Getting started¶
Welcome! This section is an overview of Crypto-Factory; for further details, see the documentation for each modules and the API doc section.
Introduction¶
Main purpose of Crypto-Factory library is to provide a common interface to application for cryptographic tasks.
Based on Factory method design pattern, it provides an abstraction layer to define cryptographic recipes as service providers, a ‘factory’ manager to register and create individual instances, and a standardized client interface to interact with them. With this approach, implementing existing or new cryptographic methods is simplified, more reusable and easier to maintain.
Crypto-Factory does not provide any Cryptographic algorithms on its own but relies on existing Python packages such as pyca/cryptography which is used to define some built-in Crypto providers. These providers can be used as a quick starter or samples for dedicated implementations. For this purpose, Templates class are also available to design your own recipes using your preferred cryptography packages.
Quick start¶
# Import & initialize
>>> from crypto_factory import CryptoFactory
>>> cf = CryptoFactory()
# Define your Crypto providers configuration
>>> conf_AES = {
... # existing service
... 'key' : b'WkqHg8m9RwmE1iPQJAbuJRKmh72vLvUNFepIWrOldKg=',
... 'iv' : b'vdU1T6NvAZJIlnznSe8gbQ==',
... }
>>> new_key = cf.utils.generate_key()
>>> conf_Fernet = {
... # new service
... 'id' : 'new',
... 'builder' : 'FernetServiceBuilder',
... 'tag' : 'FERNET_TAG',
... 'key' : new_key,
... }
# Register both providers
>>> cf.services.register(
... conf_AES,
... sid='aes',
... builder='AESServiceBuilder',
... tag="AES_TAG",
... )
'aes'
>>> new_mode = cf.services.register(conf_Fernet)
>>> print(new_mode)
'new'
# Encrypt data
>>> old_secret = cf.encrypt('My_Secret', mode='aes', tag=False)
>>> new_secret = cf.encrypt('My_Secret', new_mode)
# Decrypt data
>>> cf.decrypt(old_secret, mode='aes')
'My_Secret'
>>> cf.decrypt(new_secret) # (mode is not required with tagging)
'My_Secret'
# Decrypt wrong hash
>>> cf.decrypt(old_secret, mode='new')
Traceback (most recent call last):
...
CryptoFactoryError: Unable to decrypt with Crypto service: new
# Rotate cipher from one or more modes to a target one (migration)
>>> secret = cf.rotate(old_secret, from_modes=['aes', ], to_mode='new')
>>> cf.decrypt(secret, mode='new')
'My_Secret'
Features¶
Current implemented features are:
- Client interface:
- Symmetric encryption: encrypt, decrypt, rotate.
- Factory (Services manager):
- To register and call Crypto service providers.
- Built-in Crypto providers:
- Services for AES & Fernet encryption. (can be used as quick starter or samples to define your own recipes)
- Tagging mechanism:
- Tag encrypted data to identify provider ; can be enforced or disabled.
- Utilities & helpers:
- Manage tags & providers, generate random keys, string encoding, …
- Exceptions:
- Single CryptoFactoryError class to catch errors. (basic implementation to simplify errors management on client side)
- Templates:
- Base classes to implement a Crypto services and its related builder(s).
Install¶
Crypto-Factory is best installed via pip:
$ pip install Crypto-Factory
Or cloning the Git repository and running within it:
$ pip install -e .
Dependencies¶
In order for Crypto-Factory’s installation to succeed, you will need the following:
- Python programming language, versions 3.4+
- Attr-Dict and cryptography libraries