PyPI - transcrypto - Versions diffs - 1.1.1__py3-none-any.whl → 1.2.0__py3-none-any.whl - Mend

transcrypto 1.1.1py3-none-any.whl → 1.2.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

transcrypto/aes.py +4 -3
transcrypto/base.py +84 -30
transcrypto/dsa.py +153 -19
transcrypto/elgamal.py +224 -28
transcrypto/rsa.py +203 -19
transcrypto/sss.py +159 -20
transcrypto/transcrypto.py +401 -178
{transcrypto-1.1.1.dist-info → transcrypto-1.2.0.dist-info}/METADATA +684 -426
transcrypto-1.2.0.dist-info/RECORD +15 -0
transcrypto-1.1.1.dist-info/RECORD +0 -15
{transcrypto-1.1.1.dist-info → transcrypto-1.2.0.dist-info}/WHEEL +0 -0
{transcrypto-1.1.1.dist-info → transcrypto-1.2.0.dist-info}/licenses/LICENSE +0 -0
{transcrypto-1.1.1.dist-info → transcrypto-1.2.0.dist-info}/top_level.txt +0 -0

{transcrypto-1.1.1.dist-info → transcrypto-1.2.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: transcrypto
-Version: 1.1.1
+Version: 1.2.0
 Summary: Basic crypto primitives, not intended for actual use, but as a companion to --Criptografia, Métodos e Algoritmos--
 Author-email: Daniel Balparda <balparda@github.com>
 License-Expression: Apache-2.0
@@ -18,7 +18,7 @@ Dynamic: license-file
 # TransCrypto
-Basic crypto primitives, not intended for actual use, but as a companion to *"Criptografia, Métodos e Algoritmos"*.
+Basic cryptography primitives implementation, a companion to *"Criptografia, Métodos e Algoritmos"*.
 Started in July/2025, by Daniel Balparda. Since version 1.0.2 it is PyPI package:
@@ -61,69 +61,66 @@ Started in July/2025, by Daniel Balparda. Since version 1.0.2 it is PyPI package
       - [`aes ecb decrypt`](#aes-ecb-decrypt)
     - [`rsa`](#rsa)
       - [`rsa new`](#rsa-new)
-      - [`rsa encrypt`](#rsa-encrypt)
-      - [`rsa decrypt`](#rsa-decrypt)
-      - [`rsa sign`](#rsa-sign)
-      - [`rsa verify`](#rsa-verify)
+      - [`rsa rawencrypt`](#rsa-rawencrypt)
+      - [`rsa rawdecrypt`](#rsa-rawdecrypt)
+      - [`rsa rawsign`](#rsa-rawsign)
+      - [`rsa rawverify`](#rsa-rawverify)
     - [`elgamal`](#elgamal)
       - [`elgamal shared`](#elgamal-shared)
       - [`elgamal new`](#elgamal-new)
-      - [`elgamal encrypt`](#elgamal-encrypt)
-      - [`elgamal decrypt`](#elgamal-decrypt)
-      - [`elgamal sign`](#elgamal-sign)
-      - [`elgamal verify`](#elgamal-verify)
+      - [`elgamal rawencrypt`](#elgamal-rawencrypt)
+      - [`elgamal rawdecrypt`](#elgamal-rawdecrypt)
+      - [`elgamal rawsign`](#elgamal-rawsign)
+      - [`elgamal rawverify`](#elgamal-rawverify)
     - [`dsa`](#dsa)
       - [`dsa shared`](#dsa-shared)
       - [`dsa new`](#dsa-new)
-      - [`dsa sign`](#dsa-sign)
-      - [`dsa verify`](#dsa-verify)
+      - [`dsa rawsign`](#dsa-rawsign)
+      - [`dsa rawverify`](#dsa-rawverify)
     - [`bid`](#bid)
       - [`bid new`](#bid-new)
       - [`bid verify`](#bid-verify)
     - [`sss`](#sss)
       - [`sss new`](#sss-new)
-      - [`sss shares`](#sss-shares)
-      - [`sss recover`](#sss-recover)
-      - [`sss verify`](#sss-verify)
+      - [`sss rawshares`](#sss-rawshares)
+      - [`sss rawrecover`](#sss-rawrecover)
+      - [`sss rawverify`](#sss-rawverify)
     - [`doc`](#doc)
       - [`doc md`](#doc-md)
     - [Base Library](#base-library)
       - [Humanized Sizes (IEC binary)](#humanized-sizes-iec-binary)
       - [Humanized Decimal Quantities (SI)](#humanized-decimal-quantities-si)
       - [Humanized Durations](#humanized-durations)
+      - [Execution Timing](#execution-timing)
+        - [Context manager](#context-manager)
+        - [Decorator](#decorator)
+        - [Manual use](#manual-use)
+        - [Key points](#key-points)
+      - [Serialization Pipeline](#serialization-pipeline)
+        - [Serialize](#serialize)
+        - [DeSerialize](#deserialize)
       - [Cryptographically Secure Randomness](#cryptographically-secure-randomness)
         - [Fixed-size random integers](#fixed-size-random-integers)
         - [Uniform random integers in a range](#uniform-random-integers-in-a-range)
         - [In-place secure shuffle](#in-place-secure-shuffle)
         - [Random byte strings](#random-byte-strings)
       - [Computing the Greatest Common Divisor](#computing-the-greatest-common-divisor)
+      - [Fast Modular Arithmetic](#fast-modular-arithmetic)
+        - [Chinese Remainder Theorem (CRT) – Pair](#chinese-remainder-theorem-crt--pair)
+        - [Modular Polynomials \& Lagrange Interpolation](#modular-polynomials--lagrange-interpolation)
+      - [Primality testing \& Prime generators, Mersenne primes](#primality-testing--prime-generators-mersenne-primes)
       - [Cryptographic Hashing](#cryptographic-hashing)
         - [SHA-256 hashing](#sha-256-hashing)
         - [SHA-512 hashing](#sha-512-hashing)
         - [File hashing](#file-hashing)
-      - [Execution Timing](#execution-timing)
-        - [Context manager](#context-manager)
-        - [Decorator](#decorator)
-        - [Manual use](#manual-use)
-        - [Key points](#key-points)
       - [Symmetric Encryption Interface](#symmetric-encryption-interface)
-      - [Serialization Pipeline](#serialization-pipeline)
-        - [Serialize](#serialize)
-        - [DeSerialize](#deserialize)
       - [Crypto Objects General Properties (`CryptoKey`)](#crypto-objects-general-properties-cryptokey)
       - [AES-256 Symmetric Encryption](#aes-256-symmetric-encryption)
         - [Key creation](#key-creation)
         - [AES-256 + GCM (default)](#aes-256--gcm-default)
         - [AES-256 + ECB (unsafe, fixed block only)](#aes-256--ecb-unsafe-fixed-block-only)
-      - [Fast Modular Arithmetic](#fast-modular-arithmetic)
-      - [Chinese Remainder Theorem (CRT) – Pair](#chinese-remainder-theorem-crt--pair)
-      - [Modular Polynomials \& Lagrange Interpolation](#modular-polynomials--lagrange-interpolation)
-      - [Primality testing \& Prime generators, Mersenne primes](#primality-testing--prime-generators-mersenne-primes)
       - [RSA (Rivest-Shamir-Adleman) Public Cryptography](#rsa-rivest-shamir-adleman-public-cryptography)
       - [El-Gamal Public-Key Cryptography](#el-gamal-public-key-cryptography)
-        - [Shared Public Key](#shared-public-key)
-        - [Public Key](#public-key)
-        - [Private Key](#private-key)
       - [DSA (Digital Signature Algorithm)](#dsa-digital-signature-algorithm)
         - [Security notes](#security-notes)
         - [Advanced: custom primes generator](#advanced-custom-primes-generator)
@@ -144,13 +141,13 @@ Unless required by applicable law or agreed to in writing, software distributed
 ## Design assumptions / Disclaimers
-- The library is built to have reference, reliable, simple implementations of math and crypto primitives.
+- The library is built to have reference, reliable, simple implementations of math and crypto primitives (e.g. `RawEncrypt()`/`RawSign()` and friends plus all the low-level primality and modular arithmetic). The issue is not that the library is unsafe, it is that the library is full of places that allow you to shoot yourself in the foot if you don't know what you are doing.
+- The library also has advanced top-level methods that are cryptographically safe and might be used in real-world scenarios (e.g. `Encrypt()`/`Sign()` and friends).
 - All library methods' `int` are tailored to be efficient with arbitrarily large integers.
-- Everything **should work**, as the library is **extensively tested**, *but not necessarily the most efficient or safe for real-world cryptographic use.* For real-world crypto use *other optimized/safe libraries* that were built to be resistant to malicious attacks.
-- *All operations in this library may be vulnerable to timing attacks.*
-- There is some logging and error messages that were written to be clear but in real-life security applications could leak private secrets. Again, this library is not build to be crypto safe. It was built as a simple tested reference implementation.
+- Everything **should work**, as the library is **extensively tested**, *but not necessarily the most efficient or safe for real-world cryptographic use.* For real-world crypto you might consider *other optimized/safe libraries* that were built to be resistant to malicious attacks.
+- *All operations in this library may be vulnerable to timing attacks.* This may be a problem to your use-case or not depending on the situation.
-That being said, all care was taken that this is a good library with a solid implementation. *Have fun!*
+All that being said, extreme care was taken that this is a good library with a solid safe implementation. *Have fun!*
 ## Install
@@ -207,11 +204,11 @@ poetry run transcrypto <command> [sub-command] [options...]
