Custom password hashing and file encryption — C++ core, Python bindings
Project description
enigma-encryption
Custom password hashing and file encryption — a C++ monorepo that builds:
- 🐍
enigma-encryptionPython library → published to PyPI - 💻
enigmaCLI tool → published to GitHub Releases
All hash and cipher logic lives exactly once in core/, shared by both outputs.
Architecture
enigma/
├── core/ # ✅ Single source of truth
│ ├── include/enigma/
│ │ ├── hash.h # hash_password() API
│ │ ├── cipher.h # encrypt/decrypt API
│ │ └── primitives.h # Shared internal byte primitives
│ └── src/
│ ├── hash.cpp # Custom iterative hash algorithm
│ ├── salt.cpp # CSPRNG + salt generation
│ ├── primitives.cpp # Shared bitwise rotation/manipulation
│ ├── cipher.cpp # Symmetric encrypt/decrypt of byte buffers
│ └── file_io.cpp # Chunked file encryption/decryption
├── cli/ # C++ CLI → GitHub Releases
├── python/ # pybind11 bindings → PyPI
├── tests/
│ ├── cpp/ # C++ test suite (hash + cipher tests)
│ └── python/ # pytest suite (50+ tests)
├── CMakeLists.txt
├── pyproject.toml # scikit-build-core configuration
└── .github/workflows/
├── ci.yml # Test on push (Linux, macOS, Windows)
├── release-cli.yml # CLI → GitHub Releases (on tag)
└── publish-pypi.yml # Python wheel → PyPI (on tag)
CLI
# Build
cmake -B build -DCMAKE_BUILD_TYPE=Release
cmake --build build --parallel
# Hash a password
./build/cli/enigma hash mypassword
./build/cli/enigma hash mypassword 12 myFixedSalt1234
# Encrypt / decrypt files
./build/cli/enigma encrypt secrets.txt mypassword
./build/cli/enigma decrypt secrets.txt.enc mypassword
Cost factor controls iterations (2^cost). Default is 10 (1024 rounds).
Recommended range: 8–14.
File format: Custom binary enigma001 — no system dependencies.
Python Library
Install
pip install enigma-encryption
Usage
import enigma
# Hash a password (random salt generated automatically)
h = enigma.hash_password("mysecret", cost=10)
print(h) # $aBcD1234567890$/$XYZ…
# Verify later — extract salt and re-hash
salt = enigma.extract_salt(h)
assert enigma.hash_password("mysecret", cost=10, salt=salt) == h
# Encrypt / decrypt bytes
data = b"my secret data"
enc = enigma.encrypt_bytes(data, "password", cost=10)
dec = enigma.decrypt_bytes(enc, "password")
assert dec == data
# Encrypt / decrypt files
enigma.encrypt_file("secret.txt", "secret.enc", "password", cost=10)
enigma.decrypt_file("secret.enc", "secret.txt", "password")
Algorithm
Hashing (hash_password):
- Multi-stage iterative algorithm: hash1 → hash2 → hash3 → hash4
- Nth-element byte cycling (custom permutation)
- Latin-1 → UTF-8 encoding conversion within the hash
- Memory-hard: each iteration reads from a 16×N memoization table
- Output:
$<salt>$/$<hash>— salt is always embedded
Cipher (encrypt_bytes / encrypt_file):
- Password →
hash_password(password, cost, random_salt)→ key - Key →
hash_password(key, cost, salt)→ verification hash - Data: iterated
rotate_left + XORin 1 KB sub-chunks - File format:
enigma001magic + salt + cost + verification hash + ciphertext
Testing
# C++ tests
cmake -B build && cmake --build build --parallel
cd build && ctest --output-on-failure
# Python tests
pip install . -v
python -m pytest tests/python/ -v
Release
Tag a version to trigger both pipelines:
git tag v1.0.0
git push --tags
- GitHub Actions builds CLI binaries for Linux, macOS, Windows → GitHub Release
- GitHub Actions builds Python wheels for all platforms → PyPI
PyPI Setup (one-time)
- Register at pypi.org
- Go to Account → Publishing → Add a new pending publisher
- Fill in: GitHub owner, repo
enigma, workflowpublish-pypi.yml, envpypi - Push a tag — no secrets needed (Trusted Publishing via OIDC)
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file enigma_encryption-0.2.0.tar.gz.
