Python bindings for obu — string-in/string-out UNAUTHENTICATED confidentiality (upcbc) and obfuscation-only (zdcbc) codecs. NOT authenticated; never use to protect secrets.
Project description
obu
Python bindings for obu — the unauthenticated /
obfuscation tier of the oboron family. A string-in,
string-out layer: one call takes plaintext to obtext (encrypted
- encoded), one call brings it back.
⚠️ obu is NOT authenticated.
upcbcprovides confidentiality without integrity (the obtext is tamperable);zdcbcis obfuscation only and is not cryptographically secure. Never use obu to protect secrets. For real, authenticated encryption use theoboronpackage.
obu operates on a 32-byte secret (64 lowercase hex characters) and shares no code with the authenticated core.
Install
pip install obu
Wheels ship for CPython 3.8+ (one abi3 wheel per platform) on Linux, macOS, and Windows, plus an sdist.
Quick start
import obu
secret = obu.generate_secret() # 64-char hex
z = obu.ZdcbcC32(secret)
obtext = z.enc("not-a-secret")
plaintext = z.dec(obtext)
assert plaintext == "not-a-secret"
Runtime-flexible (Obu, format mutable after construction):
o = obu.Obu("upcbc.b64", secret)
ot = o.enc("hello")
o.set_format("zdcbc.c32")
ot2 = o.enc("hello")
Multi-format (Omnibu, format supplied per call):
om = obu.Omnibu(secret)
ot = om.enc("hello", "upcbc.b64")
pt = om.dec(ot, "upcbc.b64") # format supplied, not detected
The obtext is markerless — it carries no scheme prefix — so dec
always needs the format the value was produced with. There is no
autodetection.
Schemes
upcbc— unauthenticated probabilistic AES-256-CBC. Confidentiality only, with a fresh random IV per encryption (so the output differs each time). No integrity protection.zdcbc— obfuscation-only deterministic AES-128-CBC with a constant IV. Not cryptographically secure, but deterministic: the same plaintext always yields the same obtext, usable as a stable handle.
Each scheme is available in four encodings — c32 (Crockford
base32), b32 (RFC 4648 base32), b64 (base64url), and hex — as
fixed-format classes (UpcbcC32, ZdcbcHex, …), via the
runtime-format Obu, or via the multi-format Omnibu. Combine
scheme and encoding as scheme.encoding, e.g. upcbc.c32. The
obu.formats module exposes the format strings as constants.
Secret
obu uses a single 256-bit secret, encoded as 64 lowercase hex
characters. upcbc uses all 32 bytes as the AES-256 key; zdcbc
takes bytes 0–15 as the AES-128 key and bytes 16–31 as its constant
IV. There is no base64 secret form. Generate one with
obu.generate_secret().
Exceptions
All errors inherit from obu.ObuError:
InvalidSecret— bad hex secret / wrong lengthInvalidFormat— unknown scheme / encoding / malformed format stringEncryptionFailed— empty plaintext /0x01pad-byte rejectionDecryptionFailed— obtext-decode / block-length / payload-shape / post-decrypt UTF-8 failure (upcbcreports a single uniformDecryptionFailed, never a distinguishing oracle)
License
Licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file obu-1.0.0.tar.gz.
File metadata
- Download URL: obu-1.0.0.tar.gz
- Upload date:
- Size: 56.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
80c62222e6f7abf5e8a0387b2b3af62856a354f9f18bc64cae5fd7b807014d5c
|
|
| MD5 |
c4d85102a83bf98fb3e07eb7cd799bef
|
|
| BLAKE2b-256 |
9d9f4746ce23185f67d71b8aa1754145930acbcc6b3ed8e48eb95215fd6e4eb3
|
Provenance
The following attestation bundles were made for obu-1.0.0.tar.gz:
Publisher:
publish-pypi.yml on deyanovich/obu-rs
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
obu-1.0.0.tar.gz -
Subject digest:
80c62222e6f7abf5e8a0387b2b3af62856a354f9f18bc64cae5fd7b807014d5c - Sigstore transparency entry: 2010269225
- Sigstore integration time:
-
Permalink:
deyanovich/obu-rs@1398edddd7b6bf84da1b9e4b69580cfa4358d49c -
Branch / Tag:
refs/tags/py/v1.0.0 - Owner: https://github.com/deyanovich
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@1398edddd7b6bf84da1b9e4b69580cfa4358d49c -
Trigger Event:
push
-
Statement type:
File details
Details for the file obu-1.0.0-cp38-abi3-win_amd64.whl.
File metadata
- Download URL: obu-1.0.0-cp38-abi3-win_amd64.whl
- Upload date:
- Size: 239.3 kB
- Tags: CPython 3.8+, Windows x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7ef6f85d7535feb1ce98a239138ed91a2dc9ac40c170a5a1be197a5ad036074e
|
|
| MD5 |
02eab9d061661d9e90fbd0fef6d43e81
|
|
| BLAKE2b-256 |
b58074e4f8b4cdee70338789e07732c96b9655913074a756954a6e19f66b9f6f
|
Provenance
The following attestation bundles were made for obu-1.0.0-cp38-abi3-win_amd64.whl:
Publisher:
publish-pypi.yml on deyanovich/obu-rs
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
obu-1.0.0-cp38-abi3-win_amd64.whl -
Subject digest:
7ef6f85d7535feb1ce98a239138ed91a2dc9ac40c170a5a1be197a5ad036074e - Sigstore transparency entry: 2010269484
- Sigstore integration time:
-
Permalink:
deyanovich/obu-rs@1398edddd7b6bf84da1b9e4b69580cfa4358d49c -
Branch / Tag:
refs/tags/py/v1.0.0 - Owner: https://github.com/deyanovich
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@1398edddd7b6bf84da1b9e4b69580cfa4358d49c -
Trigger Event:
push
-
Statement type:
File details
Details for the file obu-1.0.0-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.