 - **`mod`** — `poetry run transcrypto mod [-h] {inv,div,exp,poly,lagrange,crt} ...`
 - **`hash`** — `poetry run transcrypto hash [-h] {sha256,sha512,file} ...`
 - **`aes`** — `poetry run transcrypto aes [-h] {key,encrypt,decrypt,ecb} ...`
-- **`rsa`** — `poetry run transcrypto rsa [-h] {new,encrypt,decrypt,sign,verify} ...`
-- **`elgamal`** — `poetry run transcrypto elgamal [-h]`
-- **`dsa`** — `poetry run transcrypto dsa [-h] {shared,new,sign,verify} ...`
+- **`rsa`** — `poetry run transcrypto rsa [-h] {new,rawencrypt,encrypt,rawdecrypt,decrypt,rawsign,sign,rawverify,verify} ...`
+- **`elgamal`** — `poetry run transcrypto elgamal [-h] {shared,new,rawencrypt,encrypt,rawdecrypt,decrypt,rawsign,sign,rawverify,verify} ...`
+- **`dsa`** — `poetry run transcrypto dsa [-h] {shared,new,rawsign,sign,rawverify,verify} ...`
 - **`bid`** — `poetry run transcrypto bid [-h] {new,verify} ...`
-- **`sss`** — `poetry run transcrypto sss [-h] {new,shares,recover,verify} ...`
+- **`sss`** — `poetry run transcrypto sss [-h] {new,rawshares,shares,rawrecover,recover,rawverify} ...`
 - **`doc`** — `poetry run transcrypto doc [-h] {md} ...`
 ```bash
@@ -252,24 +249,24 @@ Examples:
   # --- RSA ---
   poetry run transcrypto -p rsa-key rsa new --bits 2048
-  poetry run transcrypto -p rsa-key.pub rsa encrypt <plaintext>
-  poetry run transcrypto -p rsa-key.priv rsa decrypt <ciphertext>
-  poetry run transcrypto -p rsa-key.priv rsa sign <message>
-  poetry run transcrypto -p rsa-key.pub rsa verify <message> <signature>
+  poetry run transcrypto -p rsa-key.pub rsa rawencrypt <plaintext>
+  poetry run transcrypto -p rsa-key.priv rsa rawdecrypt <ciphertext>
+  poetry run transcrypto -p rsa-key.priv rsa rawsign <message>
+  poetry run transcrypto -p rsa-key.pub rsa rawverify <message> <signature>
   # --- ElGamal ---
   poetry run transcrypto -p eg-key elgamal shared --bits 2048
   poetry run transcrypto -p eg-key elgamal new
-  poetry run transcrypto -p eg-key.pub elgamal encrypt <plaintext>
-  poetry run transcrypto -p eg-key.priv elgamal decrypt <c1:c2>
-  poetry run transcrypto -p eg-key.priv elgamal sign <message>
-  poetry run transcrypto-p eg-key.pub elgamal verify <message> <s1:s2>
+  poetry run transcrypto -p eg-key.pub elgamal rawencrypt <plaintext>
+  poetry run transcrypto -p eg-key.priv elgamal rawdecrypt <c1:c2>
+  poetry run transcrypto -p eg-key.priv elgamal rawsign <message>
+  poetry run transcrypto-p eg-key.pub elgamal rawverify <message> <s1:s2>
   # --- DSA ---
   poetry run transcrypto -p dsa-key dsa shared --p-bits 2048 --q-bits 256
   poetry run transcrypto -p dsa-key dsa new
-  poetry run transcrypto -p dsa-key.priv dsa sign <message>
-  poetry run transcrypto -p dsa-key.pub dsa verify <message> <s1:s2>
+  poetry run transcrypto -p dsa-key.priv dsa rawsign <message>
+  poetry run transcrypto -p dsa-key.pub dsa rawverify <message> <s1:s2>
   # --- Public Bid ---
   poetry run transcrypto --bin bid new "tomorrow it will rain"
@@ -277,9 +274,9 @@ Examples:
   # --- Shamir Secret Sharing (SSS) ---
   poetry run transcrypto -p sss-key sss new 3 --bits 1024
-  poetry run transcrypto -p sss-key sss shares <secret> 5
-  poetry run transcrypto -p sss-key sss recover
-  poetry run transcrypto -p sss-key sss verify <secret>
+  poetry run transcrypto -p sss-key sss rawshares <secret> 5
+  poetry run transcrypto -p sss-key sss rawrecover
+  poetry run transcrypto -p sss-key sss rawverify <secret>
 ```
 ---
@@ -850,10 +847,11 @@ $ poetry run transcrypto --b64 aes ecb -k DbWJ_ZrknLEEIoq_NpoCQwHYfjskGokpueN2O_
 ### `rsa`
-Raw RSA (Rivest-Shamir-Adleman) asymmetric cryptography over *integers* (BEWARE: no OAEP/PSS padding or validation). These are pedagogical/raw primitives; do not use for new protocols. No measures are taken here to prevent timing attacks. All methods require file key(s) as `-p`/`--key-path` (see provided examples).
+RSA (Rivest-Shamir-Adleman) asymmetric cryptography. No measures are taken here to prevent timing attacks. All methods require file key(s) as `-p`/`--key-path` (see provided examples).
 ```bash
-poetry run transcrypto rsa [-h] {new,encrypt,decrypt,sign,verify} ...
+poetry run transcrypto rsa [-h]
+                                  {new,rawencrypt,encrypt,rawdecrypt,decrypt,rawsign,sign,rawverify,verify} ...
 ```
 #### `rsa new`
@@ -875,12 +873,12 @@ $ poetry run transcrypto -p rsa-key rsa new --bits 64  # NEVER use such a small
 RSA private/public keys saved to 'rsa-key.priv/.pub'
 ```
-#### `rsa encrypt`
+#### `rsa rawencrypt`
-Encrypt integer `message` with public key.
+Raw encrypt *integer* `message` with public key (BEWARE: no OAEP/PSS padding or validation).
 ```bash
-poetry run transcrypto rsa encrypt [-h] message
+poetry run transcrypto rsa rawencrypt [-h] message
 ```
 | Option/Arg | Description |
@@ -890,16 +888,36 @@ poetry run transcrypto rsa encrypt [-h] message
 **Example:**
 ```bash
-$ poetry run transcrypto -p rsa-key.pub rsa encrypt 999
+$ poetry run transcrypto -p rsa-key.pub rsa rawencrypt 999
 6354905961171348600
 ```
-#### `rsa decrypt`
+#### `rsa encrypt`
+Encrypt `message` with public key.
+```bash
+poetry run transcrypto rsa encrypt [-h] [-a AAD] plaintext
+```
+| Option/Arg | Description |
+|---|---|
+| `plaintext` | Message to encrypt [type: str] |
+| `-a, --aad` | Associated data (optional; has to be separately sent to receiver/stored) [type: str] |
+**Example:**
+```bash
+$ poetry run transcrypto --bin --out-b64 -p rsa-key.pub rsa encrypt "abcde" -a "xyz"
+AO6knI6xwq6TGR…Qy22jiFhXi1eQ==
+```
-Decrypt integer `ciphertext` with private key.
+#### `rsa rawdecrypt`
+Raw decrypt *integer* `ciphertext` with private key (BEWARE: no OAEP/PSS padding or validation).
 ```bash
-poetry run transcrypto rsa decrypt [-h] ciphertext
+poetry run transcrypto rsa rawdecrypt [-h] ciphertext
 ```
 | Option/Arg | Description |
@@ -909,16 +927,36 @@ poetry run transcrypto rsa decrypt [-h] ciphertext
 **Example:**
 ```bash
-$ poetry run transcrypto -p rsa-key.priv rsa decrypt 6354905961171348600
+$ poetry run transcrypto -p rsa-key.priv rsa rawdecrypt 6354905961171348600
 999
 ```
-#### `rsa sign`
+#### `rsa decrypt`
+Decrypt `ciphertext` with private key.
+```bash
+poetry run transcrypto rsa decrypt [-h] [-a AAD] ciphertext
+```
+| Option/Arg | Description |
+|---|---|
+| `ciphertext` | Ciphertext to decrypt [type: str] |
+| `-a, --aad` | Associated data (optional; has to be exactly the same as used during encryption) [type: str] |
+**Example:**
+```bash
+$ poetry run transcrypto --b64 --out-bin -p rsa-key.priv rsa decrypt "AO6knI6xwq6TGR…Qy22jiFhXi1eQ==" -a "eHl6"
+abcde
+```
-Sign integer `message` with private key.
+#### `rsa rawsign`
+Raw sign *integer* `message` with private key (BEWARE: no OAEP/PSS padding or validation).
 ```bash
-poetry run transcrypto rsa sign [-h] message
+poetry run transcrypto rsa rawsign [-h] message
 ```
 | Option/Arg | Description |
@@ -928,16 +966,36 @@ poetry run transcrypto rsa sign [-h] message
 **Example:**
 ```bash
-$ poetry run transcrypto -p rsa-key.priv rsa sign 999
+$ poetry run transcrypto -p rsa-key.priv rsa rawsign 999
 7632909108672871784
 ```
-#### `rsa verify`
+#### `rsa sign`
+Sign `message` with private key.
