Another libsodium wrapper, with its own scheme.
Chloryne is available via PyPI:
$ pip install chloryne
Installation requires the presence of libsodium
.
Use the up-level interface Chloride
for a full cryptographic scheme.
Key generation:
from chloryne import Chloride
# lib sodium will be initialized automatically
server = Chloride()
client = Chloride()
Key export / import:
server.importKey(client.exportKey())
client.importKey(server.exportKey())
Compute a blake2b-derived shared secret:
assert server.compute() == client.compute()
NOTE: If you want a raw secret use
server.privateKey.compute(client.publicKey, raw=True)
and vice versa.
Signature (Ed25519
):
sig = server.sign(b'data')
assert client.verify(b'data', sig)
NOTE: Signing messages only does not require peer key.
Encryption (Curve25519XSalsa20Poly1305
):
ct = server.encrypt(b'data')
assert client.decrypt(ct) == b'data'
NOTE: Decrypting messages only does not require peer key.
Unsafe MAC (fixed key):
mac = server.unsafeMAC()
mac.update(b'data')
digest = mac.finalize()
mac = client.unsafeMAC()
mac.update(b'data')
assert mac.verify(digest)
Safe MAC (ephemeral keys)
eph, mac = server.safeMAC()
mac.update(b'data')
digest = mac.finalize()
mac = client.safeMAC(eph)
mac.update(b'data')
assert mac.verify(digest)
NOTE: Verifying safe MACs only does not require peer key.
Incremental signing:
from chloryne.signers import Signer
signer = Signer()
signer.update(b'data')
sig = signer.sign(server.privateKey)
signer = Signer()
signer.update(b'data')
assert signer.verify(client.peerPublicKey, sig)
Password hashing:
from chloryne.password import Password
import os
# password-based KDF
salt = os.urandom(32) # must be 32-bytes
Password.derive(b'password', salt)
# password storage
strhash = Password.stringify(b'password')
assert Password.verify(b'password', strhash)
Stream Cipher (XChaCha20
):
from chloryne.ciphers import StreamCipher
import os
key = os.urandom(32)
sc = StreamCipher(key)
ct = sc.encrypt(b'data') + sc.nonce
# other side...
ct, nonce = ct[:-24], ct[-24:]
sc = StreamCipher(key, nonce)
assert sc.decrypt(ct) == b'data'
NOTE:
nonce
isb''
before callingencrypt
if not provided via constructor.
Store a chloride:
sk = server.privateKey.exportKey()
# sk is a bytes object that can be stored anywhere
server = Chloride(sk)
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。