FFX - Format Preserving Encryption (NIST FFX-A2 mode of operation)

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for kpdyer from gravatar.com kpdyer

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Kevin P. Dyer
  • Maintainer: Kevin P. Dyer
  • Tags cryptography , encryption , format-preserving , ffx , fpe , aes
  • Requires: Python >=3.9
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

libffx - Format Preserving Encryption

Python 3.9+ License: MIT

A Python implementation of the FFX Mode of Operation for Format-Preserving Encryption (FPE).

Format-preserving encryption encrypts data while preserving its format. For example, a 16-digit credit card number encrypts to another 16-digit number, and a 9-digit SSN encrypts to another 9-digit number.

Quick Start

import ffx

# 128-bit key (as hex)
key = ffx.FFXInteger('2b7e151628aed2a6abf7158809cf4f3c', radix=16, blocksize=32)

# Create encrypter for decimal digits
ffx_obj = ffx.new(key.to_bytes(16), radix=10)

# Encrypt a credit card number
cc_number = ffx.FFXInteger('4111111111111111', radix=10, blocksize=16)
tweak = ffx.FFXInteger('0000000000', radix=10, blocksize=10)

encrypted = ffx_obj.encrypt(tweak, cc_number)
decrypted = ffx_obj.decrypt(tweak, encrypted)

print(f"Original:  {cc_number}")   # 4111111111111111
print(f"Encrypted: {encrypted}")   # 3847592710482695
print(f"Decrypted: {decrypted}")   # 4111111111111111

API Reference

ffx.new(key, radix)

Create a new FFX encrypter.

  • key: 16-byte AES-128 key
  • radix: Base for message alphabet (2-36)

FFXInteger(value, radix=2, blocksize=None)

Represent a value in a specific radix.

  • value: Integer, string representation, or another FFXInteger
  • radix: Base (2-36)
  • blocksize: Minimum output length (zero-padded)

FFXEncrypter.encrypt(tweak, plaintext) / .decrypt(tweak, ciphertext)

Encrypt/decrypt with an optional tweak (public associated data).

Specification

This implementation follows the NIST FFX-A2 specification:

  • Cipher: AES-128
  • Mode: Maximally-balanced Feistel network
  • Rounds: 10 (constant)
  • Radix: 2–36 (binary through alphanumeric)

Security Considerations

  • FFX is designed for format-preserving encryption of small domains
  • Security depends on domain size; very small domains may be vulnerable to brute force
  • Always use cryptographically random keys
  • Tweaks should be unique per encryption when possible

Links

License

MIT License

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for kpdyer from gravatar.com kpdyer

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Kevin P. Dyer
  • Maintainer: Kevin P. Dyer
  • Tags cryptography , encryption , format-preserving , ffx , fpe , aes
  • Requires: Python >=3.9
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

1.0.2

1.0.1

1.0.0

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

libffx-1.0.2.tar.gz (14.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

libffx-1.0.2-py3-none-any.whl (9.2 kB view details)

Uploaded Python 3

File details

Details for the file libffx-1.0.2.tar.gz.

File metadata

  • Download URL: libffx-1.0.2.tar.gz
  • Upload date:
  • Size: 14.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for libffx-1.0.2.tar.gz
Algorithm Hash digest
SHA256 af5bf0477b6a7bbcdd684b5c52b62a4918ef5d2bd3940cff2953354b72602207
MD5 9119ca6260e7763e8d6b09850e18400b
BLAKE2b-256 0b00a679e988962f8439d6e604f8bd9bd83ac61a73ac4f9cc38ed7db008aac31

See more details on using hashes here.

Provenance

The following attestation bundles were made for libffx-1.0.2.tar.gz:

Publisher: publish.yml on kpdyer/libffx

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file libffx-1.0.2-py3-none-any.whl.

File metadata

  • Download URL: libffx-1.0.2-py3-none-any.whl
  • Upload date:
  • Size: 9.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for libffx-1.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 4c04e06eca11988be24cce9de90aab726bb47a70e2dd8d2065c532870040727a
MD5 fa84b0db28937b602dc8a20891a9004e
BLAKE2b-256 36fdfc7f7e9cf9dae2729c92497db36adc7d7da701cac78650c46d73707ae722

See more details on using hashes here.

Provenance

The following attestation bundles were made for libffx-1.0.2-py3-none-any.whl:

Publisher: publish.yml on kpdyer/libffx

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page