SwiftGUI_Encryption 0.0.2__tar.gz → 0.0.4__tar.gz

{swiftgui_encryption-0.0.2 → swiftgui_encryption-0.0.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: SwiftGUI_Encryption
-Version: 0.0.2
+Version: 0.0.4
 Summary: Useful encryption-features for SwiftGUI-applications based on PyCryptoDome
 License-Expression: Apache-2.0
 License-File: LICENSE

{swiftgui_encryption-0.0.2 → swiftgui_encryption-0.0.4}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "SwiftGUI_Encryption"
-version = "0.0.2"
+version = "0.0.4"
 packages = [
     { include = "SwiftGUI_Encryption", from = "src" }
 ]

swiftgui_encryption-0.0.4/src/SwiftGUI_Encryption/__init__.py

@@ -0,0 +1,14 @@
+
+from . import Advanced
+random_key = Advanced.random_key
+
+from .basics import decrypt_full, encrypt_full, encrypt_with_password, decrypt_with_password, password_to_key
+from .key_files import KeyFile, KeyHandler, BaseKeyFile
+
+try:
+    import SwiftGUI
+except ImportError:
+    ...
+else:
+    from . import sg
+

swiftgui_encryption-0.0.4/src/SwiftGUI_Encryption/basics.py

@@ -0,0 +1,85 @@
+import argon2pure
+from Crypto.Cipher import AES
+import os
+import hashlib
+
+from SwiftGUI_Encryption import Advanced as adv
+
+# This should not be chanced, it just doesn't feel right to add magic numbers...
+NONCE_LEN = 32
+SALT_LEN = 16
+
+def encrypt_full(data: bytes, key: bytes) -> bytes:
+    """
+    Encrypt some data
+
+    :param key:
+    :param data:
+    :return:
+    """
+    nonce = adv.random_key(NONCE_LEN)
+
+    return nonce + adv.encrypt(data, key, nonce)
+
+def decrypt_full(data: bytes, key: bytes) -> bytes:
+    """
+    Decrypt some data with its key
+
+    :param data:
+    :param key:
+    :return:
+    """
+    nonce = data[:NONCE_LEN]
+    data = data[NONCE_LEN:]
+
+    return adv.decrypt(data, key, nonce)
+
+def encrypt_with_password(data: bytes, password: str, security_multiplier: int = 1) -> bytes:
+    """
+    IMPORTANT:
+    This needs to be decrypted with decrypt_with_password.
+    It is not compatible with decrypt_full.
+
+    But this function is very secure, because each encryption generates its own key.
+
+    :param data: What to encrypt
+    :param password:
+    :param security_multiplier:
+    :return:
+    """
+    salt = adv.random_key(SALT_LEN)
+    key = adv.argon2_key_derivation(password.encode(), salt, multiplier=security_multiplier)
+
+    return salt + encrypt_full(data, key)
+
+def decrypt_with_password(data: bytes, password: str, security_multiplier: int = 1) -> bytes:
+    """
+    IMPORTANT:
+    This needs data from encrypt_with_password.
+    encrypt_full doesn't work on this.
+
+    :param data: What to decrypt
+    :param password:
+    :param security_multiplier: Needs to be the same as with the encryption
+    :return:
+    """
+    salt = data[:SALT_LEN]
+    key = adv.argon2_key_derivation(password.encode(), salt, multiplier=security_multiplier)
+
+    return decrypt_full(data[SALT_LEN:], key)
+
+def password_to_key(password: str, security_multiplier: int = 1) -> bytes:
+    """
+    WARNING!
+    If anyone finds out what this function returned (the key), he might be able to find your password.
+    It's still quite secure, but not against people with supercomputers.
+    The attack is called pre-calculation-attack, or rainbow-table-attack.
+
+    Increasing the security_multiplier helps, but not as much as it does normally.
+
+    :param password:
+    :param security_multiplier: Needs to be the same as with the encryption
+    :return:
+    """
+    return adv.argon2_key_derivation(password.encode(), salt=b"", multiplier=security_multiplier)
+

