fycrypt#

class hycrypt.fycrypt.FileCipher(file, public_key=None, padding_hash_algorithm=SHA256(), salt_length=16, public_exponent=65537, key_size=2048)[source]#

Hybrid encryption file cipher for easy file I/O management.

  • Salt is a random bytes added to the password protecting the encrypted private key to defend against precomputed table attacks.

  • The public key can be stored and used to encrypt data at other times. Public keys can be shared. The encryption is one way, which means other people or you can encrypt the new data using this public key, and you can decrypt the message with password.

  • The public key is optional to initialize FileCipher. The cipher automatically stores public key when you use create() and read() functions and uses it to write() new encrypted data into the file.

  • The key should be at least 2048 bits. The larger the key, the more secure, at the expense of computation time to derive the key which increases non-linearly. For security beyond 2030, 3072-bit is recommended.

Parameters:

  • file (File | BytesIO) – File path or path-like object or byte stream buffer

  • public_key (RSAPublicKey | None, optional) – The RSA public key to use in the encryption. Defaults to None.

  • padding_hash_algorithm (HashAlgorithm, optional) – Hash algorithm for asymmetric padding. Defaults to SHA256().

  • salt_length (int, optional) – The length of salt in bytes. Defaults to 16.

  • public_exponent (int, optional) – The public exponent of the key. You should always use 65537. Defaults to 65537.

  • key_size (int, optional) – The size of the new asymmetric key in bits. Defaults to 2048.

create(password, plaintext=None)[source]#

Create file and encrypt using the provided password

Parameters:

  • password (bytes) – The password for hybrid encryption

  • plaintext (bytes | None, optional) – The message you want to encrypt. Can be empty or None. Defaults to None.

read(password)[source]#

Decrypt and read the encrypted file -> plaintext

Parameters:

password (bytes) – The password for hybrid encryption

Returns:

plaintext

Return type:

bytes

write(plaintext, public_key=None)[source]#

Overwrite new encrypted data into the file

Parameters:

  • plaintext (bytes) – The password for hybrid encryption

  • public_key (RSAPublicKey | None, optional) – The RSA public key to use in the encryption. Defaults to None.

Raises:

ValueError – When no public key is provided and stored in the cipher. Either create() or read() to store public key in the cipher, or provide the public key for this method.

hycrypt.fycrypt.decrypt_file_with_password(file, password, padding_hash_algorithm=SHA256())[source]#

Read the encrypted file using password -> plaintext, public_key

Parameters:

  • file (File | BytesIO) – File path or path-like object or byte stream buffer

  • password (bytes) – The password for hybrid encryption

  • padding_hash_algorithm (HashAlgorithm, optional) – Hash algorithm for asymmetric padding. Defaults to SHA256().

Returns:

plaintext, public_key

Return type:

tuple[bytes, RSAPublicKey]

hycrypt.fycrypt.encrypt_file_with_password(file, plaintext, password, padding_hash_algorithm=SHA256(), salt_length=16, public_exponent=65537, key_size=2048)[source]#

Write encrypted data into file using password from the plaintext you provide -> public_key

  • Salt is a random bytes added to the password protecting the encrypted private key to defend against precomputed table attacks.

  • The public key can be stored and used to encrypt data at other times. Public keys can be shared. The encryption is one way, which means other people or you can encrypt the new data using this public key, and you can decrypt the message with password.

  • The key should be at least 2048 bits. The larger the key, the more secure, at the expense of computation time to derive the key which increases non-linearly. For security beyond 2030, 3072-bit is recommended.

Parameters:

  • file (File | BytesIO) – File path or path-like object or byte stream buffer

  • plaintext (bytes) – The message you want to encrypt

  • password (bytes) – The password for hybrid encryption

  • padding_hash_algorithm (HashAlgorithm, optional) – Hash algorithm for asymmetric padding. Defaults to SHA256().

  • salt_length (int, optional) – The length of salt in bytes. Defaults to 16.

  • public_exponent (int, optional) – The public exponent of the key. You should always use 65537. Defaults to 65537.

  • key_size (int, optional) – The size of the new asymmetric key in bits. Defaults to 2048.

Returns:

public_key

Return type:

RSAPublicKey

hycrypt.fycrypt.encrypt_file_with_public_key(file, plaintext, public_key, padding_hash_algorithm=SHA256())[source]#

Write encrypted data into file using public key from the plaintext you provide

Parameters:

  • file (File | BytesIO) – File path or path-like object or byte stream buffer

  • plaintext (bytes) – The new message you want to encrypt

  • public_key (RSAPublicKey) – The RSA public key to use in the encryption.

  • padding_hash_algorithm (HashAlgorithm, optional) – Hash algorithm for asymmetric padding. Defaults to SHA256().

On this page
Show Source