Blame - docs/primitives/symmetric-encryption.rst - platform/external/python/cryptography

Alex Gaynor

f6c47e9

2013-08-08 07:16:01 -0700

[diff] [blame]

Symmetric Encryption

====================

Donald Stufft

2013-08-12 07:34:39 -0400

[diff] [blame]

.. testsetup::

import binascii

key = binascii.unhexlify(b"0" * 32)

8

iv = binascii.unhexlify(b"0" * 32)

9

10

Alex Gaynor

f6c47e9

2013-08-08 07:16:01 -0700

[diff] [blame]

11

Symmetric encryption is a way to encrypt (hide the plaintext value) material

12

where the encrypter and decrypter both use the same key.

13

Alex Gaynor

65678d0

2013-08-08 15:19:19 -0700

[diff] [blame]

14

.. class:: cryptography.primitives.block.BlockCipher(cipher, mode)

Alex Gaynor

f6c47e9

2013-08-08 07:16:01 -0700

[diff] [blame]

15

Alex Gaynor

65678d0

2013-08-08 15:19:19 -0700

[diff] [blame]

16

Block ciphers work by encrypting content in chunks, often 64- or 128-bits.

Alex Gaynor

b12f76e

2013-08-08 19:05:18 -0700

[diff] [blame]

17

They combine an underlying algorithm (such as AES), with a mode (such as

Paul Kehrer

d1afe39

2013-10-22 08:24:44 -0500

[diff] [blame]

18

CBC, CTR, or GCM). A simple example of encrypting (and then decrypting)

Paul Kehrer

653463f

2013-10-21 17:55:01 -0500

[diff] [blame]

19

content with AES is:

Alex Gaynor

f6c47e9

2013-08-08 07:16:01 -0700

[diff] [blame]

20

Donald Stufft

173de98

2013-08-12 07:34:39 -0400

[diff] [blame]

21

.. doctest::

Alex Gaynor

f6c47e9

2013-08-08 07:16:01 -0700

[diff] [blame]

22

Alex Gaynor

641a3a0

2013-08-10 15:46:07 -0400

[diff] [blame]

23

>>> from cryptography.primitives.block import BlockCipher, ciphers, modes

Alex Gaynor

acc787a

2013-08-10 15:52:40 -0400

[diff] [blame]

24

>>> cipher = BlockCipher(ciphers.AES(key), modes.CBC(iv))

Paul Kehrer

3e0895c

2013-10-21 22:19:29 -0500

[diff] [blame]

25

>>> encryptor = cipher.encryptor()

26

>>> ct = encryptor.update(b"a secret message") + encryptor.finalize()

27

>>> decryptor = cipher.decryptor()

28

>>> decryptor.update(ct) + decryptor.finalize()

Paul Kehrer

f6cf956

2013-10-22 10:36:00 -0500

[diff] [blame^]

29

'a secret message'

Alex Gaynor

f6c47e9

2013-08-08 07:16:01 -0700

[diff] [blame]

30

Alex Gaynor

e62aa40

2013-08-08 15:23:11 -0700

[diff] [blame]

31

:param cipher: One of the ciphers described below.

32

:param mode: One of the modes described below.

Alex Gaynor

0ca7fdb

2013-08-08 07:35:26 -0700

[diff] [blame]

33

Paul Kehrer

5399fd0

2013-10-21 23:48:25 -0500

[diff] [blame]

34

.. method:: encryptor()

Alex Gaynor

09515f0

2013-08-08 15:26:55 -0700

[diff] [blame]

35

Paul Kehrer

f6cf956

2013-10-22 10:36:00 -0500

[diff] [blame^]

36

:return :class:`CipherContext`: encryption instance

Alex Gaynor

e62aa40

2013-08-08 15:23:11 -0700

[diff] [blame]

37

Paul Kehrer

5399fd0

2013-10-21 23:48:25 -0500

[diff] [blame]

38

.. method:: decryptor()

39

Paul Kehrer

f6cf956

2013-10-22 10:36:00 -0500

[diff] [blame^]

40

:return :class:`CipherContext`: decryption instance

Paul Kehrer

5399fd0

2013-10-21 23:48:25 -0500

[diff] [blame]

41

Paul Kehrer

5399fd0

2013-10-21 23:48:25 -0500

[diff] [blame]

42

.. class:: cryptography.primitives.interfaces.CipherContext()

43

44

When calling ``encryptor()`` or ``decryptor()`` on a BlockCipher object you

45

will receive a return object conforming to the CipherContext interface. You

46

can then call ``update(data)`` with data until you have fed everything into

47

the context. Once that is done call ``finalize()`` to finish the operation and

48

obtain the remainder of the data.

49

50

51

.. method:: update(data)

52

53

:param bytes data: The text you wish to pass into the context.

54

:return bytes: Returns the data that was encrypted or decrypted.

Alex Gaynor

e62aa40

2013-08-08 15:23:11 -0700

[diff] [blame]

55

56

.. method:: finalize()

57

Paul Kehrer

5399fd0

2013-10-21 23:48:25 -0500

[diff] [blame]

58

:return bytes: Returns the remainder of the data.

