CryptoServe SDK - Zero-config cryptographic operations with auto-registration and local key caching

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ecolibria from gravatar.com ecolibria

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: CryptoServe
  • Tags cryptography , encryption , security , sdk , performance , caching
  • Requires: Python >=3.9
  • Provides-Extra: fastapi , sqlalchemy , auto , all , dev
Classifiers
Report project as malware

Project description

CryptoServe SDK

Security Audit

Zero-config cryptographic operations with managed keys and auto-registration.

Installation

pip install cryptoserve

Quick Start (Recommended)

# One-time login (stores credentials locally)
cryptoserve login

from cryptoserve import CryptoServe

# Initialize - auto-registers your app on first use
crypto = CryptoServe(
    app_name="my-service",
    team="platform",
    environment="development"
)

# Encrypt/Decrypt
encrypted = crypto.encrypt(b"sensitive data", context="user-pii")
decrypted = crypto.decrypt(encrypted, context="user-pii")

# Sign/Verify
signature = crypto.sign(b"document", key_id="signing-key")
is_valid = crypto.verify_signature(b"document", signature, key_id="signing-key")

# Hash and MAC
hash_hex = crypto.hash(b"data", algorithm="sha256")
mac_hex = crypto.mac(b"message", key=secret_key, algorithm="hmac-sha256")

Local Mode (No Server)

Run the full SDK API without a server. All operations happen locally using a password or master key.

from cryptoserve import CryptoServe

# Initialize with a password (deterministic key derivation)
crypto = CryptoServe.local(password="my-secret-password")

# Same API as server mode
encrypted = crypto.encrypt(b"sensitive data", context="user-pii")
decrypted = crypto.decrypt(encrypted, context="user-pii")

# String helpers
encoded = crypto.encrypt_string("PII data", context="user-pii")
text = crypto.decrypt_string(encoded, context="user-pii")

# JSON
crypto.encrypt_json({"email": "user@example.com"}, context="user-pii")

# Hash and MAC work locally too
hash_hex = crypto.hash(b"data")

Two instances with the same password can decrypt each other's data. Different contexts derive different keys, providing isolation.

CryptoServe Class

The CryptoServe class provides:

Method Description
encrypt(plaintext, context) Encrypt binary data
decrypt(ciphertext, context) Decrypt binary data
encrypt_string(text, context) Encrypt string (returns base64)
decrypt_string(ciphertext, context) Decrypt to string
encrypt_json(obj, context) Encrypt JSON object
decrypt_json(ciphertext, context) Decrypt to JSON
sign(data, key_id) Create digital signature
verify_signature(data, signature, key_id) Verify signature
hash(data, algorithm) Compute cryptographic hash
mac(data, key, algorithm) Compute MAC
health_check() Verify connection
cache_stats() Get cache performance stats
invalidate_cache(context) Clear cached keys
local(password=..., master_key=...) Create local-mode instance (class method)
migrate_from_easy(ciphertext, password, target, context) Migrate easy-blob data (static method)

Performance Features

CryptoServe SDK includes built-in performance optimizations:

Local Key Caching

Keys are cached locally to reduce network round-trips:

Metric Value
Server round-trip ~90ms
Cached operation ~0.3ms avg
Min latency 0.009ms
Speedup ~250x
Cache hit rate 90%+ (after warmup) 
from cryptoserve import CryptoServe

# Enable caching (default: enabled)
crypto = CryptoServe(
    app_name="my-service",
    team="platform",
    enable_cache=True,   # Default: True
    cache_ttl=300.0,     # 5 minutes (default)
    cache_size=100,      # Max cached keys (default)
)

# First call fetches key from server and caches it
encrypted = crypto.encrypt(b"data", context="user-pii")  # ~90ms

# Subsequent calls use cached key (local AES-256-GCM)
encrypted = crypto.encrypt(b"more data", context="user-pii")  # ~0.3ms

Cache Statistics

Monitor cache performance:

stats = crypto.cache_stats()
print(f"Hit rate: {stats['hit_rate']:.1%}")
print(f"Hits: {stats['hits']}, Misses: {stats['misses']}")
print(f"Cache size: {stats['size']}")

Cache Invalidation

Invalidate cached keys (e.g., after key rotation):

# Invalidate specific context
crypto.invalidate_cache("user-pii")

# Invalidate all cached keys
crypto.invalidate_cache()

Health Check

from cryptoserve import CryptoServe

crypto = CryptoServe(app_name="my-service")

if crypto.health_check():
    print("Connected!")
else:
    print("Connection failed")

FastAPI Integration

from cryptoserve import CryptoServe
from cryptoserve.fastapi import configure, EncryptedStr
from pydantic import BaseModel

