cryptography is a Python library which exposes cryptographic recipes and
primitives. Our goal is for it to be your “cryptographic standard library”. If
you are interested in learning more about the field of cryptography, we
recommend Crypto 101, by Laurens Van Houtven.
You can install
$ pip install cryptography
See Installation for more information.
Why a new crypto library for Python?¶
If you’ve done cryptographic work in Python before, you’ve probably seen some
other libraries in Python, such as M2Crypto, PyCrypto, or PyOpenSSL. In
cryptography we wanted to address a few issues we observed in the
- Lack of PyPy and Python 3 support.
- Lack of maintenance.
- Use of poor implementations of algorithms (i.e. ones with known side-channel attacks).
- Lack of high level, “Cryptography for humans”, APIs.
- Absence of algorithms such as
- Poor introspectability, and thus poor testability.
- Extremely error prone APIs, and bad defaults.
cryptography is broadly divided into two levels. One with safe
cryptographic recipes, “cryptography for humans” if you will. These are safe
and easy to use and don’t require developers to make many decisions.
The other level is low-level cryptographic primitives. These are often
dangerous and can be used incorrectly. They require making decisions and having
an in-depth knowledge of the cryptographic concepts at work. Because of the
potential danger in working at this level, this is referred to as the
“hazardous materials” or “hazmat” layer. These live in the
cryptography.hazmat package, and their documentation will always contain an
admonition at the top.
We recommend using the recipes layer whenever possible, and falling back to the hazmat layer only when necessary.
The recipes layer¶
- Fernet (symmetric encryption)
- Loading Certificates
- Loading Certificate Signing Requests
- X.509 Certificate Object
- X.509 CRL (Certificate Revocation List) Object
- X.509 CSR (Certificate Signing Request) Object
- X.509 Revoked Certificate Object
- X.509 CSR (Certificate Signing Request) Builder Object
- General Name Classes
- X.509 Extensions
- Certificate Policies Classes
- Object Identifiers
- Name OIDs
- Signature Algorithm OIDs
- Extended Key Usage OIDs
- Authority Information Access OIDs
- Policy Qualifier OIDs
- Extension OIDs
- Random number generation
- Frequently asked questions
The hazardous materials layer¶
cryptography open source project¶
- Known security limitations
- API stability
- Doing a release
- 1.0 - master
- 0.9.2 - 2015-07-04
- 0.9.1 - 2015-06-06
- 0.9 - 2015-05-13
- 0.8.2 - 2015-04-10
- 0.8.1 - 2015-03-20
- 0.8 - 2015-03-08
- 0.7.2 - 2015-01-16
- 0.7.1 - 2014-12-28
- 0.7 - 2014-12-17
- 0.6.1 - 2014-10-15
- 0.6 - 2014-09-29
- 0.5.4 - 2014-08-20
- 0.5.3 - 2014-08-06
- 0.5.2 - 2014-07-09
- 0.5.1 - 2014-07-07
- 0.5 - 2014-07-07
- 0.4 - 2014-05-03
- 0.3 - 2014-03-27
- 0.2.2 - 2014-03-03
- 0.2.1 - 2014-02-22
- 0.2 - 2014-02-20
- 0.1 - 2014-01-08
cryptography has not been subjected to an external audit of its code or
documentation. If you’re interested in discussing an audit please
get in touch.