Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Practical Cryptography for Developers: Hashes, MAC, Key Derivation, DHKE, Symmetric and Asymmetric Ciphers, Public Key Cryptosystems, RSA, Elliptic Curves, ECC, secp256k1, ECDH, ECIES, Digital Signatures, ECDSA, EdDSA

Stars: ✭ 2,400 (+943.48%)

Mutual labels: aes, hmac

Encrypt

🔒 A set of high-level APIs over PointyCastle for two-way cryptography.

Stars: ✭ 199 (-13.48%)

Mutual labels: encryption, aes

Whispers

Identify hardcoded secrets and dangerous behaviours

Stars: ✭ 66 (-71.3%)

Mutual labels: secrets, passwords

Cross Platform Aes

Simple cross-platform encryption and decryption using AES

Stars: ✭ 127 (-44.78%)

Mutual labels: encryption, aes

Crypto Notepad

🔑 Simple notepad for Windows with encryption features

Stars: ✭ 160 (-30.43%)

Mutual labels: encryption, aes

Encryptor4j

Strong encryption for Java simplified

Stars: ✭ 92 (-60%)

Mutual labels: encryption, aes

Ksprefs

🚀⚡ Kotlin SharedPreferences wrapper & cryptographic preferences android library.

Stars: ✭ 176 (-23.48%)

Mutual labels: encryption, aes

Helm Secrets

Successor of zendesk/helm-secrets - A helm plugin that help manage secrets with Git workflow and store them anywhere

Stars: ✭ 165 (-28.26%)

Mutual labels: encryption, secrets

Py7zr

7zip in python3 with ZStandard, PPMd, LZMA2, LZMA1, Delta, BCJ, BZip2, and Deflate compressions, and AES encryption.

Stars: ✭ 110 (-52.17%)

Mutual labels: encryption, aes

Jncryptor

Java implementation of RNCryptor

Stars: ✭ 187 (-18.7%)

Mutual labels: encryption, aes

Bouncer

Bouncer is a network TCP port redirector/forward proxy (like rinetd) with extra features like Reverse tunneling (like ssh -R), SSL tunneling (like stunnel), connection Failover, LoadBalancing and Clustering. In pure Java (BIO)

Stars: ✭ 103 (-55.22%)

Mutual labels: encryption, aes

Aes

Verilog implementation of the symmetric block cipher AES (Advanced Encryption Standard) as specified in NIST FIPS 197. This implementation supports 128 and 256 bit keys.

Stars: ✭ 131 (-43.04%)

Mutual labels: encryption, aes

Lockbox

Encrypted storage with built-in key management facilities

Stars: ✭ 94 (-59.13%)

Mutual labels: encryption, aes

Shhh

Share sensitive info without leaving a trace in your chat logs or email accounts.

Stars: ✭ 159 (-30.87%)

Mutual labels: encryption, secrets

Hybrid Crypto Js

RSA+AES hybrid encryption implementation for JavaScript. Works with Node.js, React Native and modern browsers.

Stars: ✭ 87 (-62.17%)

Mutual labels: encryption, aes

Awx Migrate

Tool to migrate AWX to a new instance

Stars: ✭ 89 (-61.3%)

Mutual labels: secrets, passwords

Phoenix Ecto Encryption Example

🔐 A detailed example for how to encrypt data in a Phoenix (Elixir) App before inserting into a database using Ecto Types

Stars: ✭ 166 (-27.83%)

Mutual labels: encryption, aes

Spring Vault

Provides familiar Spring abstractions for HashiCorp Vault

Stars: ✭ 179 (-22.17%)

Mutual labels: encryption, secrets

View All Similar Projects ➔

Privy

.. image:: https://img.shields.io/pypi/v/privy.svg?style=flat-square :target: https://pypi.org/project/privy

.. image:: https://img.shields.io/travis/ofek/privy/master.svg?style=flat-square :target: https://travis-ci.org/ofek/privy

.. image:: https://img.shields.io/codecov/c/github/ofek/privy/master.svg?style=flat-square :target: https://codecov.io/gh/ofek/privy

.. image:: https://img.shields.io/pypi/pyversions/privy.svg?style=flat-square :target: https://pypi.org/project/privy

.. image:: https://img.shields.io/pypi/l/privy.svg?style=flat-square :target: https://choosealicense.com/licenses

Privy is a small and fast utility for password-protecting secret data such as API keys, cryptocurrency wallets, or seeds for digital signatures.

