| Alex Gaynor | 1abfac7 | 2013-08-07 12:59:04 -0700 | [diff] [blame] | 1 | Welcome to ``cryptography`` |
| 2 | =========================== |
| 3 | |
| Alex Gaynor | 66ba601 | 2013-10-28 10:11:21 -0700 | [diff] [blame] | 4 | ``cryptography`` is a Python library which exposes cryptographic recipes and |
| Alex Gaynor | 1bcad7b | 2014-04-02 14:46:56 -0700 | [diff] [blame] | 5 | primitives. Our goal is for it to be your "cryptographic standard library". If |
| 6 | you are interested in learning more about the field of cryptography, we |
| 7 | recommend `Crypto 101, by Laurens Van Houtven`_. |
| Alex Gaynor | 31df535 | 2013-12-12 18:03:26 -0800 | [diff] [blame] | 8 | |
| skeuomorf | b0293bf | 2014-01-29 21:41:02 +0200 | [diff] [blame] | 9 | Installation |
| 10 | ------------ |
| 11 | You can install ``cryptography`` with ``pip``: |
| 12 | |
| 13 | .. code-block:: console |
| 14 | |
| 15 | $ pip install cryptography |
| 16 | |
| Paul Kehrer | f3b57e3 | 2014-01-29 14:45:10 -0600 | [diff] [blame] | 17 | See :doc:`Installation <installation>` for more information. |
| skeuomorf | b0293bf | 2014-01-29 21:41:02 +0200 | [diff] [blame] | 18 | |
| Alex Gaynor | 9f3468d | 2013-08-11 08:17:48 -0400 | [diff] [blame] | 19 | Why a new crypto library for Python? |
| 20 | ------------------------------------ |
| 21 | |
| Alex Gaynor | 31df535 | 2013-12-12 18:03:26 -0800 | [diff] [blame] | 22 | If you've done cryptographic work in Python before, you've probably seen some |
| 23 | other libraries in Python, such as *M2Crypto*, *PyCrypto*, or *PyOpenSSL*. In |
| 24 | building ``cryptography`` we wanted to address a few issues we observed in the |
| 25 | existing libraries: |
| Alex Gaynor | 9f3468d | 2013-08-11 08:17:48 -0400 | [diff] [blame] | 26 | |
| Alex Gaynor | d8d91d4 | 2013-08-12 09:33:18 -0400 | [diff] [blame] | 27 | * Lack of PyPy and Python 3 support. |
| Alex Gaynor | d6bef56 | 2013-08-11 09:09:28 -0400 | [diff] [blame] | 28 | * Lack of maintenance. |
| Alex Gaynor | ec4ba73 | 2013-08-11 08:19:05 -0400 | [diff] [blame] | 29 | * Use of poor implementations of algorithms (i.e. ones with known side-channel |
| Alex Gaynor | d6bef56 | 2013-08-11 09:09:28 -0400 | [diff] [blame] | 30 | attacks). |
| 31 | * Lack of high level, "Cryptography for humans", APIs. |
| Alex Gaynor | 7ba1392 | 2014-02-03 15:00:48 -0800 | [diff] [blame] | 32 | * Absence of algorithms such as |
| 33 | :class:`AES-GCM <cryptography.hazmat.primitives.ciphers.modes.GCM>` and |
| 34 | :class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDF`. |
| Alex Gaynor | d6bef56 | 2013-08-11 09:09:28 -0400 | [diff] [blame] | 35 | * Poor introspectability, and thus poor testability. |
| Alex Gaynor | f0d139a | 2013-08-11 09:13:27 -0400 | [diff] [blame] | 36 | * Extremely error prone APIs, and bad defaults. |
| Alex Gaynor | 9f3468d | 2013-08-11 08:17:48 -0400 | [diff] [blame] | 37 | |
| Alex Gaynor | 59a6bc6 | 2014-02-18 18:13:48 -0800 | [diff] [blame] | 38 | |
| 39 | .. _cryptography-layout: |
| 40 | |
| Alex Gaynor | 7c06746 | 2013-12-16 10:11:00 -0800 | [diff] [blame] | 41 | Layout |
| 42 | ------ |
| Alex Gaynor | 9f3468d | 2013-08-11 08:17:48 -0400 | [diff] [blame] | 43 | |
| Alex Gaynor | 7c06746 | 2013-12-16 10:11:00 -0800 | [diff] [blame] | 44 | ``cryptography`` is broadly divided into two levels. One with safe |
| 45 | cryptographic recipes, "cryptography for humans" if you will. These are safe |
| 46 | and easy to use and don't require developers to make many decisions. |
| 47 | |
| 48 | The other level is low-level cryptographic primitives. These are often |
| 49 | dangerous and can be used incorrectly. They require making decisions and having |
| 50 | an in-depth knowledge of the cryptographic concepts at work. Because of the |
| Alex Gaynor | df8bfea | 2013-12-16 10:17:48 -0800 | [diff] [blame] | 51 | potential danger in working at this level, this is referred to as the |
