Intro

SKA (symmetric-key algorithms) is a pure Python library. It provide number of tools to encrypt and decrypt data using symmetric-key algorithms.

Known cryptographic libraries are powerful, but they do not cover all aspects of symmetric-key algorithms. Apparently, due to performance purpose, their design makes it difficult to separate and reimplement the individual aspects of the algorithms.

But for many purposes, compatibility and flexibility is more important than performance. SKA is intended just for such tasks.

The main goal of the SKA is to get simple and flexible library of cryptographic algorithms.

Supported algorithms and features

• Symmetric-key algorithms:
  • Blowfish. Key length: 32, 64, ..., 448 bits.
  • AES. Key length: 128, 192, 256 bits.
• Block cipher modes (block size 64 or 128 bits):
  • ECB
  • CBC
  • PCBC (Kerberos v4)
• Padding methods:
  • PKCS5
  • PKCS7
• Salted mode.
• IV and key generation from passphrase.
• Openssl-style headers Salted__ support.
• Convenience shortcut functions.

Interface

Openssl-compat level

Some futures of the library are not supported in openssl (PCBC mode, variable key length for Blowfish). So, on this level you can use only subset of library features.

The names of functions are similar of command line options of openssl.

• openssl_enc_bf_ecb(passphrase, text, salted=True, salt=None)
• openssl_dec_bf_ecb(passphrase, cipher)
• openssl_enc_bf_cbc(passphrase, text, salted=True, salt=None)
• openssl_dec_bf_cbc(passphrase, cipher)
• openssl_enc_aes_128_ecb(passphrase, text, salted=True, salt=None)
• openssl_dec_aes_128_ecb(passphrase, cipher)
• openssl_enc_aes_192_ecb(passphrase, text, salted=True, salt=None)
• openssl_dec_aes_192_ecb(passphrase, cipher)
• openssl_enc_aes_256_ecb(passphrase, text, salted=True, salt=None)
• openssl_dec_aes_256_ecb(passphrase, cipher)
• openssl_enc_aes_128_cbc(passphrase, text, salted=True, salt=None)
• openssl_dec_aes_128_cbc(passphrase, cipher)
• openssl_enc_aes_192_cbc(passphrase, text, salted=True, salt=None)
• openssl_dec_aes_192_cbc(passphrase, cipher)
• openssl_enc_aes_256_cbc(passphrase, text, salted=True, salt=None)
• openssl_dec_aes_256_cbc(passphrase, cipher)

Functions are placed in namespace ska.openssl (see examples below).

Shortcuts

Convenience functions for all possible operations.

• enc_bf_ecb(text, salt, passphrase, keylen=56)
• dec_bf_ecb(crypted, salt, passphrase, keylen=56)
• enc_bf_cbc(text, salt, passphrase, keylen=56)
• dec_bf_cbc(crypted, salt, passphrase, keylen=56)
• enc_bf_pcbc(text, salt, passphrase, keylen=56)
• dec_bf_pcbc(crypted, salt, passphrase, keylen=56)
• enc_aes_ecb(text, salt, passphrase, keylen=32)
• dec_aes_ecb(crypted, salt, passphrase, keylen=32)
• enc_aes_cbc(text, salt, passphrase, keylen=32)
• dec_aes_cbc(crypted, salt, passphrase, keylen=32)
• enc_aes_pcbc(text, salt, passphrase, keylen=32)
• dec_aes_pcbc(crypted, salt, passphrase, keylen=32)

Functions are placed in namespace ska.shortcuts (see examples below).

Low-level functions

You can use all steps of encryption/decryption process separately. You can find complete set of examples for all aspects in source code of module ska.shortcuts.

Example

Generate cipher: echo OK | openssl enc -aes-192-cbc -pass pass:'My passphrase' >file

Use openssl layer to decrypt: from ska.openssl import openssl_dec_aes_192_cbc data = open('file', 'r').read() text = openssl_dec_aes_192_cbc('My passphrase', data) print repr(text)

Decrypt using shortcuts: ``` from ska.shortcuts import dec_aes_cbc data = open('file', 'r').read()

get salt and crypted message manually

salt = data[8:16] crypted = data[16:]

decrypt

(we must clearly specify the keylength 24=192/8)

text = dec_aes_cbc(crypted, salt, 'My passphrase', 24) print repr(text) ```

Step by step decryption using low-level tools: ``` from ska.aes import aes from ska.key import passphrase_to_salted_key_and_iv from ska.mode import dec_cbc from ska.pad import pkcs7_unpad data = open('file', 'r').read()

get salt and crypted message manually

salt = data[8:16] crypted = data[16:]

generate key (length = 24 bytes) and IV (length = 16 bytes)

from passphrase and salt

key, iv = passphrase_to_salted_key_and_iv('My passphrase', salt, 24, 16)

create object to decrypt messages using mentioned key

decryptor = aes(key)

create block mode operator

block size is 16 bytes (the same as IV length)

block_operator = dec_cbc(aes(key), iv)

decrypt our message

paded_text = block_operator(crypted)

unpade message

text = pkcs7_unpad(paded_text)

voila! we are done

print repr(text) ```

Installation

You can build and install SKA in the usual Python-way.

Checkout source code: $ svn checkout http://ska.googlecode.com/svn/trunk/ ska-read-only $ cd ska-read-only

Build by ordinary user: $ python setup.py build

Install by root: ```

python setup.py install

```

Self tests

If you like to develop the library you can check yourself by build-in tests. To see all results you can do something like this:

cd ska for i in *.py; do echo "TEST FOR $i"; python $i; done

Bugs/Todo

Library designed for Python 2.x only.

Most of the functions and methods are not performs validation of input data.

Documentation.

Potentially, the library is able to work in streaming mode. I.e. processing data chunk-by-chunk. It may be useful in asincronious network applications and in similar domains. But there is not user-friendly interface for this.

Library support not all algorithms.

I'm working on it. Join in! ,-)