe base64-encoded. This is
42 refered to as a "Fernet token".
Alex Gaynor333fb102013-10-31 10:27:35 -0700[diff] [blame]43
Alex Gaynor0d089632013-12-17 20:23:43 -0800[diff] [blame^]44 .. method:: decrypt(token, ttl=None)
Alex Gaynor333fb102013-10-31 10:27:35 -0700[diff] [blame]45
Alex Gaynor0d089632013-12-17 20:23:43 -0800[diff] [blame^]46 :param bytes token: The Fernet token. This is the result of calling
47 :meth:`encrypt`.
Alex Gaynor333fb102013-10-31 10:27:35 -0700[diff] [blame]48 :param int ttl: Optionally, the number of seconds old a message may be
49 for it to be valid. If the message is older than
50 ``ttl`` seconds (from the time it was originally
Alex Gaynor13e0d542013-10-31 10:38:04 -0700[diff] [blame]51 created) an exception will be raised. If ``ttl`` is not
52 provided (or is ``None``), the age of the message is
53 not considered.
Alex Gaynor333fb102013-10-31 10:27:35 -0700[diff] [blame]54 :returns bytes: The original plaintext.
Alex Gaynor0d089632013-12-17 20:23:43 -0800[diff] [blame^]55 :raises InvalidToken: If the ``token`` is in any way invalid, this
56 exception is raised. A token may be invalid for a
57 number of reasons: it is older than the ``ttl``,
58 it is malformed, or it does not have a valid
59 signature.
Alex Gaynor7a121fc2013-11-22 10:18:30 -0800[diff] [blame]60
61
62.. class:: InvalidToken
63
64 See :meth:`Fernet.decrypt` for more information.
Alex Gaynor333fb102013-10-31 10:27:35 -0700[diff] [blame]65
66
67.. _`Fernet`: https://github.com/fernet/spec/