Table of Contents


.. contents::
    :backlinks: top
    :local:

Usage
-----

Say for example you are using GnuPG. You are about to sign a message but it first
requires your password. Does your password become the input to unlock your stored
private key? No, it is first hashed by a secure `key derivation function`_. That
hash then becomes the input to a symmetric cipher such as AES which then decrypts
your stored private key. That is what Privy does.

Fear not! With Privy, this become trivially easy:

.. code-block:: python

    >>> import privy
    >>>
    >>> # After creating secret, immediately encrypt it using Privy.
    >>> data = b'secret'
    >>>
    >>> hidden = privy.hide(data, ask_for_password())
    >>> hidden
    '1$2$fL7xRh8WKe...'

Now you can safely store or transmit the hidden secret. Whenever your user needs
to use their secret again, ask for their password to take a peek.

.. code-block:: python

    >>> privy.peek(hidden, password)
    b'secret'

Installation
------------

Privy is available on Linux/macOS and Windows and supports Python 2.7, 3.3+, PyPy, and PyPy3.3-5.5+.

.. code-block:: bash

    $ pip install privy

Encryption scheme
-----------------

Secrets are encrypted using the `Fernet`_ protocol. Specifically, it uses AES for
encryption and has built-in authentication using HMAC. The private key used for
encryption is derived from the password using a `key derivation function`_. The
key derivation function used is `Argon2`_, the winner of the `Password Hashing
Competition`_. Both Argon2i and Argon2d variants are supported.

Encrypted format
----------------

``ascii(Argon2 algorithm || security level || base64(salt) || base64(Fernet token))``

API
---

There are 2 functions: ``hide`` and ``peek``.

hide
^^^^

``hide(secret, password, security=2, salt=None, server=True)``

Encrypts ``secret`` using ``password``. Returns the hidden secret as unicode.

* Parameters

  - **secret** (``bytes``) - The secret to encrypt.
  - **password** (``bytes`` or ``unicode``) - The password used to access the secret.
  - **security** (``int``) - A number 0-20 inclusive. Higher values are more secure at
    the cost of slower computation and greater use of memory. See `security levels`_.
  - **salt** (``bytes``) - The salt used for the password hash. Defaults to ``os.urandom(32)``.
  - **server** (``bool``) - If ``True``, it is assumed side-channel attack protection is
    needed and therefore the Argon2i algorithm will be used. Otherwise, the password will
    be hashed using the Argon2d algorithm.

peek
^^^^

``peek(hidden, password, expires=None)``

Decrypts ``hidden`` using ``password``. Returns the secret as ``bytes``.

* Parameters

  - **hidden** (``bytes`` or ``unicode``) - The hidden secret to decrypt.
  - **password** (``bytes`` or ``unicode``) - The password used to access the secret.
  - **expires** (``int``) - The maximum number of seconds since encryption that
    is allowed. The default is no expiration.

A ``ValueError`` will be raised if the password is wrong, the password was attempted on a
different hidden secret, or the number of seconds since encryption is > ``expires`` argument.

Security levels
---------------

All expected times were taken from tests on an Intel Core i7-2670QM @ 2.2 GHz when decrypting
a 256 KiB secret.

