Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 65678d05febd580daf00b520dbf7ce943f47bb66 / . / docs / primitives / symmetric-encryption.rst
blob: d056290e0859dfc9cb8b27eab58339d40383e8be [file] [log] [blame]
Alex Gaynorf6c47e92013-08-08 07:16:01 -0700[diff] [blame]1Symmetric Encryption
2====================
3
4Symmetric encryption is a way to encrypt (hide the plaintext value) material
5where the encrypter and decrypter both use the same key.
6
Alex Gaynor65678d02013-08-08 15:19:19 -0700[diff] [blame^]7.. class:: cryptography.primitives.block.BlockCipher(cipher, mode)
Alex Gaynorf6c47e92013-08-08 07:16:01 -0700[diff] [blame]8
Alex Gaynor65678d02013-08-08 15:19:19 -0700[diff] [blame^]9 Block ciphers work by encrypting content in chunks, often 64- or 128-bits.
10 Theycombine an underlying algorithm (such as AES), with a mode (such as CBC,
11 CTR, or GCM). A simple example of encrypting content with AES is:
Alex Gaynorf6c47e92013-08-08 07:16:01 -0700[diff] [blame]12
Alex Gaynor65678d02013-08-08 15:19:19 -0700[diff] [blame^]13 .. code-block:: pycon
Alex Gaynorf6c47e92013-08-08 07:16:01 -0700[diff] [blame]14
Alex Gaynor65678d02013-08-08 15:19:19 -0700[diff] [blame^]15 >>> from cryptography.primitives.block import BlockCipher, cipher, mode
16 >>> cipher = BlockCipher(cipher.AES(key), mode.CBC(iv))
17 >>> cipher.encrypt("my secret message") + cipher.finalize()
18 # The ciphertext
19 [...]
Alex Gaynorf6c47e92013-08-08 07:16:01 -0700[diff] [blame]20
Alex Gaynor65678d02013-08-08 15:19:19 -0700[diff] [blame^]21 Here ``key`` is the encryption key (which must be kept secret), and ``iv``
22 is the initialization vector (which must be random). Exactly what form
23 these values should take is described for each of the ciphers and modes.
Alex Gaynor0ca7fdb2013-08-08 07:35:26 -0700[diff] [blame]24
Alex Gaynor65678d02013-08-08 15:19:19 -0700[diff] [blame^]25 ``encrypt()`` should be called repeatedly with additional plaintext, and it
26 will return the encrypted bytes, if there isn't enough data, it will buffer
27 it internally. ``finalize()`` should be called at the end, and will return
28 whatever data is left.
Alex Gaynord96d1002013-08-08 07:37:26 -0700[diff] [blame]29
30Ciphers
31~~~~~~~
32
Alex Gaynor4dd1c272013-08-08 11:39:21 -0700[diff] [blame]33.. class:: cryptography.primitives.block.cipher.AES(key)
Alex Gaynor5ba2dfa2013-08-08 11:04:44 -0700[diff] [blame]34
Alex Gaynor1e3f81f2013-08-08 11:31:43 -0700[diff] [blame]35 AES (Advanced Encryption Standard) is a block cipher standardized by NIST.
Alex Gaynor5ba2dfa2013-08-08 11:04:44 -0700[diff] [blame]36 AES is both fast, and cryptographically strong. It is a good default
37 choice for encryption.
38
39 :param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits.
Alex Gaynor48ec9a32013-08-08 11:13:46 -0700[diff] [blame]40 This must be kept secret.
Alex Gaynor5ba2dfa2013-08-08 11:04:44 -0700[diff] [blame]41
Alex Gaynord96d1002013-08-08 07:37:26 -0700[diff] [blame]42
43Modes
44~~~~~
45
Alex Gaynor4dd1c272013-08-08 11:39:21 -0700[diff] [blame]46.. class:: cryptography.primitives.block.mode.CBC(initialization_vector)
Alex Gaynor48ec9a32013-08-08 11:13:46 -0700[diff] [blame]47
48 CBC (Cipher block chaining) is a mode of operation for block ciphers. It is
49 considered cryptographically strong.
50
51 :param bytes initialization_vector: Must be random bytes. They do not need
52 to be kept secret (they can be included
Alex Gaynor2dc2b862013-08-08 11:58:04 -0700[diff] [blame]53 in a transmitted message). Must be the
54 same number of bytes as the
Alex Gaynor6badd9b2013-08-08 14:59:53 -0700[diff] [blame]55 ``block_size`` of the cipher. Do not
56 reuse an ``initialization_vector`` with
57 a given ``key``.