CryptoServe SDK - Zero-config cryptographic operations with auto-registration and local key caching

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ecolibria from gravatar.com ecolibria

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: CryptoServe
  • Tags cryptography , encryption , security , sdk , performance , caching
  • Requires: Python >=3.9
  • Provides-Extra: fastapi , sqlalchemy , auto , all , dev
Classifiers
Report project as malware

Project description

CryptoServe SDK

Security Audit

Zero-config cryptographic operations with managed keys and auto-registration.

Installation

pip install cryptoserve

Quick Start (Recommended)

# One-time login (stores credentials locally)
cryptoserve login

from cryptoserve import CryptoServe

# Initialize - auto-registers your app on first use
crypto = CryptoServe(
    app_name="my-service",
    team="platform",
    environment="development"
)

# Encrypt/Decrypt
encrypted = crypto.encrypt(b"sensitive data", context="user-pii")
decrypted = crypto.decrypt(encrypted, context="user-pii")

# Sign/Verify
signature = crypto.sign(b"document", key_id="signing-key")
is_valid = crypto.verify_signature(b"document", signature, key_id="signing-key")

# Hash and MAC
hash_hex = crypto.hash(b"data", algorithm="sha256")
mac_hex = crypto.mac(b"message", key=secret_key, algorithm="hmac-sha256")

Local Mode (No Server)

Run the full SDK API without a server. All operations happen locally using a password or master key.

from cryptoserve import CryptoServe

# Initialize with a password (deterministic key derivation)
crypto = CryptoServe.local(password="my-secret-password")

# Same API as server mode
encrypted = crypto.encrypt(b"sensitive data", context="user-pii")
decrypted = crypto.decrypt(encrypted, context="user-pii")

# String helpers
encoded = crypto.encrypt_string("PII data", context="user-pii")
text = crypto.decrypt_string(encoded, context="user-pii")

# JSON
crypto.encrypt_json({"email": "user@example.com"}, context="user-pii")

# Hash and MAC work locally too
hash_hex = crypto.hash(b"data")

Two instances with the same password can decrypt each other's data. Different contexts derive different keys, providing isolation.

CryptoServe Class

The CryptoServe class provides:

Method Description
encrypt(plaintext, context) Encrypt binary data
decrypt(ciphertext, context) Decrypt binary data
encrypt_string(text, context) Encrypt string (returns base64)
decrypt_string(ciphertext, context) Decrypt to string
encrypt_json(obj, context) Encrypt JSON object
decrypt_json(ciphertext, context) Decrypt to JSON
sign(data, key_id) Create digital signature
verify_signature(data, signature, key_id) Verify signature
hash(data, algorithm) Compute cryptographic hash
mac(data, key, algorithm) Compute MAC
health_check() Verify connection
cache_stats() Get cache performance stats
invalidate_cache(context) Clear cached keys
local(password=..., master_key=...) Create local-mode instance (class method)
migrate_from_easy(ciphertext, password, target, context) Migrate easy-blob data (static method)

Performance Features

CryptoServe SDK includes built-in performance optimizations:

Local Key Caching

Keys are cached locally to reduce network round-trips:

Metric Value
Server round-trip ~90ms
Cached operation ~0.3ms avg
Min latency 0.009ms
Speedup ~250x
Cache hit rate 90%+ (after warmup) 
from cryptoserve import CryptoServe

# Enable caching (default: enabled)
crypto = CryptoServe(
    app_name="my-service",
    team="platform",
    enable_cache=True,   # Default: True
    cache_ttl=300.0,     # 5 minutes (default)
    cache_size=100,      # Max cached keys (default)
)

# First call fetches key from server and caches it
encrypted = crypto.encrypt(b"data", context="user-pii")  # ~90ms

# Subsequent calls use cached key (local AES-256-GCM)
encrypted = crypto.encrypt(b"more data", context="user-pii")  # ~0.3ms

Cache Statistics

Monitor cache performance:

stats = crypto.cache_stats()
print(f"Hit rate: {stats['hit_rate']:.1%}")
print(f"Hits: {stats['hits']}, Misses: {stats['misses']}")
print(f"Cache size: {stats['size']}")

Cache Invalidation

Invalidate cached keys (e.g., after key rotation):

# Invalidate specific context
crypto.invalidate_cache("user-pii")

# Invalidate all cached keys
crypto.invalidate_cache()

Health Check

from cryptoserve import CryptoServe

crypto = CryptoServe(app_name="my-service")

if crypto.health_check():
    print("Connected!")
else:
    print("Connection failed")

