| Alex Gaynor | f6c47e9 | 2013-08-08 07:16:01 -0700 | [diff] [blame] | 1 | Symmetric Encryption |
| 2 | ==================== |
| 3 | |
| 4 | Symmetric encryption is a way to encrypt (hide the plaintext value) material |
| 5 | where the encrypter and decrypter both use the same key. |
| 6 | |
| 7 | Block ciphers |
| 8 | ------------- |
| 9 | |
| 10 | Block ciphers work by encrypting content in chunks, often 64- or 128-bits. They |
| 11 | combine an underlying algorithm (such as AES), with a mode (such as CBC, CTR, |
| 12 | or GCM). A simple example of encrypting content with AES is: |
| 13 | |
| 14 | .. code-block:: pycon |
| 15 | |
| Alex Gaynor | 4dd1c27 | 2013-08-08 11:39:21 -0700 | [diff] [blame^] | 16 | >>> from cryptography.primitives.block import BlockCipher, cipher, mode |
| 17 | >>> cipher = BlockCipher(cipher.AES(key), mode.CBC(iv)) |
| Alex Gaynor | f6c47e9 | 2013-08-08 07:16:01 -0700 | [diff] [blame] | 18 | >>> cipher.encrypt("my secret message") + cipher.finalize() |
| 19 | # The ciphertext |
| 20 | [...] |
| 21 | |
| Alex Gaynor | 0ca7fdb | 2013-08-08 07:35:26 -0700 | [diff] [blame] | 22 | Here ``key`` is the encryption key (which must be kept secret), and ``iv`` is |
| Alex Gaynor | e786943 | 2013-08-08 07:39:26 -0700 | [diff] [blame] | 23 | the initialization vector (which must be random). Exactly what form these |
| Alex Gaynor | 0ca7fdb | 2013-08-08 07:35:26 -0700 | [diff] [blame] | 24 | values should take is described for each of the ciphers and modes. |
| 25 | |
| 26 | ``encrypt()`` should be called repeatedly with additional plaintext, and it |
| 27 | will return the encrypted bytes, if there isn't enough data, it will buffer it |
| 28 | internally. ``finalize()`` should be called at the end, and will return |
| 29 | whatever data is left. |
| Alex Gaynor | d96d100 | 2013-08-08 07:37:26 -0700 | [diff] [blame] | 30 | |
| 31 | Ciphers |
| 32 | ~~~~~~~ |
| 33 | |
| Alex Gaynor | 4dd1c27 | 2013-08-08 11:39:21 -0700 | [diff] [blame^] | 34 | .. class:: cryptography.primitives.block.cipher.AES(key) |
| Alex Gaynor | 5ba2dfa | 2013-08-08 11:04:44 -0700 | [diff] [blame] | 35 | |
| Alex Gaynor | 1e3f81f | 2013-08-08 11:31:43 -0700 | [diff] [blame] | 36 | AES (Advanced Encryption Standard) is a block cipher standardized by NIST. |
| Alex Gaynor | 5ba2dfa | 2013-08-08 11:04:44 -0700 | [diff] [blame] | 37 | AES is both fast, and cryptographically strong. It is a good default |
| 38 | choice for encryption. |
| 39 | |
| 40 | :param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits. |
| Alex Gaynor | 48ec9a3 | 2013-08-08 11:13:46 -0700 | [diff] [blame] | 41 | This must be kept secret. |
| Alex Gaynor | 5ba2dfa | 2013-08-08 11:04:44 -0700 | [diff] [blame] | 42 | |
| Alex Gaynor | d96d100 | 2013-08-08 07:37:26 -0700 | [diff] [blame] | 43 | |
| 44 | Modes |
| 45 | ~~~~~ |
| 46 | |
| Alex Gaynor | 4dd1c27 | 2013-08-08 11:39:21 -0700 | [diff] [blame^] | 47 | .. class:: cryptography.primitives.block.mode.CBC(initialization_vector) |
| Alex Gaynor | 48ec9a3 | 2013-08-08 11:13:46 -0700 | [diff] [blame] | 48 | |
| 49 | CBC (Cipher block chaining) is a mode of operation for block ciphers. It is |
| 50 | considered cryptographically strong. |
| 51 | |
| 52 | :param bytes initialization_vector: Must be random bytes. They do not need |
| 53 | to be kept secret (they can be included |
| Alex Gaynor | c651f76 | 2013-08-08 11:17:56 -0700 | [diff] [blame] | 54 | in a transmitted message). Should be |
| Alex Gaynor | a1b98f9 | 2013-08-08 11:37:25 -0700 | [diff] [blame] | 55 | the same number of bytes as the |
| 56 | ``block_size`` of the cipher. |