Tool for convergently encrypting files used by MetaDisk.
Project description
This is a library used by MetaDisk to convergently encrypt and decrypt files. It contains helper methods to encrypt and decrypt files inline (without using extra space) and to stream decryption.
Installation
You can easily install file-encryptor using pip:
pip install file_encryptor
Usage
Here’s an example to encrypt a file inline using convergent encryption:
import file_encryptor.convergence
key = convergence.encrypt_inline_file("/path/to/file", None)
You can also specify a passphrase:
import file_encryptor.convergence
key = convergence.encrypt_inline_file("/path/to/file", "rainbow dinosaur secret")
To decrypt a file inline, you need the key that was returned by the encrypt method:
import file_encryptor.convergence
key = convergence.encrypt_inline_file("/path/to/file", "rainbow dinosaur secret")
convergence.decrypt_inline_file("/path/to/file", key)
The reason why you cannot use the passphrase directly is because the key is derived from both the passphrase and the SHA-256 of the original file.
For streaming applications, you can decrypt a file with a generator:
for chunk in convergence.decrypt_generator("/path/to/file", key):
do_something_with_chunk(chunk)
Cryptoconcerns
The key generation mechanism is the following:
key = HMAC-SHA256(passphrase, hex(SHA256(file-contents)))
If no passphrase is given, a default is used.
The file itself is encrypted using AES128-CTR, from pycrypto. We’re not specifying any IV, thinking that for convergent encryption that is the right thing to do.
Testing
To run tests, execute the following command in the project root:
python setup.py test -a "--doctest-modules --pep8 -v tests/"
To run tests with detailed coverage output, execute:
coverage run setup.py test -a "--doctest-modules --pep8 -v tests/" coverage report -m --include="file_encryptor/*"
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file file_encryptor-0.2.9.tar.gz
.
File metadata
- Download URL: file_encryptor-0.2.9.tar.gz
- Upload date:
- Size: 4.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4bc85ce2e2e344eeb74a0c20a29cf4427fcb3ceafcfc314adc6ca348b61b8cd1 |
|
MD5 | e909519331b31cf0507fe90afbd3bbe9 |
|
BLAKE2b-256 | 330a02a172c320d6f2f4725464ffcad5c415ce2192d8dca031213afcb99653c6 |