Module ezPyCrypto :: Class key
[show private | hide private]
[frames | no frames]

Class key


This may well be the only crypto class for Python that you'll ever need. Think of this class, and the ezPyCrypto module, as 'cryptography for the rest of us'.

Designed to strike the optimal balance between ease of use, features and performance.

Basic High-level methods: Middle-level (stream-oriented) methods: Low-level methods: Principle of operation:
Method Summary
  __init__(self, something, algoPub, algoSess, **kwds)
Constructor.
  decEnd(self)
Ends a stream decryption session.
  decNext(self, chunk)
Decrypt the next piece of incoming stream data.
  decStart(self)
Start a stream decryption session.
  decString(self, enc)
Decrypts a previously encrypted string.
  decStringFromAscii(self, enc)
Decrypts a previously encrypted string in ASCII (base64) format, as created by encryptAscii()
  encEnd(self)
Called to terminate a stream session.
  encNext(self, raw)
Encrypt the next piece of data in a stream.
  encStart(self)
Starts a stream encryption session Sets up internal buffers for accepting ad-hoc data.
  encString(self, raw)
Encrypt a string of data
  encStringToAscii(self, raw)
Encrypts a string of data to printable ASCII format
  exportKey(self)
Exports the public key as a printable string.
  exportKeyPrivate(self, **kwds)
Exports public/private key pair as a printable string.
  importKey(self, keystring, **kwds)
Imports a public key or private/public key pair.
  makeNewKeys(self, keysize, **kwds)
Creates a new keypair in cipher object, and a new session key
  signString(self, raw)
Sign a string using private key
  test(self, raw)
Encrypts, then decrypts a string.
  testAscii(self, raw)
Encrypts, then decrypts a string.
  verifyString(self, raw, signature)
Verifies a string against a signature.

Method Details

__init__(self, something=512, algoPub=None, algoSess=None, **kwds)
(Constructor)

Constructor. Creates a key object

This constructor, when creating the key object, does one of two things:
  1. Creates a completely new keypair, OR
  2. Imports an existing keypair
Arguments:
  1. If new keys are desired:
    • key size in bits (int), default 512 - advise at least 1536
    • algoPub - either 'RSA' or 'ElGamal' (default 'RSA')
    • algoSess - one of 'ARC2', 'Blowfish', 'CAST', 'DES3', 'IDEA', 'RC5', (default 'Blowfish')
  2. If importing an existing key or keypair:
    • keyobj (string) - result of a prior exportKey() call
Keywords:
  • passphrase - default '':
    • If creating new keypair, this passphrase is used to encrypt privkey when exporting.
    • If importing a new keypair, the passphrase is used to authenticate and grant/deny access to private key

decEnd(self)

Ends a stream decryption session.

decNext(self, chunk)

Decrypt the next piece of incoming stream data.

Arguments:
  • chunk - some more of the encrypted stream
Returns (depending on state)
  • '' - no more decrypted data available just yet
  • data - the next available piece of decrypted data
  • None - session is complete - no more data available

decStart(self)

Start a stream decryption session.

Call this method first, then feed in pieces of stream data into decNext until there's no more data to decrypt

Arguments:
  • None
Returns:
  • None

decString(self, enc)

Decrypts a previously encrypted string.

Arguments:
  • enc - string, previously encrypted in binary mode with encString
Returns:
  • dec - raw decrypted string

decStringFromAscii(self, enc)

Decrypts a previously encrypted string in ASCII (base64) format, as created by encryptAscii()

Arguments:
  • enc - ascii-encrypted string, as previously encrypted with encStringToAscii()
Returns:
  • dec - decrypted string

May generate an exception if the public key of the encrypted string doesn't match the public/private keypair in this key object.

To work around this problem, either instantiate a key object with the saved keypair, or use the importKey() function.

Exception will also occur if this object is not holding a private key (which can happen if you import a key which was previously exported via exportKey(). If you get this problem, use exportKeyPrivate() instead to export your keypair.

encEnd(self)

Called to terminate a stream session. Encrypts any remaining data in buffer.

Arguments:
  • None
Returns - one of:
  • last block of data, as a string

encNext(self, raw='')

Encrypt the next piece of data in a stream.

