{ "info": { "author": "Fabrice Corraire", "author_email": "antidote1911@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "License :: OSI Approved :: GNU General Public License v3 (GPLv3)", "Natural Language :: English", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 3", "Topic :: Security", "Topic :: Security :: Cryptography", "Topic :: Software Development" ], "description": "**********\r\nCryptoshop\r\n**********\r\nv.2.0.1\r\n\r\nA Python 3 module to encrypt and decrypt files or string in GCM mode with AES, Serpent or Twofish as secure as possible.\r\nContact: antidote1911@gmail.com\r\n\r\nGeneral Specifications :\r\n------------------------\r\n\r\nTo install with sources archive, go in the extracted folder and run in\r\nterminal:\r\n\r\n::\r\n\r\n sudo python setup.py install\r\n\r\nOr by Pypi, run:\r\n\r\n::\r\n\r\n sudo pip install cryptoshop\r\n\r\nCryptoshop encrypt files in `GCM\r\nmode. `__ with one of this three algorithms `AES-256 `__, `Serpent `__ or\r\n`Twofish `__\r\n\r\n* For string encryption, cryptoshop use cascade encryption with Serpent, AES and Twofish.\r\n\r\n* It use Botan. Crypto and TLS library for C++11. For more information's on Botan, go here:\r\n\r\n| ``_\r\n| ``_\r\n\r\n\r\nIt use Argon2 for key derivation/stretching :\r\n\r\n| https://en.wikipedia.org/wiki/Argon2\r\n| https://www.cryptolux.org/index.php/Argon2\r\n| https://github.com/P-H-C/phc-winner-argon2\r\n\r\n\r\nYou can use it like console application:\r\n\r\nLinux users: Make a symlink of the module on your bin folder...\r\n\r\n::\r\n\r\n # encrypt the file test with AES-256.\r\n # If no algo is specified, Serpent (-a srp) is default.\r\n # Encrypted file test.cryptoshop is write in same folder:\r\n\r\n ./cryptoshop -e test -a aes\r\n\r\n\r\n # decrypt the file test.cryptoshop.\r\n # No need to specify algo. It is automatically detected by decryption routine.\r\n\r\n ./cryptoshop -d test.cryptoshop\r\n\r\nYou can use it like a module for your Python application:\r\n\r\nFile encryption :\r\n::\r\n\r\n from cryptoshop import encryptfile\r\n from cryptoshop import decryptfile\r\n\r\n result1 = encryptfile(filename=\"test\", passphrase=\"mypassphrase\", algo=\"srp\")\r\n print(result1)\r\n\r\n result2 = decryptfile(filename=\"test.cryptoshop\", passphrase=\"mypassphrase\")\r\n print(result2)\r\n\r\nString encryption :\r\n::\r\n\r\n from cryptoshop import encryptstring\r\n from cryptoshop import decryptstring\r\n\r\n # No need to specify algo. Cryptoshop use cascade encryption with Serpent, AES and Twofish.\r\n result1 = encryptstring(string= \"my string to encrypt\" , passphrase= \"mypassword\")\r\n print(result1)\r\n\r\n result2 = decryptstring(string= result1 , passphrase= \"mypassword\")\r\n print(result2)\r\n\r\nAdvanced Specifications :\r\n~~~~~~~~~~~~~~~~~~~~~~~~~\r\n\r\n1- Key derivation/stretching :\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n\r\nThe user passphrase derivation is performed with the winner of the\r\nPassword Hashing Competition,\r\n`Argon2 `__. The output is a\r\nkey of 32 bytes. This is the \"masterkey\".\r\n\r\n2- File Encryption :\r\n~~~~~~~~~~~~~~~~~~~~\r\n\r\n- A 32 bytes \"internalkey\" is generated by the random number generator.\r\n- the plaintext is encrypted with this key with selected algo. Serpent,\r\n AES or Twofish.\r\n- this key is encrypted in cascade with your master key. Cryptoshop\r\n always use Serpent, AES, and Twofish for encrypt this internal key.\r\n- All encryption use different random key and different uniques nonce.\r\n- All are authenticated.\r\n\r\nThis ensure your masterkey was not used for encrypt more and more data,\r\nand you need only to remember your passphrase. Not three 32 bytes keys\r\n:)\r\n\r\nYou can encrypt with AES-256, Serpent-256, or Twofish-256. If no\r\nalgorithm is specified, Cryptoshop use Serpent-256.