File metadata
- Download URL: enigma_encryption-0.2.0.tar.gz
- Upload date:
- Size: 30.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e69c19d5133578f33f9ca0261ee7924902a32b62a1e29293570a14aff3bc6847
|
|
| MD5 |
aad4d79d7b965202d32552ff90027680
|
|
| BLAKE2b-256 |
6fe21a250d54da2aae68611645341b5829ae08bf276e16be2ed6a396157a2052
|
Provenance
The following attestation bundles were made for enigma_encryption-0.2.0.tar.gz:
Publisher:
publish-pypi.yml on dsainvg/enigma
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
enigma_encryption-0.2.0.tar.gz -
Subject digest:
e69c19d5133578f33f9ca0261ee7924902a32b62a1e29293570a14aff3bc6847 - Sigstore transparency entry: 1950986248
- Sigstore integration time:
-
Permalink:
dsainvg/enigma@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/dsainvg
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Trigger Event:
push
-
Statement type:
File details
Details for the file enigma_encryption-0.2.0-cp312-cp312-win_amd64.whl.
File metadata
- Download URL: enigma_encryption-0.2.0-cp312-cp312-win_amd64.whl
- Upload date:
- Size: 217.8 kB
- Tags: CPython 3.12, Windows x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7eec7d566b7fd521841ab0831a6030f8ef2bf5d873b0a6a9704346792f750e3f
|
|
| MD5 |
217998f8c4640571eb22a7ca036b6f3f
|
|
| BLAKE2b-256 |
ed78e14ac3b6ed9624fb3d2718d17478e1aac56eb38c421b6a9a18a84c36c803
|
Provenance
The following attestation bundles were made for enigma_encryption-0.2.0-cp312-cp312-win_amd64.whl:
Publisher:
publish-pypi.yml on dsainvg/enigma
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
enigma_encryption-0.2.0-cp312-cp312-win_amd64.whl -
Subject digest:
7eec7d566b7fd521841ab0831a6030f8ef2bf5d873b0a6a9704346792f750e3f - Sigstore transparency entry: 1950988598
- Sigstore integration time:
-
Permalink:
dsainvg/enigma@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/dsainvg
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Trigger Event:
push
-
Statement type:
File details
Details for the file enigma_encryption-0.2.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.
File metadata
- Download URL: enigma_encryption-0.2.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
- Upload date:
- Size: 119.8 kB
- Tags: CPython 3.12, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
34e6e536d96cb739de87325aae1b126dc425c859370edaa5d6b33c5c8c16aa8f
|
|
| MD5 |
081cb262734cb262ba94cd37be40fab9
|
|
| BLAKE2b-256 |
cf907b9a26f6c6f4dbb66d35c310d0b9ff01d308e9fd5166ab20fa14a42f9819
|
Provenance
The following attestation bundles were made for enigma_encryption-0.2.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
Publisher:
publish-pypi.yml on dsainvg/enigma
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
enigma_encryption-0.2.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl -
Subject digest:
34e6e536d96cb739de87325aae1b126dc425c859370edaa5d6b33c5c8c16aa8f - Sigstore transparency entry: 1950988205
- Sigstore integration time:
-
Permalink:
dsainvg/enigma@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/dsainvg
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Trigger Event:
push
-
Statement type:
File details
Details for the file enigma_encryption-0.2.0-cp312-cp312-macosx_11_0_arm64.whl.
