TemplatesΒΆ
- In order to design your own cryptography recipes, you will need:
- One or more builder(s) based on the
CryptoBuilder
class to initialize a service. - One service based on
CryptoService
class to provide cryptography methods (encrypt/decrypt).
- One or more builder(s) based on the
Usage:
from crypto_factory import CryptoFactory
from crypto_factory.templates import CryptoBuilder, CryptoService
cf = CryptoFactory()
class MyBuilder(cf.CryptoBuilder):
service = MyService
@staticmethod
def initialize(key=None):
...
cipher = MyCryptoRecipe(key)
return cipher
class MyService(cf.CryptoService):
def encrypt(self, data):
...
enc = self.cipher.encrypt(data)
return enc
def decrypt(self, data):
...
plain = self.cipher.decrypt(data)
return plain
cf.register(config={key: '...'}, sid='MyID', builder=MyBuilder, tag=...)
cf.encrypt('My_Secret', 'MyID')
Please note Built-in providers can also be sub-classed in order to
personalized their behaviour.
(See this note from AESServiceBuilder
)
Warning
A note about sensitive data in memory:
Sensitive data like keys or any Crypto service parameters are loaded in
memory when a builder instantiate the service (register
method from
factory
class). They will live in memory until the service is
unregistered. Depending on your environment, this can be considered as a
security vulnerability (in case of malicious memory dump).
In the same way, if your encryption algorithm (cipher) is created in the
builder initialize
method, it will live as long as the service is
available. For lower exposure, the cipher creation can be implemented in
the Crypto Service methods (encrypt
& decrypt
or a dedicated
method on your own). Therefore, it will only live on demand upon get
method call from factory
class (at the cost of creating it each times).
Please also note, there is no memory clearing process implemented in
Crypto-Factory
as there is no reliable solution in Python.
For more details, check
https://cryptography.io/en/latest/limitations/?highlight=memory.
Note
For implementation details, check relative API
documentation. Also, Crypto built-in builders and services from the providers
module can be reviewed as real use cases.