multi-crypt 0.0.4

A single unified interface for working with alternative cryptographic algorithms.

MultiCrypt

A high-level python API for encryption and cryptographic signing, agnostic of underlying mathematical cryptographic algorithms.

Structure of This Module

This module serves the purpose of providing clear and easy-to-use cryptography tools to programmers. It hides away the complexity of hybrid cryptography while still giving the user the choice between different algorithms and hybridisation protocols.

It provides exactly three pairs of functions to the user:

• encrypt & decrypt
• sign & verify_signature
• generate_keys & derive_public_key

Each of these functions takes the fundamental cryptographic algorithm family to be used as a parameter. encrypt and decrypt can additionally take a configuration string specifying additional algorithms and protocols to be used for hybrid encryption.

What This Library Doesn't Implement

• key derivation & exchange protocols: these cryptographic procedures require negotiation between the participants, so I haven't implemented this feature so far to keep this API simple and straight forward to use. I may implement them in the future.
• hashing: this module probably should implement that!

Rationale

The basis of cryptographic operations are mathematical algorithms. New mathematical operations are always being developed with different advantages and disadvantages. These algorithms can be used to perform a range of different cryptographic operations:

• encryption & decryption
• signing and signature verification Often, an algorithm can be used in different ways to perform the same cryptographic operation, for example it could use multiple key lengths.

Often, we compound different algorithms to perform a cryptographic operation, for example plaintext might be encrypted with a symmetric algorithm for efficiency with the key encrypted asymmetrically for security and encoded into the cipher for practicality.

This library aims to abstract away these details as much as possible to provide a clean API that is compatible with many cryptographic algorithms and the alternative options for using them (various key lengths, compounded operations etc.)

Development Status EXPERIMENTAL

This library is subject to breaking changes to improve the API. Feel free to provide feedback (Github issues/discussions).

Can it really be that nobody else hasn't built a library or standards like this before? I searched but maybe I'm not good enough! Please let me know if you do! (Github issues/discussions)

Cryptographic Algorithm Families

In this library, a family of cryptographic algorithms is a collection of different sets of compounded algorithms for performing cryptographic operations that use intercompatible public & private keys because they share the same algorithm for the first layer in their cryptographic stacks.

The operations within a cryptographic family can use all keys generated by the family's generate_keys() function, even if it has the flexibility of receiving user-defined parameters such as variable key length.

Usage

Here is the simplest usage of multi_crypt, without specific encryption and signing options. For details on encryption and signing options, or to learn how to use a purely functional, non-object-oriented approach, see tests/test_multi_crypt.py

from multi_crypt import Crypt
CRYPTO_FAMILY = "EC-secp256k1"

# generate new keys
private_crypt = Crypt.new(CRYPTO_FAMILY)

# load public key for encryption and signature verification
public_key = private_crypt.get_public_key()
public_crypt = Crypt(CRYPTO_FAMILY, public_key=public_key)

# encrypt and decrypt
original_data = b"Hello there!"
encrypted_data = public_crypt.encrypt(original_data)
decrypted_data = private_crypt.decrypt(encrypted_data)
assert decrypted_data == original_data, "Encryption works!"


# sign and verify
data = b"Hello there!"
false_data = b"Hello, World!"
signature = private_crypt.sign(data)
is_verified = public_crypt.verify_signature(signature, data)
false_signature = private_crypt.sign(false_data)
# this verification should return False
is_false_sig_verified = public_crypt.verify_signature(false_signature, data)
assert is_verified and not is_false_sig_verified, "Signing & verification work!"