Blame - docs/primitives/symmetric-encryption.rst - platform/external/python/cryptography

Alex Gaynor

f6c47e9

2013-08-08 07:16:01 -0700

[diff] [blame]

Symmetric Encryption

====================

Donald Stufft

2013-08-12 07:34:39 -0400

[diff] [blame]

.. testsetup::

import binascii

key = binascii.unhexlify(b"0" * 32)

8

iv = binascii.unhexlify(b"0" * 32)

9

10

Alex Gaynor

f6c47e9

2013-08-08 07:16:01 -0700

[diff] [blame]

11

Symmetric encryption is a way to encrypt (hide the plaintext value) material

12

where the encrypter and decrypter both use the same key.

13

Alex Gaynor

65678d0

2013-08-08 15:19:19 -0700

[diff] [blame]

14

.. class:: cryptography.primitives.block.BlockCipher(cipher, mode)

Alex Gaynor

f6c47e9

2013-08-08 07:16:01 -0700

[diff] [blame]

15

Alex Gaynor

65678d0

2013-08-08 15:19:19 -0700

[diff] [blame]

16

Block ciphers work by encrypting content in chunks, often 64- or 128-bits.

Alex Gaynor

b12f76e

2013-08-08 19:05:18 -0700

[diff] [blame]

17

They combine an underlying algorithm (such as AES), with a mode (such as

Paul Kehrer

5399fd0

2013-10-21 23:48:25 -0500

[diff] [blame^]

18

CBC, CTR, or GCM).A simple example of encrypting (and then decrypting)

Paul Kehrer

653463f

2013-10-21 17:55:01 -0500

[diff] [blame]

19

content with AES is:

Alex Gaynor

f6c47e9

2013-08-08 07:16:01 -0700

[diff] [blame]

20

Donald Stufft

173de98

2013-08-12 07:34:39 -0400

[diff] [blame]

21

.. doctest::

Alex Gaynor

f6c47e9

2013-08-08 07:16:01 -0700

[diff] [blame]

22

Alex Gaynor

641a3a0

2013-08-10 15:46:07 -0400

[diff] [blame]

23

>>> from cryptography.primitives.block import BlockCipher, ciphers, modes

Alex Gaynor

acc787a

2013-08-10 15:52:40 -0400

[diff] [blame]

24

>>> cipher = BlockCipher(ciphers.AES(key), modes.CBC(iv))

Paul Kehrer

3e0895c

2013-10-21 22:19:29 -0500

[diff] [blame]

25

>>> encryptor = cipher.encryptor()

26

>>> ct = encryptor.update(b"a secret message") + encryptor.finalize()

27

>>> decryptor = cipher.decryptor()

28

>>> decryptor.update(ct) + decryptor.finalize()

Donald Stufft

173de98

2013-08-12 07:34:39 -0400

[diff] [blame]

29

'...'

Alex Gaynor

f6c47e9

2013-08-08 07:16:01 -0700

[diff] [blame]

30

Alex Gaynor

e62aa40

2013-08-08 15:23:11 -0700

[diff] [blame]

31

:param cipher: One of the ciphers described below.

32

:param mode: One of the modes described below.

Alex Gaynor

0ca7fdb

2013-08-08 07:35:26 -0700

[diff] [blame]

33

Paul Kehrer

5399fd0

2013-10-21 23:48:25 -0500

[diff] [blame^]

34

.. method:: encryptor()

Alex Gaynor

09515f0

2013-08-08 15:26:55 -0700

[diff] [blame]

35

Paul Kehrer

5399fd0

2013-10-21 23:48:25 -0500

[diff] [blame^]

36

:return :ref:`CipherContext <ciphercontext>`: encryption instance

Alex Gaynor

e62aa40

2013-08-08 15:23:11 -0700

[diff] [blame]

37

Paul Kehrer

5399fd0

2013-10-21 23:48:25 -0500

[diff] [blame^]

38

.. method:: decryptor()

39

40

:return :ref:`CipherContext <ciphercontext>`: decryption instance

41

42

.. _ciphercontext:

43

.. class:: cryptography.primitives.interfaces.CipherContext()

44

45

When calling ``encryptor()`` or ``decryptor()`` on a BlockCipher object you

46

will receive a return object conforming to the CipherContext interface. You

47

can then call ``update(data)`` with data until you have fed everything into

48

the context. Once that is done call ``finalize()`` to finish the operation and

49

obtain the remainder of the data.

50

51

52

.. method:: update(data)

53

54

:param bytes data: The text you wish to pass into the context.

55

:return bytes: Returns the data that was encrypted or decrypted.

Alex Gaynor

e62aa40

2013-08-08 15:23:11 -0700

[diff] [blame]

56

57

.. method:: finalize()

58

Paul Kehrer

5399fd0

2013-10-21 23:48:25 -0500

[diff] [blame^]

59

:return bytes: Returns the remainder of the data.

