GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → soroco → Pyce

soroco / Pyce

Licence: apache-2.0
Encrypted Python Execution

Programming Languages

python
139335 projects - #7 most used programming language
python3
1442 projects

Labels

securitycryptography

Projects that are alternatives of or similar to Pyce

Javascript Opentimestamps
Stars: ✭ 99 (-10.81%)
Mutual labels:  cryptography
Hs Jose
Haskell JOSE and JWT library
Stars: ✭ 100 (-9.91%)
Mutual labels:  cryptography
Cryfs
Cryptographic filesystem for the cloud
Stars: ✭ 1,560 (+1305.41%)
Mutual labels:  cryptography
Javascript
A repository for All algorithms implemented in Javascript (for educational purposes only)
Stars: ✭ 16,117 (+14419.82%)
Mutual labels:  cryptography
Desudesutalk
Steganography for imageboards
Stars: ✭ 100 (-9.91%)
Mutual labels:  cryptography
Easycrypt
Android cryptography library with SecureRandom patches.
Stars: ✭ 102 (-8.11%)
Mutual labels:  cryptography
Webcrypto Liner
webcrypto-liner is a polyfill that let's down-level User Agents (like IE/Edge) use libraries that depend on WebCrypto. (Keywords: Javascript, WebCrypto, Shim, Polyfill)
Stars: ✭ 98 (-11.71%)
Mutual labels:  cryptography
Yubikey Agent
yubikey-agent is a seamless ssh-agent for YubiKeys.
Stars: ✭ 1,744 (+1471.17%)
Mutual labels:  cryptography
Pyjks
a pure python Java KeyStore file parser, including private key decryption
Stars: ✭ 100 (-9.91%)
Mutual labels:  cryptography
Cfrpki
Cloudflare's RPKI Toolbox
Stars: ✭ 104 (-6.31%)
Mutual labels:  cryptography
Churp
Decentralize your secrets!
Stars: ✭ 100 (-9.91%)
Mutual labels:  cryptography
Jmacaroons
Pure Java implementation of Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud. Android ready. Online playground available.
Stars: ✭ 100 (-9.91%)
Mutual labels:  cryptography
Coniks Go
A CONIKS implementation in Golang
Stars: ✭ 102 (-8.11%)
Mutual labels:  cryptography
Hacl Star
HACL*, a formally verified cryptographic library written in F*
Stars: ✭ 1,360 (+1125.23%)
Mutual labels:  cryptography
Libsodium Go
A complete overhaul of the Golang wrapper for libsodium
Stars: ✭ 105 (-5.41%)
Mutual labels:  cryptography
0fc
Anonymous web chat server, built on top of Themis/WebThemis
Stars: ✭ 98 (-11.71%)
Mutual labels:  cryptography
Brightid
Reference mobile app for BrightID
Stars: ✭ 101 (-9.01%)
Mutual labels:  cryptography
Wolfboot
wolfBoot is a portable, OS-agnostic, secure bootloader for microcontrollers, supporting firmware authentication and firmware update mechanisms.
Stars: ✭ 110 (-0.9%)
Mutual labels:  cryptography
Openssh Portable
Portable OpenSSH
Stars: ✭ 1,696 (+1427.93%)
Mutual labels:  cryptography
Gcp Iot Core Examples
Google Cloud Platform IOT Core Examples
Stars: ✭ 103 (-7.21%)
Mutual labels:  cryptography
View All Similar Projects ➔

PYCE

pyce is a library to work with encrypted Python bytecode. It adds functionality to a Python runtime by extending the way the builtin keyword import works. Currently, it assumes that convergent encryption will be used, but the library can be extended. For example, functionality could be added to decrypt files via Hashicorp's Vault (which also supports convergent encryption as a mode of operation).

pyce enables the creation of a Trusted Computing Python environment by ensuring each deployed file is precisely what the developer intended by enforcing end-to-end encryption. Execution halts if even a single bit of an imported Python file is modified.

How do I use it?

First, you'll want to encrypt a module or package. Note: this is a destructive action. Do not run this on a codebase that is not saved elsewhere. This can recursively operate on folders, and supports exclusion lists (to not encrypt certain files).

pyce expects files to be pre-compiled Python bytecode, using a command similar to python3 -mcompileall -b where -b does an in place compilation.

from pyce import encrypt_path
encrypt_path('pyce/hello.pyc')
[('pyce/hello.pyce', '443df1d5f9914d13ed27950dd81aa2dd9d3b708be416c388f3226ad398d71a14')]

Second, register your keys and try importing from the encrypted module or package:

from pyce import PYCEPathFinder
PYCEPathFinder.KEYS = {'pyce/hello.pyce' : '443df1d5f9914d13ed27950dd81aa2dd9d3b708be416c388f3226ad398d71a14'}

import sys
sys.meta_path.insert(0, PYCEPathFinder)
from pyce.hello import hello
hello()

Key distribution is outside the scope of this project. You will need to maintain keys typically by using a networked key server such as Hashicorp's Vault. You could pass keys by environment variable, stdin, or some other mechanism.

Typically, you will leave (exclude) a stub file that is designed to just hook Python's import path parsers, setup the keys, and then execute your code.

What can I do with it?

File Integrity Monitoring: You could protect your production code running on application servers by adding in automatic cryptographic checks of imports.

Licensing: You could publish encrypted modules to PyPI and only release decryption keys to certain organizations, people, or others! You could publish such modules anywhere!

At-rest Code Protection: You could just protect code at rest by integrating on-the-fly decryption with an IDE or other software. This would be more of a DIY project at this point in time, but pyce gives you all the building blocks you need!

License

All of this code is released under the Apache v2.0 License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].