{swiftgui_encryption-0.0.2 → swiftgui_encryption-0.0.4}/src/SwiftGUI_Encryption/key_files.py

@@ -23,7 +23,7 @@ class BaseKeyFile:
         :param saved_key:   The key that is to be stored inside the file. Leave empty for random key
         """
         # Create folders containing this file
-        assert file_key or file_password, "You need to specify either a file_password, or a file_key for each KeyFile!"
+        assert file_key or file_password, "You need to specify either a file_password, or a file_key for every KeyFile!"
 
         self._salt: bytes = adv.random_key(SALT_LEN) # Placeholder if a key is used instead of a password
         self._key: bytes | None = saved_key  # Key stored in the file

swiftgui_encryption-0.0.4/src/SwiftGUI_Encryption/sg/__init__.py

@@ -0,0 +1,5 @@
+
+# SwiftGUI-Addons
+from .dictFile import EncryptedJSONDictFile, PasswordJSONDictFile
+from .popup_create_password import popup_create_password
+

swiftgui_encryption-0.0.4/src/SwiftGUI_Encryption/sg/dictFile.py

@@ -0,0 +1,164 @@
+from pathlib import Path
+import json
+
+import SwiftGUI.Files as files
+from SwiftGUI_Encryption import encrypt_full, decrypt_full, random_key
+from SwiftGUI_Encryption import Advanced as adv
+
+NONCE_LEN = 32
+SALT_LEN = 16
+
+class EncryptedJSONDictFile(files.BaseDictFile):
+    """
+    An encrypted json-dictfile
+    """
+
+    def __init__(
+            self,
+            path: str | Path,
+            file_key: bytes,
+            *,
+            defaults: dict = None,
+            add_defaults_to_values: bool = None,
+            auto_save: bool = None,
+            **kwargs
+    ):
+        assert not isinstance(file_key, str), "Keys are always in the byte-format.\nIf you tired to pass a password, use PasswordJSONDictFile instead."
+
+        self._filekey = file_key    # Key to encrypt the file with
+
+        super().__init__(
+            path=path,
+            defaults=defaults,
+            add_defaults_to_values=add_defaults_to_values,
+            auto_save=auto_save,
+            **kwargs
+        )
+
+    def change_key(self, new_key: bytes):
+        """
+
+        :param new_key:
+        :return:
+        """
+        self._filekey = new_key
+        self._do_auto_save()
+
+        return self
+
+    @property
+    def key(self) -> bytes:
+        return self._filekey
+
+    def _save_to_file(
+            self,
+            values: dict,
+            path: Path,
+    ):
+        raw = json.dumps(values)
+
+        path.write_bytes(
+            encrypt_full(raw.encode(), self._filekey)
+        )
+
+    def _load_from_file(
+            self,
+            path: Path
+    ) -> dict:
+        raw = path.read_bytes()
+
+        raw = decrypt_full(raw, self._filekey).decode()
+        return json.loads(raw)
+
+class PasswordJSONDictFile(EncryptedJSONDictFile):
+    """
+    An encrypted JSON-dictfile that requires a password instead of a key
+    """
+    def __init__(
+            self,
+            path: str | Path,
+            password: str,
+            *,
+            defaults: dict = None,
+            add_defaults_to_values: bool = None,
+            auto_save: bool = None,
+            **kwargs
+    ):
+        path = Path(path)
+
+        exists = path.exists()
+        self._regenerated_key = not exists  # Regenerate the key on next save, if it already exists
+        if exists:
+            salt = path.read_bytes()[:SALT_LEN]
+        else:
+            salt = random_key(SALT_LEN)
+
+        self._salt = salt
+        self._password = password
+
+        self._filekey = adv.argon2_key_derivation(password.encode(), salt)  # Key to encrypt the file with
+
+        super(EncryptedJSONDictFile, self).__init__(
+            path=path,
+            #file_key=self._filekey,
+            defaults=defaults,
+            add_defaults_to_values=add_defaults_to_values,
+            auto_save=auto_save,
+            **kwargs
+        )
+
+    def _regenerate_key(self, new_salt = True):
+        if new_salt:
+            self._salt = random_key(SALT_LEN)
+
+        self._filekey = adv.argon2_key_derivation(self._password.encode(), self._salt)
+
+    def change_key(self, new_key: bytes):
+        """
+        NOT IMPLEMENTED!
+
+        :param new_key:
+        :return:
+        """
+        raise NotImplementedError("Setting a key directly on a Password-file is not possible. Use .change_password instead!")
+
+    def change_password(self, new_password: str):
+        """
+        Specify a new password for this file
+
+        :param new_password:
+        :return:
+        """
+        self._password = new_password
+        self._regenerate_key()
+
+    def _save_to_file(
+            self,
+            values: dict,
+            path: Path,
+    ):
+        raw = json.dumps(values)
+
+        if not self._regenerated_key:
+            self._regenerate_key()
+            self._regenerated_key = False
+
+        path.write_bytes(
+            self._salt + encrypt_full(raw.encode(), self._filekey)
+        )
+
+    def _load_from_file(
+            self,
+            path: Path
+    ) -> dict:
+        raw = path.read_bytes()
+
+        salt = raw[:SALT_LEN]
+        if salt != self._salt:
+            self._salt = salt
+            self._regenerate_key(new_salt=False)
+
+        raw = decrypt_full(raw[SALT_LEN:], self._filekey).decode()
+        return json.loads(raw)
+
+

