Another libsodium wrapper.
Project description
Chloryne - libsodium wrapper
Another libsodium wrapper, with its own scheme.
Installation
Chloryne is available via PyPI:
$ pip install chloryne
Installation requires the presence of libsodium
.
Usage
Use the up-level interface Chloride
for a full cryptographic scheme.
Key generation:
from chloryne import Chloride
# lib sodium will be initialized automatically
server = Chloride()
client = Chloride()
Key export / import:
server.importKey(client.exportKey())
client.importKey(server.exportKey())
Compute a blake2b-derived shared secret:
assert server.compute() == client.compute()
NOTE: If you want a raw secret use
server.privateKey.compute(client.publicKey, raw=True)
and vice versa.
Signature (Ed25519
):
sig = server.sign(b'data')
assert client.verify(b'data', sig)
NOTE: Signing messages only does not require peer key.
Encryption (Curve25519XSalsa20Poly1305
):
ct = server.encrypt(b'data')
assert client.decrypt(ct) == b'data'
NOTE: Decrypting messages only does not require peer key.
Unsafe MAC (fixed key):
mac = server.unsafeMAC()
mac.update(b'data')
digest = mac.finalize()
mac = client.unsafeMAC()
mac.update(b'data')
assert mac.verify(digest)
Safe MAC (ephemeral keys)
eph, mac = server.safeMAC()
mac.update(b'data')
digest = mac.finalize()
mac = client.safeMAC(eph)
mac.update(b'data')
assert mac.verify(digest)
NOTE: Verifying MACs only does not require peer key.
Incremental signing:
from chloride.signers import Signer
signer = Signer()
signer.update(b'data')
sig = signer.sign(server.privateKey)
signer = Signer()
signer.update(b'data')
assert signer.verify(client.peerPublicKey, sig)
Password hashing:
from chloride.password import Password
import os
# password-based KDF
salt = os.urandom(32) # must be 32-bytes
Password.derive(b'password', salt)
# password storage
strhash = Password.stringify(b'password')
assert Password.verify(b'password', strhash)
Stream Cipher (XChaCha20
):
from chloride.ciphers import StreamCipher
import os
key = os.urandom(32)
sc = StreamCipher(key)
ct = sc.encrypt(b'data') + sc.nonce
# other side...
ct, nonce = ct[:-24], ct[-24:]
sc = StreamCipher(key, nonce)
assert sc.decrypt(ct) == b'data'
NOTE:
nonce
isb''
before callingencrypt
if not provided via constructor.
Store a chloride:
sk = server.privateKey.exportKey()
# sk is a bytes object that can be stored anywhere
server = Chloride(sk)
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for chloryne-1.0.0-cp37-cp37m-macosx_10_9_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 706f7a2bbe320d25adcbec20f36947430aab8a6e359b59c99ccafd4937bc7f9b |
|
MD5 | ea8ec6c9566127df348e11de3b7a559b |
|
BLAKE2b-256 | 78ce5182fe0951f8c0b8f4aaeabe9b1a85e63380616a611d2e07bd2b032a50d9 |