SwiftGUI_Encryption 0.0.1__tar.gz → 0.0.3__tar.gz

{swiftgui_encryption-0.0.1 → swiftgui_encryption-0.0.3}/PKG-INFO

@@ -1,14 +1,16 @@
 Metadata-Version: 2.4
 Name: SwiftGUI_Encryption
-Version: 0.0.1
+Version: 0.0.3
 Summary: Useful encryption-features for SwiftGUI-applications based on PyCryptoDome
 License-Expression: Apache-2.0
 License-File: LICENSE
 Author: Eric aka CheesecakeTV
-Author-email: cheesecaketv53+pypi@gmail.com
+Author-email: eric@swiftgui.de
 Requires-Python: >=3.10
 Classifier: Programming Language :: Python :: 3
 Classifier: Operating System :: OS Independent
+Requires-Dist: PyCryptoDome
+Requires-Dist: argon2pure
 Project-URL: Documentation, https://github.com/CheesecakeTV/SwiftGUI-Docs
 Project-URL: Repository, https://github.com/CheesecakeTV/SwiftGUI-Encryption
 Project-URL: issues, https://github.com/CheesecakeTV/SwiftGUI/issues

{swiftgui_encryption-0.0.1 → swiftgui_encryption-0.0.3}/pyproject.toml

@@ -1,11 +1,11 @@
 [project]
 name = "SwiftGUI_Encryption"
-version = "0.0.1"
+version = "0.0.3"
 packages = [
     { include = "SwiftGUI_Encryption", from = "src" }
 ]
 authors = [
-  { name="Eric aka CheesecakeTV", email="cheesecaketv53+pypi@gmail.com" },
+  { name="Eric aka CheesecakeTV", email="eric@swiftgui.de" },
 ]
 description = "Useful encryption-features for SwiftGUI-applications based on PyCryptoDome"
 readme = "README.md"
@@ -16,7 +16,10 @@ classifiers = [
 ]
 license = "Apache-2.0"
 license-files = ["LICEN[CS]E*"]
-dependencies = []
+dependencies = [
+    "PyCryptoDome",
+    "argon2pure",
+]
 [project.urls]
 Repository = "https://github.com/CheesecakeTV/SwiftGUI-Encryption"
 Documentation = "https://github.com/CheesecakeTV/SwiftGUI-Docs"

swiftgui_encryption-0.0.3/src/SwiftGUI_Encryption/Advanced/__init__.py

@@ -0,0 +1,3 @@
+
+from .low_level import encrypt, decrypt, readable_hash, make_hash, random_key, argon2_key_derivation
+