swiftgui_encryption-0.0.4/src/SwiftGUI_Encryption/sg/popup_create_password.py

@@ -0,0 +1,168 @@
+from typing import Hashable, Callable
+from string import ascii_uppercase, ascii_lowercase, digits, ascii_letters, punctuation
+
+ascii_letters: set = set(ascii_letters)
+ascii_uppercase: set = set(ascii_uppercase)
+ascii_lowercase: set = set(ascii_lowercase)
+digits: set = set(digits)
+punctuation: set = set(punctuation)
+
+import SwiftGUI as sg
+from SwiftGUI import ValueDict
+
+# This class was originally created as an example for new SwiftGUI users.
+# That's why it has so many comments.
+class popup_create_password(sg.BasePopup, str):
+    def __init__(
+            self,
+            title: str = "Create your password",
+            min_length: int = None,
+            must_include_upper: bool = None,
+            must_include_lower: bool = None,
+            must_include_special: bool = None,
+            must_include_digits: bool = None,
+            additional_check_function: Callable = None,
+            additional_check_text: str = None,
+            wrong_password_color: str | sg.Color = "#A52A2A",
+            **kwargs
+    ):
+        self.min_length = min_length
+        self.must_include_upper = must_include_upper
+        self.must_include_lower = must_include_lower
+        self.must_include_special = must_include_special
+        self.must_include_digits = must_include_digits
+
+        self.additional_check_function = additional_check_function
+        self.additional_check_text = additional_check_text
+
+        self.wrong_password_color = wrong_password_color
+
+        layout = [
+            [
+                sg.T("Password:", width= 10),
+                password := sg.In(
+                    key= "PW",
+                    default_event= True,
+                    pass_char= "*", # Hidden characters
+                ).bind_event(
+                    sg.Event.KeyEnter,
+                    key_function= lambda w:w["Confirm"].set_focus() # Jump to next input-element
+                ),
+                sg.Spacer(width=5),
+                sg.Checkbox(
+                    "Show password",
+                    default_event= True,
+                    key_function= lambda val: password.update(pass_char = "" if val else "*"),  # If the box is checked, reveal characters. Else hide them
+                    takefocus= False,   # Pressing tab should ignore this element
+                )
+            ],[
+                sg.T("Confirm:", width= 10),
+                confirm := sg.In(
+                    key= "Confirm",
+                    default_event= True,
+                    pass_char= "*", # Also hidden characters
+                ).bind_event(
+                    sg.Event.KeyEnter,  # Same as clicking "Confirm"
+                    key= "Done",
+                ),
+                sg.T(expand=True)
+            ],[
+                sg.HSep(),
+            ], [
+                sg.Button(
+                    "Confirm",
+                    key= "Done",
+                ),
+                sg.Button(
+                    "Cancel",
+                    key_function= lambda :self.done()   # Call self.done() so the popup "returns" None
+                )
+            ]
+        ] + self._additional_layout()
+        self.password = password    # Save these two for later
+        self.confirm = confirm
+
+        super().__init__(layout, title=title, **kwargs)
+        password.set_focus()    # Start with the focus on the password-input-field
+
+    def _additional_layout(self) -> list[list[sg.BaseElement]]:
+        new_texts = []