+```bash
+poetry run transcrypto rsa sign [-h] [-a AAD] message
+```
+| Option/Arg | Description |
+|---|---|
+| `message` | Message to sign [type: str] |
+| `-a, --aad` | Associated data (optional; has to be separately sent to receiver/stored) [type: str] |
+**Example:**
+```bash
+$ poetry run transcrypto --bin --out-b64 -p rsa-key.priv rsa sign "xyz"
+91TS7gC6LORiL…6RD23Aejsfxlw==
+```
-Verify integer `signature` for integer `message` with public key.
+#### `rsa rawverify`
+Raw verify *integer* `signature` for *integer* `message` with public key (BEWARE: no OAEP/PSS padding or validation).
 ```bash
-poetry run transcrypto rsa verify [-h] message signature
+poetry run transcrypto rsa rawverify [-h] message signature
 ```
 | Option/Arg | Description |
@@ -948,9 +1006,32 @@ poetry run transcrypto rsa verify [-h] message signature
 **Example:**
 ```bash
-$ poetry run transcrypto -p rsa-key.pub rsa verify 999 7632909108672871784
+$ poetry run transcrypto -p rsa-key.pub rsa rawverify 999 7632909108672871784
+RSA signature: OK
+$ poetry run transcrypto -p rsa-key.pub rsa rawverify 999 7632909108672871785
+RSA signature: INVALID
+```
+#### `rsa verify`
+Verify `signature` for `message` with public key.
+```bash
+poetry run transcrypto rsa verify [-h] [-a AAD] message signature
+```
+| Option/Arg | Description |
+|---|---|
+| `message` | Message that was signed earlier [type: str] |
+| `signature` | Putative signature for `message` [type: str] |
+| `-a, --aad` | Associated data (optional; has to be exactly the same as used during signing) [type: str] |
+**Example:**
+```bash
+$ poetry run transcrypto --b64 -p rsa-key.pub rsa verify "eHl6" "91TS7gC6LORiL…6RD23Aejsfxlw=="
 RSA signature: OK
-$ poetry run transcrypto -p rsa-key.pub rsa verify 999 7632909108672871785
+$ poetry run transcrypto --b64 -p rsa-key.pub rsa verify "eLl6" "91TS7gC6LORiL…6RD23Aejsfxlw=="
 RSA signature: INVALID
 ```
@@ -958,11 +1039,11 @@ RSA signature: INVALID
 ### `elgamal`
-Raw El-Gamal asymmetric cryptography over *integers* (BEWARE: no ECIES-style KEM/DEM padding or validation). These are pedagogical/raw primitives; do not use for new protocols. No measures are taken here to prevent timing attacks. All methods require file key(s) as `-p`/`--key-path` (see provided examples).
+El-Gamal asymmetric cryptography. No measures are taken here to prevent timing attacks. All methods require file key(s) as `-p`/`--key-path` (see provided examples).
 ```bash
 poetry run transcrypto elgamal [-h]
-                                      {shared,new,encrypt,decrypt,sign,verify} ...
+                                      {shared,new,rawencrypt,encrypt,rawdecrypt,decrypt,rawsign,sign,rawverify,verify} ...
 ```
 #### `elgamal shared`
@@ -999,12 +1080,12 @@ $ poetry run transcrypto -p eg-key elgamal new
 El-Gamal private/public keys saved to 'eg-key.priv/.pub'
 ```
-#### `elgamal encrypt`
+#### `elgamal rawencrypt`
-Encrypt integer `message` with public key.
+Raw encrypt *integer* `message` with public key (BEWARE: no ECIES-style KEM/DEM padding or validation).
 ```bash
-poetry run transcrypto elgamal encrypt [-h] message
+poetry run transcrypto elgamal rawencrypt [-h] message
 ```
 | Option/Arg | Description |
@@ -1014,16 +1095,36 @@ poetry run transcrypto elgamal encrypt [-h] message
 **Example:**
 ```bash
-$ poetry run transcrypto -p eg-key.pub elgamal encrypt 999
+$ poetry run transcrypto -p eg-key.pub elgamal rawencrypt 999
 2948854810728206041:15945988196340032688
 ```
-#### `elgamal decrypt`
+#### `elgamal encrypt`
+Encrypt `message` with public key.
+```bash
+poetry run transcrypto elgamal encrypt [-h] [-a AAD] plaintext
+```
+| Option/Arg | Description |
+|---|---|
+| `plaintext` | Message to encrypt [type: str] |
+| `-a, --aad` | Associated data (optional; has to be separately sent to receiver/stored) [type: str] |
-Decrypt integer `ciphertext` with private key.
+**Example:**
+```bash
+$ poetry run transcrypto --bin --out-b64 -p eg-key.pub elgamal encrypt "abcde" -a "xyz"
+CdFvoQ_IIPFPZLua…kqjhcUTspISxURg==
+```
+#### `elgamal rawdecrypt`
+Raw decrypt *integer* `ciphertext` with private key (BEWARE: no ECIES-style KEM/DEM padding or validation).
 ```bash
-poetry run transcrypto elgamal decrypt [-h] ciphertext
+poetry run transcrypto elgamal rawdecrypt [-h] ciphertext
 ```
 | Option/Arg | Description |
@@ -1033,16 +1134,36 @@ poetry run transcrypto elgamal decrypt [-h] ciphertext
 **Example:**
 ```bash
-$ poetry run transcrypto -p eg-key.priv elgamal decrypt 2948854810728206041:15945988196340032688
+$ poetry run transcrypto -p eg-key.priv elgamal rawdecrypt 2948854810728206041:15945988196340032688
 999
 ```
-#### `elgamal sign`
+#### `elgamal decrypt`
+Decrypt `ciphertext` with private key.
+```bash
+poetry run transcrypto elgamal decrypt [-h] [-a AAD] ciphertext
+```
+| Option/Arg | Description |
+|---|---|
+| `ciphertext` | Ciphertext to decrypt [type: str] |
+| `-a, --aad` | Associated data (optional; has to be exactly the same as used during encryption) [type: str] |
-Sign integer message with private key. Output will 2 integers in a `s1:s2` format.
+**Example:**
+```bash
+$ poetry run transcrypto --b64 --out-bin -p eg-key.priv elgamal decrypt "CdFvoQ_IIPFPZLua…kqjhcUTspISxURg==" -a "eHl6"
+abcde
+```
+#### `elgamal rawsign`
+Raw sign *integer* message with private key (BEWARE: no ECIES-style KEM/DEM padding or validation). Output will 2 *integers* in a `s1:s2` format.
 ```bash
-poetry run transcrypto elgamal sign [-h] message
+poetry run transcrypto elgamal rawsign [-h] message
 ```
 | Option/Arg | Description |
@@ -1052,16 +1173,36 @@ poetry run transcrypto elgamal sign [-h] message
 **Example:**
 ```bash
-$ poetry run transcrypto -p eg-key.priv elgamal sign 999
+$ poetry run transcrypto -p eg-key.priv elgamal rawsign 999
 4674885853217269088:14532144906178302633
 ```
-#### `elgamal verify`
+#### `elgamal sign`
+Sign message with private key.
+```bash
+poetry run transcrypto elgamal sign [-h] [-a AAD] message
+```
+| Option/Arg | Description |
+|---|---|
+| `message` | Message to sign [type: str] |
+| `-a, --aad` | Associated data (optional; has to be separately sent to receiver/stored) [type: str] |
-Verify integer `signature` for integer `message` with public key.
+**Example:**
+```bash
+$ poetry run transcrypto --bin --out-b64 -p eg-key.priv elgamal sign "xyz"
+Xl4hlYK8SHVGw…0fCKJE1XVzA==
+```
+#### `elgamal rawverify`
+Raw verify *integer* `signature` for *integer* `message` with public key (BEWARE: no ECIES-style KEM/DEM padding or validation).
 ```bash
-poetry run transcrypto elgamal verify [-h] message signature
+poetry run transcrypto elgamal rawverify [-h] message signature
 ```
 | Option/Arg | Description |
@@ -1072,9 +1213,32 @@ poetry run transcrypto elgamal verify [-h] message signature
 **Example:**
 ```bash
-$ poetry run transcrypto -p eg-key.pub elgamal verify 999 4674885853217269088:14532144906178302633
+$ poetry run transcrypto -p eg-key.pub elgamal rawverify 999 4674885853217269088:14532144906178302633
+El-Gamal signature: OK
+$ poetry run transcrypto -p eg-key.pub elgamal rawverify 999 4674885853217269088:14532144906178302632
+El-Gamal signature: INVALID
+```
+#### `elgamal verify`
+Verify `signature` for `message` with public key.
+```bash
+poetry run transcrypto elgamal verify [-h] [-a AAD] message signature
+```
+| Option/Arg | Description |
+|---|---|
+| `message` | Message that was signed earlier [type: str] |
+| `signature` | Putative signature for `message` [type: str] |
+| `-a, --aad` | Associated data (optional; has to be exactly the same as used during signing) [type: str] |
+**Example:**
+```bash
+$ poetry run transcrypto --b64 -p eg-key.pub elgamal verify "eHl6" "Xl4hlYK8SHVGw…0fCKJE1XVzA=="
 El-Gamal signature: OK
-$ poetry run transcrypto -p eg-key.pub elgamal verify 999 4674885853217269088:14532144906178302632
+$ poetry run transcrypto --b64 -p eg-key.pub elgamal verify "eLl6" "Xl4hlYK8SHVGw…0fCKJE1XVzA=="
 El-Gamal signature: INVALID
 ```
@@ -1082,15 +1246,16 @@ El-Gamal signature: INVALID
 ### `dsa`
-Raw DSA (Digital Signature Algorithm) asymmetric signing over *integers* (BEWARE: no ECDSA/EdDSA padding or validation). These are pedagogical/raw primitives; do not use for new protocols. No measures are taken here to prevent timing attacks. All methods require file key(s) as `-p`/`--key-path` (see provided examples).
