## History
The project is historically named `openssl-encrypt` because it once was a python script wrapper around openssl. But that did not work anymore with recent python versions.
Therefore I decided to do a complete rewrite in pure python also using modern cipher and hashes. So the projectname is a "homage" to the root of all :-)
Whirlpool support: The whirlpool hash algorithm is now supported on all Python versions, including Python 3.11, 3.12, and 3.13. The package will automatically detect your Python version and install the appropriate
Whirlpool implementation.
## Comprehensive Feature Set
### Core Encryption Features
- Military-Grade Symmetric Encryption:
- Fernet (AES-128-CBC) - Default, proven security
- AES-GCM - Authenticated encryption with associated data
- AES-GCM-SIV - Misuse-resistant authenticated encryption
- AES-SIV - Synthetic IV mode for nonce reuse resistance
- AES-OCB3 - High-performance authenticated encryption
- ChaCha20-Poly1305 - Stream cipher with authentication
- XChaCha20-Poly1305 - Extended nonce variant
- Camellia - International standard block cipher
### Advanced Post-Quantum Cryptography
- NIST-Approved Algorithms:
- ML-KEM (Module Lattice KEM) - NIST FIPS 203 standard
- ML-KEM-512 (Security Level 1)
- ML-KEM-768 (Security Level 3)
- ML-KEM-1024 (Security Level 5)
- Kyber KEM - Original CRYSTALS-Kyber implementation
- Kyber-512, Kyber-768, Kyber-1024
- HQC (Hamming Quasi-Cyclic) - NIST 2025 additional KEM
- HQC-128, HQC-192, HQC-256
- MAYO - Multivariate quadratic signature scheme
- MAYO-1 (Security Level 1)
- MAYO-2 (Security Level 1)
- MAYO-3 (Security Level 3)
- MAYO-5 (Security Level 5)
- CROSS - Code-based signature scheme
- CROSS-R-SDPG-1 (Security Level 1)
- CROSS-R-SDPG-3 (Security Level 3)
- CROSS-R-SDPG-5 (Security Level 5)
- Hybrid Encryption Architecture: Combines post-quantum KEMs with classical symmetric encryption for quantum-resistant protection
### Multi-Layer Password Protection
- Cryptographic Hash Functions:
- SHA-2 Family (FIPS 180-4): SHA-512, SHA-384, SHA-256, SHA-224
- SHA-3 Family (FIPS 202): SHA3-512, SHA3-384, SHA3-256, SHA3-224
- BLAKE Family: BLAKE2b (high-performance), BLAKE3 (ultra-fast tree-based)
- SHAKE Functions: SHAKE-256, SHAKE-128 (extendable-output functions)
- Legacy: Whirlpool (512-bit cryptographic hash)
- Key Derivation Functions (KDFs):
- Modern KDFs:
- HKDF - HMAC-based Key Derivation Function (RFC 5869)
- Scrypt - Memory-hard function for GPU resistance
- Argon2 - Winner of Password Hashing Competition (Argon2i, Argon2d, Argon2id variants)
- Balloon Hashing - Memory-hard function with proven security
- Legacy KDF:
- PBKDF2 - Password-Based Key Derivation Function 2
### Enterprise Security Features
- Secure Key Management:
- Local encrypted keystore for PQC keys
- Key rotation and lifecycle management
- Hardware security module (HSM) integration ready
- Memory Security:
- Secure memory allocation and deallocation
- Protection against memory-based attacks
- Buffer overflow prevention
- Secure memory wiping
- File Integrity & Verification:
- Built-in cryptographic hash verification
- Tamper detection mechanisms
- Metadata integrity protection
### Operational Features
- Secure File Operations:
- Military-grade secure deletion (multi-pass overwriting)
- Atomic file operations to prevent corruption
- In-place encryption with safety checks
- Directory recursive processing
- User Interface Options:
- Full-featured graphical user interface (Tkinter-based)
- Comprehensive command-line interface
- Batch processing capabilities
- Progress visualization for long operations
- Flexibility & Customization:
- Pre-configured security templates (Quick, Standard, Paranoid)
- Custom template support
- Glob pattern support for batch operations
- Extensive configuration options