\r\n\r\n**Encryption is optimized for larges files:**\r\n\r\nThe file is encrypted chunk by chunk with the 'internalkey'. Etch iteration is authenticated. All encrypted chunks\r\nuse a different UNIQUE nonce. It is ABSOLUTELY necessary for all counter mode like GCM or CTR...\r\n`NEVER USE THE SAME KEY WITH THE SAME NONCE `__.\r\nFor have uniques nonce, cryptoshop use `uuid4 `__,\r\nand `timestamp `__.\r\n\r\nThe final Cryptoshop format is:\r\n\r\n::\r\n\r\n *****************************************************************************\r\n header 2.5 bytes *\r\n passsalt 64 bytes *\r\n *************************** *\r\n nonce1 + nonce2 + nonce3 41 * 3 bytes *\r\n enckey + GCM Tag1 + GCM Tag2 + GCM Tag3 21*3 + 3*16 bytes *\r\n *************************** *\r\n nonce4 + cipherchunk1 + GCM Tag4 41 bytes + chunkSize + 16 bytes *\r\n --------------- *\r\n nonce5 + cipherchunk2 + GCM Tag5 41 bytes + chunkSize + 16 bytes *\r\n --------------- *\r\n nonce6 + cipherchunk3 + GCM Tag6 41 bytes + chunkSize + 16 bytes *\r\n --------------- *\r\n nonceN + cipherchunkN + GCM Tag7 41 bytes + chunkSize + 16 bytes *\r\n --------------- *\r\n *****************************************************************************\r\n\r\nchunksize is fixed to 0,5 Mo (500000 bytes)\r\n\r\n3- File Decryption :\r\n~~~~~~~~~~~~~~~~~~~~\r\n\r\n- The decryption routine check the header before all other operations.\r\n- The internalkey is decrypted, and authentication is checked.\r\n- The decryption routine decrypt and check authentication of all chunks\r\n with the internalkey'.\r\n\r\n4- Authentication :\r\n~~~~~~~~~~~~~~~~~~~\r\n\r\nAuthentication is performed internally by GCM mode (the header is always\r\nincluded). All chunks of file have a different authentication code and\r\nall authentication are calculated with the encrypted data. **NOT WITH\r\nCLEAR DATA.**\r\n\r\nMore information here:\r\n\r\n| https://en.wikipedia.org/wiki/Galois/Counter\\_Mode\r\n| http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf\r\n\r\nSchematic file encryption protocol\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n\r\n.. image:: http://img15.hostingpics.net/pics/149103protocol.jpg\r\n\r\nNotes on string encryption\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~\r\nThere is no \"chunk\" concept with string encryption. String encryption always use cascade encryption. The header and\r\nencrypted string are authenticated.\r\n\r\nRequirement\r\n~~~~~~~~~~~\r\n\r\n- Python >= 3\r\n- Botan library >=1.11 <--- Install the last version (1.11.29).\r\n Cryptoshop don't work with the 1.10 branch. The installation include\r\n the Python wrapper.\r\n\r\nPython modules:\r\n\r\n- `tqdm `__ <--- console progress-bar\r\n- `argon2\\_cffi `__ <--- Python module/wrapper for Argon2\r\n\r\nLicense\r\n~~~~~~~\r\n\r\n- Cryptoshop is released under\r\n `GPL3 `__\r\n License.\r\n- Botan is released under the permissive `Simplified\r\n BSD `__ license.\r\n- argon2\\_cffi and tqdm are released under The\r\n `MIT `__\r\n License\r\n\r\nWhy Cryptoshop ?\r\n~~~~~~~~~~~~~~~~\r\n\r\nThere is a lot of bad encryption modules for python.\r\n\r\n- no authentication.\r\n- else authentication routine use naive comparison like if m1==m2 mac is good. This approach permit Timing Attack.\r\n- use unsecured algorithm like ECB mode, MD5 or SHA-1 etc...\r\n- bad use of the encryption mode. Reuse nonce in CTR, fixed initialization vector when it must be random etc...\r\n- Passphrase derivation/stretching with iterative hash function. Hash are NOT make for this usage.\r\n- Systematically use PyCrypto. This is a good module, but there is no Serpent algo, and some algo like PBKDF2 are very slow because it's a pure Python implementation.\r\n- No optimization for big files.