+DSA (Digital Signature Algorithm) asymmetric signing/verifying. No measures are taken here to prevent timing attacks. All methods require file key(s) as `-p`/`--key-path` (see provided examples).
 ```bash
-poetry run transcrypto dsa [-h] {shared,new,sign,verify} ...
+poetry run transcrypto dsa [-h]
+                                  {shared,new,rawsign,sign,rawverify,verify} ...
 ```
 #### `dsa shared`
-Generate a shared DSA key with `p-bits`/`q-bits` prime modulus sizes, which is the first step in key generation. `q-bits` should be larger than the secrets that will be protected and `p-bits` should be much larger than `q-bits` (e.g. 3584/256). The shared key can safely be used by any number of users to generate their private/public key pairs (with the `new` command). The shared keys are "public". Requires `-p`/`--key-path` to set the basename for output files.
+Generate a shared DSA key with `p-bits`/`q-bits` prime modulus sizes, which is the first step in key generation. `q-bits` should be larger than the secrets that will be protected and `p-bits` should be much larger than `q-bits` (e.g. 4096/544). The shared key can safely be used by any number of users to generate their private/public key pairs (with the `new` command). The shared keys are "public". Requires `-p`/`--key-path` to set the basename for output files.
 ```bash
 poetry run transcrypto dsa shared [-h] [--p-bits P_BITS]
@@ -1099,8 +1264,8 @@ poetry run transcrypto dsa shared [-h] [--p-bits P_BITS]
 | Option/Arg | Description |
 |---|---|
-| `--p-bits` | Prime modulus (`p`) size in bits; the default is a safe size [type: int (default: 3584)] |
-| `--q-bits` | Prime modulus (`q`) size in bits; the default is a safe size ***IFF*** you are protecting symmetric keys or regular hashes [type: int (default: 256)] |
+| `--p-bits` | Prime modulus (`p`) size in bits; the default is a safe size [type: int (default: 4096)] |
+| `--q-bits` | Prime modulus (`q`) size in bits; the default is a safe size ***IFF*** you are protecting symmetric keys or regular hashes [type: int (default: 544)] |
 **Example:**
@@ -1124,12 +1289,12 @@ $ poetry run transcrypto -p dsa-key dsa new
 DSA private/public keys saved to 'dsa-key.priv/.pub'
 ```
-#### `dsa sign`
+#### `dsa rawsign`
-Sign integer message with private key. Output will 2 integers in a `s1:s2` format.
+Raw sign *integer* message with private key (BEWARE: no ECDSA/EdDSA padding or validation). Output will 2 *integers* in a `s1:s2` format.
 ```bash
-poetry run transcrypto dsa sign [-h] message
+poetry run transcrypto dsa rawsign [-h] message
 ```
 | Option/Arg | Description |
@@ -1139,16 +1304,36 @@ poetry run transcrypto dsa sign [-h] message
 **Example:**
 ```bash
-$ poetry run transcrypto -p dsa-key.priv dsa sign 999
+$ poetry run transcrypto -p dsa-key.priv dsa rawsign 999
 2395961484:3435572290
 ```
-#### `dsa verify`
+#### `dsa sign`
+Sign message with private key.
+```bash
+poetry run transcrypto dsa sign [-h] [-a AAD] message
+```
+| Option/Arg | Description |
+|---|---|
+| `message` | Message to sign [type: str] |
+| `-a, --aad` | Associated data (optional; has to be separately sent to receiver/stored) [type: str] |
+**Example:**
+```bash
+$ poetry run transcrypto --bin --out-b64 -p dsa-key.priv dsa sign "xyz"
+yq8InJVpViXh9…BD4par2XuA=
+```
-Verify integer `signature` for integer `message` with public key.
+#### `dsa rawverify`
+Raw verify *integer* `signature` for *integer* `message` with public key (BEWARE: no ECDSA/EdDSA padding or validation).
 ```bash
-poetry run transcrypto dsa verify [-h] message signature
+poetry run transcrypto dsa rawverify [-h] message signature
 ```
 | Option/Arg | Description |
@@ -1159,9 +1344,32 @@ poetry run transcrypto dsa verify [-h] message signature
 **Example:**
 ```bash
-$ poetry run transcrypto -p dsa-key.pub dsa verify 999 2395961484:3435572290
+$ poetry run transcrypto -p dsa-key.pub dsa rawverify 999 2395961484:3435572290
+DSA signature: OK
+$ poetry run transcrypto -p dsa-key.pub dsa rawverify 999 2395961484:3435572291
+DSA signature: INVALID
+```
+#### `dsa verify`
+Verify `signature` for `message` with public key.
+```bash
+poetry run transcrypto dsa verify [-h] [-a AAD] message signature
+```
+| Option/Arg | Description |
+|---|---|
+| `message` | Message that was signed earlier [type: str] |
+| `signature` | Putative signature for `message` [type: str] |
+| `-a, --aad` | Associated data (optional; has to be exactly the same as used during signing) [type: str] |
+**Example:**
+```bash
+$ poetry run transcrypto --b64 -p dsa-key.pub dsa verify "eHl6" "yq8InJVpViXh9…BD4par2XuA="
 DSA signature: OK
-$ poetry run transcrypto -p dsa-key.pub dsa verify 999 2395961484:3435572291
+$ poetry run transcrypto --b64 -p dsa-key.pub dsa verify "eLl6" "yq8InJVpViXh9…BD4par2XuA="
 DSA signature: INVALID
 ```
@@ -1215,10 +1423,11 @@ tomorrow it will rain
 ### `sss`
-Raw SSS (Shamir Shared Secret) secret sharing crypto scheme over *integers* (BEWARE: no modern message wrapping, padding or validation). These are pedagogical/raw primitives; do not use for new protocols. No measures are taken here to prevent timing attacks. All methods require file key(s) as `-p`/`--key-path` (see provided examples).
+SSS (Shamir Shared Secret) secret sharing crypto scheme. No measures are taken here to prevent timing attacks. All methods require file key(s) as `-p`/`--key-path` (see provided examples).
 ```bash
-poetry run transcrypto sss [-h] {new,shares,recover,verify} ...
+poetry run transcrypto sss [-h]
+                                  {new,rawshares,shares,rawrecover,recover,rawverify} ...
 ```
 #### `sss new`
@@ -1241,9 +1450,30 @@ $ poetry run transcrypto -p sss-key sss new 3 --bits 64  # NEVER use such a smal
 SSS private/public keys saved to 'sss-key.priv/.pub'
 ```
+#### `sss rawshares`
+Raw shares: Issue `count` private shares for an *integer* `secret` (BEWARE: no modern message wrapping, padding or validation).
+```bash
+poetry run transcrypto sss rawshares [-h] secret count
+```
+| Option/Arg | Description |
+|---|---|
+| `secret` | Integer secret to be protected, 1≤`secret`<*modulus* [type: str] |
+| `count` | How many shares to produce; must be ≥ `minimum` used in `new` command or else the `secret` would become unrecoverable [type: int] |
+**Example:**
+```bash
+$ poetry run transcrypto -p sss-key sss rawshares 999 5
+SSS 5 individual (private) shares saved to 'sss-key.share.1…5'
+$ rm sss-key.share.2 sss-key.share.4  # this is to simulate only having shares 1,3,5
+```
 #### `sss shares`
-Issue `count` private shares for an integer `secret`.
+Shares: Issue `count` private shares for a `secret`.
 ```bash
 poetry run transcrypto sss shares [-h] secret count
@@ -1251,17 +1481,36 @@ poetry run transcrypto sss shares [-h] secret count
 | Option/Arg | Description |
 |---|---|
-| `secret` | Integer secret to be protected, 1≤`secret`<*modulus* [type: str] |
+| `secret` | Secret to be protected [type: str] |
 | `count` | How many shares to produce; must be ≥ `minimum` used in `new` command or else the `secret` would become unrecoverable [type: int] |
 **Example:**
 ```bash
-$ poetry run transcrypto -p sss-key sss shares 999 5
+$ poetry run transcrypto --bin -p sss-key sss shares "abcde" 5
 SSS 5 individual (private) shares saved to 'sss-key.share.1…5'
 $ rm sss-key.share.2 sss-key.share.4  # this is to simulate only having shares 1,3,5
 ```
+#### `sss rawrecover`
+Raw recover *integer* secret from shares; will use any available shares that were found (BEWARE: no modern message wrapping, padding or validation).
+```bash
+poetry run transcrypto sss rawrecover [-h]
+```
+**Example:**
+```bash
+$ poetry run transcrypto -p sss-key sss rawrecover
+Loaded SSS share: 'sss-key.share.3'
+Loaded SSS share: 'sss-key.share.5'
+Loaded SSS share: 'sss-key.share.1'  # using only 3 shares: number 2/4 are missing
+Secret:
+999
+```
 #### `sss recover`
 Recover secret from shares; will use any available shares that were found.
