SwiftGUI_Encryption 0.0.1__tar.gz → 0.0.2__tar.gz

{swiftgui_encryption-0.0.1 → swiftgui_encryption-0.0.2}/PKG-INFO

@@ -1,14 +1,16 @@
 Metadata-Version: 2.4
 Name: SwiftGUI_Encryption
-Version: 0.0.1
+Version: 0.0.2
 Summary: Useful encryption-features for SwiftGUI-applications based on PyCryptoDome
 License-Expression: Apache-2.0
 License-File: LICENSE
 Author: Eric aka CheesecakeTV
-Author-email: cheesecaketv53+pypi@gmail.com
+Author-email: eric@swiftgui.de
 Requires-Python: >=3.10
 Classifier: Programming Language :: Python :: 3
 Classifier: Operating System :: OS Independent
+Requires-Dist: PyCryptoDome
+Requires-Dist: argon2pure
 Project-URL: Documentation, https://github.com/CheesecakeTV/SwiftGUI-Docs
 Project-URL: Repository, https://github.com/CheesecakeTV/SwiftGUI-Encryption
 Project-URL: issues, https://github.com/CheesecakeTV/SwiftGUI/issues

{swiftgui_encryption-0.0.1 → swiftgui_encryption-0.0.2}/pyproject.toml

@@ -1,11 +1,11 @@
 [project]
 name = "SwiftGUI_Encryption"
-version = "0.0.1"
+version = "0.0.2"
 packages = [
     { include = "SwiftGUI_Encryption", from = "src" }
 ]
 authors = [
-  { name="Eric aka CheesecakeTV", email="cheesecaketv53+pypi@gmail.com" },
+  { name="Eric aka CheesecakeTV", email="eric@swiftgui.de" },
 ]
 description = "Useful encryption-features for SwiftGUI-applications based on PyCryptoDome"
 readme = "README.md"
@@ -16,7 +16,10 @@ classifiers = [
 ]
 license = "Apache-2.0"
 license-files = ["LICEN[CS]E*"]
-dependencies = []
+dependencies = [
+    "PyCryptoDome",
+    "argon2pure",
+]
 [project.urls]
 Repository = "https://github.com/CheesecakeTV/SwiftGUI-Encryption"
 Documentation = "https://github.com/CheesecakeTV/SwiftGUI-Docs"

swiftgui_encryption-0.0.2/src/SwiftGUI_Encryption/Advanced/__init__.py

@@ -0,0 +1,3 @@
+
+from .low_level import encrypt, decrypt, readable_hash, make_hash, random_key, argon2_key_derivation
+

