Python bindings for obcrypt — bytes-in/bytes-out symmetric encryption (oboron protocol, a-tier + u-tier).
Project description
obcrypt
Python bindings for obcrypt — the bytes-in /
bytes-out cryptographic core of the oboron protocol.
Authenticated (a-tier) and unauthenticated-but-real (u-tier)
symmetric encryption operating on raw bytes; no text encoding,
no UTF-8 validation.
Install
pip install obcrypt
Wheels are published for Linux (x86_64, aarch64), macOS (arm64,
x86_64), and Windows (x86_64). The extension is built against
PyO3's stable ABI (abi3-py38); a single wheel covers CPython
3.8 and later.
Keys
Keys are 128-character hex strings — the canonical oboron key form, the same form that comes out of env vars, config files, and secrets managers. Generate one:
import obcrypt
key = obcrypt.generate_key()
# 'd853c88c2b1f...f10649cb' (128 lowercase hex chars)
Wherever obcrypt takes a key, it takes that string directly.
Raw 64-byte key material is available via the key_bytes
property and generate_key_bytes() for interop with byte-native
APIs (HSMs, cryptography, pynacl, custom storage), but the
hex form is the canonical input everywhere.
Quick start
Codec class style
Binds a key and scheme together — most ergonomic when one codec handles many messages.
import obcrypt
key = obcrypt.generate_key()
aasv = obcrypt.Aasv(key)
payload = aasv.encrypt(b"hello")
plaintext = aasv.decrypt(payload)
assert plaintext == b"hello"
Or, from an env var:
import os, obcrypt
aasv = obcrypt.Aasv(os.environ["OBCRYPT_KEY"])
Free-function style
Pass the scheme as a string (or a constant from
obcrypt.schemes) on each call.
import obcrypt
from obcrypt import schemes
key = obcrypt.generate_key()
payload = obcrypt.encrypt(b"hello", schemes.AASV, key)
plaintext = obcrypt.decrypt(payload, key) # auto-detect
assert plaintext == b"hello"
decrypt auto-detects the scheme from the trailing marker in
the payload. Use decrypt_as(payload, scheme, key) if you want
to require a specific scheme and reject mismatches.
Schemes
| Name | Tier | Determinism | Algorithm |
|---|---|---|---|
aags |
a (auth) | deterministic | AES-GCM-SIV |
apgs |
a (auth) | probabilistic | AES-GCM-SIV |
aasv |
a (auth) | deterministic | AES-SIV |
apsv |
a (auth) | probabilistic | AES-SIV |
upbc |
u (unauth) | probabilistic | AES-CBC |
See the obcrypt crate docs for algorithm details and per-scheme use-case guidance.
Exceptions
All errors inherit from obcrypt.ObcryptError:
InvalidKey— bad hex / wrong-length keyInvalidScheme— unknown scheme name / marker mismatchEncryptionFailed— AEAD failure / empty plaintextDecryptionFailed— tag check, padding, short payload, etc.
Development build
pip install maturin
cd obcrypt-py
maturin develop --release
License
MIT — see LICENSE.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file obcrypt-0.1.1.tar.gz.
File metadata
- Download URL: obcrypt-0.1.1.tar.gz
- Upload date:
- Size: 37.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e20592c76b7194bfc23e2a8b52bbd19dceefa51d1188e4ecaba0c09e9e35a518
|
|
| MD5 |
002118271894579e0200dcab0381ce6b
|
|
| BLAKE2b-256 |
152893cd49083559086a77ec6b618ad244087d81a0a8797019c93c51c378de6a
|
Provenance
The following attestation bundles were made for obcrypt-0.1.1.tar.gz:
Publisher:
publish-pypi.yml on deyanovich/obcrypt-rs
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
obcrypt-0.1.1.tar.gz -
Subject digest:
e20592c76b7194bfc23e2a8b52bbd19dceefa51d1188e4ecaba0c09e9e35a518 - Sigstore transparency entry: 1607666085
- Sigstore integration time:
-
Permalink:
deyanovich/obcrypt-rs@493f4f92539d409154810e2897b7187f0a52a1d1 -
Branch / Tag:
refs/tags/py/v0.1.1 - Owner: https://github.com/deyanovich
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@493f4f92539d409154810e2897b7187f0a52a1d1 -
Trigger Event:
push
-
Statement type:
File details
Details for the file obcrypt-0.1.1-cp38-abi3-win_amd64.whl.
File metadata
- Download URL: obcrypt-0.1.1-cp38-abi3-win_amd64.whl
- Upload date:
- Size: 180.9 kB
- Tags: CPython 3.8+, Windows x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2acbe0328f30e77be6acd4852c02f0d3c280fc5ba7b01964234ec1be9753227b
|
|
| MD5 |
57f0179c466a03ea00c4d283939a602a
|
|
| BLAKE2b-256 |
30b4f168260e4931298ac25fe348489b45ddc1a51d259b78c1ec00098004dc49
|
Provenance
The following attestation bundles were made for obcrypt-0.1.1-cp38-abi3-win_amd64.whl:
Publisher:
publish-pypi.yml on deyanovich/obcrypt-rs
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
obcrypt-0.1.1-cp38-abi3-win_amd64.whl -
Subject digest:
2acbe0328f30e77be6acd4852c02f0d3c280fc5ba7b01964234ec1be9753227b - Sigstore transparency entry: 1607666377
- Sigstore integration time:
-
Permalink:
deyanovich/obcrypt-rs@493f4f92539d409154810e2897b7187f0a52a1d1 -
Branch / Tag:
refs/tags/py/v0.1.1 - Owner: https://github.com/deyanovich
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@493f4f92539d409154810e2897b7187f0a52a1d1 -
Trigger Event:
push
-
Statement type:
File details
Details for the file obcrypt-0.1.1-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.
