Metadata-Version: 1.1
Name: cryptoshop
Version: 2.0.1
Summary: Encrypt and decrypt file or string in GCM mode with AES, Serpent or Twofish as secure as possible.
Home-page: https://github.com/Antidote1911/cryptoshop
Author: Fabrice Corraire
Author-email: antidote1911@gmail.com
License: UNKNOWN
Description: **********
        Cryptoshop
        **********
        v.2.0.1
        
        A Python 3 module to encrypt and decrypt files or string in GCM mode with AES, Serpent or Twofish as secure as possible.
        Contact: antidote1911@gmail.com
        
        General Specifications :
        ------------------------
        
        To install with sources archive, go in the extracted folder and run in
        terminal:
        
        ::
        
            sudo python setup.py install
        
        Or by Pypi, run:
        
        ::
        
            sudo pip install cryptoshop
        
        Cryptoshop encrypt files in `GCM
        mode. <https://en.wikipedia.org/wiki/Galois/Counter_Mode>`__ with one of this three algorithms `AES-256 <https://en.wikipedia.org/wiki/Advanced_Encryption_Standard>`__, `Serpent <https://en.wikipedia.org/wiki/Serpent_%28cipher%29>`__ or
        `Twofish <https://en.wikipedia.org/wiki/Twofish>`__
        
        * For string encryption, cryptoshop use cascade encryption with Serpent, AES and Twofish.
        
        * It use Botan. Crypto and TLS library for C++11. For more information's on Botan, go here:
        
        | `<http://botan.randombit.net>`_
        | `<https://github.com/randombit/botan>`_
        
        
        It use Argon2 for key derivation/stretching and HMAC-Keccak-1600 for message authentication :
        
        | https://en.wikipedia.org/wiki/Argon2
        | https://www.cryptolux.org/index.php/Argon2
        | https://github.com/P-H-C/phc-winner-argon2
        
        
        You can use it like console application:
        
        Linux users: Make a symlink of the module on your bin folder...
        
        ::
        
            # encrypt the file test with AES-256.
            # If no algo is specified, Serpent (-a srp) is default.
            # Encrypted file test.cryptoshop is write in same folder:
        
            ./cryptoshop -e test -a aes
        
        
            # decrypt the file test.cryptoshop.
            # No need to specify algo. It is automatically detected by decryption routine.
        
            ./cryptoshop -d test.cryptoshop
        
        You can use it like a module for your Python application:
        
        File encryption :
        ::
        
            from cryptoshop import encryptfile
            from cryptoshop import decryptfile
        
            result1 = encryptfile(filename="test", passphrase="mypassphrase", algo="srp")
            print(result1)
        
            result2 = decryptfile(filename="test.cryptoshop", passphrase="mypassphrase")
            print(result2)
        
        String encryption :
        ::
        
            from cryptoshop import encryptstring
            from cryptoshop import decryptstring
        
            # No need to specify algo. Cryptoshop use cascade encryption with Serpent, AES and Twofish.
            result1 = encryptstring(string= "my string to encrypt" , passphrase= "mypassword")
            print(result1)
        
            result2 = decryptstring(string= result1 , passphrase= "mypassword")
            print(result2)
        
        Advanced Specifications :
        ~~~~~~~~~~~~~~~~~~~~~~~~~
        
        1- Key derivation/stretching :
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        
        The user passphrase derivation is performed with the winner of the
        Password Hashing Competition,
        `Argon2 <https://en.wikipedia.org/wiki/Argon2>`__. Argon2 use a fixed
        timing calculation and not iterations, to prevent `Timing
        attack <https://en.wikipedia.org/wiki/Timing_attack>`__. The output is a
        key of 32 bytes. This is the "masterkey".
        
        2- File Encryption :
        ~~~~~~~~~~~~~~~~~~~~
        
        -  A 32 bytes "internalkey" is generated by the random number generator.
        -  the plaintext is encrypted with this key with selected algo. Serpent,
           AES or Twofish.
        -  this key is encrypted in cascade with your master key. Cryptoshop
           always use Serpent, AES, and Twofish for encrypt this internal key.
        -  All encryption use different random key and different uniques nonce.
        -  All are authenticated.
        
        This ensure your masterkey was not used for encrypt more and more data,
        and you need only to remember your passphrase. Not three 32 bytes keys
        :)
        
        You can encrypt with AES-256, Serpent-256, or Twofish-256. If no
        algorithm is specified, Cryptoshop use Serpent-256.
        
        **Encryption is optimized for larges files:**
        
        The file is encrypted chunk by chunk with the 'internalkey'. Etch iteration is authenticated. All encrypted chunks
        use a different UNIQUE nonce. It is ABSOLUTELY necessary for all counter mode like GCM or CTR...
        `NEVER USE THE SAME KEY WITH THE SAME NONCE <http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ctr/ctr-spec.pdf>`__.
        For have uniques nonce, cryptoshop use `uuid4 <https://en.wikipedia.org/wiki/Universally_unique_identifier>`__,
        and `timestamp <https://en.wikipedia.org/wiki/Timestamp>`__.
        