File metadata
- Download URL: enigma_encryption-0.2.0-cp312-cp312-macosx_11_0_arm64.whl
- Upload date:
- Size: 91.0 kB
- Tags: CPython 3.12, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4f4ff79a1e1e9d6116ce6ab985db09859ea03390d233ca7ef96f02f388454748
|
|
| MD5 |
8699d2874db897e04755f299025cbc2a
|
|
| BLAKE2b-256 |
20569425c6f53f3e1f1631678abd8f2d98aca42f95466eda0322bd950da7ebae
|
Provenance
The following attestation bundles were made for enigma_encryption-0.2.0-cp312-cp312-macosx_11_0_arm64.whl:
Publisher:
publish-pypi.yml on dsainvg/enigma
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
enigma_encryption-0.2.0-cp312-cp312-macosx_11_0_arm64.whl -
Subject digest:
4f4ff79a1e1e9d6116ce6ab985db09859ea03390d233ca7ef96f02f388454748 - Sigstore transparency entry: 1950987950
- Sigstore integration time:
-
Permalink:
dsainvg/enigma@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/dsainvg
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Trigger Event:
push
-
Statement type:
File details
Details for the file enigma_encryption-0.2.0-cp311-cp311-win_amd64.whl.
File metadata
- Download URL: enigma_encryption-0.2.0-cp311-cp311-win_amd64.whl
- Upload date:
- Size: 217.0 kB
- Tags: CPython 3.11, Windows x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1a91d367cc3a1704424897a773c806d1227e0c75bd47b07a090c0ffcee782f93
|
|
| MD5 |
620b27e0c33a50302c5442f2332294d5
|
|
| BLAKE2b-256 |
6e179248a4cedeb91342e0d094452852747030b65289112e6681d4fbd4f9de9f
|
Provenance
The following attestation bundles were made for enigma_encryption-0.2.0-cp311-cp311-win_amd64.whl:
Publisher:
publish-pypi.yml on dsainvg/enigma
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
enigma_encryption-0.2.0-cp311-cp311-win_amd64.whl -
Subject digest:
1a91d367cc3a1704424897a773c806d1227e0c75bd47b07a090c0ffcee782f93 - Sigstore transparency entry: 1950987572
- Sigstore integration time:
-
Permalink:
dsainvg/enigma@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/dsainvg
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Trigger Event:
push
-
Statement type:
File details
Details for the file enigma_encryption-0.2.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.
File metadata
- Download URL: enigma_encryption-0.2.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
- Upload date:
- Size: 120.7 kB
- Tags: CPython 3.11, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
66051b2d5d9fd9dd8a14202becde05415408228ab7361aa2479951c6a5e4aa4f
|
|
| MD5 |
03b608591ef11cf7e80bcbf2f0c024ee
|
|
| BLAKE2b-256 |
712302c27392837bea8300d4edd1f641a9f4d526558f9a70e8bb8bf9fbedf806
|
Provenance
The following attestation bundles were made for enigma_encryption-0.2.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
Publisher:
publish-pypi.yml on dsainvg/enigma
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
enigma_encryption-0.2.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl -
Subject digest:
66051b2d5d9fd9dd8a14202becde05415408228ab7361aa2479951c6a5e4aa4f - Sigstore transparency entry: 1950986956
- Sigstore integration time:
-
Permalink:
dsainvg/enigma@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/dsainvg
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Trigger Event:
push
-
Statement type:
File details
Details for the file enigma_encryption-0.2.0-cp311-cp311-macosx_11_0_arm64.whl.
File metadata
- Download URL: enigma_encryption-0.2.0-cp311-cp311-macosx_11_0_arm64.whl
- Upload date:
- Size: 91.6 kB
- Tags: CPython 3.11, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3a5d54654c68861a9c34394c274ec5372136655157ba985556d3ff10ee71ff0e
|
|
| MD5 |
286c0036a0342d6b70a92f33a147a40d
|
|
| BLAKE2b-256 |
26379dda2e38d5b206f5d17ef988c9057019b679364e6f6d88a5ec00a492d484
|
Provenance
The following attestation bundles were made for enigma_encryption-0.2.0-cp311-cp311-macosx_11_0_arm64.whl:
Publisher:
publish-pypi.yml on dsainvg/enigma
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
enigma_encryption-0.2.0-cp311-cp311-macosx_11_0_arm64.whl -
Subject digest:
3a5d54654c68861a9c34394c274ec5372136655157ba985556d3ff10ee71ff0e - Sigstore transparency entry: 1950986556
- Sigstore integration time:
-
Permalink:
dsainvg/enigma@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/dsainvg
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Trigger Event:
push
-
Statement type:
File details
Details for the file enigma_encryption-0.2.0-cp310-cp310-win_amd64.whl.
