Skip to main content

Encrypt/Decrypt with ChaCha20-Poly1305

Project description

Vaulty

Encrypt/Decrypt with ChaCha20-Poly1305

Vaulty is an extremely lightweight encryption/decryption tool which uses ChaCha20-Poly1305 to provide 256-bit authenticated symmetric encryption (AEAD) using Scrypt as the password based key derivation function as well as supporting public key (asymmetric) encryption via ECDH (Elliptic Curve Diffie-Hellman) and X448. It can be used to encrypt/decrypt files, or stdin if you don't specify any files.

If encrypting stdin then the output will be Base64 encoded whereas if encrypting a file then it won't and it will have a .vlt extension added to indicate it has been encrypted.

It relies on the cryptography Python module to provide the routines for ChaCha20-Poly1305, Scrypt and ECDH with X448.

Installation

python3 -m pip install --upgrade --user pyvaulty

Vaulty Usage

vaulty ...
  keygen
  keyinfo [public key]
  encrypt [-k <public key>] [file1] [file2] [...]
  decrypt [-k <private key>] [file1] [file2] [...]
  chpass [file1] [file2] [...]
  sha256 [file1] [file2] [...]

Example Usage - Symmetric Encryption

Symmetric encryption is where encryption and decryption happens with the same password/key. If Alice is sharing an encrypted file with Bob then both Alice and Bob need to know the same password/key. With symmetric encryption both parties need a secure mechanism to exchange the password/key without anyone else (i.e. Eve) obtaining it (see "Public Key Encryption").

echo "Hello World" | vaulty encrypt
$VAULTY;AY3eJ98NF6WFDMAP62lRdl58A2db5XJ2gNvKd0nmDs5ZrmNlJ8TSURpxc3bNF1iGw77dHA==

echo "$VAULTY;..." | vaulty decrypt
Hello World
import getpass, vaulty

v = vaulty.Vaulty()

password = getpass.getpass('Vaulty Password: ').encode('utf-8')
ciphertext = v.encrypt('Hello World'.encode('utf-8'), password)

plaintext = v.decrypt(ciphertext, password).decode('utf-8')
if plaintext is None:
  print('error: invalid password or data not encrypted', file=sys.stderr)

Example Usage - Public Key (Asymmetric) Encryption

Public key encryption is asymmetric which means Alice no longer needs to share the same password/key with Bob. With asymmetric encryption Alice and Bob both generate a keypair which comprises of a private key and a public key. The private key (as the name suggests) must remain private and should be encrypted using symmetric encryption where the password is never shared. The public key should be given to anyone who wishes to securely communicate with you. There is a lot of complicated maths involved here using something called Diffie-Hellman that allows two parties to agree on a shared secret without ever exchanging that secret. If Alice wants to share an encrypted file with Bob then she needs to encrypt it using Bob's public key. Bob will then use his private key to decrypt it, as only the paired private key is able to decrypt it. In the opposite direction if Bob wishes to share an encrypted file with Alice then he would encrypt it using Alice's public key.

With symmetric encryption the challenge is securely exchanging the password/key, but with asymmetric encryption the challenge is proving what you think is Bob's public key actually is Bob's public key. What if Eve was sitting between Alice and Bob and when Bob sent his public key, Eve went and swapped it with hers? When exchanging public keys you must use another method to verify you are actually in possession of Bob's public key - in simplest terms Alice needs to verify Bob's public key fingerprint with Bob himself and vice versa.

vaulty keygen

echo "Hello World" | vaulty encrypt -k ~/.vaulty/vaulty.pub
$VAULTY;QfIfowgIxGIpxD3wpk/p5/6wTHvxalHKqhodSuorNPvuvhmHqsybZ822x6nyPWdNsZnDVFKi
4nkSBTPnQS17Hexn1Fj85vyrARMc5oQ3ySLpB8QWGQJdjaYFeVyfRh2WwMZqkyAki09U2h7MMFBAbAc=

echo "$VAULTY;..." | vaulty decrypt -k ~/.vaulty/vaulty.key
Hello World
Change Password of Private Key
vaulty chpass ~/.vaulty/vaulty.key
import vaulty

v = vaulty.Vaulty()

private, public = v.generate_keypair()

ciphertext = v.encrypt_ecc('Hello World'.encode('utf-8'), public)

plaintext = v.decrypt_ecc(ciphertext, private).decode('utf-8')
if plaintext is None:
  print('error: invalid private key or data not encrypted', file=sys.stderr)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyvaulty-1.2.6.tar.gz (8.5 kB view details)

Uploaded Source

Built Distributions

pyvaulty-1.2.6-py36-none-any.whl (9.4 kB view details)

Uploaded Python 3.6

pyvaulty-1.2.6-py3-none-any.whl (9.4 kB view details)

Uploaded Python 3

File details

Details for the file pyvaulty-1.2.6.tar.gz.

File metadata

  • Download URL: pyvaulty-1.2.6.tar.gz
  • Upload date:
  • Size: 8.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.9.12

File hashes

Hashes for pyvaulty-1.2.6.tar.gz
Algorithm Hash digest
SHA256 55a1ffbe72eca6530d0a536368f15e922f8d25d70dd485a8b4f72412f5ca1f44
MD5 7302ed5e5215fca83366dd16e3f02c6b
BLAKE2b-256 a6a9e5e5774cffd89c793e8b22bd7ba89f6091ec94abef1dfb1afa9aef71ffc1

See more details on using hashes here.

File details

Details for the file pyvaulty-1.2.6-py36-none-any.whl.

File metadata

  • Download URL: pyvaulty-1.2.6-py36-none-any.whl
  • Upload date:
  • Size: 9.4 kB
  • Tags: Python 3.6
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.9.12

File hashes

Hashes for pyvaulty-1.2.6-py36-none-any.whl
Algorithm Hash digest
SHA256 7cc9d41bfa20084884e2e088c7e7b7d2398627415be695af31c3707f27f21bfc
MD5 40ffd8b75027744f42a9998426b03c8a
BLAKE2b-256 93b1d141f160f2ab3420bfc88d279be11e9e1455307d219986fb1fbb902bda7b

See more details on using hashes here.

File details

Details for the file pyvaulty-1.2.6-py3-none-any.whl.

File metadata

  • Download URL: pyvaulty-1.2.6-py3-none-any.whl
  • Upload date:
  • Size: 9.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.9.12

File hashes

Hashes for pyvaulty-1.2.6-py3-none-any.whl
Algorithm Hash digest
SHA256 7cab4c6296548053736527c82f93e90a7dabc3cdfde6548d516ec0bf19e22243
MD5 426815b8e9bc79dd384862a18ac165d6
BLAKE2b-256 202df566ec80034cabd2fa18e8935c20f14010c6cffeaa59d5a49c1445effa63

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page