| Alex Gaynor | 77762bc | 2014-01-01 07:53:48 -0800 | [diff] [blame] | 52 | "hazardous materials" or "hazmat" layer. These live in the |
| Alex Gaynor | d8614a2 | 2014-01-01 08:22:40 -0800 | [diff] [blame] | 53 | ``cryptography.hazmat`` package, and their documentation will always contain an |
| Alex Gaynor | 77762bc | 2014-01-01 07:53:48 -0800 | [diff] [blame] | 54 | admonition at the top. |
| Alex Gaynor | 7c06746 | 2013-12-16 10:11:00 -0800 | [diff] [blame] | 55 | |
| 56 | We recommend using the recipes layer whenever possible, and falling back to the |
| 57 | hazmat layer only when necessary. |
| 58 | |
| Alex Gaynor | c62e91f | 2013-08-06 19:25:52 -0700 | [diff] [blame] | 59 | .. toctree:: |
| Alex Gaynor | 1abfac7 | 2013-08-07 12:59:04 -0700 | [diff] [blame] | 60 | :maxdepth: 2 |
| anarcat | fd2b27a | 2017-03-20 18:03:12 -0400 | [diff] [blame] | 61 | :caption: The recipes layer |
| Alex Gaynor | 1abfac7 | 2013-08-07 12:59:04 -0700 | [diff] [blame] | 62 | |
| Alex Gaynor | 333fb10 | 2013-10-31 10:27:35 -0700 | [diff] [blame] | 63 | fernet |
| Alex Gaynor | 4af5b37 | 2015-07-12 10:30:59 -0500 | [diff] [blame] | 64 | x509/index |
| Alex Gaynor | 2a70f91 | 2014-02-06 09:47:07 -0800 | [diff] [blame] | 65 | random-numbers |
| Alex Gaynor | f1a3fc0 | 2013-11-02 14:03:34 -0700 | [diff] [blame] | 66 | exceptions |
| Alex Gaynor | de06b29 | 2014-02-18 16:40:09 -0800 | [diff] [blame] | 67 | faq |
| Alex Gaynor | 8c9dcb3 | 2013-11-03 13:10:57 -0800 | [diff] [blame] | 68 | glossary |
| Donald Stufft | f04317a | 2013-10-27 16:44:30 -0400 | [diff] [blame] | 69 | |
| Donald Stufft | f04317a | 2013-10-27 16:44:30 -0400 | [diff] [blame] | 70 | .. toctree:: |
| 71 | :maxdepth: 2 |
| anarcat | fd2b27a | 2017-03-20 18:03:12 -0400 | [diff] [blame] | 72 | :caption: The hazardous materials layer |
| Donald Stufft | f04317a | 2013-10-27 16:44:30 -0400 | [diff] [blame] | 73 | |
| 74 | hazmat/primitives/index |
| Alex Gaynor | f8796b1 | 2013-12-13 20:28:55 -0800 | [diff] [blame] | 75 | hazmat/backends/index |
| Alex Stapleton | c368ac2 | 2013-12-31 13:43:38 +0000 | [diff] [blame] | 76 | hazmat/bindings/index |
| Alex Gaynor | 7c06746 | 2013-12-16 10:11:00 -0800 | [diff] [blame] | 77 | |
| Alex Gaynor | 7c06746 | 2013-12-16 10:11:00 -0800 | [diff] [blame] | 78 | .. toctree:: |
| 79 | :maxdepth: 2 |
| anarcat | fd2b27a | 2017-03-20 18:03:12 -0400 | [diff] [blame] | 80 | :caption: The cryptography open source project |
| Alex Gaynor | 7c06746 | 2013-12-16 10:11:00 -0800 | [diff] [blame] | 81 | |
| skeuomorf | b0293bf | 2014-01-29 21:41:02 +0200 | [diff] [blame] | 82 | installation |
| Paul Kehrer | 0839aa8 | 2014-02-11 22:36:51 -0600 | [diff] [blame] | 83 | development/index |
| Alex Gaynor | 7c06746 | 2013-12-16 10:11:00 -0800 | [diff] [blame] | 84 | security |
| Alex Stapleton | 68bba2d | 2014-03-22 23:03:15 +0000 | [diff] [blame] | 85 | limitations |
| Alex Gaynor | 1a9bbf2 | 2013-12-24 10:59:50 -0800 | [diff] [blame] | 86 | api-stability |
| Alex Gaynor | 89063f6 | 2014-01-06 15:52:38 -0800 | [diff] [blame] | 87 | doing-a-release |
| Alex Gaynor | 3f23040 | 2014-01-08 09:21:57 -0800 | [diff] [blame] | 88 | changelog |
| Alex Gaynor | 7c06746 | 2013-12-16 10:11:00 -0800 | [diff] [blame] | 89 | community |
| Alex Gaynor | a8fc6f3 | 2014-01-23 10:48:16 -0600 | [diff] [blame] | 90 | |
| 91 | |
| Alex Gaynor | 92ddd76 | 2014-03-03 19:39:40 -0800 | [diff] [blame] | 92 | .. note:: |
| 93 | |
| 94 | ``cryptography`` has not been subjected to an external audit of its code or |
| 95 | documentation. If you're interested in discussing an audit please |
| Alex Gaynor | 0df8c97 | 2014-03-03 19:43:50 -0800 | [diff] [blame] | 96 | :doc:`get in touch </community>`. |
| Alex Gaynor | 92ddd76 | 2014-03-03 19:39:40 -0800 | [diff] [blame] | 97 | |
| Alex Gaynor | 1bcad7b | 2014-04-02 14:46:56 -0700 | [diff] [blame] | 98 | .. _`Crypto 101, by Laurens Van Houtven`: https://www.crypto101.io/ |