FastAPI Integration

from cryptoserve import CryptoServe
from cryptoserve.fastapi import configure, EncryptedStr
from pydantic import BaseModel

# Configure once at startup
crypto = CryptoServe(app_name="my-api", team="platform")
configure(crypto)

class User(BaseModel):
    name: str
    email: EncryptedStr["user-pii"]  # Automatically encrypted

SQLAlchemy Integration

from cryptoserve import CryptoServe
from cryptoserve.fastapi import configure, EncryptedString
from sqlalchemy import Column, Integer

# Configure once at startup
crypto = CryptoServe(app_name="my-api", team="platform")
configure(crypto)

class User(Base):
    id = Column(Integer, primary_key=True)
    email = Column(EncryptedString(context="user-pii"))

Auto-Protect (Third-Party Libraries)

from cryptoserve import auto_protect

auto_protect(encryption_key=key)

# Now all outbound requests are automatically protected
import requests
requests.post(url, json={"email": "user@example.com"})  # Auto-encrypted

CLI

# Interactive context wizard
cryptoserve wizard

# Verify SDK health
cryptoserve verify

# Show identity info
cryptoserve info

# List encryption contexts
cryptoserve contexts

Offline Tools (No Server Required)

# Encrypt/decrypt strings
cryptoserve encrypt "sensitive data" --password my-secret
cryptoserve decrypt "<base64>" --password my-secret

# Encrypt/decrypt files
cryptoserve encrypt --file report.pdf --output report.enc --password my-secret
cryptoserve decrypt --file report.enc --output report.pdf --password my-secret

# Hash a password (prompts for input if no argument)
cryptoserve hash-password
cryptoserve hash-password "my-password" --algo pbkdf2

# Create a JWT token
cryptoserve token --key my-secret-key-1234 --payload '{"sub":"user-1"}' --expires 3600

Package Architecture

CryptoServe uses a modular architecture for flexibility:

Package Purpose Install
cryptoserve Full SDK with managed keys pip install cryptoserve
cryptoserve-core Pure crypto primitives pip install cryptoserve-core
cryptoserve-client API client only pip install cryptoserve-client
cryptoserve-auto Auto-protect libraries pip install cryptoserve-auto

Use cases:

  • Most users: Install cryptoserve for the full experience
  • Bring your own keys: Install cryptoserve-core only
  • Custom integration: Install cryptoserve-client for API access
  • Dependency protection: Add cryptoserve-auto for automatic protection

Error Handling

from cryptoserve import (
    CryptoServe,
    AuthenticationError,
    AuthorizationError,
    ContextNotFoundError,
)

crypto = CryptoServe(app_name="my-app", team="platform")

try:
    ciphertext = crypto.encrypt(data, context="user-pii")
except AuthenticationError:
    # Token expired or invalid
    pass
except AuthorizationError:
    # Not allowed to use this context
    pass
except ContextNotFoundError:
    # Context doesn't exist
    pass

License

Apache 2.0

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ecolibria from gravatar.com ecolibria

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: CryptoServe
  • Tags cryptography , encryption , security , sdk , performance , caching
  • Requires: Python >=3.9
  • Provides-Extra: fastapi , sqlalchemy , auto , all , dev
Classifiers

Release history Release notifications | RSS feed

1.4.3

1.4.2

1.4.1

This version

1.4.0

1.3.0

1.1.0

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cryptoserve-1.4.0.tar.gz (99.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cryptoserve-1.4.0-py3-none-any.whl (89.2 kB view details)

Uploaded Python 3

File details

Details for the file cryptoserve-1.4.0.tar.gz.

File metadata

  • Download URL: cryptoserve-1.4.0.tar.gz
  • Upload date:
  • Size: 99.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for cryptoserve-1.4.0.tar.gz
Algorithm Hash digest
SHA256 80696b7bf68f3d9d2424c9df5bc949b49107a7cec953f57125f0f6235e1405ce
MD5 7b54fcdf1bc01919564cac6e449216f4
BLAKE2b-256 5f5381b14172ff86b2c3a34789c8ca9994c2000b1c1975603693900e20973d64

See more details on using hashes here.

File details

Details for the file cryptoserve-1.4.0-py3-none-any.whl.

File metadata

  • Download URL: cryptoserve-1.4.0-py3-none-any.whl
  • Upload date:
  • Size: 89.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for cryptoserve-1.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 bc8ec84a198cb239d18b555d2dc40c09f05753d4f893b6f1a405de6a3ebceb60
MD5 298e9539444b5a0fa2680f27d560bc4b
BLAKE2b-256 754b02628c039578b43e22449b74a126fe2603530a213c48530b329f949cb799

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page