Arguments:
  • raw - raw piece of data to encrypt
Returns - one of:
  • '' - not enough data to encrypt yet - stored for later
  • encdata - string of encrypted data

encStart(self)

Starts a stream encryption session Sets up internal buffers for accepting ad-hoc data.

No arguments needed, nothing returned.

encString(self, raw)

Encrypt a string of data

High-level func. encrypts an entire string of data, returning the encrypted string as binary.

Arguments:
  • raw string to encrypt
Returns:
  • encrypted string as binary
Note - the encrypted string can be stored in files, but I'd suggest not emailing them - use encStringToAscii instead. The sole advantage of this method is that it produces more compact data, and works a bit faster.

encStringToAscii(self, raw)

Encrypts a string of data to printable ASCII format

Use this method instead of encString, unless size and speed are major issues.

This method returns encrypted data in bracketed base64 format, safe for sending in email.

Arguments:
  • raw - string to encrypt
Returns:
  • enc - encrypted string, text-wrapped and Base-64 encoded, safe for mailing.
There's an overhead with base64-encoding. It costs size, bandwidth and speed. Unless you need ascii-safety, use encString() instead.

exportKey(self)

Exports the public key as a printable string.

Exported keys can be imported elsewhere into MyCipher instances with the importKey method.

Note that this object contains only the public key. If you want to export the private key as well, call exportKeyPrivate instaead.

Note also that the exported string is Base64-encoded, and safe for sending in email.

Arguments:
  • None
Returns:
  • a base64-encoded string containing an importable key

exportKeyPrivate(self, **kwds)

Exports public/private key pair as a printable string.

This string is a binary string consisting of a pickled key object, that can be imported elsewhere into MyCipher instances with the importKey method.

Note that this object contains the public AND PRIVATE keys. Don't EVER email any keys you export with this function (unless you know what you're doing, and you encrypt the exported keys against another key). When in doubt, use exportKey instead.

Keep your private keys safe at all times. You have been warned.

Note also that the exported string is Base64-encoded, and safe for sending in email.

Arguments:
  • None
Keywords:
  • passphrase - default (None) to using existing passphrase. Set to '' to export without passphrase (if this is really what you want to do!)
Returns:
  • a base64-encoded string containing an importable key

importKey(self, keystring, **kwds)

Imports a public key or private/public key pair.

(as previously exported from this object with the exportKey or exportKeyPrivate methods.)

Arguments: Keywords:
  • passphrase - string (default '', meaning 'try to import without passphrase')
Returns:
  • True if import successful, False if failed

You don't have to call this if you instantiate your key object in 'import' mode - ie, by calling it with a previously exported key.

Note - you shouldn't give a 'passphrase' when importing a public key.

makeNewKeys(self, keysize=512, **kwds)

Creates a new keypair in cipher object, and a new session key

Arguments:
  • keysize (default 512), advise at least 1536
Returns:
  • None
Keywords:
  • passphrase - used to secure exported private key - default '' (no passphrase)

Keypair gets stored within the key object. Refer exportKey, exportKeyPrivate and importKey.

Generally no need to call this yourself, since the constructor calls this in cases where you aren't instantiating with an importable key.

signString(self, raw)

Sign a string using private key

Arguments:
  • raw - string to be signed
Returns:
  • wrapped, base-64 encoded string of signature
Note - private key must already be present in the key object. Call importKey for the right private key first if needed.

test(self, raw)

Encrypts, then decrypts a string. What you get back should be the same as what you put in.

This is totally useless - it just gives a way to test if this API is doing what it should.

testAscii(self, raw)

Encrypts, then decrypts a string. What you get back should be the same as what you put in.

This is totally useless - it just gives a way to test if this API is doing what it should.

verifyString(self, raw, signature)

Verifies a string against a signature.

Object must first have the correct public key loaded. (see importKey). An exception will occur if this is not the case.

Arguments:
  • raw - string to be verified
  • signature - as produced when key is signed with signString
Returns:
  • True if signature is authentic, or False if not

Generated by Epydoc 1.1 on Thu Jul 24 11:16:45 2003 http://epydoc.sf.net