Alex Gaynor

d96d100

2013-08-08 07:37:26 -0700

[diff] [blame]

Ciphers

~~~~~~~

Alex Gaynor

2013-08-10 15:46:07 -0400

[diff] [blame]

63

.. class:: cryptography.primitives.block.ciphers.AES(key)

Alex Gaynor

5ba2dfa

2013-08-08 11:04:44 -0700

[diff] [blame]

64

Alex Gaynor

1e3f81f

2013-08-08 11:31:43 -0700

[diff] [blame]

65

AES (Advanced Encryption Standard) is a block cipher standardized by NIST.

Alex Gaynor

5ba2dfa

2013-08-08 11:04:44 -0700

[diff] [blame]

66

AES is both fast, and cryptographically strong. It is a good default

67

choice for encryption.

68

69

:param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits.

Alex Gaynor

48ec9a3

2013-08-08 11:13:46 -0700

[diff] [blame]

70

This must be kept secret.

Alex Gaynor

5ba2dfa

2013-08-08 11:04:44 -0700

[diff] [blame]

71

Paul Kehrer

dff22d4

2013-09-27 13:43:06 -0500

[diff] [blame]

72

.. class:: cryptography.primitives.block.ciphers.Camellia(key)

73

74

Camellia is a block cipher approved for use by CRYPTREC and ISO/IEC.

75

It is considered to have comparable security and performance to AES, but

76

is not as widely studied or deployed.

77

78

:param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits.

79

This must be kept secret.

80

Alex Gaynor

d96d100

2013-08-08 07:37:26 -0700

[diff] [blame]

Modes

~~~~~

Alex Gaynor

2013-08-10 15:46:07 -0400

[diff] [blame]

85

.. class:: cryptography.primitives.block.modes.CBC(initialization_vector)

Alex Gaynor

48ec9a3

2013-08-08 11:13:46 -0700

[diff] [blame]

86

87

CBC (Cipher block chaining) is a mode of operation for block ciphers. It is

88

considered cryptographically strong.

89

90

:param bytes initialization_vector: Must be random bytes. They do not need

91

to be kept secret (they can be included

Alex Gaynor

2dc2b86

2013-08-08 11:58:04 -0700

[diff] [blame]

92

in a transmitted message). Must be the

93

same number of bytes as the

Alex Gaynor

6badd9b

2013-08-08 14:59:53 -0700

[diff] [blame]

94

``block_size`` of the cipher. Do not

95

reuse an ``initialization_vector`` with

96

a given ``key``.

Paul Kehrer

13f108f

2013-09-09 21:41:03 -0500

[diff] [blame]

97

Paul Kehrer

4506428

2013-10-17 13:41:53 -0500

[diff] [blame]

98

Paul Kehrer

d0ec60e

2013-10-16 08:46:50 -0500

[diff] [blame]

99

.. class:: cryptography.primitives.block.modes.CTR(nonce)

100

Paul Kehrer

4506428

2013-10-17 13:41:53 -0500

[diff] [blame]

101

.. warning::

102

103

Counter mode is not recommended for use with block ciphers that have a

104

block size of less than 128-bits.

105

Paul Kehrer

d0ec60e

2013-10-16 08:46:50 -0500

[diff] [blame]

106

CTR (Counter) is a mode of operation for block ciphers. It is considered

107

cryptographically strong.

108

Paul Kehrer

89b3dd3

2013-10-17 14:02:45 -0500

[diff] [blame]

109

:param bytes nonce: Should be random bytes. It is critical to never reuse a

110

``nonce`` with a given key. Any reuse of a nonce

111

with the same key compromises the security of every

112

message encrypted with that key. Must be the same

113

number of bytes as the ``block_size`` of the cipher

114

with a given key. The nonce does not need to be kept

115

secret and may be included alongside the ciphertext.

Paul Kehrer

d0ec60e

2013-10-16 08:46:50 -0500

[diff] [blame]

116

David Reid

f1a39bd

2013-09-11 16:28:42 -0700

[diff] [blame]

117

.. class:: cryptography.primitives.block.modes.OFB(initialization_vector)

Paul Kehrer

6f412a0

2013-09-10 21:30:50 -0500

[diff] [blame]

118

119

OFB (Output Feedback) is a mode of operation for block ciphers. It

120

transforms a block cipher into a stream cipher.

121

David Reid

f1a39bd

2013-09-11 16:28:42 -0700

[diff] [blame]

122

:param bytes initialization_vector: Must be random bytes. They do not need

123

to be kept secret (they can be included

124

in a transmitted message). Must be the

125

same number of bytes as the

126

``block_size`` of the cipher. Do not

127

reuse an ``initialization_vector`` with

128

a given ``key``.

Paul Kehrer

6f412a0

2013-09-10 21:30:50 -0500

[diff] [blame]

129

Paul Kehrer

4223df7

2013-09-11 09:48:04 -0500

[diff] [blame]

130

.. class:: cryptography.primitives.block.modes.CFB(initialization_vector)

131

132

CFB (Cipher Feedback) is a mode of operation for block ciphers. It

133

transforms a block cipher into a stream cipher.

134

135

:param bytes initialization_vector: Must be random bytes. They do not need

136

to be kept secret (they can be included

137

in a transmitted message). Must be the

138

same number of bytes as the

139

``block_size`` of the cipher. Do not

140

reuse an ``initialization_vector`` with

141

a given ``key``.

142

Paul Kehrer

13f108f

2013-09-09 21:41:03 -0500

[diff] [blame]

Insecure Modes

--------------

Alex Gaynor

2013-09-10 18:59:43 -0700

[diff] [blame]

147

.. warning::

148

149

These modes are insecure. New applications should never make use of them,

150

and existing applications should strongly consider migrating away.

151

152

Paul Kehrer

13f108f

2013-09-09 21:41:03 -0500

[diff] [blame]

153

.. class:: cryptography.primitives.block.modes.ECB()

154

155

ECB (Electronic Code Book) is the simplest mode of operation for block

Alex Gaynor

cd413a3

2013-09-10 18:59:43 -0700

[diff] [blame]

156

ciphers. Each block of data is encrypted in the same way. This means

157

identical plaintext blocks will always result in identical ciphertext

158

blocks, and thus result in information leakage