swiftgui_encryption-0.0.2/src/SwiftGUI_Encryption/Advanced/low_level.py

@@ -0,0 +1,87 @@
+import argon2pure
+from Crypto.Cipher import AES
+import os
+import hashlib
+
+def random_key(n: int = 32) -> bytes:
+    """
+    Generate a new random key
+    :param n: Length of the key in bytes
+    :return:
+    """
+    return os.urandom(n)
+
+def readable_hash(data: bytes, n: int = 6) -> str:
+    """
+    Create a humanly-readable string that can be used to compare data without knowing the data.
+    Only use it if the user himself needs to read/compare this
+
+    :param data:
+    :param n: Length of the checksum
+    :return:
+    """
+    return hashlib.sha256(data).hexdigest()[:n].upper()
+
+def make_hash(data: bytes) -> bytes:
+    """
+    Generate the hash-value of some data
+    Raises a value-error if no text was supplied
+    :param data:
+    :return:
+    """
+    return hashlib.sha256(data).digest()
+
+def argon2_key_derivation(derive_from: bytes, salt: bytes, multiplier: int = 1, n: int = 32) -> bytes:
+    """
+    If you don't know what key-derivation is, don't use this function.
+
+    :param derive_from:
+    :param salt:
+    :param multiplier: You may increase this to increase calculation-time and therefore security
+    :param n: How many characters the generated key should have
+    :return:
+    """
+    salt = salt[:16]    # clip it to the needed length
+
+    return argon2pure.argon2(derive_from, salt, multiplier, 8 * multiplier, parallelism=1, tag_length=n)
+
+def encrypt(data: bytes, key: bytes, nonce: bytes, mac_len: int = 8) -> bytes:
+    """
+    Encrypt some data.
+    The tag is appended to the end, fitting the decryption-function.
+
+    :param data:
+    :param key:
+    :param nonce: A random number, which you should definetly remember
+    :param mac_len:
+    :return: Encrypted
+    """
+    crypter = AES.new(key, AES.MODE_GCM, mac_len=mac_len, nonce=nonce)
+
+    enc_data, tag = crypter.encrypt_and_digest(data)  # tag is always 16 bytes
+
+    return tag + enc_data
+
+def decrypt(enc_data:bytes, key:bytes, nonce:bytes, mac_len: int = 8) -> bytes:
+    """
+    Decrypt some data.
+    The tag needs to be appended to the data.
+
+    Raises a value-error if the data was manipulated (tag is invalid)
+
+    :param mac_len: This needs to be the same as with the encryption
+    :param enc_data: Encrypted data
+    :param key: This needs to be the same as with the encryption
+    :param nonce: This needs to be the same as with the encryption
+    :return:
+    """
+    tag = enc_data[:mac_len]
+    enc_data = enc_data[mac_len:]
+    crypter = AES.new(key, AES.MODE_GCM, nonce=nonce, mac_len=mac_len)
+
+    data = crypter.decrypt(enc_data)
+
+    crypter.verify(tag)
+
+    return data
+

swiftgui_encryption-0.0.2/src/SwiftGUI_Encryption/__init__.py

@@ -0,0 +1,5 @@
+
+from . import Advanced
+
+from .basics import decrypt_full, encrypt_full
+from .key_files import KeyFile, KeyHandler, BaseKeyFile

swiftgui_encryption-0.0.2/src/SwiftGUI_Encryption/basics.py

@@ -0,0 +1,35 @@
+import argon2pure
+from Crypto.Cipher import AES
+import os
+import hashlib
+
+from SwiftGUI_Encryption import Advanced as adv
+
+NONCE_LEN = 32  # This should not be chanced, but who am I to judge
+
+def encrypt_full(data: bytes, key: bytes) -> bytes:
+    """
+    Encrypt some data
+
+    :param key:
+    :param data:
+    :return:
+    """
+    nonce = adv.random_key(NONCE_LEN)
+
+    return nonce + adv.encrypt(data, key, nonce)
+
+def decrypt_full(data: bytes, key: bytes) -> bytes:
+    """
+    Decrypt some data with its key
+
+    :param data:
+    :param key:
+    :return:
+    """
+    nonce = data[:NONCE_LEN]
+    data = data[NONCE_LEN:]
+
+    return adv.decrypt(data, key, nonce)
+
+