### Advanced Security Implementations
- Password Security:
- Password policy enforcement
- Secure random password generation
- Password confirmation to prevent typos
- Common password dictionary protection
- Algorithm Flexibility:
- Dual encryption modes (classical + post-quantum)
- Algorithm chaining and cascading
- Security level customization
- Future algorithm extensibility
## Architecture & Components
### Core Modules
- crypt.py - Main command-line utility entry point
- crypt_gui.py - Graphical user interface application
- cli.py - CLI routing and argument parsing
- modules/crypt_core.py - Core cryptographic operations
- modules/crypt_cli.py - Command-line interface implementation
- modules/crypt_utils.py - Utility functions and helpers
### Cryptographic Modules
- modules/pqc.py - Post-quantum cryptography implementation
- modules/pqc_adapter.py - PQC algorithm adapter layer
- modules/pqc_liboqs.py - LibOQS integration
- modules/ml_kem_patch.py - ML-KEM specific implementations
- modules/balloon.py - Balloon hash implementation
- modules/secure_memory.py - Memory security functions
- modules/crypto_secure_memory.py - Advanced memory protection
### Security & Management
- modules/keystore_cli.py - Keystore command-line interface
- modules/keystore_utils.py - Keystore utility functions
- modules/keystore_wrapper.py - Keystore abstraction layer
- modules/password_policy.py - Password validation and policies
- modules/algorithm_warnings.py - Security algorithm warnings
- modules/crypt_settings.py - Configuration management
- modules/crypt_errors.py - Custom exception classes
### Testing & Quality Assurance
- Comprehensive Test Suite:
- Unit tests (unittests/unittests.py)
- GUI testing (unittests/test_gui.py)
- Dual encryption tests (tests/dual_encryption/)
- Keystore functionality tests (tests/keystore/)
- Post-quantum algorithm tests
- Backward compatibility tests
- Security Testing:
- Static analysis integration
- Dependency vulnerability scanning
- CI/CD security pipeline
- Comprehensive test file formats (v3, v4, v5)
## Installation & Dependencies
### Core Dependencies
- Python 3.11+ (recommended for full feature support)
- cryptography>=44.0.1 - Core cryptographic primitives
- argon2-cffi>=23.1.0 - Argon2 password hashing
- PyYAML>=6.0.2 - Configuration file support
- whirlpool-py311>=1.0.0 - Whirlpool hash algorithm
- blake3>=1.0.0 - BLAKE3 high-performance hash algorithm
### Optional Dependencies
- liboqs-python - Extended post-quantum algorithm support (HQC, ML-DSA, SLH-DSA, FN-DSA)
- tkinter - GUI interface (usually included with Python)
## Usage Interfaces
### Command-Line Interface
```
# Basic encryption
python -m openssl_encrypt.crypt encrypt -i file.txt -o file.txt.enc
# Post-quantum encryption with MAYO signatures
python -m openssl_encrypt.crypt encrypt -i file.txt --algorithm mayo-3-hybrid
# Modern hash algorithms
python -m openssl_encrypt.crypt encrypt -i file.txt --blake3-rounds 150000 --enable-hkdf
# SHA-3 family encryption
python -m openssl_encrypt.crypt encrypt -i file.txt --sha3-384-rounds 50000
# Using security templates
python -m openssl_encrypt.crypt encrypt -i file.txt --paranoid
# Keystore operations
python -m openssl_encrypt.keystore_cli_main create --keystore-path my_keys.pqc
```
### Graphical User Interface
```
# Launch GUI
python -m openssl_encrypt.crypt_gui
# or
python -m openssl_encrypt.cli --gui
```
The GUI provides intuitive tabs for:
- Encrypt: File encryption with algorithm selection (including MAYO/CROSS post-quantum)
- Decrypt: Secure file decryption
- Shred: Military-grade secure deletion
- Settings: Organized hash families (SHA-2, SHA-3, BLAKE, SHAKE) and modern KDF configuration
## Documentation Structure
The documentation has been consolidated from 37+ files into 10 comprehensive guides for better organization and usability.
