Crypto Helpers

keg_elements.crypto.aes_cipher(key, iv, mode=None)

Wrapper to build AES cipher from cryptography.

Parameters:

  • key – AES key.

  • iv – Used to create a CBC mode if a mode isn’t manually provided.

  • mode – Optional, provides an explicit mode to the cipher. CBC if not provided.

Returns:

Cipher instance.

keg_elements.crypto.aes_decryptor(key, iv, mode=None)

Get decryptor cipher context for an AES key.

Parameters:

  • key – AES key.

  • iv – Initialization vector used to construct the default CBC mode.

  • mode – Optional, provides an explicit mode to the cipher. CBC if not provided.

Returns:

Decryptor cipher context.

keg_elements.crypto.aes_encryptor(key, mode=None)

Get encryptor cipher context for an AES key.

Init vector is generated randomly.

Parameters:

  • key – AES key.

  • mode – Optional, provides an explicit mode to the cipher. CBC if not provided.

Returns:

Encryptor cipher context.

keg_elements.crypto.constant_time_compare(a, b)

Wrapper for cryptography constant time comparison, which will defeat timing attacks.

keg_elements.crypto.decrypt(data, key)

Decrypts binary data using cryptography’s default fernet algorithm :param data: a fernet token to decrypt :param key: encryption key :return: decrypted data

keg_elements.crypto.decrypt_bytesio(key, in_fpath, chunksize=24576)

Decrypts a file using AES (CBC mode) with the given key, and returns the contents in a BytesIO stream.

Parameters:

  • key – The encryption key - a string that must be either 16, 24 or 32 bytes long. Longer keys are more secure.

  • in_fpath – Full path of the input file

  • chunksize – Sets the size of the chunk which the function uses to read and encrypt the file. Larger chunk sizes can be faster for some files and machines. chunksize must be divisible by 16.

Returns:

Output file path string.

keg_elements.crypto.decrypt_file(key, in_fpath, out_fpath=None, chunksize=24576)

Decrypts a file using AES (CBC mode) with the given key. Parameters are similar to encrypt_file, with one difference: out_filename, if not supplied will be in_filename without its last extension (i.e. if in_filename is ‘aaa.zip.enc’ then out_filename will be ‘aaa.zip’)

keg_elements.crypto.decrypt_fileobj(key, in_fileobj, out_fileobj, chunksize)

Decrypts a file object using AES (CBC mode) with the given key, and writes the contents to the given output file object.

Parameters:

  • key – The encryption key - a string that must be either 16, 24 or 32 bytes long. Longer keys are more secure.

  • in_fileobj – Readable IO stream holding encrypted contents.

  • out_fileobj – Writeable IO stream for decrypted contents.

  • chunksize – Sets the size of the chunk which the function uses to read and encrypt the file. Larger chunk sizes can be faster for some files and machines. chunksize must be divisible by 16.

Returns:

None.

keg_elements.crypto.decrypt_str(cipher_text, key)

Decrypts a unicode string using cryptography’s default fernet algorithm :param cipher_text: a utf-8 string as a fernet token to decrypt :param key: encryption key :return: decrypted unicode string

keg_elements.crypto.encrypt(data, key)

Encrypts binary data using cryptography’s default fernet algorithm :param data: plaintext data to encrypt :param key: encryption key :return: encrypted data as a fernet token (a signed, base64 encoded string)

keg_elements.crypto.encrypt_file(key, in_fpath, out_fpath=None, chunksize=65536)

Encrypts a file using AES (CBC mode) with the given key.

Parameters:

  • key – The encryption key - a string that must be either 16, 24 or 32 bytes long. Longer keys are more secure.

  • in_fpath – Full path of the input file

  • out_fpath – Full path of the output file. If None, ‘<in_fpath>.enc’ will be used.

  • chunksize – Sets the size of the chunk which the function uses to read and encrypt the file. Larger chunk sizes can be faster for some files and machines. chunksize must be divisible by 16.

Returns:

Output file path string.

keg_elements.crypto.encrypt_fileobj(key, in_fileobj, chunksize=65536)

Encrypts a file object using AES (CBC mode) with the given key.

Example:

with open('my_encrypted_file', mode='wb') as f:
    for chunk in encrypt_fileobj(my_crypto_key, buffer):
        f.write(chunk)
Parameters:

  • key – The encryption key - a string that must be either 16, 24 or 32 bytes long. Longer keys are more secure.

  • in_fpath – Full path of the input file

  • out_fpath – Full path of the output file. If None, ‘<in_fpath>.enc’ will be used.

  • chunksize – Sets the size of the chunk which the function uses to read and encrypt the file. Larger chunk sizes can be faster for some files and machines. chunksize must be divisible by 16.

Returns:

Output file path string.

keg_elements.crypto.encrypt_str(data, key)

Encrypts a unicode string using cryptography’s default fernet algorithm :param data: unicode string to encrypt :param key: encryption key :return: encrypted utf-8 string as a fernet token

keg_elements.crypto.fernet_cipher(key)

Build a Fernet cipher from the given key.

keg_elements.crypto.salted_hmac(salt, value, secret)

Create an HMAC for a value using the given salt and secret.

Parameters:

  • salt

  • value

  • secret