# WinHello-Crypto
[](https://github.com/SergeDubovsky/WinHello-Crypto/actions/workflows/ci.yml)
[](https://github.com/SergeDubovsky/WinHello-Crypto/actions/workflows/security-tests.yml)
[](https://codecov.io/gh/SergeDubovsky/WinHello-Crypto)
[](https://badge.fury.io/py/winhello-crypto)
[](https://pypi.org/project/winhello-crypto/)
[](https://opensource.org/licenses/Apache-2.0)
Secure AWS credential storage and file encryption using Windows Hello biometric authentication.
## Quick Start
### Install
```bash
pip install winhello-crypto
```
### AWS Credentials Manager
```bash
# Store AWS credentials
aws-hello-creds set myprofile --access-key AKIA... --secret-key secret123
# Use stored credentials
aws-hello-creds get myprofile
# List all profiles
aws-hello-creds list
# Export as environment variables
aws-hello-creds export myprofile
```
### File Encryption
```bash
# Encrypt a file
winhello-crypto encrypt myfile.txt
# Decrypt a file
winhello-crypto decrypt myfile.txt.enc
```
## AWS Credentials Manager Commands
### Basic Operations
```bash
# Store credentials
aws-hello-creds set <profile> --access-key <key> --secret-key <secret> [--session-token <token>] [--region <region>]
# Retrieve credentials
aws-hello-creds get <profile> [--format json|env|ini]
# List all profiles
aws-hello-creds list [--format table|json]
# Delete credentials
aws-hello-creds delete <profile>
# Check if profile exists
aws-hello-creds exists <profile>
```
### Advanced Operations
```bash
# Backup all credentials to encrypted file
aws-hello-creds backup --file backup.enc
# Restore credentials from backup
aws-hello-creds restore --file backup.enc
# Rotate credentials (requires AWS CLI configured)
aws-hello-creds rotate <profile>
# Export as environment variables
aws-hello-creds export <profile> [--shell bash|powershell|cmd]
# Copy profile
aws-hello-creds copy <source> <destination>
# Update existing profile
aws-hello-creds update <profile> [--access-key <key>] [--secret-key <secret>] [--session-token <token>] [--region <region>]
```
### File Operations
```bash
# Encrypt file with profile credentials
aws-hello-creds encrypt-file <profile> <input-file> [--output <output-file>]
# Decrypt file with profile credentials
aws-hello-creds decrypt-file <profile> <input-file> [--output <output-file>]
```
## File Encryption Commands
```bash
# Encrypt file
winhello-crypto encrypt <input-file> [--output <output-file>]
# Decrypt file
winhello-crypto decrypt <input-file> [--output <output-file>]
# Verify integrity
winhello-crypto verify <encrypted-file>
```
## Use Cases
### Development Workflows
```bash
# Set up dev environment
aws-hello-creds set dev --access-key AKIA... --secret-key secret123 --region us-west-2
aws-hello-creds export dev --shell powershell
# Switch to production
aws-hello-creds export prod --shell powershell
```
### CI/CD Integration
```bash
# Backup before deployment
aws-hello-creds backup --file pre-deploy-backup.enc
# Restore if needed
aws-hello-creds restore --file pre-deploy-backup.enc
```
### Secure File Sharing
```bash
# Encrypt sensitive files
winhello-crypto encrypt config.json
winhello-crypto encrypt database-backup.sql
# Share encrypted files safely
# Recipients need Windows Hello to decrypt
```
## Security Features
- **Windows Hello Integration**: Uses biometric authentication (fingerprint, face, PIN)
- **AES-256-GCM Encryption**: Military-grade encryption for stored credentials
- **No Plain Text Storage**: All credentials encrypted at rest
- **Secure Key Derivation**: PBKDF2 with high iteration count
- **Memory Protection**: Sensitive data cleared from memory after use
## Requirements
- Windows 10/11 with Windows Hello enabled
- Python 3.7+
- Biometric device (fingerprint reader, camera) or PIN set up
## Troubleshooting
### Windows Hello Not Available
```
Error: Windows Hello is not available on this device
```
**Solution**: Enable Windows Hello in Settings > Accounts > Sign-in options
### Authentication Failed
```
Error: User verification failed
```
**Solution**:
- Ensure biometric device is working
- Try using PIN if biometric fails
- Check Windows Hello is enabled for apps
### Profile Not Found
```
Error: Profile 'myprofile' not found
```
**Solution**: Use `aws-hello-creds list` to see available profiles
### Permission Denied
```
Error: Access denied to Windows Credential Manager
```
**Solution**: Run as administrator or check Windows Credential Manager permissions
## Development
```bash
# Install development dependencies
pip install -e ".[dev]"
# Run tests
pytest
# Run security checks
bandit -r .
