CryptoServe SDK - Zero-config cryptographic operations with auto-registration and local key caching

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ecolibria from gravatar.com ecolibria

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: CryptoServe
  • Tags cryptography , encryption , security , sdk , performance , caching
  • Requires: Python >=3.9
  • Provides-Extra: fastapi , sqlalchemy , auto , all , dev
Classifiers
Report project as malware

Project description

CryptoServe SDK

Security Audit

Zero-config cryptographic operations with managed keys and auto-registration.

Installation

pip install cryptoserve

Quick Start (Recommended)

# One-time login (stores credentials locally)
cryptoserve login

from cryptoserve import CryptoServe

# Initialize - auto-registers your app on first use
crypto = CryptoServe(
    app_name="my-service",
    team="platform",
    environment="development"
)

# Encrypt/Decrypt
encrypted = crypto.encrypt(b"sensitive data", context="user-pii")
decrypted = crypto.decrypt(encrypted, context="user-pii")

# Sign/Verify
signature = crypto.sign(b"document", key_id="signing-key")
is_valid = crypto.verify_signature(b"document", signature, key_id="signing-key")

# Hash and MAC
hash_hex = crypto.hash(b"data", algorithm="sha256")
mac_hex = crypto.mac(b"message", key=secret_key, algorithm="hmac-sha256")

Local Mode (No Server)

Run the full SDK API without a server. All operations happen locally using a password or master key.

from cryptoserve import CryptoServe

# Initialize with a password (deterministic key derivation)
crypto = CryptoServe.local(password="my-secret-password")

# Same API as server mode
encrypted = crypto.encrypt(b"sensitive data", context="user-pii")
decrypted = crypto.decrypt(encrypted, context="user-pii")

# String helpers
encoded = crypto.encrypt_string("PII data", context="user-pii")
text = crypto.decrypt_string(encoded, context="user-pii")

# JSON
crypto.encrypt_json({"email": "user@example.com"}, context="user-pii")

# Hash and MAC work locally too
hash_hex = crypto.hash(b"data")

Two instances with the same password can decrypt each other's data. Different contexts derive different keys, providing isolation.

CryptoServe Class

The CryptoServe class provides:

Method Description
encrypt(plaintext, context) Encrypt binary data
decrypt(ciphertext, context) Decrypt binary data
encrypt_string(text, context) Encrypt string (returns base64)
decrypt_string(ciphertext, context) Decrypt to string
encrypt_json(obj, context) Encrypt JSON object
decrypt_json(ciphertext, context) Decrypt to JSON
sign(data, key_id) Create digital signature
verify_signature(data, signature, key_id) Verify signature
hash(data, algorithm) Compute cryptographic hash
mac(data, key, algorithm) Compute MAC
health_check() Verify connection
cache_stats() Get cache performance stats
invalidate_cache(context) Clear cached keys
local(password=..., master_key=...) Create local-mode instance (class method)
migrate_from_easy(ciphertext, password, target, context) Migrate easy-blob data (static method)

Performance Features

CryptoServe SDK includes built-in performance optimizations:

Local Key Caching

Keys are cached locally to reduce network round-trips:

Metric Value
Server round-trip ~90ms
Cached operation ~0.3ms avg
Min latency 0.009ms
Speedup ~250x
Cache hit rate 90%+ (after warmup) 
from cryptoserve import CryptoServe

# Enable caching (default: enabled)
crypto = CryptoServe(
    app_name="my-service",
    team="platform",
    enable_cache=True,   # Default: True
    cache_ttl=300.0,     # 5 minutes (default)
    cache_size=100,      # Max cached keys (default)
)

# First call fetches key from server and caches it
encrypted = crypto.encrypt(b"data", context="user-pii")  # ~90ms

# Subsequent calls use cached key (local AES-256-GCM)
encrypted = crypto.encrypt(b"more data", context="user-pii")  # ~0.3ms

Cache Statistics

Monitor cache performance:

stats = crypto.cache_stats()
print(f"Hit rate: {stats['hit_rate']:.1%}")
print(f"Hits: {stats['hits']}, Misses: {stats['misses']}")
print(f"Cache size: {stats['size']}")

Cache Invalidation

Invalidate cached keys (e.g., after key rotation):

# Invalidate specific context
crypto.invalidate_cache("user-pii")

# Invalidate all cached keys
crypto.invalidate_cache()

Health Check

from cryptoserve import CryptoServe

crypto = CryptoServe(app_name="my-service")

if crypto.health_check():
    print("Connected!")
else:
    print("Connection failed")

FastAPI Integration

from cryptoserve import CryptoServe
from cryptoserve.fastapi import configure, EncryptedStr
from pydantic import BaseModel