File metadata
- Download URL: obu-1.0.0-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
- Upload date:
- Size: 322.0 kB
- Tags: CPython 3.8+, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bda8483b0fa90ba058dbc210f7af8151c56eb3b5d0f11dccf488673deba48cae
|
|
| MD5 |
ad1dc5d32dc8d2998a56786256fe2d68
|
|
| BLAKE2b-256 |
d9854763adde6f4d53f9bcd114beabc5cc2b19a40df31433a8bd85dccc7a128f
|
Provenance
The following attestation bundles were made for obu-1.0.0-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
Publisher:
publish-pypi.yml on deyanovich/obu-rs
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
obu-1.0.0-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl -
Subject digest:
bda8483b0fa90ba058dbc210f7af8151c56eb3b5d0f11dccf488673deba48cae - Sigstore transparency entry: 2010269360
- Sigstore integration time:
-
Permalink:
deyanovich/obu-rs@1398edddd7b6bf84da1b9e4b69580cfa4358d49c -
Branch / Tag:
refs/tags/py/v1.0.0 - Owner: https://github.com/deyanovich
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@1398edddd7b6bf84da1b9e4b69580cfa4358d49c -
Trigger Event:
push
-
Statement type:
File details
Details for the file obu-1.0.0-cp38-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.
File metadata
- Download URL: obu-1.0.0-cp38-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
- Upload date:
- Size: 300.9 kB
- Tags: CPython 3.8+, manylinux: glibc 2.17+ ARM64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ec7c41834416fd201e6317d9fe3e3bb9b0483a75d46a9d62a6a9ce5a2f73eb3a
|
|
| MD5 |
a7b2d330e9747076e3a2218cb908565c
|
|
| BLAKE2b-256 |
ba7500fd30878ffe97e5688a471ff3304f90a76b482b5ec02e3c010c09766302
|
Provenance
The following attestation bundles were made for obu-1.0.0-cp38-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl:
Publisher:
publish-pypi.yml on deyanovich/obu-rs
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
obu-1.0.0-cp38-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl -
Subject digest:
ec7c41834416fd201e6317d9fe3e3bb9b0483a75d46a9d62a6a9ce5a2f73eb3a - Sigstore transparency entry: 2010269914
- Sigstore integration time:
-
Permalink:
deyanovich/obu-rs@1398edddd7b6bf84da1b9e4b69580cfa4358d49c -
Branch / Tag:
refs/tags/py/v1.0.0 - Owner: https://github.com/deyanovich
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@1398edddd7b6bf84da1b9e4b69580cfa4358d49c -
Trigger Event:
push
-
Statement type:
File details
Details for the file obu-1.0.0-cp38-abi3-macosx_11_0_arm64.whl.
File metadata
- Download URL: obu-1.0.0-cp38-abi3-macosx_11_0_arm64.whl
- Upload date:
- Size: 285.5 kB
- Tags: CPython 3.8+, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ef1d61756c61dd7b00a7a1847fea9ca13da56be7422d31e671b08bca8cdffe4d
|
|
| MD5 |
8cf6d4bf57898ce1191788078bb19cb0
|
|
| BLAKE2b-256 |
9ced8249af0e08b85727dcacfc577165bd4c65a9724b8fcac6eb962fdd76a2bc
|
Provenance
The following attestation bundles were made for obu-1.0.0-cp38-abi3-macosx_11_0_arm64.whl:
Publisher:
publish-pypi.yml on deyanovich/obu-rs
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
obu-1.0.0-cp38-abi3-macosx_11_0_arm64.whl -
Subject digest:
ef1d61756c61dd7b00a7a1847fea9ca13da56be7422d31e671b08bca8cdffe4d - Sigstore transparency entry: 2010269983
- Sigstore integration time:
-
Permalink:
deyanovich/obu-rs@1398edddd7b6bf84da1b9e4b69580cfa4358d49c -
Branch / Tag:
refs/tags/py/v1.0.0 - Owner: https://github.com/deyanovich
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@1398edddd7b6bf84da1b9e4b69580cfa4358d49c -
Trigger Event:
push
-
Statement type:
File details
Details for the file obu-1.0.0-cp38-abi3-macosx_10_12_x86_64.whl.
File metadata
- Download URL: obu-1.0.0-cp38-abi3-macosx_10_12_x86_64.whl
- Upload date:
- Size: 308.3 kB
- Tags: CPython 3.8+, macOS 10.12+ x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0afb81164d6269863e78511b4537f8f77629a86e678aaf4e1f5b8245bb77ed03
|
|
| MD5 |
8e2d299f93865cadc87f26a91616ab6f
|
|
| BLAKE2b-256 |
9b80bdf6473c3e7c4613ece9c72d5612a323947d63f2ca531fc03acfb8f52974
|
Provenance
The following attestation bundles were made for obu-1.0.0-cp38-abi3-macosx_10_12_x86_64.whl:
Publisher:
publish-pypi.yml on deyanovich/obu-rs
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
obu-1.0.0-cp38-abi3-macosx_10_12_x86_64.whl -
Subject digest:
0afb81164d6269863e78511b4537f8f77629a86e678aaf4e1f5b8245bb77ed03 - Sigstore transparency entry: 2010270060
- Sigstore integration time:
-
Permalink:
deyanovich/obu-rs@1398edddd7b6bf84da1b9e4b69580cfa4358d49c -
Branch / Tag:
refs/tags/py/v1.0.0 - Owner: https://github.com/deyanovich
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@1398edddd7b6bf84da1b9e4b69580cfa4358d49c -
Trigger Event:
push
-
Statement type: