Project description

PivCrypt - File encryption package using PIV Applet

Installation

pip install --upgrade pivcrypt

Prerequisities

Security key or card with PIV Applet installed.
RSA2048 key+certificate in PIV slot
- Generated selfsigned RSA2048 certificate in PIV applet using PIV Manager. This is recommended for 1 key scenario.
- or Offcard generated private key and public certificate injected in PIV slot. Offcard keys can be backuped and restore to new security keys or cloned in multiple PIV applets, so many users can share the decryption key.

Usage

$ py -m pivcrypt
Usage: python -m pivcrypt [OPTIONS] COMMAND [ARGS]...

Options:
  --help  Show this message and exit.

Commands:
  decrypt      Decrypt file
  encrypt      Encrypt file
  export-cert  Export certificate used for future encryption
  serve        Encryption/decryption service

Default PIV slot for all operations is 9D

Export public certificate from PIV slot

$ py -m pivcrypt export-cert --help
Usage: python -m pivcrypt export-cert [OPTIONS] CERT

  Export certificate used for future encryption

Options:
  -r, --reader TEXT  When using NFC reader, set it's device name,
                     default="Crayonic KeyVault"
  -s, --slot TEXT    PIV slot to be used for file encryption, default=9D
  --help             Show this message and exit.

Export certificate to cert.crt

$ py -m pivcrypt export-cert cert.crt
Available smartcard readers: Crayonic KeyVault 0
Selected reader: Crayonic KeyVault 0
Exported cert from slot 9D stored as cert.crt

Use cert file to encrypt desired file

$ py -m pivcrypt encrypt --help
Usage: python -m pivcrypt encrypt [OPTIONS] FILE

  Encrypt file

Options:
  -c, --cert TEXT         Certificate with public key  [required]
  -ext, --extension TEXT  Extension for encrypted file, default="kvef"
  --delete                Deletes original file after succesful encryption
  --help                  Show this message and exit.

Encrypt file cat.jpg with public key from cert cert.crt

$ py -m pivcrypt encrypt cat.jpg -c cert.crt
* Encrypting cat.jpg to cat.jpg.kvef

Decrypt file with PIV

$ py -m pivcrypt decrypt --help
Usage: python -m pivcrypt decrypt [OPTIONS] FILE

  Decrypt file

Options:
  -r, --reader TEXT       When using NFC reader, set it's device name,
                          default="Crayonic KeyVault"
  -ext, --extension TEXT  Extension for encrypted file, default="kvef"
  -s, --slot TEXT         PIV slot to be used for file encryption, default=9D
  --pin-mode TEXT         CMD -commandline mode, GUI -graphical window
                          (default)
  --help                  Show this message and exit.

Decrypt file cat.jpg

$ py -m pivcrypt decrypt cat.jpg
Available smartcard readers: Crayonic KeyVault 0
Selected reader: Crayonic KeyVault 0
Waiting for PIN input
* Decrypting file cat.jpg
* Decrypted file cat.jpg

Service mode for continus encryption/decryption

$ py -m pivcrypt serve --help
Usage: python -m pivcrypt serve [OPTIONS] FILE

  Encryption/decryption service

Options:
  -r, --reader TEXT       When using NFC reader, set it's device name,
                          default="Crayonic KeyVault"
  -c, --cert TEXT         Certificate with public key  [required]
  -ext, --extension TEXT  Extension for encrypted file, default="kvef"
  -s, --slot TEXT         PIV slot to be used for file encryption, default=9D
  --pin-mode TEXT         CMD -commandline mode, GUI -graphical window
                          (default)
  --help                  Show this message and exit.

Encrypt file cat.jpg when Crayonic KeyVault is disconnected and decrypt it back after KeyVault is connected and correct PIN is entered. This is intented to run as a service on PC to keep contents of given file secret.

py -m pivcrypt serve cat.jpg -c cert.crt -r "Crayonic KeyVault"
Available smartcard readers: Crayonic KeyVault 0
Selected reader: Crayonic KeyVault 0
Waiting for PIN input
* Decrypting file cat.jpg
* Decrypted file cat.jpg
Available smartcard readers:
* Encrypting file cat.jpg
* Encrypted file cat.jpg
Available smartcard readers: Crayonic KeyVault 0
Selected reader: Crayonic KeyVault 0
Waiting for PIN input
* Decrypting file cat.jpg
* Decrypted file cat.jpg
* Encrypting file cat.jpg
* Encrypted file cat.jpg

Project details

These details have not been verified by PyPI

Project links

Homepage

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

1.0.0

Sep 28, 2021

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pivcrypt-1.0.0.tar.gz (9.0 kB view hashes)

Uploaded Sep 28, 2021 Source

Built Distribution

pivcrypt-1.0.0-py3-none-any.whl (8.6 kB view hashes)

Uploaded Sep 28, 2021 Python 3

Hashes for pivcrypt-1.0.0.tar.gz

Hashes for pivcrypt-1.0.0.tar.gz
Algorithm	Hash digest
SHA256	`c24298d601557d7339bfa91a8219873f514768926ea82e407db043577dfcd949`
MD5	`3a79b132ae7f9362067c06d41324a5b2`
BLAKE2b-256	`41bcbbb05a4079160271ede93769680d58d9f2101a2624f0a1089fa6b2e6e306`

Hashes for pivcrypt-1.0.0-py3-none-any.whl

Hashes for pivcrypt-1.0.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`622315d9c21c6f9ae6bdb6b93c80958ab26fb6e34af870078f78231ae1c9c639`
MD5	`a9fa0bfca01257e27a02ca8309b47804`
BLAKE2b-256	`94faed1f19ae834901d431cbc7636e5637f0afd5792a049c3492938f3b47cfc9`