swiftgui_encryption-0.0.3/src/SwiftGUI_Encryption/Advanced/low_level.py

@@ -0,0 +1,87 @@
+import argon2pure
+from Crypto.Cipher import AES
+import os
+import hashlib
+
+def random_key(n: int = 32) -> bytes:
+    """
+    Generate a new random key
+    :param n: Length of the key in bytes
+    :return:
+    """
+    return os.urandom(n)
+
+def readable_hash(data: bytes, n: int = 6) -> str:
+    """
+    Create a humanly-readable string that can be used to compare data without knowing the data.
+    Only use it if the user himself needs to read/compare this
+
+    :param data:
+    :param n: Length of the checksum
+    :return:
+    """
+    return hashlib.sha256(data).hexdigest()[:n].upper()
+
+def make_hash(data: bytes) -> bytes:
+    """
+    Generate the hash-value of some data
+    Raises a value-error if no text was supplied
+    :param data:
+    :return:
+    """
+    return hashlib.sha256(data).digest()
+
+def argon2_key_derivation(derive_from: bytes, salt: bytes, multiplier: int = 1, n: int = 32) -> bytes:
+    """
+    If you don't know what key-derivation is, don't use this function.
+
+    :param derive_from:
+    :param salt:
+    :param multiplier: You may increase this to increase calculation-time and therefore security
+    :param n: How many characters the generated key should have
+    :return:
+    """
+    salt = salt[:16]    # clip it to the needed length
+
+    return argon2pure.argon2(derive_from, salt, multiplier, 8 * multiplier, parallelism=1, tag_length=n)
+
+def encrypt(data: bytes, key: bytes, nonce: bytes, mac_len: int = 8) -> bytes:
+    """
+    Encrypt some data.
+    The tag is appended to the end, fitting the decryption-function.
+
+    :param data:
+    :param key:
+    :param nonce: A random number, which you should definetly remember
+    :param mac_len:
+    :return: Encrypted
+    """
+    crypter = AES.new(key, AES.MODE_GCM, mac_len=mac_len, nonce=nonce)
+
+    enc_data, tag = crypter.encrypt_and_digest(data)  # tag is always 16 bytes
+
+    return tag + enc_data
+
+def decrypt(enc_data:bytes, key:bytes, nonce:bytes, mac_len: int = 8) -> bytes:
+    """
+    Decrypt some data.
+    The tag needs to be appended to the data.
+
+    Raises a value-error if the data was manipulated (tag is invalid)
+
+    :param mac_len: This needs to be the same as with the encryption
+    :param enc_data: Encrypted data
+    :param key: This needs to be the same as with the encryption
+    :param nonce: This needs to be the same as with the encryption
+    :return:
+    """
+    tag = enc_data[:mac_len]
+    enc_data = enc_data[mac_len:]
+    crypter = AES.new(key, AES.MODE_GCM, nonce=nonce, mac_len=mac_len)
+
+    data = crypter.decrypt(enc_data)
+
+    crypter.verify(tag)
+
+    return data
+

swiftgui_encryption-0.0.3/src/SwiftGUI_Encryption/__init__.py

@@ -0,0 +1,14 @@
+
+from . import Advanced
+random_key = Advanced.random_key
