Skip to main content

OCB-AES authenticated encryption for Python

Project description

This module provides pure Python implementation of authenticated encryption mode OCB (Offset Codebook Mode) using AES block cipher. OCB offers confidentiality, integrity and authenticity of data in single encryption step and using single interface. It's alternative to traditional modes (like CTR or CBC) with separate HMAC calculation.

Data representation
The module operates on _bytearray_ objects. Key, nonce, header and plaintext should be passed to OCB as bytearrays.

>>> plaintext = bytearray('The Magic Words are Squeamish Ossifrage')
>>> header = bytearray('Recipient:')
>>> key = bytearray().fromhex('A45F5FDEA5C088D1D7C8BE37CABC8C5C')
>>> nonce = bytearray(range(16))

Load a block cipher and OCB mode:

>>> from ocb.aes import AES
>>> from ocb import OCB

The OCB module provides built-in AES implementation, but other block ciphers can be used as well.

Initalize OCB-AES cipher objects:

>>> aes = AES(128)
>>> ocb = OCB(aes)

OCB has two parameters: _key_ and _nonce_. Key will be typically 128, 192 or 256 bit AES key:

>>> key = bytearray().fromhex('A45F5FDEA5C088D1D7C8BE37CABC8C5C')
>>> ocb.setKey(key)

Nonce doesn't need to be random and it can be based on counter. Nonce **must** be selected as a new value for each message encrypted. Nonce has to be the same length as underlying cipher block length, typically 128 bits:

>>> nonce = bytearray(range(16))
>>> ocb.setNonce(nonce)

Input _plaintext_ of arbitrary length. This block will be encrypted and its integrity protected:

>>> plaintext = bytearray('The Magic Words are Squeamish Ossifrage')

Optional, plaintext _header_ of arbitrary length. This block will **not** be encrypted, but its integrity will be protected:

>>> header = bytearray('Recipient:')

Encryption method over _plaintext_ and _header_ returns ciphertext and _authentication tag_. The tag protects integrity of both plaintext and header.

>>> (tag,ciphertext) = ocb.encrypt(plaintext, header)
>>> tag
>>> ciphertext
bytearray(b'3D\xdf\x01\xf3;\xe8\x87\x84@\xef\xac\xbcyK:J_3} \x9e\x889\xcd\xa4NvW\x88\xc1}5\x9a\x8b\xc3\x82\xd9Z')

Encryption will reset _nonce_ status, so that it needs to be set to a new value.

Decryption needs OCB object with _key_ and _nonce_ set. The decrypt method takes _header_, _ciphertext_ and _tag_ on input. It returns a tuple of decrypted plaintext and flag indicating whether input data was not tampered with.

>>> (is_authentic, plaintext2) = ocb.decrypt(header, ciphertext, tag)
>>> is_authentic
>>> str(plaintext2)
'The Magic Words are Squeamish Ossifrage'

The flag will be set to _False_ and plaintext will be empty if ciphertext is modified:

>>> ciphertext[3] = 0
>>> ocb.decrypt(header, ciphertext, tag)
(False, [])

The same happens if header is modified (even ciphertext was not):

>>> header[3] = 0
>>> ocb.decrypt(header, ciphertext, tag)
(False, [])

* [The OCB Authenticated-Encryption Algorithm]( (Internet draft)
* [OCB Mode]( (Wikipedia)

Project details

Release history Release notifications

This version
History Node


History Node


History Node


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
pyocb-1.2.win32.exe (213.5 kB) Copy SHA256 hash SHA256 Windows Installer any May 29, 2012 (15.6 kB) Copy SHA256 hash SHA256 Source None May 29, 2012

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page