### User Documentation
- [**User Guide**](openssl_encrypt/docs/user-guide.md) - Complete installation, usage, examples, and troubleshooting
- [**Keystore Guide**](openssl_encrypt/docs/keystore-guide.md) - PQC keystore management and dual encryption
### Security Documentation
- [**Security Documentation**](openssl_encrypt/docs/security.md) - Comprehensive security architecture, threat model, and best practices
- [**Algorithm Reference**](openssl_encrypt/docs/algorithm-reference.md) - Cryptographic algorithm audit and compliance analysis
- [**Dependency Management**](openssl_encrypt/docs/dependency-management.md) - Security assessment and version pinning policies
### Technical Documentation
- [**Metadata Formats**](openssl_encrypt/docs/metadata-formats.md) - File format specifications and migration guide
- [**Development Setup**](openssl_encrypt/docs/development-setup.md) - Development environment, CI/CD, and testing
### Project Documentation
- [**VERSION.md**](openssl_encrypt/docs/VERSION.md) - Complete version history and changelog
- [**VERSION_PINNING_POLICY.md**](openssl_encrypt/docs/VERSION_PINNING_POLICY.md) - Dependency versioning strategy
- [**TODO.md**](openssl_encrypt/docs/TODO.md) - Development roadmap and planned features
## Development & Testing
### Test Files & Validation
All test files in unittests/testfiles/ are encrypted with password 1234 for testing purposes.
#### Security Templates
- templates/quick.json - Fast encryption with good security
- templates/standard.json - Balanced security and performance (default)
- templates/paranoid.json - Maximum security configuration
#### Build & Distribution
- Modern Python packaging with pyproject.toml
- Docker support with multi-stage builds
- CI/CD integration with GitLab CI
- Automated testing and security scanning
## Support & Issues
You can create issues by mailto:issue+world-openssl-encrypt-2-issue-+gitlab@rm-rf.ch to the linked address.
## License
LICENSE
---
OpenSSL Encrypt - Securing your data for the quantum age with military-grade cryptography and user-friendly interfaces.
Raw data
{
"_id": null,
"home_page": "https://gitlab.rm-rf.ch/world/openssl_encrypt",
"name": "openssl-encrypt",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": null,
"keywords": "encryption, decryption, random-password, secure shredding, security",
"author": "Tobi",
"author_email": "jahlives@gmx.ch",
"download_url": "https://files.pythonhosted.org/packages/80/f8/c9400f9d2b221c787594bd034da0abad7b4731212cff874c58c18a58363a/openssl_encrypt-1.0.1.tar.gz",
"platform": null,
"description": "## History\nThe project is historically named `openssl-encrypt` because it once was a python script wrapper around openssl. But that did not work anymore with recent python versions.\nTherefore I decided to do a complete rewrite in pure python also using modern cipher and hashes. So the projectname is a \"homage\" to the root of all :-)\n\nWhirlpool support: The whirlpool hash algorithm is now supported on all Python versions, including Python 3.11, 3.12, and 3.13. The package will automatically detect your Python version and install the appropriate\nWhirlpool implementation.