{ "info": { "author": "Hinnerk Haardt, HIT Information-Control GmbH", "author_email": "haardt@information-control.de", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", "License :: OSI Approved :: BSD License", "Operating System :: OS Independent", "Programming Language :: Python", "Topic :: Security :: Cryptography" ], "description": "# Convergent Encryption Overview\n\nThis module implements convergent encryption and generation of an id derived\nfrom the plaintext.\n\n\n# Requirements\n\nThis module depends on the availability of either [pycryptopp][] or\n[pycrypto][] as provider of the AES-256 block cipher. This dependency must be\nresolved manually. By default it uses pycryptopp (as that seemed to be a bit\nfaster in our tests) and falls back to pycrypto if the first one is not\navailable.\n\n\n# Usage and API\n\n## convergent.SHA256d\n\nSHA-256 extension against length-extension-attacks as defined by Schneier and Fergusson. Basically just `sha256(sha256(data))`\n\n >>> from convergent import SHA256d\n >>> s = SHA256d()\n >>> s.update(\"Lorem ipsum dolor sit amet\")\n >>> s.digest()\n \"\\xa1\\xdbyA\\x04\\xf5\\xa6S'1\\xe7\\xa0\\xf3\\xfd9\\x07y2\\xa3\\xb9x\\xcc\\x9e%\\x0f %\\x9d\\xa9\\x00\\xda\\xd4\"\n >>> s.hexdigest()\n 'a1db794104f5a6532731e7a0f3fd39077932a3b978cc9e250f20259da900dad4'\n\n\n## convergent.ConvergentEncryption\n\nConvergent encryption using SHA256d and AES-256 CTR with added security and\nblock id generation for deduplicated content addressable storage.\n\nExample encrypting the lorem ipsum[^1]:\n\n >>> from convergent import ConvergentEncryption\n >>> c1 = ConvergentEncryption(\"hard to guess secret\")\n >>> key, blockid, ciphertext = c1.encrypt(lorem)\n >>> len(lorem) == len(ciphertext)\n True\n >>> c2 = ConvergentEncryption()\n >>> plain_text = c2.decrypt(key, ciphertext)\n >>> plain_text == lorem\n True\n\n### convergent.ConvergentEncryption(secret, warn)\n\n`secret`: an optional secret string that guards against confirmation-of-a-file\nattack and learn-partial-information attack. The secret is **not needed** for\nsuccessfull decryption but only to verify if the decryption process was\nsuccessfull.\n\n`warn`: True by default, sends a warning message to the logging system if no\nsecret was given. Only one log message per process is logged.\n\n### convergent.ConvergentEncryption.set_convergence_secret(secret)\n\n`secret`: See `secret` above. Used to set the secret if the class is used as a\nmix-in. The secret can only be set once.\n\nReturns nothing\n\nRaises convergent.CryptError if the secret was already set.\n\n\n### convergent.ConvergentEncryption.encrypt(data)\n\nEncrypts the string `data`.\n\nReturns a tuple of three: the encryption key (needed for decryption), a block\nid and the encrypted data.\n\n### convergent.ConvergentEncryption.decrypt(key, ciphertext, verify=False)\n\nDecrypts the ciphertext using `key`. If verify is true and the convergence\nsecret was set the decrypted plain text is verified and convergent.CryptError\nraised if the decryption process was not successfull.\n\n\n### convergent.encrypt_key(key, nonce, data)\n\nConvenience function. En- or decrypts data using a one time key calculated\nfrom `key` and `nonce`.\n\n`Nonce` may become publicly known but must only be used once or else the\nsystem becomes insecure.\n\nExample:\n\n >>> import os, convergent\n >>> nonce = os.urandom(32).encode(\"hex\")\n >>> ciphertext = convergent.encrypt_key(\"password\", nonce,\n \"this is totally secret data\")\n >>> ciphertext == \"this is totally secret data\"\n False\n >>> plain_text = convergent.encrypt_key(\"password\", nonce, ciphertext)\n >>> plain_text == \"this is totally secret data\"\n True\n\n[^1]: without line breaks: \"Lorem ipsum dolor sit amet, consectetur\nadipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna\naliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris\nnisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in\nreprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.\nExcepteur sint occaecat cupidatat non proident, sunt in culpa qui officia\ndeserunt mollit anim id est laborum.\"\n\n\n# Cryptographic Details\n\n## SHA256d\n\nThe output of SHA256(data) (32 Bytes) are again fed into SHA256. The resulting\n32 Bytes are used as a cryptographic hash.\n\n## Convergent Encryption and deduplicated storage\n\nConvergent encryptions uses the cryptographic hash of the plaintext as the\nencryption key so that identical plaintexts always encrypt to identical\nciphertext values as it always identical encryption keys.\n\nThis implementation uses SHA256d as a cryptographic hash function and AES-256 in Counter (CTR) mode as a block cipher.\n\nBy applying a cryptographic hash function to the encryption key a storage id\nmay be constructed that when used in an addressing schema allows the\nconstruction of efficiently used encrypted storage as identical blocks resolve\nto the same id.\n\nAs of now (02/2011) at least two weaknesses of this encryption schema are\nknown: [confirmation-of-a-file attack and learn-partial-information\nattack][attacks1]. Both can be adverted by mixing a secret value into the\nencryption key.\n\nThis module works as follows, the additional secret and the merge step are\noptional:\n\n![Convergent Encryption Schema](py-convergent-encryption/raw/master/Documentation/CE-Schema.png)\n\nWhere `secret` is a random string of at least 32 Bytes and `append` is\ntechnically implemented by first updating an initialized SHA256d object with\nthe plain text and second with the secret.\n\n\n# Changelog\n\n* 0.2 2011-02-28 Public release\n* 0.1 Initial version\n\n# LICENSE\n\n Copyright (c) 2011, HIT Information-Control GmbH\n All rights reserved.\n\n Redistribution and use in source and binary forms, with or without\n modification, are permitted provided that the following conditions are\n met:\n\n * Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer.\n\n * Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in the\n documentation and/or other materials provided with the distribution.\n\n * Neither the name of the HIT Information-Control GmbH nor the names of\n its contributors may be used to endorse or promote products derived from\n this software without specific prior written permission.\n\n THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS\n IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL HIT Information-Control GmbH BE\n LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR\n CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF\n SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS\n INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN\n CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)\n ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE\n POSSIBILITY OF SUCH DAMAGE.\n\n[attacks1]: http://www.mail-archive.com/cryptography@metzdowd.com/msg08949.html\n[pycrypto]: http://pypi.python.org/pypi/pycrypto\n[pycryptopp]: http://pypi.python.org/pypi/pycryptopp", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/HITGmbH/py-convergent-encryption", "keywords": null, "license": "Copyright (c) 2011, HIT Information-Control GmbH\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n * Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer.\n * Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in the\n documentation and/or other materials provided with the distribution.\n * Neither the name of the HIT Information-Control GmbH nor the\n names of its contributors may be used to endorse or promote products\n derived from this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\nANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\nWARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL HIT Information-Control GmbH BE LIABLE FOR ANY\nDIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\n(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\nLOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND\nON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", "maintainer": null, "maintainer_email": null, "name": "convergent", "package_url": "https://pypi.org/project/convergent/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/convergent/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/HITGmbH/py-convergent-encryption" }, "release_url": "https://pypi.org/project/convergent/0.2/", "requires_dist": null, "requires_python": null, "summary": "Convergent encryption library, encrypts with AES 256 CTR using the SHA256d hash of the plain text as key.", "version": "0.2" }, "last_serial": 269930, "releases": { "0.2": [] }, "urls": [] }