allows one to easily encrypt and decrypt files symmetrically using openssl and python3
Project description
fileenc-openssl
---------------------------------------
This code allows one to easily encrypt and decrypt files symmetrically using openssl and python3.
* Uses ``aes-256-cbc`` for file encryption (as implemented by openssl)
* Uses a salt when encrypting (to avoid pre-computation or rainbow tables).
* Uses ``sha256`` key stretching (with <0.1s) to make brute force prohibitively expensive.
* Uses ``sha256`` checksum to check file integrity.
Installation
---------------------------------------
You can install using
.. code-block:: bash
pip install fileenc-openssl
If you want ``fileenc`` and ``filedec`` available system-wide, use ``sudo`` or equivalent.
Usage
---------------------------------------
From command line:
.. code-block:: bash
fileenc --key 'password123' --input '*.png' --check --overwrite
filedec --key 'password123' --input '*.png.enc' --check --overwrite --remove
# the quotes around wildcards are important
From python:
.. code-block:: python
from fileenc_openssl import stretch_key, encrypt_file, decrypt_file
stretched_key = stretch_key('password123')
enc_pth = encrypt_file(raw_pth, key=stretched_key)
res_pth = decrypt_file(enc_pth, key=stretched_key)
Testing (needs ``py.test``):
.. code-block:: bash
py.test
Options
---------------------------------------
You can find all options using ``fileenc --help``::
-h, --help show this help message and exit
-k KEY, --key KEY the key to use for encryption; you will be prompted for one if this is not provided (more secure)
-i INP, --input INP input file, directory or pattern (as a single string) (.enc will be appended)
-o OUTP, --output OUTP optionally, output file or directory (.enc will be stripped if available)
-d, --decrypt decrypt the input file(s) (as opposed to encrypt, which is the default)
-f, --overwrite overwrite existing files when decrypting (encrypting always overwrites)
-r, --remove remove the input file after en/decrypting (after --check)
-c, --check test the encryption by reversing it (abort on failure) (only for ENcryption due to salting)
-1, --once prompt for the key only once (when encrypting without -k)
-j N, --process-count N number of parallel processes to use for en/decryption; `0` for auto (default), `1` for serial
optional arguments:
-h, --help show this help message and exit
-k KEY, --key KEY the key to use for encryption; you will be prompted
for one if this is not provided (more secure)
-i INP, --input INP input file, directory or pattern as a single string
(required for encrypting; defaults to *.enc when
decrypting)
-o OUTP, --output OUTP
optionally, output file or directory; .enc will be
appended to each file
-d, --decrypt decrypt the input file(s) (as opposed to encrypt,
which is the default)
-f, --overwrite overwrite existing files when decrypting (encrypting
always overwrites)
-r, --remove shred the input file after en/decrypting (after
--check)
-c, --check test the encryption by reversing it (abort on failure)
(only for ENcryption due to salting)
-1, --once prompt for the key only once (only applicable if --key
and --decrypt are not set)
-j PROC_CNT, --process-count PROC_CNT
number of parallel processes to use for en/decryption;
`0` for auto (default), `1` for serial
License
---------------------------------------
Revised BSD License; at your own risk, you can mostly do whatever you want with this code, just don't use my name for promotion and do keep the license file.
---------------------------------------
This code allows one to easily encrypt and decrypt files symmetrically using openssl and python3.
* Uses ``aes-256-cbc`` for file encryption (as implemented by openssl)
* Uses a salt when encrypting (to avoid pre-computation or rainbow tables).
* Uses ``sha256`` key stretching (with <0.1s) to make brute force prohibitively expensive.
* Uses ``sha256`` checksum to check file integrity.
Installation
---------------------------------------
You can install using
.. code-block:: bash
pip install fileenc-openssl
If you want ``fileenc`` and ``filedec`` available system-wide, use ``sudo`` or equivalent.
Usage
---------------------------------------
From command line:
.. code-block:: bash
fileenc --key 'password123' --input '*.png' --check --overwrite
filedec --key 'password123' --input '*.png.enc' --check --overwrite --remove
# the quotes around wildcards are important
From python:
.. code-block:: python
from fileenc_openssl import stretch_key, encrypt_file, decrypt_file
stretched_key = stretch_key('password123')
enc_pth = encrypt_file(raw_pth, key=stretched_key)
res_pth = decrypt_file(enc_pth, key=stretched_key)
Testing (needs ``py.test``):
.. code-block:: bash
py.test
Options
---------------------------------------
You can find all options using ``fileenc --help``::
-h, --help show this help message and exit
-k KEY, --key KEY the key to use for encryption; you will be prompted for one if this is not provided (more secure)
-i INP, --input INP input file, directory or pattern (as a single string) (.enc will be appended)
-o OUTP, --output OUTP optionally, output file or directory (.enc will be stripped if available)
-d, --decrypt decrypt the input file(s) (as opposed to encrypt, which is the default)
-f, --overwrite overwrite existing files when decrypting (encrypting always overwrites)
-r, --remove remove the input file after en/decrypting (after --check)
-c, --check test the encryption by reversing it (abort on failure) (only for ENcryption due to salting)
-1, --once prompt for the key only once (when encrypting without -k)
-j N, --process-count N number of parallel processes to use for en/decryption; `0` for auto (default), `1` for serial
optional arguments:
-h, --help show this help message and exit
-k KEY, --key KEY the key to use for encryption; you will be prompted
for one if this is not provided (more secure)
-i INP, --input INP input file, directory or pattern as a single string
(required for encrypting; defaults to *.enc when
decrypting)
-o OUTP, --output OUTP
optionally, output file or directory; .enc will be
appended to each file
-d, --decrypt decrypt the input file(s) (as opposed to encrypt,
which is the default)
-f, --overwrite overwrite existing files when decrypting (encrypting
always overwrites)
-r, --remove shred the input file after en/decrypting (after
--check)
-c, --check test the encryption by reversing it (abort on failure)
(only for ENcryption due to salting)
-1, --once prompt for the key only once (only applicable if --key
and --decrypt are not set)
-j PROC_CNT, --process-count PROC_CNT
number of parallel processes to use for en/decryption;
`0` for auto (default), `1` for serial
License
---------------------------------------
Revised BSD License; at your own risk, you can mostly do whatever you want with this code, just don't use my name for promotion and do keep the license file.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
fileenc-openssl-1.3.1.tar.gz
(6.2 kB
view details)
File details
Details for the file fileenc-openssl-1.3.1.tar.gz.
File metadata
- Download URL: fileenc-openssl-1.3.1.tar.gz
- Upload date:
- Size: 6.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6d9ebbbfce64d61b50ac03f0eb463184c9f392d39c5b437690c46298b5c2e0a1 |
|
| MD5 | 7b47d64e578200f421aa30ab7a7fcb34 |
|
| BLAKE2b-256 | 829655045409aaea0acdafe0915b57bd002b42b71b3ddace1f6be99dfd7a441e |
