Python library that provides a simple interface for symmetric (i.e., secret-key) and asymmetric (i.e., public-key) encryption/decryption primitives.
This library provides simple and straightforward methods for symmetric (i.e., secret-key) and asymmetric (i.e., public-key) cryptographic encryption and decryption capabilities. The library's interface is designed for ease of use and therefore hides from users some of the flexibilities and performance trade-offs that can be leveraged via direct use of the underlying cryptographic libraries.
The library's name is a reference to boron trichloride, as it is a wrapper and binding for a limited set of capabilities found in libsodium. However, it can also be an acronym for basic cryptographic library.
This library is available as a package on PyPI:
python -m pip install bcl
The library can be imported in the usual ways:
import bcl
from bcl import *
This library provides concise methods for implementing symmetric encryption workflows:
>>> from bcl import symmetric
>>> s = symmetric.secret() # Generate a secret key.
>>> c = symmetric.encrypt(s, 'abc'.encode())
>>> symmetric.decrypt(s, c).decode('utf-8')
'abc'
Asymmetric encryption workflows are also supported:
>>> from bcl import asymmetric
>>> s = asymmetric.secret() # Generate a secret key.
>>> p = asymmetric.public(s) # Generate a corresponding public key.
>>> c = asymmetric.encrypt(p, 'abc'.encode())
>>> asymmetric.decrypt(s, c).decode('utf-8')
'abc'
This library also provides a number of classes for representing keys (secret and public), nonces, plaintexts, and ciphertexts. All methods expect and return instances of the appropriate classes:
>>> from bcl import secret, public, cipher
>>> s = asymmetric.secret()
>>> isinstance(s, secret)
True
>>> p = asymmetric.public(s)
>>> isinstance(p, public)
True
>>> c = symmetric.encrypt(s, 'abc'.encode())
>>> type(c)
<class 'bcl.bcl.cipher'>
>>> symmetric.decrypt(bytes(s), c)
Traceback (most recent call last):
...
TypeError: can only decrypt using a symmetric secret key
>>> symmetric.decrypt(s, bytes(c))
Traceback (most recent call last):
...
TypeError: can only decrypt a ciphertext
Furthermore, the above classes are derived from bytes
, so all methods and other operators supported by bytes
objects are supported:
>>> p.hex()
'0be9cece7fee92809908bd14666eab96b77deebb488c738445d842a6613b7b48'
In addition, Base64 conversion methods are included for all of the above classes to support concise encoding and decoding of objects:
>>> p.to_base64()
'C+nOzn/ukoCZCL0UZm6rlrd97rtIjHOERdhCpmE7e0g='
>>> b = 'C+nOzn/ukoCZCL0UZm6rlrd97rtIjHOERdhCpmE7e0g='
>>> type(public.from_base64(b))
<class 'bcl.bcl.public'>
All development and installation dependencies are managed using setuptools and are fully specified in setup.cfg
. The extras_require
option is used to specify optional requirements for various development tasks. This makes it possible to specify additional options (such as docs
, lint
, and so on) when performing installation using pip (assuming that the library has already been built successfully):
python -m pip install .[docs,lint]
The library can be built manually from source within Linux and macOS using the sequence of commands below:
python -m pip install .[build]
python -m build --sdist --wheel .
Developing the library further in a local environment and/or building the library from source requires libsodium. The step python -m build --sdist --wheel .
in the above attempts to automatically locate a copy of the libsodium source archive src/bcl/libsodium.tar.gz
. If the archive corresponding to the operating system is not found, the build process attempts to download it. To support building offline, it is necessary to first download the appropriate libsodium archive to its designated location:
wget -O src/bcl/libsodium.tar.gz https://github.com/jedisct1/libsodium/releases/download/1.0.18-RELEASE/libsodium-1.0.18.tar.gz
The process for building manually from source within a Windows environment is not currently documented, but an example of one sequence of steps can be found in the Windows job entry within the GitHub Actions workflow defined in the file .github/workflows/lint-test-cover-docs-build-upload.yml
.
Before documentation can be generated or tests can be executed, it is necessary to run the build process and then to use the command below to move the compiled libsodium shared/dynamic library file into its designated location (so that the module file src/bcl/bcl.py
is able to import it):
cp build/lib*/bcl/_sodium.py src/bcl
Once the package is built, it can be installed manually using the command below:
python -m pip install -f dist . --upgrade
Once the libsodium shared library file is compiled and moved into its designated location (as described in the relevant subsection above), the documentation can be generated automatically from the source files using Sphinx:
python -m pip install .[docs]
cd docs
sphinx-apidoc -f -E --templatedir=_templates -o _source .. ../src/bcl/_sodium_build.py && make html
Before unit tests can be executed, it is first necessary to prepare for local development by compiling and moving into its designated location the libsodium shared library file (as described in the relevant subsection above).
All unit tests are executed and their coverage is measured when using pytest (see pyproject.toml
for configuration details):
python -m pip install .[test]
python -m pytest
Alternatively, all unit tests are included in the module itself and can be executed using doctest:
python src/bcl/bcl.py -v
Style conventions are enforced using Pylint:
python -m pip install .[lint]
python -m pylint src/bcl src/bcl/_sodium.tmpl src/bcl/_sodium_build.py --disable=duplicate-code
In order to contribute to the source code, open an issue or submit a pull request on the GitHub page for this library.
The version number format for this library and the changes to the library associated with version number increments conform with Semantic Versioning 2.0.0.
This library can be published as a package on PyPI by a package maintainer. First, install the dependencies required for packaging and publishing:
python -m pip install .[publish]
Ensure that the correct version number appears in setup.cfg
, and that any links in this README document to the Read the Docs documentation of this package (or its dependencies) have appropriate version numbers. Also ensure that the Read the Docs project for this library has an automation rule that activates and sets as the default all tagged versions. Create and push a tag for this version (replacing ?.?.?
with the version number):
git tag ?.?.?
git push origin ?.?.?
Remove any old build/distribution files. Then, package the source into a distribution archive:
rm -rf build dist src/*.egg-info
python -m build --sdist .
Next, navigate to the appropriate GitHub Actions run of the workflow defined in lint-test-cover-docs-build-upload.yml
. Click on the workflow and scroll down to the Artifacts panel. Download the archive files to the dist
directory. Unzip all the archive files so that only the *.whl
files remain:
cd dist && for i in `ls *.zip`; do unzip $i; done && rm *.zip && cd ..
Finally, upload the package distribution archive to PyPI:
python -m twine upload dist/*