\r\n\r\nOther resources\r\n~~~~~~~~~~~~~~~\r\n\r\nYou should have some knowledge of cryptography *before* trying to use or\r\nmodify this module. This is an area where it is very easy to make\r\nmistakes. Naive modifications will almost certainly not result in a secure system.\r\n\r\nEspecially recommended are:\r\n\r\n- *Cryptography Engineering* by Niels Ferguson, `Bruce\r\n Schneier `__, and Tadayoshi Kohno\r\n\r\n- *Security Engineering -- A Guide to Building Dependable Distributed\r\n Systems* by Ross Anderson `available\r\n online `__\r\n\r\n- *Handbook of Applied Cryptography* by Alfred J. Menezes, Paul C. Van\r\n Oorschot, and Scott A. Vanstone `available\r\n online `__\r\n\r\nIf you're doing something non-trivial or unique, you might want to at\r\nthe very least ask for review/input on a mailing list such as the\r\n`metzdowd `__ or\r\n`randombit `__\r\ncrypto lists.\r\n\r\n| http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf\r\n| http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html\r\n| https://en.wikipedia.org/wiki/Timing\\_attack", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/Antidote1911/cryptoshop", "keywords": "aes,encrypt,decrypt,encryption,decryption,serpent,argon,secure,crypto,cryptography,twofish,gcm,argon2,botan", "license": "UNKNOWN", "maintainer": "", "maintainer_email": "", "name": "cryptoshop", "package_url": "https://pypi.org/project/cryptoshop/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/cryptoshop/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/Antidote1911/cryptoshop" }, "release_url": "https://pypi.org/project/cryptoshop/2.0.1/", "requires_dist": null, "requires_python": null, "summary": "Encrypt and decrypt file or string in GCM mode with AES, Serpent or Twofish as secure as possible.", "version": "2.0.1" }, "last_serial": 2100863, "releases": { "1.0": [ { "comment_text": "", "digests": { "md5": "7829bee59c6c8ec5cbb4b243ca99aa16", "sha256": "1c872371ae38eaa47ff2a36e30b1ade6544e300e760694bfcfd74b3255f53b97" }, "downloads": -1, "filename": "cryptoshop-1.0.tar.gz", "has_sig": false, "md5_digest": "7829bee59c6c8ec5cbb4b243ca99aa16", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 23166, "upload_time": "2016-04-14T13:51:25", "url": "https://files.pythonhosted.org/packages/0f/13/766f9f43b14346109bf8bb72f7044bfe1dfc86f0e470f7ed1a742dccba87/cryptoshop-1.0.tar.gz" } ], "2.0.0": [ { "comment_text": "", "digests": { "md5": "a1020d610887457143d0603defcec1ac", "sha256": "0780234ca6e04315d0ce5546441e90ac6fa90465e9362a7eb2ffd3f17471d96d" }, "downloads": -1, "filename": "cryptoshop-2.0.0.tar.gz", "has_sig": false, "md5_digest": "a1020d610887457143d0603defcec1ac", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 191876, "upload_time": "2016-04-21T21:33:00", "url": "https://files.pythonhosted.org/packages/81/9a/67e9a04335744b62d08be3efe53dd94ba6f7ed224b926ce21f2dab0ff1d2/cryptoshop-2.0.0.tar.gz" } ], "2.0.1": [ { "comment_text": "", "digests": { "md5": "0b3e291365c699790872d21e1f1cb0bc", "sha256": "e1b220e0c159e6231eabcfd32dc6b9b94c3dbd34e09c329094b2107c41688b54" }, "downloads": -1, "filename": "cryptoshop-2.0.1.tar.gz", "has_sig": false, "md5_digest": "0b3e291365c699790872d21e1f1cb0bc", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 189482, "upload_time": "2016-04-23T16:09:56", "url": "https://files.pythonhosted.org/packages/83/8c/0a4c298034ae08e672e17554a02a3f58fd8bb771f7587df7a89350b8d27d/cryptoshop-2.0.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "0b3e291365c699790872d21e1f1cb0bc", "sha256": "e1b220e0c159e6231eabcfd32dc6b9b94c3dbd34e09c329094b2107c41688b54" }, "downloads": -1, "filename": "cryptoshop-2.0.1.tar.gz", "has_sig": false, "md5_digest": "0b3e291365c699790872d21e1f1cb0bc", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 189482, "upload_time": "2016-04-23T16:09:56", "url": "https://files.pythonhosted.org/packages/83/8c/0a4c298034ae08e672e17554a02a3f58fd8bb771f7587df7a89350b8d27d/cryptoshop-2.0.1.tar.gz" } ] }