+
+from .basics import decrypt_full, encrypt_full, encrypt_with_password, decrypt_with_password, password_to_key
+from .key_files import KeyFile, KeyHandler, BaseKeyFile
+
+try:
+    import SwiftGUI
+except ImportError:
+    ...
+else:
+    from . import sg
+

swiftgui_encryption-0.0.3/src/SwiftGUI_Encryption/basics.py

@@ -0,0 +1,85 @@
+import argon2pure
+from Crypto.Cipher import AES
+import os
+import hashlib
+
+from SwiftGUI_Encryption import Advanced as adv
+
+# This should not be chanced, it just doesn't feel right to add magic numbers...
+NONCE_LEN = 32
+SALT_LEN = 16
+
+def encrypt_full(data: bytes, key: bytes) -> bytes:
+    """
+    Encrypt some data
+
+    :param key:
+    :param data:
+    :return:
+    """
+    nonce = adv.random_key(NONCE_LEN)
+
+    return nonce + adv.encrypt(data, key, nonce)
+
+def decrypt_full(data: bytes, key: bytes) -> bytes:
+    """
+    Decrypt some data with its key
+
+    :param data:
+    :param key:
+    :return:
+    """
+    nonce = data[:NONCE_LEN]
+    data = data[NONCE_LEN:]
+
+    return adv.decrypt(data, key, nonce)
+
+def encrypt_with_password(data: bytes, password: str, security_multiplier: int = 1) -> bytes:
+    """
+    IMPORTANT:
+    This needs to be decrypted with decrypt_with_password.
+    It is not compatible with decrypt_full.
+
+    But this function is very secure, because each encryption generates its own key.
+
+    :param data: What to encrypt
+    :param password:
+    :param security_multiplier:
+    :return:
+    """
+    salt = adv.random_key(SALT_LEN)
+    key = adv.argon2_key_derivation(password.encode(), salt, multiplier=security_multiplier)
+
+    return salt + encrypt_full(data, key)
+
+def decrypt_with_password(data: bytes, password: str, security_multiplier: int = 1) -> bytes:
+    """
+    IMPORTANT:
+    This needs data from encrypt_with_password.
+    encrypt_full doesn't work on this.
+
+    :param data: What to decrypt
+    :param password:
+    :param security_multiplier: Needs to be the same as with the encryption
+    :return:
+    """
+    salt = data[:SALT_LEN]
+    key = adv.argon2_key_derivation(password.encode(), salt, multiplier=security_multiplier)
+
+    return decrypt_full(data[SALT_LEN:], key)
+
+def password_to_key(password: str, security_multiplier: int = 1) -> bytes:
+    """
+    WARNING!
+    If anyone finds out what this function returned (the key), he might be able to find your password.
+    It's still quite secure, but not against people with supercomputers.
+    The attack is called pre-calculation-attack, or rainbow-table-attack.
+
+    Increasing the security_multiplier helps, but not as much as it does normally.
+
+    :param password:
+    :param security_multiplier: Needs to be the same as with the encryption
+    :return:
+    """
+    return adv.argon2_key_derivation(password.encode(), salt=b"", multiplier=security_multiplier)
+