Alex Gaynor

d96d100

2013-08-08 07:37:26 -0700

[diff] [blame]

Ciphers

~~~~~~~

Alex Gaynor

2013-08-10 15:46:07 -0400

[diff] [blame]

64

.. class:: cryptography.primitives.block.ciphers.AES(key)

Alex Gaynor

5ba2dfa

2013-08-08 11:04:44 -0700

[diff] [blame]

65

Alex Gaynor

1e3f81f

2013-08-08 11:31:43 -0700

[diff] [blame]

66

AES (Advanced Encryption Standard) is a block cipher standardized by NIST.

Alex Gaynor

5ba2dfa

2013-08-08 11:04:44 -0700

[diff] [blame]

67

AES is both fast, and cryptographically strong. It is a good default

68

choice for encryption.

69

70

:param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits.

Alex Gaynor

48ec9a3

2013-08-08 11:13:46 -0700

[diff] [blame]

71

This must be kept secret.

Alex Gaynor

5ba2dfa

2013-08-08 11:04:44 -0700

[diff] [blame]

72

Paul Kehrer

dff22d4

2013-09-27 13:43:06 -0500

[diff] [blame]

73

.. class:: cryptography.primitives.block.ciphers.Camellia(key)

74

75

Camellia is a block cipher approved for use by CRYPTREC and ISO/IEC.

76

It is considered to have comparable security and performance to AES, but

77

is not as widely studied or deployed.

78

79

:param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits.

80

This must be kept secret.

81

Alex Gaynor

d96d100

2013-08-08 07:37:26 -0700

[diff] [blame]

Modes

~~~~~

Alex Gaynor

2013-08-10 15:46:07 -0400

[diff] [blame]

86

.. class:: cryptography.primitives.block.modes.CBC(initialization_vector)

Alex Gaynor

48ec9a3

2013-08-08 11:13:46 -0700

[diff] [blame]

87

88

CBC (Cipher block chaining) is a mode of operation for block ciphers. It is

89

considered cryptographically strong.

90

91

:param bytes initialization_vector: Must be random bytes. They do not need

92

to be kept secret (they can be included

Alex Gaynor

2dc2b86

2013-08-08 11:58:04 -0700

[diff] [blame]

93

in a transmitted message). Must be the

94

same number of bytes as the

Alex Gaynor

6badd9b

2013-08-08 14:59:53 -0700

[diff] [blame]

95

``block_size`` of the cipher. Do not

96

reuse an ``initialization_vector`` with

97

a given ``key``.

Paul Kehrer

13f108f

2013-09-09 21:41:03 -0500

[diff] [blame]

98

Paul Kehrer

4506428

2013-10-17 13:41:53 -0500

[diff] [blame]

99

Paul Kehrer

d0ec60e

2013-10-16 08:46:50 -0500

[diff] [blame]

100

.. class:: cryptography.primitives.block.modes.CTR(nonce)

101

Paul Kehrer

4506428

2013-10-17 13:41:53 -0500

[diff] [blame]

102

.. warning::

103

104

Counter mode is not recommended for use with block ciphers that have a

105

block size of less than 128-bits.

106

Paul Kehrer

d0ec60e

2013-10-16 08:46:50 -0500

[diff] [blame]

107

CTR (Counter) is a mode of operation for block ciphers. It is considered

108

cryptographically strong.

109

Paul Kehrer

89b3dd3

2013-10-17 14:02:45 -0500

[diff] [blame]

110

:param bytes nonce: Should be random bytes. It is critical to never reuse a

111

``nonce`` with a given key. Any reuse of a nonce

112

with the same key compromises the security of every

113

message encrypted with that key. Must be the same

114

number of bytes as the ``block_size`` of the cipher

115

with a given key. The nonce does not need to be kept

116

secret and may be included alongside the ciphertext.

Paul Kehrer

d0ec60e

2013-10-16 08:46:50 -0500

[diff] [blame]

117

David Reid

f1a39bd

2013-09-11 16:28:42 -0700

[diff] [blame]

118

.. class:: cryptography.primitives.block.modes.OFB(initialization_vector)

Paul Kehrer

6f412a0

2013-09-10 21:30:50 -0500

[diff] [blame]

119

120

OFB (Output Feedback) is a mode of operation for block ciphers. It

121

transforms a block cipher into a stream cipher.

122

David Reid

f1a39bd

2013-09-11 16:28:42 -0700

[diff] [blame]

123

:param bytes initialization_vector: Must be random bytes. They do not need

124

to be kept secret (they can be included

125

in a transmitted message). Must be the

126

same number of bytes as the

127

``block_size`` of the cipher. Do not

128

reuse an ``initialization_vector`` with

129

a given ``key``.

Paul Kehrer

6f412a0

2013-09-10 21:30:50 -0500

[diff] [blame]

130

Paul Kehrer

4223df7

2013-09-11 09:48:04 -0500

[diff] [blame]

131

.. class:: cryptography.primitives.block.modes.CFB(initialization_vector)

132

133

CFB (Cipher Feedback) is a mode of operation for block ciphers. It

134

transforms a block cipher into a stream cipher.

135

136

:param bytes initialization_vector: Must be random bytes. They do not need

137

to be kept secret (they can be included

138

in a transmitted message). Must be the

139

same number of bytes as the

140

``block_size`` of the cipher. Do not

141

reuse an ``initialization_vector`` with

142

a given ``key``.

143

Paul Kehrer

13f108f

2013-09-09 21:41:03 -0500

[diff] [blame]

Insecure Modes

--------------

Alex Gaynor

2013-09-10 18:59:43 -0700

[diff] [blame]

148

.. warning::

149

150

These modes are insecure. New applications should never make use of them,

151

and existing applications should strongly consider migrating away.

152

153

Paul Kehrer

13f108f

2013-09-09 21:41:03 -0500

[diff] [blame]

154

.. class:: cryptography.primitives.block.modes.ECB()

155

156

ECB (Electronic Code Book) is the simplest mode of operation for block

Alex Gaynor

cd413a3

2013-09-10 18:59:43 -0700

[diff] [blame]

157

ciphers. Each block of data is encrypted in the same way. This means

158

identical plaintext blocks will always result in identical ciphertext

159

blocks, and thus result in information leakage