FFX - Format Preserving Encryption (NIST FFX-A2 mode of operation)
Project description
libffx - Format Preserving Encryption
A Python implementation of the FFX Mode of Operation for Format-Preserving Encryption (FPE).
Format-preserving encryption encrypts data while preserving its format. For example, a 16-digit credit card number encrypts to another 16-digit number, and a 9-digit SSN encrypts to another 9-digit number.
Quick Start
import ffx
# 128-bit key (as hex)
key = ffx.FFXInteger('2b7e151628aed2a6abf7158809cf4f3c', radix=16, blocksize=32)
# Create encrypter for decimal digits
ffx_obj = ffx.new(key.to_bytes(16), radix=10)
# Encrypt a credit card number
cc_number = ffx.FFXInteger('4111111111111111', radix=10, blocksize=16)
tweak = ffx.FFXInteger('0000000000', radix=10, blocksize=10)
encrypted = ffx_obj.encrypt(tweak, cc_number)
decrypted = ffx_obj.decrypt(tweak, encrypted)
print(f"Original: {cc_number}") # 4111111111111111
print(f"Encrypted: {encrypted}") # 3847592710482695
print(f"Decrypted: {decrypted}") # 4111111111111111
API Reference
ffx.new(key, radix)
Create a new FFX encrypter.
key: 16-byte AES-128 keyradix: Base for message alphabet (2-36)
FFXInteger(value, radix=2, blocksize=None)
Represent a value in a specific radix.
value: Integer, string representation, or another FFXIntegerradix: Base (2-36)blocksize: Minimum output length (zero-padded)
FFXEncrypter.encrypt(tweak, plaintext) / .decrypt(tweak, ciphertext)
Encrypt/decrypt with an optional tweak (public associated data).
Specification
This implementation follows the NIST FFX-A2 specification:
- Cipher: AES-128
- Mode: Maximally-balanced Feistel network
- Rounds: 10 (constant)
- Radix: 2–36 (binary through alphanumeric)
Security Considerations
- FFX is designed for format-preserving encryption of small domains
- Security depends on domain size; very small domains may be vulnerable to brute force
- Always use cryptographically random keys
- Tweaks should be unique per encryption when possible
Links
License
MIT License
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file libffx-1.0.1.tar.gz.
File metadata
- Download URL: libffx-1.0.1.tar.gz
- Upload date:
- Size: 23.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1ecd8c136aebbc3c41d4470b8ed764627b64a8008221354ab46d53e7f5811d7e
|
|
| MD5 |
774f777a8eabde49b498369cf1d9b607
|
|
| BLAKE2b-256 |
82f1ea24bb8234bf4e318d083a951667ec6ea884b09d965c0a05dec2651cc69d
|
File details
Details for the file libffx-1.0.1-py3-none-any.whl.
File metadata
- Download URL: libffx-1.0.1-py3-none-any.whl
- Upload date:
- Size: 20.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
47af7d4502ca567b6cca7cf1dc0530e72722e99b5373c8b9881e2a7d25c0fa91
|
|
| MD5 |
67965846a37de0436b5ae8bfd1c22c17
|
|
| BLAKE2b-256 |
ce5fe56d7885e8212f27132f3fb52f60bb5fd4cff81ed10727aec3470266c1bb
|