swiftgui_encryption-0.0.3/src/SwiftGUI_Encryption/key_files.py

@@ -0,0 +1,176 @@
+from abc import abstractmethod
+from os import PathLike
+from pathlib import Path
+
+from SwiftGUI_Encryption import Advanced as adv
+from SwiftGUI_Encryption import encrypt_full, decrypt_full
+
+SALT_LEN = 16
+SECURITY_MULTIPLIER = 8
+
+
+class BaseKeyFile:
+
+    def __init__(self, file_password: str = None, file_key: bytes = None, saved_key: bytes = None):
+        """
+        Abstract base class so you could implement a different read/write-method.
+
+        Create/read a single file containing a key.
+        The file can be encrypted by a password, or a key directly
+
+        :param file_password:   Password to unlock the file
+        :param file_key:    Key to unlock the file
+        :param saved_key:   The key that is to be stored inside the file. Leave empty for random key
+        """
+        # Create folders containing this file
+        assert file_key or file_password, "You need to specify either a file_password, or a file_key for every KeyFile!"
+
+        self._salt: bytes = adv.random_key(SALT_LEN) # Placeholder if a key is used instead of a password
+        self._key: bytes | None = saved_key  # Key stored in the file
+        self._file_password: str | None = file_password
+        self._file_key: bytes | None = file_key # Key to unlock the file
+
+        if self.exists():
+            self._init_exists()
+        else:
+            self._init_not_exists()
+
+    def _do_key_derivation(self):
+        """
+        Generate or re-generate the file-key
+        """
+        if self._file_password is None:
+            return
+
+        self._salt = adv.random_key(SALT_LEN)
+        file_key = adv.argon2_key_derivation(self._file_password.encode(), self._salt, multiplier=SECURITY_MULTIPLIER)
+
+        self._file_key = file_key
+
+    def _init_exists(self):
+        """init if the file already exists"""
+        raw = self._read()
+
+        if self._file_key is None:
+            self._salt = raw[:SALT_LEN]
+            self._file_key = adv.argon2_key_derivation(self._file_password.encode(), self._salt, multiplier=SECURITY_MULTIPLIER)
+
+        assert self._key is None, "The file already exists, yet you tried to define its secret key"
+        # if self._key is not None:
+        #     self.save()
+        #     return
+
+        raw = raw[SALT_LEN:]
+        self._key = decrypt_full(raw, self._file_key)
+
+    def _init_not_exists(self):
+        """init if the file doesn't already exist"""
+        self._do_key_derivation()
+
+        if self._key is None:
+            self._key = adv.random_key()
+
+        self.save()
+
+    def save(self):
+        """
+        Save the content of the "file" to whereever
+
+        :return: Self (Not typehinted for compatability-reasons)
+        """
+        raw = encrypt_full(self._key, self._file_key)
+        self._write(self._salt + raw)
+        return self
+
+    @abstractmethod
+    def _read(self) -> bytes:
+        """Pure read from whereever"""
+        ...
+
+    @abstractmethod
+    def _write(self, data: bytes):
+        """Pure write the data to whereever"""
+        ...
+
+    @abstractmethod
+    def exists(self) -> bool:
+        """True, if the file (or whatever) exists"""
+        ...
+
+    @property
+    def key(self) -> bytes:
+        return self._key
+
+    @key.setter
+    def key(self, val):
+        self.change_key(val)
+
+    def change_key(self, new_key: bytes = None):
+        """
+        Overwrite the saved key.
+        :param new_key:
+        :return:
+        """
+        if new_key is None:
+            new_key = adv.random_key()
+
+        self._do_key_derivation()
+
+        self._key = new_key
+        self.save()
+        return self
+
+    def change_file_key(self, new_password: str | None = None, new_key: bytes | None = None):
+        """
+        Change the key/password which unlocks the file
+
+        :param new_password:
+        :param new_key:
+        :return:
+        """
+        self._file_password = new_password
+        self._file_key = new_key
+        self._do_key_derivation()
+        self.save()
+
+class KeyFile(BaseKeyFile):
+
+    def __init__(self, path: str | PathLike | Path, file_password: str = None, file_key: bytes = None,
+                 saved_key: bytes = None):
+        """
+        Create/read a single file containing a key.
+        The file can be encrypted by a password, or a key directly
+
+        :param path: Path to the file
+        :param file_password:   Password to unlock the file
+        :param file_key:    Key to unlock the file
+        :param saved_key:   The key that is to be stored inside the file. Leave empty for random key
+        """
+        # Create folders containing this file
+        self.path = Path(path)
+
+        super().__init__(file_password=file_password, file_key=file_key, saved_key=saved_key)
+
+    def _init_not_exists(self, *args, **kwargs):
+        self.path.parent.mkdir(exist_ok=True, parents=True)
+        super()._init_not_exists(*args, **kwargs)
+
+    def _read(self) -> bytes:
+        """Pure read"""
+        return self.path.read_bytes()
+
+    def _write(self, data: bytes):
+        """Pure write"""
+        self.path.write_bytes(data)
+
+    def exists(self) -> bool:
+        """True, if the file (or whatever) exists"""
+        return self.path.exists()
+
+
+class KeyHandler:
+
+    def __init__(self):
+        ...
+
+