@@ -1273,34 +1522,34 @@ poetry run transcrypto sss recover [-h]
 **Example:**
 ```bash
-$ poetry run transcrypto -p sss-key sss recover
+$ poetry run transcrypto --out-bin -p sss-key sss recover
 Loaded SSS share: 'sss-key.share.3'
 Loaded SSS share: 'sss-key.share.5'
 Loaded SSS share: 'sss-key.share.1'  # using only 3 shares: number 2/4 are missing
 Secret:
-999
+abcde
 ```
-#### `sss verify`
+#### `sss rawverify`
-Verify shares against a secret (private params).
+Raw verify shares against a secret (private params; BEWARE: no modern message wrapping, padding or validation).
 ```bash
-poetry run transcrypto sss verify [-h] secret
+poetry run transcrypto sss rawverify [-h] secret
 ```
 | Option/Arg | Description |
 |---|---|
-| `secret` | Integer secret used to generate the shares, 1≤`secret`<*modulus* [type: str] |
+| `secret` | Integer secret used to generate the shares [type: str] |
 **Example:**
 ```bash
-$ poetry run transcrypto -p sss-key sss verify 999
+$ poetry run transcrypto -p sss-key sss rawverify 999
 SSS share 'sss-key.share.3' verification: OK
 SSS share 'sss-key.share.5' verification: OK
 SSS share 'sss-key.share.1' verification: OK
-$ poetry run transcrypto -p sss-key sss verify 998
+$ poetry run transcrypto -p sss-key sss rawverify 998
 SSS share 'sss-key.share.3' verification: INVALID
 SSS share 'sss-key.share.5' verification: INVALID
 SSS share 'sss-key.share.1' verification: INVALID
@@ -1396,169 +1645,39 @@ Chooses an appropriate time unit based on magnitude and formats with fixed preci
 - special case: `0 → '0.00 s'`
 - errors: negative or non-finite inputs raise `InputError`
-#### Cryptographically Secure Randomness
+#### Execution Timing
-These helpers live in `base` and wrap Python’s `secrets` with additional checks and guarantees for crypto use-cases.
+A flexible timing utility that works as a **context manager**, **decorator**, or **manual timer object**.
 ```py
 from transcrypto import base
+import time
 ```
-##### Fixed-size random integers
+##### Context manager
 ```py
-# Generate a 256-bit integer (first bit always set)
-r = base.RandBits(256)
-assert r.bit_length() == 256
+with base.Timer('Block timing'):
+    time.sleep(1.2)
+# → logs: "Block timing: 1.20 s" (default via logging.info)
 ```
-Produces a crypto-secure random integer with exactly `n_bits` bits (`≥ 8`). The most significant bit is guaranteed to be `1`, so entropy is \~`n_bits−1` — negligible for large crypto sizes.
-- errors: `n_bits < 8` → `InputError`
+Starts timing on entry, stops on exit, and reports elapsed time automatically.
-##### Uniform random integers in a range
+##### Decorator
 ```py
-# Uniform between [10, 20] inclusive
-n = base.RandInt(10, 20)
-assert 10 <= n <= 20
-```
+@base.Timer('Function timing')
+def slow_function():
+    time.sleep(0.8)
-Returns a crypto-secure integer uniformly distributed over the closed interval `[min_int, max_int]`.
+slow_function()
+# → logs: "Function timing: 0.80 s"
+```
-- constraints: `min_int ≥ 0` and `< max_int`
-- errors: invalid bounds → `InputError`
+Wraps a function so that each call is automatically timed.
-##### In-place secure shuffle
-```py
-deck = list(range(10))
-base.RandShuffle(deck)
-print(deck)   # securely shuffled order
-```
-Performs an in-place Fisher–Yates shuffle using `secrets.randbelow`. Suitable for sensitive data ordering.
-- constraints: sequence length ≥ 2
-- errors: shorter sequences → `InputError`
-##### Random byte strings
-```py
-# 32 random bytes
-b = base.RandBytes(32)
-assert len(b) == 32
-```
-Generates `n_bytes` of high-quality crypto-secure random data.
-- constraints: `n_bytes ≥ 1`
-- errors: smaller values → `InputError`
-#### Computing the Greatest Common Divisor
-```py
->>> from transcrypto import base
->>> base.GCD(462, 1071)
-21
->>> base.GCD(0, 17)
-17
-```
-The function is `O(log(min(a, b)))` and handles arbitrarily large integers. To find Bézout coefficients `(x, y)` such that `ax + by = gcd(a, b)` do:
-```py
->>> base.ExtendedGCD(462, 1071)
-(21, -2, 1)
->>> 462 * -2 + 1071 * 1
-21
-```
-Use-cases:
-- modular inverses: `inv = x % m` when `gcd(a, m) == 1`
-- solving linear Diophantine equations
-- RSA / ECC key generation internals
-#### Cryptographic Hashing
-Simple, fixed-output-size wrappers over Python’s `hashlib` for common digest operations, plus file hashing.
-```py
-from transcrypto import base
-```
-##### SHA-256 hashing
-```py
-h = base.Hash256(b'hello world')
-assert len(h) == 32                       # bytes
-print(h.hex())                            # 64 hex chars
-```
-Computes the SHA-256 digest of a byte string, returning exactly 32 bytes (256 bits). Suitable for fingerprints, commitments, or internal crypto primitives.
-##### SHA-512 hashing
-```py
-h = base.Hash512(b'hello world')
-assert len(h) == 64                       # bytes
-print(h.hex())                            # 128 hex chars
-```
-Computes the SHA-512 digest of a byte string, returning exactly 64 bytes (512 bits). Higher collision resistance and larger output space than SHA-256.
-##### File hashing
-```py
-# Default SHA-256
-fh = base.FileHash('/path/to/file')
-print(fh.hex())
-# SHA-512
-fh2 = base.FileHash('/path/to/file', digest='sha512')
-```
-Hashes a file from disk in streaming mode. By default uses SHA-256; `digest='sha512'` switches to SHA-512.
-- constraints:
-  - `digest` must be `'sha256'` or `'sha512'`
-  - `full_path` must exist
-- errors: invalid digest or missing file → `InputError`
-#### Execution Timing
-A flexible timing utility that works as a **context manager**, **decorator**, or **manual timer object**.
-```py
-from transcrypto import base
-import time
-```
-##### Context manager
-```py
-with base.Timer('Block timing'):
-    time.sleep(1.2)
-# → logs: "Block timing: 1.20 s" (default via logging.info)
-```
-Starts timing on entry, stops on exit, and reports elapsed time automatically.
-##### Decorator
-```py
-@base.Timer('Function timing')
-def slow_function():
-    time.sleep(0.8)
-slow_function()
-# → logs: "Function timing: 0.80 s"
-```
-Wraps a function so that each call is automatically timed.
-##### Manual use
+##### Manual use
 ```py
 tm = base.Timer('Inline timing', emit_print=True)
@@ -1582,21 +1701,6 @@ Manual control over `Start()` and `Stop()` for precise measurement of custom int
   - Cannot stop an unstarted or already stopped timer
     (raises `Error`)
-#### Symmetric Encryption Interface
-`SymmetricCrypto` is an abstract base class that defines the **byte-in / byte-out** contract for symmetric ciphers.
-- **Metadata handling** — if the algorithm uses a `nonce` or `tag`, the implementation must handle it internally (e.g., append it to ciphertext).
-- **AEAD modes** — if supported, `associated_data` must be authenticated; otherwise, a non-`None` value should raise `InputError`.
-```py
-class MyAES(base.SymmetricCrypto):
-    def Encrypt(self, plaintext: bytes, *, associated_data=None) -> bytes:
-        ...
-    def Decrypt(self, ciphertext: bytes, *, associated_data=None) -> bytes:
-        ...
-```
 #### Serialization Pipeline
 These helpers turn arbitrary Python objects into compressed and/or encrypted binary blobs, and back again — with detailed timing and size logging.
@@ -1679,114 +1783,89 @@ data/file → (decrypt) → (decompress if Zstd) → unpickle
 - `file_path` must exist; `data` must be at least 4 bytes.
 - Wrong key or corrupted data can raise `CryptoError`.
-#### Crypto Objects General Properties (`CryptoKey`)
-Cryptographic objects all derive from the `CryptoKey` class and will all have some important characteristics:
-- Will be safe to log and print, i.e., implement safe `__str__()` and `__repr__()` methods (in actuality `repr` will be exactly the same as `str`). The `__str__()` should always fully print the public parts of the object and obfuscate the private ones. This obfuscation allows for some debugging, if needed, but if the secrets are "too short" then it can be defeated by brute force. For usual crypto defaults the obfuscation is fine. The obfuscation is the fist 4 bytes of the SHA-512 for the value followed by an ellipsis (e.g. `c9626f16…`).
-- It will have a `_DebugDump()` method that **does print secrets** and can be used for **debugging only**.
-- Can be easily serialized to `bytes` by the `blob` property and to base-64 encoded `str` by the `encoded` property.
-- Can be serialized encrypted to `bytes` by the `Blob(key=[SymmetricCrypto])` method and to encrypted base-64 encoded `str` by the `Encoded(key=[SymmetricCrypto])` method.
-- Can be instantiated back as an object from `str` or `bytes` using the `Load(data, key=[SymmetricCrypto] | None)` method. The `Load()` will decide how to build the object and will work universally with all the serialization options discussed above.
+#### Cryptographically Secure Randomness
-Example:
+These helpers live in `base` and wrap Python’s `secrets` with additional checks and guarantees for crypto use-cases.