\n\n## Comprehensive Feature Set\n\n### Core Encryption Features\n\n - Military-Grade Symmetric Encryption:\n - Fernet (AES-128-CBC) - Default, proven security\n - AES-GCM - Authenticated encryption with associated data\n - AES-GCM-SIV - Misuse-resistant authenticated encryption\n - AES-SIV - Synthetic IV mode for nonce reuse resistance\n - AES-OCB3 - High-performance authenticated encryption\n - ChaCha20-Poly1305 - Stream cipher with authentication\n - XChaCha20-Poly1305 - Extended nonce variant\n - Camellia - International standard block cipher\n\n### Advanced Post-Quantum Cryptography\n\n - NIST-Approved Algorithms:\n - ML-KEM (Module Lattice KEM) - NIST FIPS 203 standard\n - ML-KEM-512 (Security Level 1)\n - ML-KEM-768 (Security Level 3)\n - ML-KEM-1024 (Security Level 5)\n - Kyber KEM - Original CRYSTALS-Kyber implementation\n - Kyber-512, Kyber-768, Kyber-1024\n - HQC (Hamming Quasi-Cyclic) - NIST 2025 additional KEM\n - HQC-128, HQC-192, HQC-256\n - MAYO - Multivariate quadratic signature scheme\n - MAYO-1 (Security Level 1)\n - MAYO-2 (Security Level 1)\n - MAYO-3 (Security Level 3)\n - MAYO-5 (Security Level 5)\n - CROSS - Code-based signature scheme\n - CROSS-R-SDPG-1 (Security Level 1)\n - CROSS-R-SDPG-3 (Security Level 3)\n - CROSS-R-SDPG-5 (Security Level 5)\n - Hybrid Encryption Architecture: Combines post-quantum KEMs with classical symmetric encryption for quantum-resistant protection\n\n### Multi-Layer Password Protection\n\n - Cryptographic Hash Functions:\n - SHA-2 Family (FIPS 180-4): SHA-512, SHA-384, SHA-256, SHA-224\n - SHA-3 Family (FIPS 202): SHA3-512, SHA3-384, SHA3-256, SHA3-224\n - BLAKE Family: BLAKE2b (high-performance), BLAKE3 (ultra-fast tree-based)\n - SHAKE Functions: SHAKE-256, SHAKE-128 (extendable-output functions)\n - Legacy: Whirlpool (512-bit cryptographic hash)\n - Key Derivation Functions (KDFs):\n - Modern KDFs:\n - HKDF - HMAC-based Key Derivation Function (RFC 5869)\n - Scrypt - Memory-hard function for GPU resistance\n - Argon2 - Winner of Password Hashing Competition (Argon2i, Argon2d, Argon2id variants)\n - Balloon Hashing - Memory-hard function with proven security\n - Legacy KDF:\n - PBKDF2 - Password-Based Key Derivation Function 2\n\n### Enterprise Security Features\n\n - Secure Key Management:\n - Local encrypted keystore for PQC keys\n - Key rotation and lifecycle management\n - Hardware security module (HSM) integration ready\n - Memory Security:\n - Secure memory allocation and deallocation\n - Protection against memory-based attacks\n - Buffer overflow prevention\n - Secure memory wiping\n - File Integrity & Verification:\n - Built-in cryptographic hash verification\n - Tamper detection mechanisms\n - Metadata integrity protection\n\n### Operational Features\n\n - Secure File Operations:\n - Military-grade secure deletion (multi-pass overwriting)\n - Atomic file operations to prevent corruption\n - In-place encryption with safety checks\n - Directory recursive processing\n - User Interface Options:\n - Full-featured graphical user interface (Tkinter-based)\n - Comprehensive command-line interface\n - Batch processing capabilities\n - Progress visualization for long operations\n - Flexibility & Customization:\n - Pre-configured security templates (Quick, Standard, Paranoid)\n - Custom template support\n - Glob pattern support for batch operations\n - Extensive configuration options\n\n### Advanced Security Implementations\n\n - Password Security:\n - Password policy enforcement\n - Secure random password generation\n - Password confirmation to prevent typos\n - Common password dictionary protection\n - Algorithm Flexibility:\n - Dual encryption modes (classical + post-quantum)\n - Algorithm chaining and cascading\n - Security level customization\n - Future algorithm extensibility\n\n## Architecture & Components\n\n### Core Modules\n\n - crypt.py - Main command-line utility entry point\n - crypt_gui.py - Graphical user interface application\n - cli.py - CLI routing and argument parsing\n - modules/crypt_core.py - Core cryptographic operations\n - modules/crypt_cli.py - Command-line interface implementation\n - modules/crypt_utils.py - Utility functions and helpers\n\n### Cryptographic Modules\n\n - modules/pqc.py - Post-quantum