swiftgui_encryption-0.0.2/src/SwiftGUI_Encryption/key_files.py

@@ -0,0 +1,176 @@
+from abc import abstractmethod
+from os import PathLike
+from pathlib import Path
+
+from SwiftGUI_Encryption import Advanced as adv
+from SwiftGUI_Encryption import encrypt_full, decrypt_full
+
+SALT_LEN = 16
+SECURITY_MULTIPLIER = 8
+
+
+class BaseKeyFile:
+
+    def __init__(self, file_password: str = None, file_key: bytes = None, saved_key: bytes = None):
+        """
+        Abstract base class so you could implement a different read/write-method.
+
+        Create/read a single file containing a key.
+        The file can be encrypted by a password, or a key directly
+
+        :param file_password:   Password to unlock the file
+        :param file_key:    Key to unlock the file
+        :param saved_key:   The key that is to be stored inside the file. Leave empty for random key
+        """
+        # Create folders containing this file
+        assert file_key or file_password, "You need to specify either a file_password, or a file_key for each KeyFile!"
+
+        self._salt: bytes = adv.random_key(SALT_LEN) # Placeholder if a key is used instead of a password
+        self._key: bytes | None = saved_key  # Key stored in the file
+        self._file_password: str | None = file_password
+        self._file_key: bytes | None = file_key # Key to unlock the file
+
+        if self.exists():
+            self._init_exists()
+        else:
+            self._init_not_exists()
+
+    def _do_key_derivation(self):
+        """
+        Generate or re-generate the file-key
+        """
+        if self._file_password is None:
+            return
+
+        self._salt = adv.random_key(SALT_LEN)
+        file_key = adv.argon2_key_derivation(self._file_password.encode(), self._salt, multiplier=SECURITY_MULTIPLIER)
+
+        self._file_key = file_key
+
+    def _init_exists(self):
+        """init if the file already exists"""
+        raw = self._read()
+
+        if self._file_key is None:
+            self._salt = raw[:SALT_LEN]
+            self._file_key = adv.argon2_key_derivation(self._file_password.encode(), self._salt, multiplier=SECURITY_MULTIPLIER)
+
+        assert self._key is None, "The file already exists, yet you tried to define its secret key"
+        # if self._key is not None:
+        #     self.save()
+        #     return
+
+        raw = raw[SALT_LEN:]
+        self._key = decrypt_full(raw, self._file_key)
+
+    def _init_not_exists(self):
+        """init if the file doesn't already exist"""
+        self._do_key_derivation()
+
+        if self._key is None:
+            self._key = adv.random_key()
+
+        self.save()
+
+    def save(self):
+        """
+        Save the content of the "file" to whereever
+
+        :return: Self (Not typehinted for compatability-reasons)
+        """
+        raw = encrypt_full(self._key, self._file_key)
+        self._write(self._salt + raw)
+        return self
+
+    @abstractmethod
+    def _read(self) -> bytes:
+        """Pure read from whereever"""
+        ...
+
+    @abstractmethod
+    def _write(self, data: bytes):
+        """Pure write the data to whereever"""
+        ...
+
+    @abstractmethod
+    def exists(self) -> bool:
+        """True, if the file (or whatever) exists"""
+        ...
+
+    @property
+    def key(self) -> bytes:
+        return self._key
+
+    @key.setter
+    def key(self, val):
+        self.change_key(val)
+
+    def change_key(self, new_key: bytes = None):
+        """
+        Overwrite the saved key.
+        :param new_key:
+        :return:
+        """
+        if new_key is None:
+            new_key = adv.random_key()
+
+        self._do_key_derivation()
+
+        self._key = new_key
+        self.save()
+        return self
+
+    def change_file_key(self, new_password: str | None = None, new_key: bytes | None = None):
+        """
+        Change the key/password which unlocks the file
+
+        :param new_password:
+        :param new_key:
+        :return:
+        """
+        self._file_password = new_password
+        self._file_key = new_key
+        self._do_key_derivation()
+        self.save()
+
+class KeyFile(BaseKeyFile):
+
+    def __init__(self, path: str | PathLike | Path, file_password: str = None, file_key: bytes = None,
+                 saved_key: bytes = None):
+        """
+        Create/read a single file containing a key.
+        The file can be encrypted by a password, or a key directly
+
+        :param path: Path to the file
+        :param file_password:   Password to unlock the file
+        :param file_key:    Key to unlock the file
+        :param saved_key:   The key that is to be stored inside the file. Leave empty for random key
+        """
+        # Create folders containing this file
+        self.path = Path(path)
+
+        super().__init__(file_password=file_password, file_key=file_key, saved_key=saved_key)
+
+    def _init_not_exists(self, *args, **kwargs):
+        self.path.parent.mkdir(exist_ok=True, parents=True)
+        super()._init_not_exists(*args, **kwargs)
+
+    def _read(self) -> bytes:
+        """Pure read"""
+        return self.path.read_bytes()
+
+    def _write(self, data: bytes):
+        """Pure write"""
+        self.path.write_bytes(data)
+
+    def exists(self) -> bool:
+        """True, if the file (or whatever) exists"""
+        return self.path.exists()
+
+
+class KeyHandler:
+
+    def __init__(self):
+        ...
+
+

swiftgui_encryption-0.0.1/src/SwiftGUI_Encryption/__init__.py

@@ -1,4 +0,0 @@
-
-
-
-