-<!-- cspell:disable -->
 ```py
-from transcrypto import base, rsa, aes
+from transcrypto import base
+```
-priv = rsa.RSAPrivateKey.New(512)  # small key, but good for this example
-print(str(priv))                   # safe, no secrets
-# ▶ RSAPrivateKey(RSAPublicKey(public_modulus=pQaoxy-QeXSds1k9WsGjJw==, encrypt_exp=AQAB), modulus_p=f18141aa…, modulus_q=67494eb9…, decrypt_exp=c96db24a…)
+##### Fixed-size random integers
-print(priv._DebugDump())  # UNSAFE: prints secrets
-# ▶ RSAPrivateKey(public_modulus=219357196311600536151291741191131996967, encrypt_exp=65537, modulus_p=13221374197986739361, modulus_q=16591104148992527047, decrypt_exp=37805202135275158391322585315542443073, remainder_p=9522084656682089473, remainder_q=8975656462800098363, q_inverse_p=11965562396596149292)
+```py
+# Generate a 256-bit integer (first bit always set)
+r = base.RandBits(256)
+assert r.bit_length() == 256
+```
-print(priv.blob)
-# ▶ b"(\xb5/\xfd \x98\xc1\x04\x00\x80\x04\x95\x8d\x00\x00\x00\x00\x00\x00\x00\x8c\x0ftranscrypto.rsa\x94\x8c\rRSAPrivateKey\x94\x93\x94)\x81\x94]\x94(\x8a\x11'\xa3\xc1Z=Y\xb3\x9dty\x90/\xc7\xa8\x06\xa5\x00J\x01\x00\x01\x00\x8a\t\xa1\xc4\x83\x81\xc8\xc1{\xb7\x00\x8a\t\xc7\x8a5\xf0Qq?\xe6\x00\x8a\x10A$&\x82!\x1cy\x89r\xef\xeb\xa7_\x04q\x1c\x8a\t\x01\xbc\xbb\x8a\x8b=%\x84\x00\x8a\x08;\x94#s\xff\xef\x8f|\x8a\t,\x9c\xe2z\x9a7\x0e\xa6\x00eb."
+Produces a crypto-secure random integer with exactly `n_bits` bits (`≥ 8`). The most significant bit is guaranteed to be `1`, so entropy is \~`n_bits−1` — negligible for large crypto sizes.
-print(priv.encoded)
-# ▶ KLUv_WBwAIELAIAElWUBAAAAAAAAjA90cmFuc2NyeXB0by5yc2GUjA1SU0FQcml2YXRlS2V5lJOUKYGUXZQoikHf1EvsmZedAZve7TrLmobLAwuRIr_77TLG6G_0fsLGThERVJu075be8PLjUQYnLXcacZFQ5Fb1Iy1WtiE985euAEoBAAEAiiFR9ngiXMzkf41o5CRBY3h0D4DJVisDDhLmAWsiaHggzQCKIS_cmQ6MKXCtROtC7c_Mrsi9A-9NM8DksaHaRwvy6uTZAIpB4TVbsLxc41TEc19wIzpxbi9y5dW5gdfTkRQSSiz0ijmb8Xk3pyBfKAv8JbHp8Yv48gNZUfX67qq0J7yhJqeUoACKIbFb2kTNRzSqm3JRtjc2BPS-FnLFdadlFcV4-6IW7eqLAIogFZfzDN39gZLR9uTz4KHSTaqxWrJgP8-YYssjss6FlFKKIIItgCDv7ompNpY8gBs5bibN8XTsr-JOYSntDVT5Fe5vZWIu
+- errors: `n_bits < 8` → `InputError`
-key = aes.AESKey(key256=b'x' * 32)
-print(key)
-# ▶ AESKey(key256=86a86df7…)
+##### Uniform random integers in a range
-encrypted = priv.Blob(key=key)
-print(priv == rsa.RSAPrivateKey.Load(encrypted, key=key))
-# ▶ True
+```py
+# Uniform between [10, 20] inclusive
+n = base.RandInt(10, 20)
+assert 10 <= n <= 20
 ```
-<!-- cspell:enable -->
-#### AES-256 Symmetric Encryption
+Returns a crypto-secure integer uniformly distributed over the closed interval `[min_int, max_int]`.
-Implements AES-256 in **GCM mode** for authenticated encryption and decryption, plus an **ECB mode** helper for fixed-size block encoding.
-Also includes a high-iteration PBKDF2-based key derivation from static passwords.
+- constraints: `min_int ≥ 0` and `< max_int`
+- errors: invalid bounds → `InputError`
-##### Key creation
+##### In-place secure shuffle
 ```py
-from transcrypto import aes
-# From raw bytes (must be exactly 32 bytes)
-key = aes.AESKey(key256=b'\x00' * 32)
-# From a static password (slow, high-iteration PBKDF2-SHA256)
-key = aes.AESKey.FromStaticPassword('correct horse battery staple')
-print(key.encoded)  # URL-safe Base64
+deck = list(range(10))
+base.RandShuffle(deck)
+print(deck)   # securely shuffled order
 ```
-- **Length**: `key256` must be exactly 32 bytes
-- `FromStaticPassword()`:
-  - Uses PBKDF2-HMAC-SHA256 with **fixed** salt and \~2 million iterations
-  - Designed for **interactive** password entry, **not** for password databases
-##### AES-256 + GCM (default)
+Performs an in-place Fisher–Yates shuffle using `secrets.randbelow`. Suitable for sensitive data ordering.
-```py
-data = b'secret message'
-aad  = b'metadata'
+- constraints: sequence length ≥ 2
+- errors: shorter sequences → `InputError`
-# Encrypt (returns IV + ciphertext + tag)
-ct = key.Encrypt(data, associated_data=aad)
+##### Random byte strings
-# Decrypt
-pt = key.Decrypt(ct, associated_data=aad)
-assert pt == data
+```py
+# 32 random bytes
+b = base.RandBytes(32)
+assert len(b) == 32
 ```
-- **Security**:
-  - Random 128-bit IV (`iv`) per encryption
-  - Authenticated tag (128-bit) ensures integrity
-  - Optional `associated_data` is authenticated but not encrypted
-- **Errors**:
-  - Tag mismatch or wrong key → `CryptoError`
+Generates `n_bytes` of high-quality crypto-secure random data.
-##### AES-256 + ECB (unsafe, fixed block only)
+- constraints: `n_bytes ≥ 1`
+- errors: smaller values → `InputError`
+#### Computing the Greatest Common Divisor
 ```py
-# ECB mode is for 16-byte block encoding ONLY
-ecb = key.ECBEncoder()
+>>> from transcrypto import base
+>>> base.GCD(462, 1071)
+21
+>>> base.GCD(0, 17)
+17
+```
-block = b'16-byte string!!'
-ct_block = ecb.Encrypt(block)
-pt_block = ecb.Decrypt(ct_block)
-assert pt_block == block
+The function is `O(log(min(a, b)))` and handles arbitrarily large integers. To find Bézout coefficients `(x, y)` such that `ax + by = gcd(a, b)` do:
-# Hex helpers
-hex_ct = ecb.EncryptHex('00112233445566778899aabbccddeeff')
+```py
+>>> base.ExtendedGCD(462, 1071)
+(21, -2, 1)
+>>> 462 * -2 + 1071 * 1
+21
 ```
-- **ECB mode**:
-  - 16-byte plaintext ↔ 16-byte ciphertext
-  - No padding, no IV, no integrity — **do not use for general encryption**
-  - `associated_data` not supported
-Key points:
+Use-cases:
-- **GCM mode** is secure for general use; ECB mode is for special low-level operations
-- **Static password derivation** is intentionally slow to resist brute force
-- All sizes and parameters are validated with `InputError` on misuse
+- modular inverses: `inv = x % m` when `gcd(a, m) == 1`
+- solving linear Diophantine equations
+- RSA / ECC key generation internals
 #### Fast Modular Arithmetic
@@ -1809,7 +1888,7 @@ assert (z * y) % m == x % m
 exp = modmath.ModExp(3, 10**20, m)   # ≈ log₂(y) time, handles huge exponents
 ```
-#### Chinese Remainder Theorem (CRT) – Pair
+##### Chinese Remainder Theorem (CRT) – Pair
 ```py
 from transcrypto import modmath
@@ -1840,7 +1919,7 @@ x ≡ a2 (mod m2)
 This function is a 2-modulus variant; for multiple moduli, apply it iteratively or use a general CRT solver.
-#### Modular Polynomials & Lagrange Interpolation
+##### Modular Polynomials & Lagrange Interpolation
 ```py
 # f(t) = 7t³ − 3t² + 2t + 5  (coefficients constant-term first)
@@ -1876,6 +1955,176 @@ for k, m_p, perfect in modmath.MersennePrimesGenerator(0):
     break
 ```
+#### Cryptographic Hashing
+Simple, fixed-output-size wrappers over Python’s `hashlib` for common digest operations, plus file hashing.
+```py
+from transcrypto import base
+```
+##### SHA-256 hashing
+```py
+h = base.Hash256(b'hello world')
+assert len(h) == 32                       # bytes
+print(h.hex())                            # 64 hex chars
+```
+Computes the SHA-256 digest of a byte string, returning exactly 32 bytes (256 bits). Suitable for fingerprints, commitments, or internal crypto primitives.
+##### SHA-512 hashing
+```py
+h = base.Hash512(b'hello world')
+assert len(h) == 64                       # bytes
+print(h.hex())                            # 128 hex chars
+```
+Computes the SHA-512 digest of a byte string, returning exactly 64 bytes (512 bits). Higher collision resistance and larger output space than SHA-256.