File metadata
- Download URL: enigma_encryption-0.2.0-cp310-cp310-win_amd64.whl
- Upload date:
- Size: 215.6 kB
- Tags: CPython 3.10, Windows x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
eeca65d16d68b3dfb097d92dac896fa62df596b4bbf03dec5e32f8302894a1de
|
|
| MD5 |
4ba435a4a6684bfb47aff6a30a9abf22
|
|
| BLAKE2b-256 |
1ebefdd04aeeff11368b9002439d5a5a7b0771f981732a979d26fa5192190d71
|
Provenance
The following attestation bundles were made for enigma_encryption-0.2.0-cp310-cp310-win_amd64.whl:
Publisher:
publish-pypi.yml on dsainvg/enigma
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
enigma_encryption-0.2.0-cp310-cp310-win_amd64.whl -
Subject digest:
eeca65d16d68b3dfb097d92dac896fa62df596b4bbf03dec5e32f8302894a1de - Sigstore transparency entry: 1950987136
- Sigstore integration time:
-
Permalink:
dsainvg/enigma@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/dsainvg
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Trigger Event:
push
-
Statement type:
File details
Details for the file enigma_encryption-0.2.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.
File metadata
- Download URL: enigma_encryption-0.2.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
- Upload date:
- Size: 119.1 kB
- Tags: CPython 3.10, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
36e9166f15dece848a63c706dad4f39496752c7276879616ca562d7cb7a93c0e
|
|
| MD5 |
6e76996e6d5bcd6daa92ee98a3eac1b8
|
|
| BLAKE2b-256 |
da8a4cbd272a9bcc5c848a30e7b0858bb7dd0d449b59f8d47966d4c0f5fdb342
|
Provenance
The following attestation bundles were made for enigma_encryption-0.2.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
Publisher:
publish-pypi.yml on dsainvg/enigma
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
enigma_encryption-0.2.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl -
Subject digest:
36e9166f15dece848a63c706dad4f39496752c7276879616ca562d7cb7a93c0e - Sigstore transparency entry: 1950988465
- Sigstore integration time:
-
Permalink:
dsainvg/enigma@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/dsainvg
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Trigger Event:
push
-
Statement type:
File details
Details for the file enigma_encryption-0.2.0-cp310-cp310-macosx_11_0_arm64.whl.
File metadata
- Download URL: enigma_encryption-0.2.0-cp310-cp310-macosx_11_0_arm64.whl
- Upload date:
- Size: 90.4 kB
- Tags: CPython 3.10, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9c58f8bd1b1e1c8fe05b90565326204d6477ecab3e1f077f439f1c0c5101d2b6
|
|
| MD5 |
f468905be8534622ec9225ef9ad2795c
|
|
| BLAKE2b-256 |
f8a07984a598fff1ad6faab9ed4fae30eef41f485a4864c16a90ce3a40700315
|
Provenance
The following attestation bundles were made for enigma_encryption-0.2.0-cp310-cp310-macosx_11_0_arm64.whl:
Publisher:
publish-pypi.yml on dsainvg/enigma
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
enigma_encryption-0.2.0-cp310-cp310-macosx_11_0_arm64.whl -
Subject digest:
9c58f8bd1b1e1c8fe05b90565326204d6477ecab3e1f077f439f1c0c5101d2b6 - Sigstore transparency entry: 1950988831
- Sigstore integration time:
-
Permalink:
dsainvg/enigma@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/dsainvg
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@72602af4d3a7d3e9b97002ef372a9ce5d6f45751 -
Trigger Event:
push
-
Statement type: