hycrypt#

hycrypt.decrypt(ciphertext, encrypted_symmetric_key, private_key, padding_hash_algorithm=SHA256())[source]#

Decrypt ciphertext using hybrid decryption -> plaintext

Parameters:

  • ciphertext (bytes) – The message you want to decrypt

  • encrypted_symmetric_key (bytes) – The encrypted symmetric key used to encrypt the message

  • private_key (RSAPrivateKey) – The private key for decrypting the encrypted symmetric key

  • padding_hash_algorithm (HashAlgorithm, optional) – Hash algorithm for asymmetric padding. Defaults to SHA256().

Returns:

plaintext

Return type:

bytes

hycrypt.decrypt_data(encrypted_data, private_key, padding_hash_algorithm=SHA256())[source]#

Parse the encrypted data into encrypted symmetric key and ciphertext, then decrypt into plaintext using hybrid decryption -> plaintext

Parameters:

  • encrypted_data (bytes) – The encrypted data consisting of encrypted symmetric key concatenated to ciphertext

  • private_key (RSAPrivateKey) – The private key for decrypting the encrypted symmetric key

  • padding_hash_algorithm (HashAlgorithm) – Hash algorithm for asymmetric padding. Defaults to SHA256().

Raises:

  • ValueError – Unrecognized encryption format. Raises when the data is not splited by —ENDKEY— into

  • encrypted symmetric key and ciphertext.

Returns:

plaintext

Return type:

bytes

hycrypt.decrypt_with_password(encrypted_data, password, padding_hash_algorithm=SHA256())[source]#

Use password to decrypt the data using hybrid decryption -> plaintext, public_key

Parameters:

  • encrypted_data (bytes) – The data you want to decrypt

  • password (bytes) – The password used to encrypt

  • padding_hash_algorithm (HashAlgorithm) – Hash algorithm for asymmetric padding. Defaults to SHA256().

Raises:

ValueError – Decryption failed. Raises when the private key stored does not correspond to the public key used to encrypt the data. This suggests that the data had been modified or encrypt using unrelated public key.

Returns:

plaintext RSAPublicKey: public_key

Return type:

bytes

hycrypt.encrypt(plaintext, public_key, padding_hash_algorithm=SHA256())[source]#

Encrypt plaintext using hybrid encryption -> encrypted_symmetric_key, ciphertext

Extended desc

Parameters:

  • plaintext (bytes) – The message you want to encrypt

  • public_key (RSAPublicKey) – The recipient RSA public key

  • padding_hash_algorithm (HashAlgorithm, optional) – Hash algorithm for asymmetric padding. Defaults to SHA256().

Returns:

encrypted_symmetric_key, ciphertext

Return type:

tuple[bytes, bytes]

hycrypt.encrypt_data(plaintext, public_key, padding_hash_algorithm=SHA256())[source]#

Encrypt plaintext using hybrid encryption and concatenate the encrypted symmetric key and ciphertext together -> encrypted_data

Parameters:

  • plaintext (bytes) – The message you want to encrypt

  • public_key (RSAPublicKey) – The recipient RSA public key

  • padding_hash_algorithm (HashAlgorithm, optional) – Hash algorithm for asymmetric padding. Defaults to SHA256().

Returns:

encrypted_data

Return type:

bytes

hycrypt.encrypt_with_password(plaintext, password, padding_hash_algorithm=SHA256(), salt_length=16, public_exponent=65537, key_size=2048)[source]#

Use password to encrypt plaintext using hybrid encryption -> encrypted_data, public_key

Salt is a random bytes added to the password protecting the encrypted private key to defend against precomputed table attacks. The public key can be stored and used to encrypt data at other times. Public keys can be shared. The encryption is one way, which means other people or you can encrypt the new data using this public key, and you can decrypt the message with password. The key should be at least 2048 bits. The larger the key, the more secure, at the expense of computation time to derive the key which increases non-linearly. For security beyond 2030, 3072-bit is recommended.

Parameters:

  • plaintext (bytes) – The message you want to encrypt

  • password (bytes) – The password for hybrid encryption

  • padding_hash_algorithm (HashAlgorithm, optional) – Hash algorithm for asymmetric padding. Defaults to SHA256().

  • salt_length (int, optional) – The length of salt in bytes. Defaults to 16.

  • public_exponent (int, optional) – The public exponent of the key. You should always use 65537. Defaults to 65537.

  • key_size (int, optional) – The size of the new asymmetric key in bits. Defaults to 2048.

Returns:

encrypted_data, public_key

Return type:

tuple[bytes, RSAPublicKey]

hycrypt.encrypt_with_public_key(previous_data, plaintext, public_key, padding_hash_algorithm=SHA256())[source]#

Use public key to encrypt plaintext using hybrid encryption. The encrypted data can later be decrypt with corresponding password. -> encrypted_data

The data that was previously encrypted using password or re-encrypted using this function is required to parse the salt and private serial to later allow decryption with password.

Parameters:

  • previous_data (bytes) – The data previously encrypted using password

  • plaintext (bytes) – The message you want to encrypt

  • public_key (RSAPublicKey) – The RSA public key to use in the encryption.

  • padding_hash_algorithm (HashAlgorithm) – Hash algorithm for asymmetric padding. Defaults to SHA256().

Returns:

encrypted_data

Return type:

bytes

hycrypt.generate_key_pair(public_exponent=65537, key_size=2048)[source]#

Generate RSA key pair -> private_key, public_key

The key should be at least 2048 bits. The larger the key, the more secure, at the expense of computation time to derive the key which increases non-linearly. For security beyond 2030, 3072-bit is recommended.

Parameters:

  • public_exponent (int, optional) – The public exponent of the key. You should always use 65537. Defaults to 65537.

  • key_size (int, optional) – The size of the new asymmetric key in bits. The key should be at least 2048 bits. The computation time for the key increases non-linearly by the key size. For security beyond 2030, 3072-bit is recommended. Defaults to 2048.

Returns:

private_key, public_key

Return type:

tuple[RSAPrivateKey, RSAPublicKey]

On this page
Show Source