+##### File hashing
+```py
+# Default SHA-256
+fh = base.FileHash('/path/to/file')
+print(fh.hex())
+# SHA-512
+fh2 = base.FileHash('/path/to/file', digest='sha512')
+```
+Hashes a file from disk in streaming mode. By default uses SHA-256; `digest='sha512'` switches to SHA-512.
+- constraints:
+  - `digest` must be `'sha256'` or `'sha512'`
+  - `full_path` must exist
+- errors: invalid digest or missing file → `InputError`
+#### Symmetric Encryption Interface
+`SymmetricCrypto` is an abstract base class that defines the **byte-in / byte-out** contract for symmetric ciphers.
+- **Metadata handling** — if the algorithm uses a `nonce` or `tag`, the implementation must handle it internally (e.g., append it to ciphertext).
+- **AEAD modes** — if supported, `associated_data` must be authenticated; otherwise, a non-`None` value should raise `InputError`.
+```py
+class MyAES(base.SymmetricCrypto):
+    def Encrypt(self, plaintext: bytes, *, associated_data=None) -> bytes:
+        ...
+    def Decrypt(self, ciphertext: bytes, *, associated_data=None) -> bytes:
+        ...
+```
+#### Crypto Objects General Properties (`CryptoKey`)
+Cryptographic objects all derive from the `CryptoKey` class and will all have some important characteristics:
+- Will be safe to log and print, i.e., implement safe `__str__()` and `__repr__()` methods (in actuality `repr` will be exactly the same as `str`). The `__str__()` should always fully print the public parts of the object and obfuscate the private ones. This obfuscation allows for some debugging, if needed, but if the secrets are "too short" then it can be defeated by brute force. For usual crypto defaults the obfuscation is fine. The obfuscation is the fist 4 bytes of the SHA-512 for the value followed by an ellipsis (e.g. `c9626f16…`).
+- It will have a `_DebugDump()` method that **does print secrets** and can be used for **debugging only**.
+- Can be easily serialized to `bytes` by the `blob` property and to base-64 encoded `str` by the `encoded` property.
+- Can be serialized encrypted to `bytes` by the `Blob(key=[SymmetricCrypto])` method and to encrypted base-64 encoded `str` by the `Encoded(key=[SymmetricCrypto])` method.
+- Can be instantiated back as an object from `str` or `bytes` using the `Load(data, key=[SymmetricCrypto] | None)` method. The `Load()` will decide how to build the object and will work universally with all the serialization options discussed above.
+Example:
+<!-- cspell:disable -->
+```py
+from transcrypto import base, rsa, aes
+priv = rsa.RSAPrivateKey.New(512)  # small key, but good for this example
+print(str(priv))                   # safe, no secrets
+# ▶ RSAPrivateKey(RSAPublicKey(public_modulus=pQaoxy-QeXSds1k9WsGjJw==, encrypt_exp=AQAB), modulus_p=f18141aa…, modulus_q=67494eb9…, decrypt_exp=c96db24a…)
+print(priv._DebugDump())  # UNSAFE: prints secrets
+# ▶ RSAPrivateKey(public_modulus=219357196311600536151291741191131996967, encrypt_exp=65537, modulus_p=13221374197986739361, modulus_q=16591104148992527047, decrypt_exp=37805202135275158391322585315542443073, remainder_p=9522084656682089473, remainder_q=8975656462800098363, q_inverse_p=11965562396596149292)
+print(priv.blob)
+# ▶ b"(\xb5/\xfd \x98\xc1\x04\x00\x80\x04\x95\x8d\x00\x00\x00\x00\x00\x00\x00\x8c\x0ftranscrypto.rsa\x94\x8c\rRSAPrivateKey\x94\x93\x94)\x81\x94]\x94(\x8a\x11'\xa3\xc1Z=Y\xb3\x9dty\x90/\xc7\xa8\x06\xa5\x00J\x01\x00\x01\x00\x8a\t\xa1\xc4\x83\x81\xc8\xc1{\xb7\x00\x8a\t\xc7\x8a5\xf0Qq?\xe6\x00\x8a\x10A$&\x82!\x1cy\x89r\xef\xeb\xa7_\x04q\x1c\x8a\t\x01\xbc\xbb\x8a\x8b=%\x84\x00\x8a\x08;\x94#s\xff\xef\x8f|\x8a\t,\x9c\xe2z\x9a7\x0e\xa6\x00eb."
+print(priv.encoded)
+# ▶ KLUv_WBwAIELAIAElWUBAAAAAAAAjA90cmFuc2NyeXB0by5yc2GUjA1SU0FQcml2YXRlS2V5lJOUKYGUXZQoikHf1EvsmZedAZve7TrLmobLAwuRIr_77TLG6G_0fsLGThERVJu075be8PLjUQYnLXcacZFQ5Fb1Iy1WtiE985euAEoBAAEAiiFR9ngiXMzkf41o5CRBY3h0D4DJVisDDhLmAWsiaHggzQCKIS_cmQ6MKXCtROtC7c_Mrsi9A-9NM8DksaHaRwvy6uTZAIpB4TVbsLxc41TEc19wIzpxbi9y5dW5gdfTkRQSSiz0ijmb8Xk3pyBfKAv8JbHp8Yv48gNZUfX67qq0J7yhJqeUoACKIbFb2kTNRzSqm3JRtjc2BPS-FnLFdadlFcV4-6IW7eqLAIogFZfzDN39gZLR9uTz4KHSTaqxWrJgP8-YYssjss6FlFKKIIItgCDv7ompNpY8gBs5bibN8XTsr-JOYSntDVT5Fe5vZWIu
+key = aes.AESKey(key256=b'x' * 32)
+print(key)
+# ▶ AESKey(key256=86a86df7…)
+encrypted = priv.Blob(key=key)
+print(priv == rsa.RSAPrivateKey.Load(encrypted, key=key))
+# ▶ True
+```
+<!-- cspell:enable -->
+#### AES-256 Symmetric Encryption
+Implements AES-256 in **GCM mode** for authenticated encryption and decryption, plus an **ECB mode** helper for fixed-size block encoding.
+Also includes a high-iteration PBKDF2-based key derivation from static passwords.
+##### Key creation
+```py
+from transcrypto import aes
+# From raw bytes (must be exactly 32 bytes)
+key = aes.AESKey(key256=b'\x00' * 32)
+# From a static password (slow, high-iteration PBKDF2-SHA256)
+key = aes.AESKey.FromStaticPassword('correct horse battery staple')
+print(key.encoded)  # URL-safe Base64
+```
+- **Length**: `key256` must be exactly 32 bytes
+- `FromStaticPassword()`:
+  - Uses PBKDF2-HMAC-SHA256 with **fixed** salt and \~2 million iterations
+  - Designed for **interactive** password entry, **not** for password databases
+##### AES-256 + GCM (default)
+```py
+data = b'secret message'
+aad  = b'metadata'
+# Encrypt (returns IV + ciphertext + tag)
+ct = key.Encrypt(data, associated_data=aad)
+# Decrypt
+pt = key.Decrypt(ct, associated_data=aad)
+assert pt == data
+```
+- **Security**:
+  - Random 128-bit IV (`iv`) per encryption
+  - Authenticated tag (128-bit) ensures integrity
+  - Optional `associated_data` is authenticated but not encrypted
+- **Errors**:
+  - Tag mismatch or wrong key → `CryptoError`
+##### AES-256 + ECB (unsafe, fixed block only)
+```py
+# ECB mode is for 16-byte block encoding ONLY
+ecb = key.ECBEncoder()
+block = b'16-byte string!!'
+ct_block = ecb.Encrypt(block)
+pt_block = ecb.Decrypt(ct_block)
+assert pt_block == block
+# Hex helpers
+hex_ct = ecb.EncryptHex('00112233445566778899aabbccddeeff')
+```
+- **ECB mode**:
+  - 16-byte plaintext ↔ 16-byte ciphertext
+  - No padding, no IV, no integrity — **do not use for general encryption**
+  - `associated_data` not supported
+Key points:
+- **GCM mode** is secure for general use; ECB mode is for special low-level operations
+- **Static password derivation** is intentionally slow to resist brute force
+- All sizes and parameters are validated with `InputError` on misuse
 #### RSA (Rivest-Shamir-Adleman) Public Cryptography
 <https://en.wikipedia.org/wiki/RSA_cryptosystem>
@@ -1888,28 +2137,38 @@ By default and deliberate choice the *encryption exponent* will be either 7 or 6
 from transcrypto import rsa
 # Generate a key pair
-priv = rsa.RSAPrivateKey.New(2048)     # 2048-bit modulus
-pub  = rsa.RSAPublicKey.Copy(priv)     # public half
+priv = rsa.RSAPrivateKey.New(2048)        # 2048-bit modulus
+pub  = rsa.RSAPublicKey.Copy(priv)        # public half
 print(priv.public_modulus.bit_length())   # 2048
-# Encrypt & decrypt
+# Safe Encrypt & decrypt
+msg = b'xyz'
+cipher = pub.Encrypt(msg, associated_data=b'aad')
+plain  = priv.Decrypt(cipher, associated_data=b'aad')
+assert plain == msg
+# Safe Sign & verify
+signature = priv.Sign(msg)  # can also have associated_data, optionally
+assert pub.Verify(msg, signature)
+# Raw Encrypt & decrypt
 msg = 123456789  # (Zero is forbidden by design; smallest valid message is 1.)