swiftgui_encryption-0.0.3/src/SwiftGUI_Encryption/sg/__init__.py

@@ -0,0 +1,5 @@
+
+# SwiftGUI-Addons
+from .dictFile import EncryptedJSONDictFile, PasswordJSONDictFile
+from .popup_create_password import popup_create_password
+

swiftgui_encryption-0.0.3/src/SwiftGUI_Encryption/sg/dictFile.py

@@ -0,0 +1,157 @@
+from pathlib import Path
+import json
+
+import SwiftGUI.Files as files
+from SwiftGUI_Encryption import encrypt_full, decrypt_full, random_key
+from SwiftGUI_Encryption import Advanced as adv
+
+NONCE_LEN = 32
+SALT_LEN = 16
+
+class EncryptedJSONDictFile(files.BaseDictFile):
+    """
+    An encrypted json-dictfile
+    """
+
+    def __init__(
+            self,
+            path: str | Path,
+            file_key: bytes,
+            *,
+            defaults: dict = None,
+            add_defaults_to_values: bool = None,
+            auto_save: bool = None,
+            **kwargs
+    ):
+        assert not isinstance(file_key, str), "Keys are always in the byte-format.\nIf you tired to pass a password, use PasswordJSONDictFile instead."
+
+        self._filekey = file_key    # Key to encrypt the file with
+
+        super().__init__(
+            path=path,
+            defaults=defaults,
+            add_defaults_to_values=add_defaults_to_values,
+            auto_save=auto_save,
+            **kwargs
+        )
+
+    def change_key(self, new_key: bytes):
+        """
+
+        :param new_key:
+        :return:
+        """
+        self._filekey = new_key
+        self._do_auto_save()
+
+        return self
+
+    @property
+    def key(self) -> bytes:
+        return self._filekey
+
+    def _save_to_file(
+            self,
+            values: dict,
+            path: Path,
+    ):
+        raw = json.dumps(values)
+
+        path.write_bytes(
+            encrypt_full(raw.encode(), self._filekey)
+        )
+
+    def _load_from_file(
+            self,
+            path: Path
+    ) -> dict:
+        raw = path.read_bytes()
+
+        raw = decrypt_full(raw, self._filekey).decode()
+        return json.loads(raw)
+
+class PasswordJSONDictFile(EncryptedJSONDictFile):
+    """
+    An encrypted JSON-dictfile that requires a password instead of a key
+    """
+    def __init__(
+            self,
+            path: str | Path,
+            password: str,
+            *,
+            defaults: dict = None,
+            add_defaults_to_values: bool = None,
+            auto_save: bool = None,
+            **kwargs
+    ):
+        path = Path(path)
+
+        exists = path.exists()
+        self._regenerated_key = not exists  # Regenerate the key on next save, if it already exists
+        if exists:
+            salt = path.read_bytes()[:SALT_LEN]
+        else:
+            salt = random_key(SALT_LEN)
+
+        self._salt = salt
+        self._password = password
+
+        self._filekey = adv.argon2_key_derivation(password.encode(), salt)  # Key to encrypt the file with
+
+        super(EncryptedJSONDictFile, self).__init__(
+            path=path,
+            #file_key=self._filekey,
+            defaults=defaults,
+            add_defaults_to_values=add_defaults_to_values,
+            auto_save=auto_save,
+            **kwargs
+        )
+
+    def _regenerate_key(self):
+        self._salt = random_key(SALT_LEN)
+        self._filekey = adv.argon2_key_derivation(self._password.encode(), self._salt)
+
+    def change_key(self, new_key: bytes):
+        """
+        NOT IMPLEMENTED!
+
+        :param new_key:
+        :return:
+        """
+        raise NotImplementedError("Setting a key directly on a Password-file is not possible. Use .change_password instead!")
+
+    def change_password(self, new_password: str):
+        """
+        Specify a new password for this file
+
+        :param new_password:
+        :return:
+        """
+        self._password = new_password
+        self._regenerate_key()
+
+    def _save_to_file(
+            self,
+            values: dict,
+            path: Path,
+    ):
+        raw = json.dumps(values)
+
+        if not self._regenerated_key:
+            self._regenerate_key()
+            self._regenerated_key = False
+
+        path.write_bytes(
+            self._salt + encrypt_full(raw.encode(), self._filekey)
+        )
+
+    def _load_from_file(
+            self,
+            path: Path
+    ) -> dict:
+        raw = path.read_bytes()
+
+        raw = decrypt_full(raw[SALT_LEN:], self._filekey).decode()
+        return json.loads(raw)
+
+