# Configure once at startup
crypto = CryptoServe(app_name="my-api", team="platform")
configure(crypto)

class User(BaseModel):
    name: str
    email: EncryptedStr["user-pii"]  # Automatically encrypted

SQLAlchemy Integration

from cryptoserve import CryptoServe
from cryptoserve.fastapi import configure, EncryptedString
from sqlalchemy import Column, Integer

# Configure once at startup
crypto = CryptoServe(app_name="my-api", team="platform")
configure(crypto)

class User(Base):
    id = Column(Integer, primary_key=True)
    email = Column(EncryptedString(context="user-pii"))

Auto-Protect (Third-Party Libraries)

from cryptoserve import auto_protect

auto_protect(encryption_key=key)

# Now all outbound requests are automatically protected
import requests
requests.post(url, json={"email": "user@example.com"})  # Auto-encrypted

CLI

# Interactive context wizard
cryptoserve wizard

# Verify SDK health
cryptoserve verify

# Show identity info
cryptoserve info

# List encryption contexts
cryptoserve contexts

Offline Tools (No Server Required)

# Encrypt/decrypt strings
cryptoserve encrypt "sensitive data" --password my-secret
cryptoserve decrypt "<base64>" --password my-secret

# Encrypt/decrypt files
cryptoserve encrypt --file report.pdf --output report.enc --password my-secret
cryptoserve decrypt --file report.enc --output report.pdf --password my-secret

# Hash a password (prompts for input if no argument)
cryptoserve hash-password
cryptoserve hash-password "my-password" --algo pbkdf2

# Create a JWT token
cryptoserve token --key my-secret-key-1234 --payload '{"sub":"user-1"}' --expires 3600

Package Architecture

CryptoServe uses a modular architecture for flexibility:

Package Purpose Install
cryptoserve Full SDK with managed keys pip install cryptoserve
cryptoserve-core Pure crypto primitives pip install cryptoserve-core
cryptoserve-client API client only pip install cryptoserve-client
cryptoserve-auto Auto-protect libraries pip install cryptoserve-auto

Use cases:

  • Most users: Install cryptoserve for the full experience
  • Bring your own keys: Install cryptoserve-core only
  • Custom integration: Install cryptoserve-client for API access
  • Dependency protection: Add cryptoserve-auto for automatic protection

Error Handling

from cryptoserve import (
    CryptoServe,
    AuthenticationError,
    AuthorizationError,
    ContextNotFoundError,
)

crypto = CryptoServe(app_name="my-app", team="platform")

try:
    ciphertext = crypto.encrypt(data, context="user-pii")
except AuthenticationError:
    # Token expired or invalid
    pass
except AuthorizationError:
    # Not allowed to use this context
    pass
except ContextNotFoundError:
    # Context doesn't exist
    pass

License

Apache 2.0

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ecolibria from gravatar.com ecolibria

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: CryptoServe
  • Tags cryptography , encryption , security , sdk , performance , caching
  • Requires: Python >=3.9
  • Provides-Extra: fastapi , sqlalchemy , auto , all , dev
Classifiers

Release history Release notifications | RSS feed

1.4.3

This version

1.4.2

1.4.1

1.4.0

1.3.0

1.1.0

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cryptoserve-1.4.2.tar.gz (99.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cryptoserve-1.4.2-py3-none-any.whl (89.3 kB view details)

Uploaded Python 3

File details

Details for the file cryptoserve-1.4.2.tar.gz.

File metadata

  • Download URL: cryptoserve-1.4.2.tar.gz
  • Upload date:
  • Size: 99.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.3

File hashes

Hashes for cryptoserve-1.4.2.tar.gz
Algorithm Hash digest
SHA256 89619267dc7e8ac7105cf671e38141348d7797bf58db7cf4672ef89662d3da32
MD5 bdfc8c299252037cf3c1f37f9e697eb1
BLAKE2b-256 cc2d4eb7d9e2e4a9391b88a8fbb477eb4bfb9669098d36f80148b3de6db0f718

See more details on using hashes here.

File details

Details for the file cryptoserve-1.4.2-py3-none-any.whl.

File metadata

  • Download URL: cryptoserve-1.4.2-py3-none-any.whl
  • Upload date:
  • Size: 89.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.3

File hashes

Hashes for cryptoserve-1.4.2-py3-none-any.whl
Algorithm Hash digest
SHA256 db639be3ba52f768e1f0602dbebf3cf69220b1830aece39cc08114a9cb08850a
MD5 ab193457ce443a8278d50b2e74dd7b30
BLAKE2b-256 c10fb7e612b902fcd3ce6c30a4fda093b75b4a1c80d29367657e0318af6e3baa

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page