Skip to main content

Protect your python script, encrypt .pyc to .pye and decrypt when import it

Project description

pyconcrete

Travis AppVeyor PyPI Version PyPI PyVersion PyPI License

Protect your python script, encrypt .pyc to .pye and decrypt when import it


Protect python script work flow

  • Build the execution pyconcrete and read the MAIN.pye which encrypted by your passphrase.
  • pyconcrete will decrypt the source file and then launch python interpreter to do the normal python behavior.
  • pyconcrete will hook import module
  • when your script do import MODULE, pyconcrete import hook will try to find MODULE.pye first and then decrypt MODULE.pye via _pyconcrete.pyd and execute decrypted data (as .pyc content)
  • encrypt & decrypt secret key record in _pyconcrete.pyd (like DLL or SO) the secret key would be hide in binary code, can't see it directly in HEX view

Encryption

  • only support AES 128 bit now
  • encrypt & decrypt by library OpenAES

Compatibility

Pyconcrete has transitioned to using meson-python as its build backend starting from version 1.0.0. This provides a more powerful build mechanism and supports newer Python versions.

For older Python support:

  • Pyconcrete versions prior to 0.15.2 only support up to Python 3.10.
  • If you need support for Python 3.6 or Python 2.7, please use versions before 0.15.2.
  • Pyconcrete no longer supports Python versions earlier than 3.6.

Requirements

For unix base

  • apt: pkg-config, build-essential, python{version}-dev
  • pip: 23.1+

Installation

Due to security considerations, you must provide a passphrase to create a secret key for encrypting Python scripts:

  • The same passphrase will generate the same secret key.
  • Pre-built packages are not provided, so users must build the package yourself.

Build Process

  • Pyconcrete relies on Meson to compile the C extension.
  • The installation process will add a pyconcrete.pth file to your site-packages, enabling sitecustomize.py to automatically import Pyconcrete.

pip

  • Need to config the passphrase for installation. And only pip 23.1+ support passing argument via -C or --config-settings.
  • Remember to assign --no-cache-dir to avoid use pip's cached package which already built by old passphrase.
$ pip install pyconcrete \
  --no-cache-dir \
  --config-settings=setup-args="-Dpassphrase=<Your_Passphrase>"

Usage

Full encrypted

  • convert all of your .py to *.pye
$ pyecli compile --pye -s=<your py script>
$ pyecli compile --pye -s=<your py module dir>
  • remove *.py *.pyc or copy *.pye to other folder
  • main.py encrypted as main.pye, it can't be executed by normal python. You must use pyconcrete to process the main.pye script. pyconcrete(exe) will be installed in your system path (ex: /usr/local/bin)
pyconcrete main.pye
src/*.pye  # your libs

Partial encrypted (pyconcrete as lib) -> (DEPRECATED and not Safe)

  • import pyconcrete in your main script
    • project layout
main.py       # import pyconcrete and your lib
pyconcrete/*  # put pyconcrete lib in project root, keep it as original files
src/*.pye     # your libs

Test

  • test in local
$ pytest tests
  • test in docker environment
$ make test
  • test in docker environment for specific python version
$ make test 3.10

Example

Django with pyconcrete

Reference

https://matthew-brett.github.io/pydagogue/python_msvc.html https://github.com/cython/cython/wiki/CythonExtensionsOnWindows

Announcement

pyconcrete is an experimental project, there is always a way to decrypt .pye files, but pyconcrete just make it harder.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyconcrete-1.0.0.tar.gz (49.6 kB view details)

Uploaded Source

File details

Details for the file pyconcrete-1.0.0.tar.gz.

File metadata

  • Download URL: pyconcrete-1.0.0.tar.gz
  • Upload date:
  • Size: 49.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.4

File hashes

Hashes for pyconcrete-1.0.0.tar.gz
Algorithm Hash digest
SHA256 32b1974f4c2053839171415ee6e935e2f91735d61eb2e03506dea2f132eded78
MD5 e7b5384fa83e87ccf7b031cd0d3ee7b5
BLAKE2b-256 3a8629c8e94836685093f6b24294cfc36ac3ed232efa350f72207e176867c5a0

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page