-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathPyCryptodome.config
More file actions
127 lines (116 loc) · 5.56 KB
/
Copy pathPyCryptodome.config
File metadata and controls
127 lines (116 loc) · 5.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
PyCryptodome configuration details
-- AES symmetric key block cipher object constructor
-- block size is 16 bytes
-- key: secret key used for cipher; size must be 128, 192, or 256 bits (except
for SIV mode, which requires doubled key sizes, 256, 384, or 512 bits)
-- mode: block cipher chaining mode of operation. Used to enable encryption of
arbitrary data with block cipher
-- iv: (optional) block size byte string initialization vector for modes: CBC,
CFB, OFB, OPENPGP; if not supplied, value is generated automatically
-- nonce: (optional) single use byte string for modes: CCM, EAX, GCM, SIV, OCB,
and CTR; default size determined by mode; if not supplied, value is
generated automatically
-- segment_size: (optional) number of bits plaintext is segmented into for mode
CFB; must be a multiple of 8
-- mac_len: (optional) length of the authentication tag in bytes in range
[4..16] for modes: EAX, GCM, OCB, CCM
-- msg_len: for mode CCM, length of the message en/decrypt in bytes; if not
supplied, then encrypt must be called with entire message
-- assoc_len: for mode CCM, length of associated data in bytes
-- initial value: (optional) for mode CTR, initial value of the counter part of
the counter block
-- use_aesni: flag that determines whether to use hardware support for AES if
available
Cryptodome.Cipher.AES.new(key, mode, iv, nonce, segment_size, mac_len, msg_len,
assoc_len, initial_value, use_aesni)
key : N/A {byte string}
mode : N/A {ECB, CBC, CFB, OFB, CTR, OPENPGP, CCM, EAX, SIV, GCM, OCB}
iv : N/A {byte string}
nonce : N/A {byte string}
segment_size : 8 {positive integer multiple of 8}
mac_len : 16 {positive integer in range [4..16]}
msg_len : None {positive integer}
assoc_len : None {positive integer}
initial_value : 0 {positive integer}
use_aesni : True {True, False}
-- DES symmetric key block cipher object constructor
-- block size is 8 bytes
-- key: secret key used for cipher; size is 8 bytes
-- nonce: not optional for CTR mode
-- mac_len: size in range [4:8]
Cryptodome.Cipher.DES.new(key, mode, iv, nonce, segment_size, mac_len,
initial_value)
key : N/A {byte string}
mode : N/A {ECB, CBC, CFB, OFB, CTR, OPENPGP, EAX}
iv : N/A {byte string}
nonce : N/A {byte string}
segment_size : 8 {positive integer}
mac_len : 8 {positive integer}
initial_value : 0 {positive value}
-- Triple DES symmetric key block cipher object constructor
-- block size is 8 bytes
-- key: secret key used for cipher; size must be 128 or 192 bits
-- nonce: not option for CTR mode
-- mac_len: size in range [4:8]
Cryptodome.Cipher.DES3.new(key, mode, iv, nonce, segment_size, mac_len,
initial_value)
key : N/A {byte string}
mode : N/A {ECB, CBC, CFB, OFB, CTR, OPENPGP, EAX}
iv : N/A {byte string}
nonce : N/A {byte string}
segment_size : 8 {positive integer}
mac_len : 8 {positive integer}
initial_value : 0 {positive integer}
-- ChaCha20 symmetric stream cipher object constructor
-- key: secret key for cipher; size must be 256 bits
-- nonce: (optional) single use value
Cryptodome.Cipher.ChaCha20.new(key, nonce)
key : N/A {byte string}
nonce : N/A {byte string}
-- Salsa20 symmetric stream cipher object constructor
-- key: secret key for cipher; size must be 128 or 256 bits
-- nonce: (optional) single use value
Cryptodome.Cipher.Salsa20.new(key, nonce)
key : N/A {byte string}
nonce : N/A {byte string}
-- ARC4 symmetric stream cipher object constructor
-- key: secret key for cipher; size must be in range [40..128] bits
-- drop: number of bytes to be dropped from initial part of key stream;
recommended value is 3072
Cryptodome.Cipher.ARC4.new(key, drop)
key : N/A {byte string}
drop : 0 {positive integer}
-- PKCS#1 OAEP public key cipher object constructor
-- key: RSA key; public key used to encrypt, private key used to decrypt;
-- hashAlgo: (optional) Cryptodome.Hash module or object
-- mgfunc: (optional) mask generation function
-- label: (optional) label use for this particular encryption; no security
benefit
-- randfunc: function that returns random bytes
Cryptodome.Cipher.PKCS1_OAEP.new(key, hashAlgo, mgfunc, label, randfunc)
key : N/A {RSA key object}
hashAlgo : Cryptodome.Hash.SHA1 {SHA1, SHA224, SHA256, SHA384, SHA512,
SHA3_224, SHA3_256, SHA3, 382, SHA3_512
BLAKE2s, BLAKE2b}
mgfunc : MGF1 {MGF1}
label : b"" {byte string/array}
randfunc Cryptodome.Random.get_random_bytes {get_random_bytes}
-- PKCS#1 v1.5 public key authentication scheme based on RSA
-- key: an RSA key; private key used for signing, public key used for
verification
Cryptodome.Signature.pkcs1_15.new(rsa_key)
rsa_key: N/A {RSA key object}
-- DSA or ECDSA public key digital signature scheme
-- key: a DSA or ECC key object; private key used for signing, public key used
for verification
-- mode: determines whether to generate a randomized (FIPS 186-3) or
deterministic (RFC 6979) signature according to standard definitions
-- encoding: (optional) format of the output from sign operation, and input to
verify operation;
-- randfunc: function that returns random byte strings; only needed for
'fips-186-3' mode
Crypto.Signature.DSS.new(key, mode, encoding, randfunc)
key : N/A {DSA or ECC key object}
mode : N/A {'fips-186-3', 'deterministic-rfc6979'}
encoding : 'binary' {'binary', 'der'}
randfunc : Cryptodome.Random.get_random_bytes {get_random_bytes}