cryptography implementation\n - modules/pqc_adapter.py - PQC algorithm adapter layer\n - modules/pqc_liboqs.py - LibOQS integration\n - modules/ml_kem_patch.py - ML-KEM specific implementations\n - modules/balloon.py - Balloon hash implementation\n - modules/secure_memory.py - Memory security functions\n - modules/crypto_secure_memory.py - Advanced memory protection\n\n### Security & Management\n\n - modules/keystore_cli.py - Keystore command-line interface\n - modules/keystore_utils.py - Keystore utility functions\n - modules/keystore_wrapper.py - Keystore abstraction layer\n - modules/password_policy.py - Password validation and policies\n - modules/algorithm_warnings.py - Security algorithm warnings\n - modules/crypt_settings.py - Configuration management\n - modules/crypt_errors.py - Custom exception classes\n\n### Testing & Quality Assurance\n\n - Comprehensive Test Suite:\n - Unit tests (unittests/unittests.py)\n - GUI testing (unittests/test_gui.py)\n - Dual encryption tests (tests/dual_encryption/)\n - Keystore functionality tests (tests/keystore/)\n - Post-quantum algorithm tests\n - Backward compatibility tests\n - Security Testing:\n - Static analysis integration\n - Dependency vulnerability scanning\n - CI/CD security pipeline\n - Comprehensive test file formats (v3, v4, v5)\n\n## Installation & Dependencies\n\n### Core Dependencies\n\n - Python 3.11+ (recommended for full feature support)\n - cryptography>=44.0.1 - Core cryptographic primitives\n - argon2-cffi>=23.1.0 - Argon2 password hashing\n - PyYAML>=6.0.2 - Configuration file support\n - whirlpool-py311>=1.0.0 - Whirlpool hash algorithm\n - blake3>=1.0.0 - BLAKE3 high-performance hash algorithm\n\n### Optional Dependencies\n\n - liboqs-python - Extended post-quantum algorithm support (HQC, ML-DSA, SLH-DSA, FN-DSA)\n - tkinter - GUI interface (usually included with Python)\n\n## Usage Interfaces\n\n### Command-Line Interface\n```\n # Basic encryption\n python -m openssl_encrypt.crypt encrypt -i file.txt -o file.txt.enc\n\n # Post-quantum encryption with MAYO signatures\n python -m openssl_encrypt.crypt encrypt -i file.txt --algorithm mayo-3-hybrid\n\n # Modern hash algorithms\n python -m openssl_encrypt.crypt encrypt -i file.txt --blake3-rounds 150000 --enable-hkdf\n\n # SHA-3 family encryption\n python -m openssl_encrypt.crypt encrypt -i file.txt --sha3-384-rounds 50000\n\n # Using security templates\n python -m openssl_encrypt.crypt encrypt -i file.txt --paranoid\n\n # Keystore operations\n python -m openssl_encrypt.keystore_cli_main create --keystore-path my_keys.pqc\n```\n### Graphical User Interface\n```\n # Launch GUI\n python -m openssl_encrypt.crypt_gui\n # or\n python -m openssl_encrypt.cli --gui\n```\n The GUI provides intuitive tabs for:\n - Encrypt: File encryption with algorithm selection (including MAYO/CROSS post-quantum)\n - Decrypt: Secure file decryption\n - Shred: Military-grade secure deletion\n - Settings: Organized hash families (SHA-2, SHA-3, BLAKE, SHAKE) and modern KDF configuration\n\n## Documentation Structure\n\nThe documentation has been consolidated from 37+ files into 10 comprehensive guides for better organization and usability.