safety check
# Format code
black .
```
## License
Apache License 2.0 - see [LICENSE](LICENSE) for details.
Raw data
{
"_id": null,
"home_page": "https://github.com/SergeDubovsky/WinHello-Crypto",
"name": "winhello-crypto",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": null,
"keywords": "windows-hello, biometric, authentication, encryption, aws, credentials, security, cryptography",
"author": "Serge Dubovsky",
"author_email": "Serge Dubovsky <serge@lavinna.com>",
"download_url": "https://files.pythonhosted.org/packages/6d/27/ff74ede319df7a4d884a8ab5ce8b164a475fd2346436e9d714961de391ae/winhello_crypto-2.1.9.tar.gz",
"platform": "Windows",
"description": "# WinHello-Crypto\n\n[](https://github.com/SergeDubovsky/WinHello-Crypto/actions/workflows/ci.yml)\n[](https://github.com/SergeDubovsky/WinHello-Crypto/actions/workflows/security-tests.yml)\n[](https://codecov.io/gh/SergeDubovsky/WinHello-Crypto)\n[](https://badge.fury.io/py/winhello-crypto)\n[](https://pypi.org/project/winhello-crypto/)\n[](https://opensource.org/licenses/Apache-2.0)\n\nSecure AWS credential storage and file encryption using Windows Hello biometric authentication.\n\n## Quick Start\n\n### Install\n```bash\npip install winhello-crypto\n```\n\n### AWS Credentials Manager\n```bash\n# Store AWS credentials\naws-hello-creds set myprofile --access-key AKIA... --secret-key secret123\n\n# Use stored credentials \naws-hello-creds get myprofile\n\n# List all profiles\naws-hello-creds list\n\n# Export as environment variables\naws-hello-creds export myprofile\n```\n\n### File Encryption\n```bash\n# Encrypt a file\nwinhello-crypto encrypt myfile.txt\n\n# Decrypt a file\nwinhello-crypto decrypt myfile.txt.enc\n```\n\n## AWS Credentials Manager Commands\n\n### Basic Operations\n```bash\n# Store credentials\naws-hello-creds set <profile> --access-key <key> --secret-key <secret> [--session-token <token>] [--region <region>]\n\n# Retrieve credentials\naws-hello-creds get <profile> [--format json|env|ini]\n\n# List all profiles\naws-hello-creds list [--format table|json]\n\n# Delete credentials\naws-hello-creds delete <profile>\n\n# Check if profile exists\naws-hello-creds exists <profile>\n```\n\n### Advanced Operations\n```bash\n# Backup all credentials to encrypted file\naws-hello-creds backup --file backup.enc\n\n# Restore credentials from backup\naws-hello-creds restore --file backup.enc\n\n# Rotate credentials (requires AWS CLI configured)\naws-hello-creds rotate <profile>\n\n# Export as environment variables\naws-hello-creds export <profile> [--shell bash|powershell|cmd]\n\n# Copy profile\naws-hello-creds copy <source> <destination>\n\n# Update existing profile\naws-hello-creds update <profile> [--access-key <key>] [--secret-key <secret>] [--session-token <token>] [--region <region>]\n```\n\n### File Operations\n```bash\n# Encrypt file with profile credentials\naws-hello-creds encrypt-file <profile> <input-file> [--output <output-file>]\n\n# Decrypt file with profile credentials\naws-hello-creds decrypt-file <profile> <input-file> [--output <output-file>]\n```\n\n## File Encryption Commands\n\n```bash\n# Encrypt file\nwinhello-crypto encrypt <input-file> [--output <output-file>]\n\n# Decrypt file\nwinhello-crypto decrypt <input-file> [--output <output-file>]\n\n# Verify integrity\nwinhello-crypto verify <encrypted-file>\n```\n\n## Use Cases\n\n### Development