-cipher = pub.Encrypt(msg)
-plain  = priv.Decrypt(cipher)
+cipher = pub.RawEncrypt(msg)
+plain  = priv.RawDecrypt(cipher)
 assert plain == msg
-# Sign & verify
-signature = priv.Sign(msg)
-assert pub.VerifySignature(msg, signature)
+# Raw Sign & verify
+signature = priv.RawSign(msg)
+assert pub.RawVerify(msg, signature)
 # Blind signatures (obfuscation pair) - only works on raw RSA
 pair = rsa.RSAObfuscationPair.New(pub)
 blind_msg = pair.ObfuscateMessage(msg)            # what you send to signer
-blind_sig = priv.Sign(blind_msg)                  # signer’s output
+blind_sig = priv.RawSign(blind_msg)               # signer’s output
 sig = pair.RevealOriginalSignature(msg, blind_sig)
-assert pub.VerifySignature(msg, sig)
+assert pub.RawVerify(msg, sig)
 ```
 #### El-Gamal Public-Key Cryptography
@@ -1919,61 +2178,39 @@ assert pub.VerifySignature(msg, sig)
 This is **raw El-Gamal** over a prime field — no padding, no hashing — and is **not** DSA.
 For real-world deployments, use a high-level library with authenticated encryption and proper encoding.
-##### Shared Public Key
 ```py
 from transcrypto import elgamal
-# ➊ Shared parameters (prime modulus, group base) for a group
+# Shared parameters (prime modulus, group base) for a group
 shared = elgamal.ElGamalSharedPublicKey.New(256)
 print(shared.prime_modulus)
 print(shared.group_base)
-```
-- `prime_modulus`: large prime `p ≥ 7`
-- `group_base`: integer `3 ≤ g < p`
-- Used to derive individual public/private keys.
-##### Public Key
-```py
-# ➋ Public key from private
+# Public key from private
 priv = elgamal.ElGamalPrivateKey.New(shared)
 pub  = elgamal.ElGamalPublicKey.Copy(priv)
-# Encryption
-msg = 42
-cipher = pub.Encrypt(msg)
-plain = priv.Decrypt(cipher)
+# Safe Encrypt & decrypt
+msg = b'xyz'
+cipher = pub.Encrypt(msg, associated_data=b'aad')
+plain  = priv.Decrypt(cipher, associated_data=b'aad')
 assert plain == msg
-# Signature verify
-sig = priv.Sign(msg)
-assert pub.VerifySignature(msg, sig)
-```
+# Safe Sign & verify
+signature = priv.Sign(msg)  # can also have associated_data, optionally
+assert pub.Verify(msg, signature)
-- `Encrypt(message)` → `(c1, c2)`, both in `[2, p-1]`
-- `VerifySignature(message, signature)` → `True` or `False`
-- `Copy()` extracts public portion from a private key
-##### Private Key
-```py
-# ➌ Private key generation
-priv = elgamal.ElGamalPrivateKey.New(shared)
-# Decryption
-plain = priv.Decrypt(cipher)
+# Raw Encryption
+msg = 42
+cipher = pub.RawEncrypt(msg)
+plain = priv.RawDecrypt(cipher)
+assert plain == msg
-# Signing
-sig = priv.Sign(msg)
-assert pub.VerifySignature(msg, sig)
+# Raw Signature verify
+sig = priv.RawSign(msg)
+assert pub.RawVerify(msg, sig)
 ```
-- `decrypt_exp`: secret exponent `3 ≤ e < p`
-- `Decrypt((c1, c2))` recovers `m`
-- `Sign(m)` returns `(s1, s2)`; both satisfy the modulus constraints
 Key points:
 - **Security parameters**:
@@ -1997,20 +2234,25 @@ This is **raw DSA** over a prime field — **no hashing or padding**. You sign/v
 ```py
 from transcrypto import dsa
-# ➊ Shared parameters (p, q, g)
+# Shared parameters (p, q, g)
 shared = dsa.DSASharedPublicKey.New(p_bits=1024, q_bits=160)
 print(shared.prime_modulus)  # p
 print(shared.prime_seed)     # q  (q | p-1)
 print(shared.group_base)     # g
-# ➋ Individual key pair
+# Individual key pair
 priv = dsa.DSAPrivateKey.New(shared)
 pub  = dsa.DSAPublicKey.Copy(priv)
-# ➌ Sign & verify (message must be 1 ≤ m < q)
+# Safe Sign & verify
+msg = b'xyz'
+signature = priv.Sign(msg)  # can also have associated_data, optionally
+assert pub.Verify(msg, signature)
+# Raw Sign & verify (message must be 1 ≤ m < q)
 msg = 123456789 % shared.prime_seed
-sig = priv.Sign(msg)
-assert pub.VerifySignature(msg, sig)
+sig = priv.RawSign(msg)
+assert pub.RawVerify(msg, sig)
 ```
 - ranges:
@@ -2044,13 +2286,13 @@ This is a way of bidding on some commitment (the `secret`) that can be cryptogra
 from transcrypto import base
 # Generate the private and public bids
-bid_priv = base.PrivateBid.New(secret)    # this one you keep private
-bid_pub = base.PublicBid.Copy(bid_priv)   # this one you publish
+bid_priv = base.PrivateBid512.New(secret)    # this one you keep private
+bid_pub = base.PublicBid512.Copy(bid_priv)   # this one you publish
 # Checking that a bid is genuine requires the public bid and knowing the nonce and the secret:
 print(bid_pub.VerifyBid(private_key, secret_bid))  # these come from a divulged private bid
 # of course, you want to also make sure the provided private data matches your version of it, e.g.:
-bid_pub_expected = base.PublicBid.Copy(bid_priv)
+bid_pub_expected = base.PublicBid512.Copy(bid_priv)
 print(bid_pub == bid_pub_expected)
 ```
@@ -2063,8 +2305,8 @@ This is the information-theoretic SSS but with no authentication or binding betw
 ```py
 from transcrypto import sss
-# ➊  Generate parameters: at least 3 of 5 shares needed,
-#     coefficients & modulus are 128-bit primes
+# Generate parameters: at least 3 of 5 shares needed,
+# coefficients & modulus are 128-bit primes
 priv = sss.ShamirSharedSecretPrivate.New(minimum_shares=3, bit_length=128)
 pub  = sss.ShamirSharedSecretPublic.Copy(priv)   # what you publish
@@ -2072,11 +2314,19 @@ print(f'threshold        : {pub.minimum}')
 print(f'prime mod        : {pub.modulus}')
 print(f'poly coefficients: {priv.polynomial}')         # keep these private!
-# Issuing shares
+# Safe Issuing shares
+secret = b'xyz'
+# Generate 5 shares, each has a copy of the encrypted secret
+five_shares = priv.MakeDataShares(secret, 5)
+for sh in five_shares:
+  print(sh)
+# Raw Issuing shares
 secret = 0xC0FFEE
 # Generate an unlimited stream; here we take 5
-five_shares = list(priv.Shares(secret, max_shares=5))
+five_shares = list(priv.RawShares(secret, max_shares=5))
 for sh in five_shares:
   print(f'share {sh.share_key} → {sh.share_value}')
 ```
@@ -2084,10 +2334,18 @@ for sh in five_shares:
 A single share object looks like `sss.ShamirSharePrivate(minimum=3, modulus=..., share_key=42, share_value=123456789)`.
 ```py
-# Re-constructing the secret
+# Safe Re-constructing the secret
+secret = b'xyz'
+five_shares = priv.MakeDataShares(secret, 5)
+subset = five_shares[:3]                   # any 3 distinct shares
+recovered = subset[0].RecoverData(subset)  # each share has the encrypted data, so you ask it to join with the others
+assert recovered == secret
+# Raw Re-constructing the secret
+secret = 0xC0FFEE
+five_shares = list(priv.RawShares(secret, max_shares=5))
 subset = five_shares[:3]          # any 3 distinct shares
-recovered = pub.RecoverSecret(subset)
+recovered = pub.RawRecoverSecret(subset)
 assert recovered == secret
 ```
@@ -2095,23 +2353,23 @@ If you supply fewer than minimum shares you get a `CryptoError`, unless you expl
 ```py
 try:
-  pub.RecoverSecret(five_shares[:2])        # raises
+  pub.RawRecoverSecret(five_shares[:2])        # raises
 except Exception as e:
   print(e)                                  # "unrecoverable secret …"
 # Force the interpolation even with 2 points (gives a wrong secret, of course)
-print(pub.RecoverSecret(five_shares[:2], force_recover=True))
+print(pub.RawRecoverSecret(five_shares[:2], force_recover=True))
 # Checking that a share is genuine
 share = five_shares[0]
-ok = priv.VerifyShare(secret, share)       # ▶ True
+ok = priv.RawVerifyShare(secret, share)       # ▶ True
 tampered = sss.ShamirSharePrivate(
     minimum=share.minimum,
     modulus=share.modulus,
     share_key=share.share_key,
     share_value=(share.share_value + 1) % share.modulus)
-print(priv.VerifyShare(secret, tampered))  # ▶ False
+print(priv.RawVerifyShare(secret, tampered))  # ▶ False
 ```
 ## Appendix: Development Instructions

transcrypto 1.1.1__py3-none-any.whl → 1.2.0__py3-none-any.whl

transcrypto 1.1.1py3-none-any.whl → 1.2.0py3-none-any.whl