+
+        if self.additional_check_text:
+            new_texts.append(self.additional_check_text)
+
+        if self.min_length:
+            new_texts.append(f"Must be at least {self.min_length} characters long")
+
+        if self.must_include_upper:
+            new_texts.append(f"Must include uppercase letters")
+
+        if self.must_include_lower:
+            new_texts.append(f"Must include lowercase letters")
+
+        if self.must_include_special:
+            new_texts.append(f"Must include special characters")
+
+        if self.must_include_digits:
+            new_texts.append(f"Must include digits")
+
+        new_layout = []
+        if new_texts:
+            new_layout.append([sg.HSep()])
+            new_layout.append([sg.T("The password...", expand=True)])
+
+            new_layout += [
+                [sg.T(text)] for text in new_texts
+            ]
+
+        return new_layout
+
+    def _is_valid_password(self) -> bool:
+        """Check if the entered password follows the rules"""
+
+        current_pw = self.password.value
+
+        if self.additional_check_function and not self.additional_check_function(current_pw):
+            return False
+
+        if self.min_length and len(current_pw) < self.min_length:
+            return False
+
+        current_pw: set = set(current_pw)
+
+        if self.must_include_upper and not (current_pw & ascii_uppercase):
+            return False
+
+        if self.must_include_lower and not (current_pw & ascii_lowercase):
+            return False
+
+        if self.must_include_special and not (current_pw & punctuation):
+            return False
+
+        if self.must_include_digits and not (current_pw & digits):
+            return False
+
+        return True
+
+    def _event_loop(self, e: Hashable, v: sg.ValueDict):
+        pw_match = self.password.value == self.confirm.value
+
+        if e == "Done" and pw_match and self._is_valid_password():
+            self.done(self.password.value)  # "Return" the password
+
+        if self._is_valid_password():
+            self.password.update_to_default_value("background_color")
+        else:
+            self.password.update(background_color=self.wrong_password_color)
+
+        # If any other key happened, check if the two input-values match
+        if pw_match:
+            # If they do, use the default background-color for the confirm-field
+            self.confirm.update_to_default_value("background_color")
+        else:
+            # Else, set it to red
+            self.confirm.update(background_color=self.wrong_password_color)
+
+
+
+

swiftgui_encryption-0.0.2/src/SwiftGUI_Encryption/__init__.py

@@ -1,5 +0,0 @@
-
-from . import Advanced
-
-from .basics import decrypt_full, encrypt_full
-from .key_files import KeyFile, KeyHandler, BaseKeyFile

swiftgui_encryption-0.0.2/src/SwiftGUI_Encryption/basics.py

@@ -1,35 +0,0 @@
-import argon2pure
-from Crypto.Cipher import AES
-import os
-import hashlib
-
-from SwiftGUI_Encryption import Advanced as adv
-
-NONCE_LEN = 32  # This should not be chanced, but who am I to judge
-
-def encrypt_full(data: bytes, key: bytes) -> bytes:
-    """
-    Encrypt some data
-
-    :param key:
-    :param data:
-    :return:
-    """
-    nonce = adv.random_key(NONCE_LEN)
-
-    return nonce + adv.encrypt(data, key, nonce)
-
-def decrypt_full(data: bytes, key: bytes) -> bytes:
-    """
-    Decrypt some data with its key
-
-    :param data:
-    :param key:
-    :return:
-    """
-    nonce = data[:NONCE_LEN]
-    data = data[NONCE_LEN:]
-
-    return adv.decrypt(data, key, nonce)
-
-