Library reference¶
The PEP272Cipher class¶
Subclass and overwrite the PEP272Cipher.encrypt_block and PEP272Cipher.decrypt_block methods and the block_size attribute.
Block cipher mode of operation¶
Note
For mote details about different modes of operation, see Discussions/Block cipher mode of operation.
Block ciphers can be used in different modes of operation. The mode of operation can be set by passing one of the constants to the cipher object. Different modes of operation may require to pass extra arguments to the constructor.
Below is an example from the mostly PEP-272 compliant PyCryptodome.
>>> from Crypto.Cipher import AES
>>> iv = b'random 16 bytes!'
>>> key = b'0123456789abcdef'
>>> cipher = AES.new(key, mode=AES.MODE_CBC, IV=iv)
>>> cipher.encrypt(b'\00'*16)
b'j\xa2\xb5\x80\xf7\xbd\xb4I\xda\xea\x9aN\x9d\xb5\x9a\x17'
This library supports following modes of operation:
- Electronic code book (ECB)
- Cipher Block Chaining (CBC)
- Cipher Feedback (CFB)
- Output Feedback (OFB)
- Counter (CTR)
Not supported is, but may be implemented in the future:
- PGP variant of CFB (PGP)
Planned modes are (extending to PEP-272):
- Propagating Cipher Block Chaining (PCBC), used in older Kerberos versions
- Infinite Garble Extension (IGE), used by Telegram.
- OpenPGP mode, compatible to PyCrypto or PyCryptodome.
Authenticated encryption (AE) or authenticated encryption with associated data (AEAD) will probably not be supported, as they would require additional methods to finalize the encryption and sometimes have special requirements.
Electronic Code Book Mode (ECB)¶
Warning
The ECB mode is not semantically secure.
The ECB mode of operation is the simplest one - each plaintext block is independently encrypted.
| param test: | bla |
|---|
Cipher Block Chaining Mode (CBC)¶
To solve the problems of the ECB mode, a plaintext block is xored to the previous ciphertext block. For the very “first” ciphertext an initialization vector (IV) is used.
Plain- / ciphertexts must be multiple of blocksize in length.
Cipher Feedback Mode (CFB)¶
The CFB mode of operation makes a stream cipher out of the block cipher. The
block size of the cipher is reduced to segment_size.
Plain- and ciphertext must be a multiple of segment_size in length.
Output Feedback (OFB)¶
OFB uses a CBC encryption of a stream of null bytes to create a keystream.
Counter mode of operation¶
CTR encrypts a counter to create a keystream.