ezPyCrypto - Encryption in Python made EASY
ezPyCrypto is the culmination of my search for an approachable
yet powerful crypto library for Python.
This may be the only Python crypto API you ever
need to learn!
Latest News
Version 0.1.1 released!
- Fixed crash with large key sizes (larger than (approx) 2000
bits)
- Can use any size public key (2048-bit or larger recommended)
- Session Key header info now padded with chaff, to resist RSA
and ElGamal factoring attacks
- You are advised to cease using vers. 0.1, and switch to
vers 0.1.1 immediately!
Abstract
ezPyCrypto is a high-level encryption library for Python that makes your
job of securing data easy and effortless.
As a reaction to some other crypto libraries, which can be painfully
complex to understand and use, ezPyCrypto has been designed from the ground
up for absolute ease of use, without compromising security.
Features
ezPyCrypto lets you:
- Generate, export and import public and private keys
- Encrypt and decrypt strings with ease
- Optionally create encrypted data as email-friendly text
- Sign and verify strings (incl. documents)
- Protect your private key with a passphrase
- Create 'streams', for sending data through secured sockets
- Choose any public key size you like (2048-bit recommended)
- Choose between RSA and ElGamal for public key, and IDEA, DES3, Blowfish,
ARC4, IDEA for session key
- Rest in the comfort of security, with 256-bit session keys and defences
against common RSA and ElGamal attacks, which will painfully frustrate
anyone seeking to violate your privacy.
History
I've been looking at a lot of cryptography libraries in my time,
and have been frustrated, because everything I saw suffered from
problems such as:
- Not multi-platform
- Painfully difficult to understand and use - needing dozens
or hundreds of lines of code just to do a simple operation
- Difficult or impossible to compile and install, without intimate
knowledge of the cource code (plus deep knowledge of cryptography).
- Painful dependency on 3rd party libraries, which often proved
difficult or impossible to find, compile and/or install
- Lack of adequate documentation and/or usage examples
I started to suspect that many crypto toolkit authors were coming from
a mindset of If it was hard to write, it should be hard to use!. If I
was deterred from using these toolkits, it occurred to me that others
would be feeling deterred as well. I imagined with horror all the
hours that are getting wasted by programmers the world over, in
struggling to come to terms with underlying crypto theory, and mastering
the arcane intricacies of the available crypto libraries (or, as
programmers are notorious for, writing their own libraries, often just
as arcane and difficult for others.) Meanwhile, zillions of good creative
ideas for applications are simply not getting implemented, because
programmers feel discouraged and find something else to do.
As many will know, I've recently moved to
Python as my programming language of
choice. Quite simply, Python seriously kicks butt. It spares the programmer
of all the red tape of keeping track of data types, and allows a much looser
and freer creative process. If you're not using Python already, then just
download it and install it and start programming. Most of the difficulty
of learning Python is because of its ease of use and empowering freedom,
since you have to let go of the mind-crippling limitations of other
languages you've learned. Luckily, this difficulty passes in a few days
of dabbling - once you've followed the
Python Tutorial,
you'll be up and running - no problems.
But back to the point. I looked at the various Python crypto libraries
(there's bugger-all crypto in the standard Python libraries), and found
most of them failing from one or more of the above limitations.
The only exception was a fine piece of programming called
PyCrypto.
PyCrypto has a very clean design, with well-organised Python classes at
the front-end, and very portable C code at the back end. Unlike other
crypto libs, PyCrypto compiles easily on *nix and Windows platforms,
doesn't need any 3rd party libraries, and comes with excellent LaTeX
documentation (which looks good when passed through latex2html).
Also, PyCrypto supports most of the popular encryption algorithms,
and supports any key length the programmer desires. Larger keys, more
secure, but slower - programmer chooses the right trade-off. The people
who wrote PyCrypto certainly don't have that elitist
geek syndrome - the way they've designed and packaged their code shows
a respect for the client programmer that is sadly rare.
However, the PyCrypto API is still a little more low-level than I'd
like. It still imposes a bit too much 'red tape' on the programmer,
albeit much less than any other crypto library I've seen.
Therefore, it occurred to me to write a wrapper layer over the top
of PyCrypto, and build this layer to give maximum features and security
together with absolute ease of use.
ezPyCrypto basically defines a single class, called key,
which does most cryptographic operations a programmer will need, including:
- Encrypting and Decrypting strings
- Signing strings and Verifying signatures
- Exporting and importing public and private keys
- Generating new public/private keypairs
So, why not have a look now at the
ezPyCrypto Documentation
And, if you like what you see, you can
Download ezPyCrypto 0.1.1. ezPyCrypto comes
with a suite of mindlessly simple example programs, so you'll be up and
running in minutes!
Note that this download contains the PyCrypto backend, both in source code form,
(and an executable Windows installer (python 2.2 only), in case you
don't have a suitable C compiler. Installing PyCrypto on Debian is also easy:
just type apt-get install python-crypto
Last modified: Fri Mar 14 18:44:29 NZDT 2003