| Alex Gaynor | 333fb10 | 2013-10-31 10:27:35 -0700 | [diff] [blame^] | 1 | Fernet |
| 2 | ====== |
| 3 | |
| 4 | .. currentmodule:: cryptography.fernet |
| 5 | |
| 6 | .. testsetup:: |
| 7 | |
| 8 | import binascii |
| 9 | key = binascii.unhexlify(b"0" * 32) |
| 10 | |
| 11 | |
| 12 | `Fernet`_ is an implementation of symmetric (also known as "secret key") |
| 13 | authenticated cryptography. Fernet provides guarntees that a message encrypted |
| 14 | using it cannot be manipulated or read without the key. |
| 15 | |
| 16 | .. class:: Fernet(key) |
| 17 | |
| 18 | This class provides both encryption and decryption facilities. |
| 19 | |
| 20 | .. doctest:: |
| 21 | |
| 22 | >>> from cryptography.fernet import Fernet |
| 23 | >>> f = Fernet(key) |
| 24 | >>> ciphertext = f.encrypt(b"my deep dark secret") |
| 25 | >>> f.decrypt(ciphertext) |
| 26 | 'my deep dark secret' |
| 27 | |
| 28 | :param bytes key: A 32-byte key. This **must** be kept secret. Anyone with |
| 29 | this key is able to create and read messages. |
| 30 | |
| 31 | |
| 32 | .. method:: encrypt(plaintext) |
| 33 | |
| 34 | :param bytes plaintext: The message you would like to encrypt. |
| 35 | :returns bytes: A secure message which cannot be read or altered |
| 36 | without the key. |
| 37 | |
| 38 | .. method:: decrypt(ciphertext, ttl=None) |
| 39 | |
| 40 | :param bytes ciphertext: An encrypted message. |
| 41 | :param int ttl: Optionally, the number of seconds old a message may be |
| 42 | for it to be valid. If the message is older than |
| 43 | ``ttl`` seconds (from the time it was originally |
| 44 | created) an exception will be raised. |
| 45 | :returns bytes: The original plaintext. |
| 46 | |
| 47 | |
| 48 | .. _`Fernet`: https://github.com/fernet/spec/ |