        The final Cryptoshop format is:
        
        ::
        
            *****************************************************************************
            header                                                            2.5 bytes *
            passsalt                                                           64 bytes *
            ***************************                                                 *
            nonce1 + nonce2 + nonce3                                       41 * 3 bytes *
            enckey + GCM Tag1 + GCM Tag2 + GCM Tag3                   21*3 + 3*16 bytes *
            ***************************                                                 *
            nonce4 + cipherchunk1 + GCM Tag4            41 bytes + chunkSize + 16 bytes *
            ---------------                                                             *
            nonce5 + cipherchunk2 + GCM Tag5            41 bytes + chunkSize + 16 bytes *
            ---------------                                                             *
            nonce6 + cipherchunk3 + GCM Tag6            41 bytes + chunkSize + 16 bytes *
            ---------------                                                             *
            nonceN + cipherchunkN + GCM Tag7            41 bytes + chunkSize + 16 bytes *
            ---------------                                                             *
            *****************************************************************************
        
        chunksize is fixed to 0,5 Mo (500000 bytes)
        
        3- File Decryption :
        ~~~~~~~~~~~~~~~~~~~~
        
        -  The decryption routine check the header before all other operations.
        -  The internalkey is decrypted, and authentication is checked.
        -  The decryption routine decrypt and check authentication of all chunks
           with the internalkey'.
        
        4- Authentication :
        ~~~~~~~~~~~~~~~~~~~
        
        Authentication is performed internally by GCM mode (the header is always
        included). All chunks of file have a different authentication code and
        all authentication are calculated with the encrypted data. **NOT WITH
        CLEAR DATA.**
        
        More information here:
        
        | https://en.wikipedia.org/wiki/Galois/Counter\_Mode
        | http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf
        
        Schematic file encryption protocol
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        
        .. image:: http://img15.hostingpics.net/pics/149103protocol.jpg
        
        Notes on string encryption
        ~~~~~~~~~~~~~~~~~~~~~~~~~~
        There is no "chunk" concept with string encryption. String encryption always use cascade encryption. The header and
        encrypted string are authenticated.
        
        Requirement
        ~~~~~~~~~~~
        
        -  Python >= 3
        -  Botan library >=1.11 <--- Install the last version (1.11.29).
           Cryptoshop don't work with the 1.10 branch. The installation include
           the Python wrapper.
        
        Python modules:
        
        - `tqdm <https://github.com/tqdm/tqdm>`__ <--- console progress-bar
        - `argon2\_cffi <https://github.com/hynek/argon2_cffi>`__ <--- Python module/wrapper for Argon2
        
        License
        ~~~~~~~
        
        -  Cryptoshop is released under
           `GPL3 <https://github.com/Antidote1911/cryptoshop/blob/master/cryptoshop.license>`__
           License.
        -  Botan is released under the permissive `Simplified
           BSD <http://botan.randombit.net/license.txt>`__ license.
        -  argon2\_cffi and tqdm are released under The
           `MIT <https://github.com/hynek/argon2_cffi/blob/master/LICENSE>`__
           License
        
        Why Cryptoshop ?
        ~~~~~~~~~~~~~~~~
        
        There is a lot of bad encryption modules for python.
        
        - no authentication.
        - else authentication routine use naive comparison like if m1==m2 mac is good. This approach permit Timing Attack.
        - use unsecured algorithm like ECB mode, MD5 or SHA-1 etc...
        - bad use of the encryption mode. Reuse nonce in CTR, fixed initialization vector when it must be random etc...
        - Passphrase derivation/stretching with iterative hash function. Hash are NOT make for this usage.
        - Systematically use PyCrypto. This is a good module, but there is no Serpent algo, and some algo like PBKDF2 are very slow because it's a pure Python implementation.
        - No optimization for big files.
        
        Other resources
        ~~~~~~~~~~~~~~~
        
        You should have some knowledge of cryptography *before* trying to use or
        modify this module. This is an area where it is very easy to make
        mistakes. Naive modifications will almost certainly not result in a secure system.
        
        Especially recommended are:
        
        -  *Cryptography Engineering* by Niels Ferguson, `Bruce
           Schneier <https://www.schneier.com/>`__, and Tadayoshi Kohno
        
        -  *Security Engineering -- A Guide to Building Dependable Distributed
           Systems* by Ross Anderson `available
           online <https://www.cl.cam.ac.uk/~rja14/book.html>`__
        
        -  *Handbook of Applied Cryptography* by Alfred J. Menezes, Paul C. Van
           Oorschot, and Scott A. Vanstone `available
           online <http://www.cacr.math.uwaterloo.ca/hac/>`__
        
        If you're doing something non-trivial or unique, you might want to at
        the very least ask for review/input on a mailing list such as the
        `metzdowd <http://www.metzdowd.com/mailman/listinfo/cryptography>`__ or
        `randombit <http://lists.randombit.net/mailman/listinfo/cryptography>`__
        crypto lists.
        
        | http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
        | http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html
        | https://en.wikipedia.org/wiki/Timing\_attack
        
Keywords: aes,encrypt,decrypt,encryption,decryption,serpent,argon,secure,crypto,cryptography,twofish,gcm,argon2,botan
Platform: UNKNOWN
Classifier: Programming Language :: Python
Classifier: Development Status :: 5 - Production/Stable
Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
Classifier: Natural Language :: English
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Software Development