swiftgui_encryption-0.0.3/src/SwiftGUI_Encryption/sg/popup_create_password.py

@@ -0,0 +1,168 @@
+from typing import Hashable, Callable
+from string import ascii_uppercase, ascii_lowercase, digits, ascii_letters, punctuation
+
+ascii_letters: set = set(ascii_letters)
+ascii_uppercase: set = set(ascii_uppercase)
+ascii_lowercase: set = set(ascii_lowercase)
+digits: set = set(digits)
+punctuation: set = set(punctuation)
+
+import SwiftGUI as sg
+from SwiftGUI import ValueDict
+
+# This class was originally created as an example for new SwiftGUI users.
+# That's why it has so many comments.
+class popup_create_password(sg.BasePopup, str):
+    def __init__(
+            self,
+            title: str = "Create your password",
+            min_length: int = None,
+            must_include_upper: bool = None,
+            must_include_lower: bool = None,
+            must_include_special: bool = None,
+            must_include_digits: bool = None,
+            additional_check_function: Callable = None,
+            additional_check_text: str = None,
+            wrong_password_color: str | sg.Color = "#A52A2A",
+            **kwargs
+    ):
+        self.min_length = min_length
+        self.must_include_upper = must_include_upper
+        self.must_include_lower = must_include_lower
+        self.must_include_special = must_include_special
+        self.must_include_digits = must_include_digits
+
+        self.additional_check_function = additional_check_function
+        self.additional_check_text = additional_check_text
+
+        self.wrong_password_color = wrong_password_color
+
+        layout = [
+            [
+                sg.T("Password:", width= 10),
+                password := sg.In(
+                    key= "PW",
+                    default_event= True,
+                    pass_char= "*", # Hidden characters
+                ).bind_event(
+                    sg.Event.KeyEnter,
+                    key_function= lambda w:w["Confirm"].set_focus() # Jump to next input-element
+                ),
+                sg.Spacer(width=5),
+                sg.Checkbox(
+                    "Show password",
+                    default_event= True,
+                    key_function= lambda val: password.update(pass_char = "" if val else "*"),  # If the box is checked, reveal characters. Else hide them
+                    takefocus= False,   # Pressing tab should ignore this element
+                )
+            ],[
+                sg.T("Confirm:", width= 10),
+                confirm := sg.In(
+                    key= "Confirm",
+                    default_event= True,
+                    pass_char= "*", # Also hidden characters
+                ).bind_event(
+                    sg.Event.KeyEnter,  # Same as clicking "Confirm"
+                    key= "Done",
+                ),
+                sg.T(expand=True)
+            ],[
+                sg.HSep(),
+            ], [
+                sg.Button(
+                    "Confirm",
+                    key= "Done",
+                ),
+                sg.Button(
+                    "Cancel",
+                    key_function= lambda :self.done()   # Call self.done() so the popup "returns" None
+                )
+            ]
+        ] + self._additional_layout()
+        self.password = password    # Save these two for later
+        self.confirm = confirm
+
+        super().__init__(layout, title=title, **kwargs)
+        password.set_focus()    # Start with the focus on the password-input-field
+
+    def _additional_layout(self) -> list[list[sg.BaseElement]]:
+        new_texts = []
+
+        if self.additional_check_text:
+            new_texts.append(self.additional_check_text)
+
+        if self.min_length:
+            new_texts.append(f"Must be at least {self.min_length} characters long")
+
+        if self.must_include_upper:
+            new_texts.append(f"Must include uppercase letters")
+
+        if self.must_include_lower:
+            new_texts.append(f"Must include lowercase letters")
+
+        if self.must_include_special:
+            new_texts.append(f"Must include special characters")
+
+        if self.must_include_digits:
+            new_texts.append(f"Must include digits")
+
+        new_layout = []
+        if new_texts:
+            new_layout.append([sg.HSep()])
+            new_layout.append([sg.T("The password...", expand=True)])
+
+            new_layout += [
+                [sg.T(text)] for text in new_texts
+            ]
+
+        return new_layout
+
+    def _is_valid_password(self) -> bool:
+        """Check if the entered password follows the rules"""
+
+        current_pw = self.password.value
+
+        if self.additional_check_function and not self.additional_check_function(current_pw):
+            return False
+
+        if self.min_length and len(current_pw) < self.min_length:
+            return False
+
+        current_pw: set = set(current_pw)
+
+        if self.must_include_upper and not (current_pw & ascii_uppercase):
+            return False
+
+        if self.must_include_lower and not (current_pw & ascii_lowercase):
+            return False
+
+        if self.must_include_special and not (current_pw & punctuation):
+            return False
+
+        if self.must_include_digits and not (current_pw & digits):
+            return False
+
+        return True
+
+    def _event_loop(self, e: Hashable, v: sg.ValueDict):
+        pw_match = self.password.value == self.confirm.value
+
+        if e == "Done" and pw_match and self._is_valid_password():
+            self.done(self.password.value)  # "Return" the password
+
+        if self._is_valid_password():
+            self.password.update_to_default_value("background_color")
+        else:
+            self.password.update(background_color=self.wrong_password_color)
+
+        # If any other key happened, check if the two input-values match
+        if pw_match:
+            # If they do, use the default background-color for the confirm-field
+            self.confirm.update_to_default_value("background_color")
+        else:
+            # Else, set it to red
+            self.confirm.update(background_color=self.wrong_password_color)
+
+
+
+

swiftgui_encryption-0.0.1/src/SwiftGUI_Encryption/__init__.py

@@ -1,4 +0,0 @@
-
-
-
-