# Configure once at startup
crypto = CryptoServe(app_name="my-api", team="platform")
configure(crypto)

class User(BaseModel):
    name: str
    email: EncryptedStr["user-pii"]  # Automatically encrypted

SQLAlchemy Integration

from cryptoserve import CryptoServe
from cryptoserve.fastapi import configure, EncryptedString
from sqlalchemy import Column, Integer

# Configure once at startup
crypto = CryptoServe(app_name="my-api", team="platform")
configure(crypto)

class User(Base):
    id = Column(Integer, primary_key=True)
    email = Column(EncryptedString(context="user-pii"))

Auto-Protect (Third-Party Libraries)

from cryptoserve import auto_protect

auto_protect(encryption_key=key)

# Now all outbound requests are automatically protected
import requests
requests.post(url, json={"email": "user@example.com"})  # Auto-encrypted

CLI

# Interactive context wizard
cryptoserve wizard

# Verify SDK health
cryptoserve verify

# Show identity info
cryptoserve info

# List encryption contexts
cryptoserve contexts

Offline Tools (No Server Required)

# Encrypt/decrypt strings
cryptoserve encrypt "sensitive data" --password my-secret
cryptoserve decrypt "<base64>" --password my-secret

# Encrypt/decrypt files
cryptoserve encrypt --file report.pdf --output report.enc --password my-secret
cryptoserve decrypt --file report.enc --output report.pdf --password my-secret

# Hash a password (prompts for input if no argument)
cryptoserve hash-password
cryptoserve hash-password "my-password" --algo pbkdf2

# Create a JWT token
cryptoserve token --key my-secret-key-1234 --payload '{"sub":"user-1"}' --expires 3600

Package Architecture

CryptoServe uses a modular architecture for flexibility:

Package Purpose Install
cryptoserve Full SDK with managed keys pip install cryptoserve
cryptoserve-core Pure crypto primitives pip install cryptoserve-core
cryptoserve-client API client only pip install cryptoserve-client
cryptoserve-auto Auto-protect libraries pip install cryptoserve-auto

Use cases:

  • Most users: Install cryptoserve for the full experience
  • Bring your own keys: Install cryptoserve-core only
  • Custom integration: Install cryptoserve-client for API access
  • Dependency protection: Add cryptoserve-auto for automatic protection

Error Handling

from cryptoserve import (
    CryptoServe,
    AuthenticationError,
    AuthorizationError,
    ContextNotFoundError,
)

crypto = CryptoServe(app_name="my-app", team="platform")

try:
    ciphertext = crypto.encrypt(data, context="user-pii")
except AuthenticationError:
    # Token expired or invalid
    pass
except AuthorizationError:
    # Not allowed to use this context
    pass
except ContextNotFoundError:
    # Context doesn't exist
    pass

License

Apache 2.0

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ecolibria from gravatar.com ecolibria

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: CryptoServe
  • Tags cryptography , encryption , security , sdk , performance , caching
  • Requires: Python >=3.9
  • Provides-Extra: fastapi , sqlalchemy , auto , all , dev
Classifiers

Release history Release notifications | RSS feed

1.4.3

1.4.2

This version

1.4.1

1.4.0

1.3.0

1.1.0

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cryptoserve-1.4.1.tar.gz (99.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cryptoserve-1.4.1-py3-none-any.whl (89.3 kB view details)

Uploaded Python 3

File details

Details for the file cryptoserve-1.4.1.tar.gz.

File metadata

  • Download URL: cryptoserve-1.4.1.tar.gz
  • Upload date:
  • Size: 99.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for cryptoserve-1.4.1.tar.gz
Algorithm Hash digest
SHA256 929dadf07ef2e9f3e863ae48febb6ce90e31ae086e5d3f78b6bc6a142385b10a
MD5 811d44a63b5f1dc4948d8db1e7e6bf15
BLAKE2b-256 39fb67877aeea53bc1673b9fb09f310dd160e482f5c54e5f12adf65b7972a71b

See more details on using hashes here.

File details

Details for the file cryptoserve-1.4.1-py3-none-any.whl.

File metadata

  • Download URL: cryptoserve-1.4.1-py3-none-any.whl
  • Upload date:
  • Size: 89.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for cryptoserve-1.4.1-py3-none-any.whl
Algorithm Hash digest
SHA256 ccb64ddf8136a10717687deeb503e80167bb48003c564f138076646a84408768
MD5 5e0e5bfb76bae7698305e3d927246cec
BLAKE2b-256 8186712790288c64ae368e11b40a16561adde1c8b389d9df500dd6d34f9138c5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page