\n\n### User Documentation\n\n - [**User Guide**](openssl_encrypt/docs/user-guide.md) - Complete installation, usage, examples, and troubleshooting\n - [**Keystore Guide**](openssl_encrypt/docs/keystore-guide.md) - PQC keystore management and dual encryption\n\n### Security Documentation\n\n - [**Security Documentation**](openssl_encrypt/docs/security.md) - Comprehensive security architecture, threat model, and best practices\n - [**Algorithm Reference**](openssl_encrypt/docs/algorithm-reference.md) - Cryptographic algorithm audit and compliance analysis\n - [**Dependency Management**](openssl_encrypt/docs/dependency-management.md) - Security assessment and version pinning policies\n\n### Technical Documentation\n\n - [**Metadata Formats**](openssl_encrypt/docs/metadata-formats.md) - File format specifications and migration guide\n - [**Development Setup**](openssl_encrypt/docs/development-setup.md) - Development environment, CI/CD, and testing\n\n### Project Documentation\n\n - [**VERSION.md**](openssl_encrypt/docs/VERSION.md) - Complete version history and changelog\n - [**VERSION_PINNING_POLICY.md**](openssl_encrypt/docs/VERSION_PINNING_POLICY.md) - Dependency versioning strategy\n - [**TODO.md**](openssl_encrypt/docs/TODO.md) - Development roadmap and planned features\n\n## Development & Testing\n\n### Test Files & Validation\n\n All test files in unittests/testfiles/ are encrypted with password 1234 for testing purposes.\n\n#### Security Templates\n\n - templates/quick.json - Fast encryption with good security\n - templates/standard.json - Balanced security and performance (default)\n - templates/paranoid.json - Maximum security configuration\n\n#### Build & Distribution\n\n - Modern Python packaging with pyproject.toml\n - Docker support with multi-stage builds\n - CI/CD integration with GitLab CI\n - Automated testing and security scanning\n\n## Support & Issues\n\n You can create issues by mailto:issue+world-openssl-encrypt-2-issue-+gitlab@rm-rf.ch to the linked address.\n\n## License\n\n LICENSE\n\n ---\n OpenSSL Encrypt - Securing your data for the quantum age with military-grade cryptography and user-friendly interfaces.\n",
"bugtrack_url": null,
"license": null,
"summary": "A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files",
"version": "1.0.1",
"project_urls": {
"Bug Tracker": "https://gitlab.rm-rf.ch/world/openssl_encrypt/-/issues",
"Documentation": "https://gitlab.rm-rf.ch/world/openssl_encrypt/-/tree/main/openssl_encrypt/docs",
"Homepage": "https://gitlab.rm-rf.ch/world/openssl_encrypt",
"Source Code": "https://gitlab.rm-rf.ch/world/openssl_encrypt/-/tree/main/openssl_encrypt"
},
"split_keywords": [
"encryption",
" decryption",
" random-password",
" secure shredding",
" security"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "67280ac1a8e00117564278423d321230624a7cf3cddaf895723e92387fc0ad3c",
"md5": "c56136c88fecbb9d0b6629ae383186cd",
"sha256": "a591f597f1c802ea73667eaa18a883ef1c3d9859126b46847328fdc8c42b502d"
},
"downloads": -1,
"filename": "openssl_encrypt-1.0.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "c56136c88fecbb9d0b6629ae383186cd",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 322335,
"upload_time": "2025-08-15T11:27:48",
"upload_time_iso_8601": "2025-08-15T11:27:48.043237Z",
"url": "https://files.pythonhosted.org/packages/67/28/0ac1a8e00117564278423d321230624a7cf3cddaf895723e92387fc0ad3c/openssl_encrypt-1.0.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "80f8c9400f9d2b221c787594bd034da0abad7b4731212cff874c58c18a58363a",
"md5": "96d40ee27a19cd38b56a1d674e94e593",
"sha256": "fcf0927c54b01894b8b89106e276e22378a1a4ad62f0b7632624da0223a5aff8"
},
"downloads": -1,
"filename": "openssl_encrypt-1.0.1.tar.gz",
"has_sig": false,
"md5_digest": "96d40ee27a19cd38b56a1d674e94e593",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 300227,
"upload_time": "2025-08-15T11:27:49",
"upload_time_iso_8601": "2025-08-15T11:27:49.949980Z",
"url": "https://files.pythonhosted.org/packages/80/f8/c9400f9d2b221c787594bd034da0abad7b4731212cff874c58c18a58363a/openssl_encrypt-1.0.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-08-15 11:27:49",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "openssl-encrypt"
}
JSON