Skip to main content

File-oriented privacy & integrity management tools

Project description

pyFileSec provides robust yet easy-to-use tools for working with files that may contain sensitive information. The aim is to achieve an “industry standard” level of strong privacy, capable of protecting confidential information from inspection or accidental disclosure. Integrity assurance may be useful in archival and provenance applications.

Overview

The motivation for developing pyFileSec is to better secure research data obtained from human subjects, e.g., in combination with PsychoPy (http://www.psychopy.org) or the Open Science Framework (http://www.openscienceframework.org). The hope is that pyFileSec will be more widely useful. For example, command-line options make it accessible from non-python or non-open-source programs.

Several truly excellent Python packages are available for encryption. However, file security requires more than just good encryption, e.g., securely deleting a file after encryption. The main and potentially unique contribution of pyFileSec is that it aspires to provide cross-platform, secure file-management with a low barrier to entry and a stable API going forward. These considerations motivate many of the design choices.

The main functions provided include encryption (encrypt, decrypt, rotate) and verification (sign, verify). It is also easy to obscure file length (pad, unpad), securely remove files from disk (destroy) and inspect meta-data (.metadata). Large files (tested up to 8G) and command-line usage are also supported. By default, file permissions are set to conservative values (only Mac & linux at this point). Unencrypted files are deleted securely after a successful encryption. Multiple hardlinks, version control, and Dropbox folders are detected and reported.

pyFileSec provides the class SecFile, which is designed to be easy to use:

>>> from pyfilesec import SecFile
>>> sf = SecFile('path/to/data.txt')
>>> sf.encrypt('path/to/pubkey.pem')

Public-key (asymmetric) encryption is used for security and flexibility, currently relying on calls to OpenSSL for all cryptography. The aim is to provide a robust and easily extensible framework for adding other encryption backends, without requiring changes to the API.

Bug reports and code contributions are welcome; the project is on github and you can contact me there. Help with Windows file permissions would be particularly welcome (see the issues list). For contacting me privately, e.g., about security issues, please look for my email address at the top of the main code.

Software that includes pyFileSec

  • PsychoPy (v1.79.00+)

Contributors

Jeremy R. Gray - package creator and maintainer (GPG key D934B0D7)

Michael Stone - awesome code review

Sol Simpson - Windows compatibility

Milestones

  • 0.3 Python 3 (2to3 mostly passes now)

  • 0.4 Alternative encryption: support for gpg-based management of RSA keys

  • 0.5 Windows file-permissions; possible SecStr

Dev branch status

This status information concerns the master branch of the source code on github. Pypi releases are made from time to time, based on stable points in the development code.

https://travis-ci.org/jeremygray/pyfilesec.png?branch=master https://coveralls.io/repos/jeremygray/pyfilesec/badge.png?branch=master

See also

  • pyCrypto, M2Crypto, pyOpenSSL - broad crypto packages, few sys-admin features

  • pycogworks.crypto - similar audience as pyfilesec, no file encryption

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

PyFileSec-0.2.14.tar.gz (236.0 kB view details)

Uploaded Source

File details

Details for the file PyFileSec-0.2.14.tar.gz.

File metadata

  • Download URL: PyFileSec-0.2.14.tar.gz
  • Upload date:
  • Size: 236.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for PyFileSec-0.2.14.tar.gz
Algorithm Hash digest
SHA256 bf0adf465d0aa7100c9a16eb06588717a85c504e849c4e0aab7457fa076f345e
MD5 5223383359f0f9e19e5556c5e757872b
BLAKE2b-256 1696e85ff2182c327a7a2cf34f6d28d547e9e78a68779c62af3994483b9373b1

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page