This is the command, where ``SL`` is the desired security level:

.. code-block:: bash

    $ python -m timeit -s "import privy, os; pw = 'password'; s = os.urandom(1024 * 256); h = privy.hide(s, pw, SL)" "privy.peek(h, pw)"

+--------+-----------------+---------------+-----------------+
| Levels | Argon2 settings | Expected time | Notes           |
+========+=================+===============+=================+
| 0      | m=8 KiB, t=1    | 7 msec        | Lowest possible |
+--------+-----------------+---------------+-----------------+
| 1      | m=4 MiB, t=10   | 54 msec       |                 |
+--------+-----------------+---------------+-----------------+
| 2      | m=8 MiB, t=10   | 99 msec       | Default         |
+--------+-----------------+---------------+-----------------+
| 3      | m=32 MiB, t=10  | 367 msec      |                 |
+--------+-----------------+---------------+-----------------+
| 4      | m=48 MiB, t=10  | 540 msec      |                 |
+--------+-----------------+---------------+-----------------+
| 5      | m=96 MiB, t=10  | 1.1 sec       | Good choice     |
+--------+-----------------+---------------+-----------------+
| 6      | m=256 MiB, t=10 | 3 sec         |                 |
+--------+-----------------+---------------+-----------------+
| 7      | m=512 MiB, t=10 | 6 sec         |                 |
+--------+-----------------+---------------+-----------------+
| 8      | m=768 MiB, t=10 | 9 sec         |                 |
+--------+-----------------+---------------+-----------------+
| 9      | m=1 GiB, t=10   | 12.2 sec      |                 |
+--------+-----------------+---------------+-----------------+
| 10     | m=2 GiB, t=20   | 48 sec        | For use on      |
+--------+-----------------+---------------+ users' machines |
| 11     | m=3 GiB, t=30   | 107           |                 |
+--------+-----------------+---------------+                 |
| 12     | m=4 GiB, t=40   | ?             |                 |
+--------+-----------------+---------------+                 |
| 13     | m=5 GiB, t=50   | ?             |                 |
+--------+-----------------+---------------+                 |
| 14     | m=6 GiB, t=60   | ?             |                 |
+--------+-----------------+---------------+                 |
| 15     | m=7 GiB, t=70   | ?             |                 |
+--------+-----------------+---------------+                 |
| 16     | m=8 GiB, t=80   | ?             |                 |
+--------+-----------------+---------------+                 |
| 17     | m=9 GiB, t=90   | ?             |                 |
+--------+-----------------+---------------+                 |
| 18     | m=10 GiB, t=100 | ?             |                 |
+--------+-----------------+---------------+                 |
| 19     | m=11 GiB, t=110 | ?             |                 |
+--------+-----------------+---------------+                 |
| 20     | m=12 GiB, t=120 | ?             |                 |
+--------+-----------------+---------------+-----------------+

License
-------

Privy is distributed under the terms of either

- `MIT License <https://choosealicense.com/licenses/mit>`_
- `Apache License, Version 2.0 <https://choosealicense.com/licenses/apache-2.0>`_

at your option.

Changelog
---------

Important changes are emphasized.

6.0.0
^^^^^

* **Breaking:** Support for Python 3.3 has been dropped.

5.0.0
^^^^^

* **Breaking:** Privy is now dual-licensed under the terms of MIT and Apache v2.0.
* Only documented methods ``hide`` and ``peek`` are now exposed in the root namespace.
* Travis now runs tests with the latest versions of PyPy and PyPy3.
* Improvements to documentation.

4.0.0
^^^^^

* **Breaking:** For saner conformity, security level 7 now utilizes 512 MiB of RAM instead of 448.
* Major improvements to documentation.

3.0.0
^^^^^

* Added security levels 11-20. These are quite resource intensive and are therefore
  only acceptable for individual use.

2.0.1
^^^^^

* **Breaking:** Due to requests, the encrypted format now uses url-safe base64 instead of hex.

1.0.0
^^^^^

* Initial release

.. _Fernet: https://github.com/fernet/spec/blob/master/Spec.md
.. _key derivation function: https://en.wikipedia.org/wiki/Key_derivation_function
.. _Argon2: https://github.com/p-h-c/phc-winner-argon2
.. _Password Hashing Competition: https://en.wikipedia.org/wiki/Password_Hashing_Competition
.. _security levels: https://github.com/ofek/privy#security-levels

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 230

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (1) 🔗