File metadata
- Download URL: obcrypt-0.1.1-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
- Upload date:
- Size: 268.6 kB
- Tags: CPython 3.8+, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1dde3a256791f3d89960adbeba840dfc2a8ad65c4a5269a86421a31d854b939a
|
|
| MD5 |
04ce449fbe94bfceaa130a2771adaedb
|
|
| BLAKE2b-256 |
0b66ed62c21cb1ba9e71e14ac7acbc1fe0595daa98f6c627d0a6a201693bb918
|
Provenance
The following attestation bundles were made for obcrypt-0.1.1-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
Publisher:
publish-pypi.yml on deyanovich/obcrypt-rs
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
obcrypt-0.1.1-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl -
Subject digest:
1dde3a256791f3d89960adbeba840dfc2a8ad65c4a5269a86421a31d854b939a - Sigstore transparency entry: 1607666291
- Sigstore integration time:
-
Permalink:
deyanovich/obcrypt-rs@493f4f92539d409154810e2897b7187f0a52a1d1 -
Branch / Tag:
refs/tags/py/v0.1.1 - Owner: https://github.com/deyanovich
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@493f4f92539d409154810e2897b7187f0a52a1d1 -
Trigger Event:
push
-
Statement type:
File details
Details for the file obcrypt-0.1.1-cp38-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.
File metadata
- Download URL: obcrypt-0.1.1-cp38-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
- Upload date:
- Size: 253.7 kB
- Tags: CPython 3.8+, manylinux: glibc 2.17+ ARM64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
36e38e2813bbf3b4f0192f6223142ecc4e8b59ab2652d9efd77064c4076ff0c3
|
|
| MD5 |
2ffa0488e65cc0434f19de4f09fb2c8b
|
|
| BLAKE2b-256 |
8c1b410dc4a16acf3760be93baf67805e35212c7f86fed3e898223fda408924e
|
Provenance
The following attestation bundles were made for obcrypt-0.1.1-cp38-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl:
Publisher:
publish-pypi.yml on deyanovich/obcrypt-rs
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
obcrypt-0.1.1-cp38-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl -
Subject digest:
36e38e2813bbf3b4f0192f6223142ecc4e8b59ab2652d9efd77064c4076ff0c3 - Sigstore transparency entry: 1607666234
- Sigstore integration time:
-
Permalink:
deyanovich/obcrypt-rs@493f4f92539d409154810e2897b7187f0a52a1d1 -
Branch / Tag:
refs/tags/py/v0.1.1 - Owner: https://github.com/deyanovich
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@493f4f92539d409154810e2897b7187f0a52a1d1 -
Trigger Event:
push
-
Statement type:
File details
Details for the file obcrypt-0.1.1-cp38-abi3-macosx_11_0_arm64.whl.
File metadata
- Download URL: obcrypt-0.1.1-cp38-abi3-macosx_11_0_arm64.whl
- Upload date:
- Size: 237.7 kB
- Tags: CPython 3.8+, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
96eb3d9942449c1005ad8e6b5dd7313f7e9d2eacc2e90a91c4e4796804112593
|
|
| MD5 |
46bef2f8bfd125000c385b4804811617
|
|
| BLAKE2b-256 |
a01cb017bbab874f7ab0eeecff04758d8780c83ee9b96c08676ceecca587cafb
|
Provenance
The following attestation bundles were made for obcrypt-0.1.1-cp38-abi3-macosx_11_0_arm64.whl:
Publisher:
publish-pypi.yml on deyanovich/obcrypt-rs
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
obcrypt-0.1.1-cp38-abi3-macosx_11_0_arm64.whl -
Subject digest:
96eb3d9942449c1005ad8e6b5dd7313f7e9d2eacc2e90a91c4e4796804112593 - Sigstore transparency entry: 1607666526
- Sigstore integration time:
-
Permalink:
deyanovich/obcrypt-rs@493f4f92539d409154810e2897b7187f0a52a1d1 -
Branch / Tag:
refs/tags/py/v0.1.1 - Owner: https://github.com/deyanovich
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@493f4f92539d409154810e2897b7187f0a52a1d1 -
Trigger Event:
push
-
Statement type:
File details
Details for the file obcrypt-0.1.1-cp38-abi3-macosx_10_12_x86_64.whl.
File metadata
- Download URL: obcrypt-0.1.1-cp38-abi3-macosx_10_12_x86_64.whl
- Upload date:
- Size: 255.2 kB
- Tags: CPython 3.8+, macOS 10.12+ x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
112f798d2676d852cf71f0cd8b51675119e65080f4ccf40015ba7883367eaff6
|
|
| MD5 |
fb920ec01e5cd402a9f53c9b0128d402
|
|
| BLAKE2b-256 |
6295fd480889ab2e649b7e18b57c7fff4606522d08f1327554709bfb2bf532dd
|
Provenance
The following attestation bundles were made for obcrypt-0.1.1-cp38-abi3-macosx_10_12_x86_64.whl:
Publisher:
publish-pypi.yml on deyanovich/obcrypt-rs
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
obcrypt-0.1.1-cp38-abi3-macosx_10_12_x86_64.whl -
Subject digest:
112f798d2676d852cf71f0cd8b51675119e65080f4ccf40015ba7883367eaff6 - Sigstore transparency entry: 1607666160
- Sigstore integration time:
-
Permalink:
deyanovich/obcrypt-rs@493f4f92539d409154810e2897b7187f0a52a1d1 -
Branch / Tag:
refs/tags/py/v0.1.1 - Owner: https://github.com/deyanovich
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@493f4f92539d409154810e2897b7187f0a52a1d1 -
Trigger Event:
push
-
Statement type: