Secure hybrid RSA + AES encryption library with CLI
Project description
Dreamstone
Dreamstone is a modern Python library and CLI tool for secure hybrid encryption using RSA (asymmetric) + AES-GCM (symmetric). It enables you to easily generate keys, encrypt/decrypt files or base64 data, and handle encrypted payloads as JSON. Usable both as a library and CLI.
Features
- RSA + AES-GCM hybrid encryption
- Key generation with password protection (optional)
- Encrypt/decrypt files or base64 strings
- Output and input in structured JSON
- CLI with short aliases for scripting
- Easily embeddable in Python apps
Installation
poetry install
poetry run dreamstone --help
For production use (once published):
pip install dreamstone
CLI Commands
Each command has long and short versions.
| Command | Alias | Description |
|---|---|---|
genkey |
gk |
Generate RSA key pair |
encrypt |
enc |
Encrypt file or base64 string |
decrypt |
dec |
Decrypt encrypted JSON payload |
🔐 Generate RSA Key Pair
dreamstone genkey \
--private-path private.pem \
--public-path public.pem \
--password "mypassword"
Arguments
| Argument | Alias | Required | Description |
|---|---|---|---|
--private-path |
-prip |
✅ | Path to save private key |
--public-path |
-pubp |
✅ | Path to save public key |
--password |
-p |
❌ | Password to encrypt private key |
--show-password |
-sp |
❌ | Show generated password in terminal if none provided |
--password-path |
-pp |
❌ | File path to save generated password |
🔒 Encrypt File or Base64
dreamstone encrypt \
--input-file secret.txt \
--public-key-file public.pem \
--output-file encrypted.json
Or encrypt base64 data directly:
dreamstone encrypt \
--input-data "SGVsbG8gd29ybGQ=" \
--output-file encrypted.json
Arguments
| Argument | Alias | Required | Description |
|---|---|---|---|
--input-file |
-if |
✅ | Path to input file |
--input-data |
-id |
✅ | Raw input data (can be base64 if --base64 is set) |
--base64 |
-b64 |
❌ | Indicates input_data is base64-encoded |
--public-key-file |
-pkf |
❌ | Path to public key (auto-generated if omitted) |
--private-key-path |
-prikp |
❌ | Where to save generated private key |
--public-key-path |
-pubkp |
❌ | Where to save generated public key |
--password |
-p |
❌ | Password for generated private key |
--password-path |
-pp |
❌ | Password file path for generated private key |
--output-file |
-of |
✅ | Output path for encrypted JSON |
--key-output-dir |
-kod |
❌ | Directory to save generated keys if paths not given |
🔓 Decrypt JSON Payload
dreamstone decrypt \
encrypted.json \
--private-key-file private.pem \
--password "mypassword" \
--output-file decrypted.txt
Or use password file:
dreamstone decrypt \
encrypted.json \
--private-key-file private.pem \
--password-path secret.key \
--output-file decrypted.txt
Arguments
| Argument | Alias | Required | Description |
|---|---|---|---|
encrypted_file |
- | ✅ | Encrypted JSON file path |
--private-key-file |
-pkf |
✅ | RSA private key file |
--password |
-p |
❌ | Password to decrypt private key |
--password-path |
-pp |
❌ | File containing password |
--output-file |
-of |
❌ | Output file for decrypted data |
Output JSON Format
Encrypted output is stored as a JSON object:
{
"encrypted_key": "base64...",
"nonce": "base64...",
"ciphertext": "base64...",
"algorithm": "AES-GCM",
"key_type": "RSA"
}
Python Example
from dreamstone.core.keys import generate_rsa_keypair
from dreamstone.core.encryption import encrypt
from dreamstone.core.decryption import decrypt
from dreamstone.models.payload import EncryptedPayload
# Generate keypair
priv, pub = generate_rsa_keypair()
# Encrypt
payload_dict = encrypt(b"secret", pub)
payload = EncryptedPayload(**payload_dict)
# Decrypt
decrypted = decrypt(
encrypted_key=payload.encrypted_key,
nonce=payload.nonce,
ciphertext=payload.ciphertext,
private_key=priv
)
print(decrypted.decode()) # "secret"
Example CLI Flow
poetry run dreamstone encrypt --input-file .env \
--output-file env.enc.json \
--private-key-path secrets/private.pem \
--public-key-path secrets/public.pem \
--password-path secrets/secret.key
poetry run dreamstone decrypt env.enc.json \
--private-key-file secrets/private.pem \
--password-path secrets/secret.key \
--output-file .env
License
MIT License
Author
By Renks
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
dreamstone-0.1.4.tar.gz
(6.5 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file dreamstone-0.1.4.tar.gz.
File metadata
- Download URL: dreamstone-0.1.4.tar.gz
- Upload date:
- Size: 6.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.3 CPython/3.11.2 Linux/6.1.0-39-amd64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
eb2353ea6410c8a3747404969b52ca4e1bc189fc9852e79f5820f5cc280de8f5
|
|
| MD5 |
633af670ff2af49a6863e7282be54589
|
|
| BLAKE2b-256 |
616cdd97c3ca2de150239f4551b80e6547369c93db37aaab3f5d87f92a0cbf82
|
File details
Details for the file dreamstone-0.1.4-py3-none-any.whl.
File metadata
- Download URL: dreamstone-0.1.4-py3-none-any.whl
- Upload date:
- Size: 9.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.3 CPython/3.11.2 Linux/6.1.0-39-amd64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
159855f6ce6ce9ec46d600b2b6cae7e710ee34cd9f735dd541f987d8d0896396
|
|
| MD5 |
124e0dc1f281fe21c0f4513b4669ecb6
|
|
| BLAKE2b-256 |
61b066d4b087ef359c1cc13bc5ad399ae2a906218ef63a4951c41921b1a98152
|
