FernetCrypt CLI Encrypt and decrypt files using a password.
Project description
FernetCrypt
A command-line tool that implements Fernet encryption.
FernetCrypt encryption is a Python library that implement best-practices for encrypting data using a password.
Fernet is a combination of AES, PKCS7, HMAC, and SHA256 for doing the heavy lifting.
This tool includes a "raw" mode which just writes the raw salt and then the encrypted data, or the normal mode which stores the salt in base85 format and also includes a file identification magic string "#UF1#". In either case, the data is blocked in 40,960 bytes to allow for encrypting files larger than memory.
Usage
Usage: fernetcrypt [OPTIONS] COMMAND [ARGS]...
Encrypt or decrypt a file based on a password.
╭─ Options ────────────────────────────────────────────────────────────────────╮
│ --install-completion Install completion for the current shell. │
│ --show-completion Show completion for the current shell, to copy │
│ it or customize the installation. │
│ --help Show this message and exit. │
╰──────────────────────────────────────────────────────────────────────────────╯
╭─ Commands ───────────────────────────────────────────────────────────────────╮
│ decrypt Decrypt a file. │
│ edit Edit an encrypted file in place. │
│ encrypt Encrypt a file. │
╰──────────────────────────────────────────────────────────────────────────────╯
Fernet is an encryption that uses existing tools (AES, PKCS7, HMAC, SHA256) to
implement a 'best practices' for encrypting a file with a password. It's
primary benefit is that it is easily availabile for Python programs, simple,
and secure. See for more information:
https://github.com/linsomniac/fernetcrypt
Usage: fernetcrypt encrypt [OPTIONS] INPUT_FILE [OUTPUT_FILE]
Encrypt a file.
╭─ Arguments ──────────────────────────────────────────────────────────────────╮
│ * input_file TEXT Input file to encrypt [default: None] │
│ [required] │
│ output_file [OUTPUT_FILE] Output file for the encrypted data │
│ [default: None] │
╰──────────────────────────────────────────────────────────────────────────────╯
╭─ Options ────────────────────────────────────────────────────────────────────╮
│ --password TEXT Password for encryption. Can also be │
│ specified in the 'FERNET_PASSWORD' │
│ environment variable. Otherwise, it will be │
│ read from the terminal. │
│ [env var: FERNET_PASSWORD] │
│ [default: None] │
│ --raw --no-raw Use 'raw' Fernet encrypted format rather │
│ than the default. │
│ [default: no-raw] │
│ --help Show this message and exit. │
╰──────────────────────────────────────────────────────────────────────────────╯
Usage: fernetcrypt decrypt [OPTIONS] INPUT_FILE [OUTPUT_FILE]
Decrypt a file.
╭─ Arguments ──────────────────────────────────────────────────────────────────╮
│ * input_file TEXT Input file to decrypt [default: None] │
│ [required] │
│ output_file [OUTPUT_FILE] Output file for the plain-text data │
│ [default: None] │
╰──────────────────────────────────────────────────────────────────────────────╯
╭─ Options ────────────────────────────────────────────────────────────────────╮
│ --password TEXT Password for decryption. Can also be │
│ specified in the 'FERNET_PASSWORD' │
│ environment variable. Otherwise, it will be │
│ read from the terminal. │
│ [env var: FERNET_PASSWORD] │
│ [default: None] │
│ --raw --no-raw Use 'raw' Fernet encrypted format rather │
│ than the default. │
│ [default: no-raw] │
│ --help Show this message and exit. │
╰──────────────────────────────────────────────────────────────────────────────╯
Usage: fernetcrypt edit [OPTIONS] FILENAME
Edit an encrypted file in place.
╭─ Arguments ──────────────────────────────────────────────────────────────────╮
│ * filename TEXT Encrypted file to edit [default: None] [required] │
╰──────────────────────────────────────────────────────────────────────────────╯
╭─ Options ────────────────────────────────────────────────────────────────────╮
│ --password TEXT Password for decryption. Can also be │
│ specified in the 'FERNET_PASSWORD' │
│ environment variable. Otherwise, it will be │
│ read from the terminal. │
│ [env var: FERNET_PASSWORD] │
│ [default: None] │
│ --raw --no-raw Use 'raw' Fernet encrypted format rather │
│ than the default. │
│ [default: no-raw] │
│ --help Show this message and exit. │
╰──────────────────────────────────────────────────────────────────────────────╯
Format
The normal format this tool writes Fernet data in is as follows:
- 20 bytes of base85 encoded salt.
- 5 bytes of magic: "#UF1#"
- Blocks of 54712 bytes of Fernet encrypted data. The final block will be less than this length.
I'm calling this format "uPlaybook Fernet" because I built it for use in the uPlaybook project and there doesn't seem to be any sort of format for Fernet encryption persisting.
I chose this format because the base Fernet encrypted data seems to be ASCII encoded, so let's make the salt also ASCII, and I wanted to put a magic number in there to allow identifying of the file and also allow for versions of files in case a future format shift is warranted.
The block size was chosen as that is the encrypted size of input blocks of 40,960 bytes. This is slightly more space efficient than 4096 bytes, but still fairly reasonable for even small machines to be able to handle, in 2023. The encrypted data is in blocks of 54,712 bytes (which is what 40,960 bytes expands to after encryption).
I'm calling this "uPlaybook Fernet Format 1".
Format (raw)
If the "--raw" option is given, the file format is:
- 16 bytes of salt (expect to be non-ascii).
- Blocks of 54712 bytes of Fernet encrypted data. The final block will be less than this length.
This is, as far as I understand it, the most basic format of Fernet encrypted data, and foregoes my magic number, so this might be able to read files written by someone who is unaware of my format above. Assuming either they chose 40K block size, or their encrypted data is less than 40K.
This could also be considered "uPlaybook Format 0", the format used by uPlaybook before I decided to add the magic.
License
CC0 1.0 Universal, see LICENSE file for more information.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file fernetcrypt-1.0.3.tar.gz
.
File metadata
- Download URL: fernetcrypt-1.0.3.tar.gz
- Upload date:
- Size: 8.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | c5c05c174466883ae4c705eca72f842b5d8b98f2206e9fcf16aebf98c7ae6649 |
|
MD5 | 0d943a4d9ec1d555a9500d5ef5b99426 |
|
BLAKE2b-256 | 80249c1aa34a959e7028d242eb2f3fdc1e810ccdc2e653f38564496d4645fb84 |
File details
Details for the file fernetcrypt-1.0.3-py3-none-any.whl
.
File metadata
- Download URL: fernetcrypt-1.0.3-py3-none-any.whl
- Upload date:
- Size: 8.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6245a52a4262ed7a50fd188e570ca696979e90d21dcd0939b7f4edb08ba6458e |
|
MD5 | 54a0bd7077e30b8ae8436184f9d0f1ac |
|
BLAKE2b-256 | fa8786b09701592ea3dbbf948a13e847f25527e34b97980dd5833078504e86d9 |