AES-GCM encryption with key derivation from image pixels and nonce hiding in image region.
Project description
PixelKey
PixelKey is a Python package that provides a unique method for encrypting and decrypting messages by leveraging image data for cryptographic key derivation and nonce hiding. This approach adds an interesting layer of security by making the cryptographic operations dependent on a shared secret image.
Features
- Image-Derived AES Key: The AES-GCM encryption key is derived from the SHA256 hash of the entire image's pixel data.
- Region-Hidden Nonce: The AES-GCM nonce is masked using an HMAC-SHA256 derived from a specific, user-defined region within the image.
- Customizable: Easily integrate into your projects and customize the image and region used for encryption.
Installation
YouYou can install PixelKey via pip:
pip install PixelKey
Alternatively, you can install from source:
git clone https://github.com/yourusername/pixelkey_aes.git
cd PixelKey
pip install .
Usage
To use the PixelKey package, you need a shared image file between the sender and receiver. Both parties must also agree on a specific region within that image.
Encryption
from PixelKey.core import encrypt_with_image_key
import os
# Your secret image file (must be identical on sender and receiver)
SECRET_IMAGE = "path/to/your/image.jpg"
# Region coordinates (x, y, width, height) - must be agreed upon by both parties
# Example: top-left 10,10 and region 20x20 pixels
REGION = (10, 10, 20, 20)
MESSAGE = "Hi friend — this is secret using image-region nonce hiding!".encode("utf-8")
# Ensure image file exists for the demo
if not os.path.exists(SECRET_IMAGE):
print(f"Error: Please place a shared image named {SECRET_IMAGE} in the working directory.")
exit(1)
# Encrypt the message
encrypted_packet = encrypt_with_image_key(MESSAGE, SECRET_IMAGE, REGION)
print("Encrypted Packet (JSON):")
print(encrypted_packet)
Decryption
To decrypt the message, the receiver needs the encrypted_packet, the SECRET_IMAGE, and the REGION coordinates.
from PixelKey.core import decrypt_with_image_key
# Assuming encrypted_packet is received from the sender
# encrypted_packet = { ... received dictionary ... }
# Your secret image file (must be identical on sender and receiver)
SECRET_IMAGE = "path/to/your/image.jpg"
# Decrypt the message
recovered_plaintext = decrypt_with_image_key(encrypted_packet, SECRET_IMAGE)
print("Recovered Plaintext:", recovered_plaintext.decode("utf-8"))
API Reference
encrypt_with_image_key(plaintext: bytes, image_path: str, region_coords: Tuple[int, int, int, int]) -> Dict[str, Any]
Encrypts plaintext data using AES-GCM. The AES key is derived from the full image, and the AES nonce is masked using an HMAC derived from a specified image region.
plaintext: The data to be encrypted, as a bytes object.image_path: The file path to the image used for key derivation.region_coords: A tuple(x, y, w, h)specifying the top-left corner and dimensions of the region used for nonce masking.
Returns a dictionary with base64-encoded ciphertext and hidden nonce, along with the region coordinates.
decrypt_with_image_key(packet: Dict[str, Any], image_path: str) -> bytes
Decrypts an encrypted packet using the same image and region coordinates.
packet: A dictionary containing the encrypted data (e.g.,{"ciphertext_b64": "...", "hidden_nonce_b64": "...", "region_coords": [x, y, w, h]}).image_path: The file path to the image used for key derivation and nonce recovery.
Returns the decrypted plaintext as a bytes object.
Utility Functions
The following utility functions are also exposed, though typically not needed for direct package usage:
load_image_as_rgb_bytes(image_path: str) -> Tuple[bytes, Tuple[int, int]]extract_region_bytes(image_path: str, x: int, y: int, w: int, h: int) -> bytesderive_aes_key_from_image(image_path: str) -> bytesderive_region_key(image_path: str, x: int, y: int, w: int, h: int) -> bytes
Contributing
Contributions are welcome! Please feel free to open issues or submit pull requests on the GitHub repository.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file PixelKey-0.1.0.tar.gz.
File metadata
- Download URL: PixelKey-0.1.0.tar.gz
- Upload date:
- Size: 6.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.11.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2e098e36b09ef31e90e000c5f9615e080d0ef115846b888a565c3861adb42897
|
|
| MD5 |
08e1a1a19d826a730fa24fe483021116
|
|
| BLAKE2b-256 |
383d3303949dc5f67698c5c602572b965c6c369ef0d02c0565d57b20ee4b9c42
|
File details
Details for the file PixelKey-0.1.0-py3-none-any.whl.
File metadata
- Download URL: PixelKey-0.1.0-py3-none-any.whl
- Upload date:
- Size: 7.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.11.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
499d3b3687ce38b9b16d751a72d9e210dfab0098482eb7e512b5bd4a2e99dcc6
|
|
| MD5 |
f0e526ff3bceed2abac31bccb356ef3a
|
|
| BLAKE2b-256 |
1f1a3bc882ea1a0cb99abbbd0c9a350b039c52b6be09e414314cbaa1c6fd2509
|