Workflows\n```bash\n# Set up dev environment\naws-hello-creds set dev --access-key AKIA... --secret-key secret123 --region us-west-2\naws-hello-creds export dev --shell powershell\n\n# Switch to production\naws-hello-creds export prod --shell powershell\n```\n\n### CI/CD Integration\n```bash\n# Backup before deployment\naws-hello-creds backup --file pre-deploy-backup.enc\n\n# Restore if needed\naws-hello-creds restore --file pre-deploy-backup.enc\n```\n\n### Secure File Sharing\n```bash\n# Encrypt sensitive files\nwinhello-crypto encrypt config.json\nwinhello-crypto encrypt database-backup.sql\n\n# Share encrypted files safely\n# Recipients need Windows Hello to decrypt\n```\n\n## Security Features\n\n- **Windows Hello Integration**: Uses biometric authentication (fingerprint, face, PIN)\n- **AES-256-GCM Encryption**: Military-grade encryption for stored credentials\n- **No Plain Text Storage**: All credentials encrypted at rest\n- **Secure Key Derivation**: PBKDF2 with high iteration count\n- **Memory Protection**: Sensitive data cleared from memory after use\n\n## Requirements\n\n- Windows 10/11 with Windows Hello enabled\n- Python 3.7+\n- Biometric device (fingerprint reader, camera) or PIN set up\n\n## Troubleshooting\n\n### Windows Hello Not Available\n```\nError: Windows Hello is not available on this device\n```\n**Solution**: Enable Windows Hello in Settings > Accounts > Sign-in options\n\n### Authentication Failed\n```\nError: User verification failed\n```\n**Solution**: \n- Ensure biometric device is working\n- Try using PIN if biometric fails\n- Check Windows Hello is enabled for apps\n\n### Profile Not Found\n```\nError: Profile 'myprofile' not found\n```\n**Solution**: Use `aws-hello-creds list` to see available profiles\n\n### Permission Denied\n```\nError: Access denied to Windows Credential Manager\n```\n**Solution**: Run as administrator or check Windows Credential Manager permissions\n\n## Development\n\n```bash\n# Install development dependencies\npip install -e \".[dev]\"\n\n# Run tests\npytest\n\n# Run security checks\nbandit -r .\nsafety check\n\n# Format code\nblack .\n```\n\n## License\n\nApache License 2.0 - see [LICENSE](LICENSE) for details.\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "Secure AWS credential storage and file encryption using Windows Hello biometric authentication",
"version": "2.1.9",
"project_urls": {
"Bug Reports": "https://github.com/SergeDubovsky/WinHello-Crypto/issues",
"Documentation": "https://github.com/SergeDubovsky/WinHello-Crypto/blob/main/README.md",
"Homepage": "https://github.com/SergeDubovsky/WinHello-Crypto",
"Repository": "https://github.com/SergeDubovsky/WinHello-Crypto"
},
"split_keywords": [
"windows-hello",
" biometric",
" authentication",
" encryption",
" aws",
" credentials",
" security",
" cryptography"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "c504d33ec6551d3f8faa1242e909cb096a3bcbfc4bdbbbc6cb19c1bf40d48b4d",
"md5": "35f2baa4f5e5a893eb006e6cc48d3a3d",
"sha256": "f30ac31df82d56871e862e50f09e458bccce13844172342757b1c8d263d30679"
},
"downloads": -1,
"filename": "winhello_crypto-2.1.9-py3-none-any.whl",
"has_sig": false,
"md5_digest": "35f2baa4f5e5a893eb006e6cc48d3a3d",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 44848,
"upload_time": "2025-08-06T22:54:00",
"upload_time_iso_8601": "2025-08-06T22:54:00.245634Z",
"url": "https://files.pythonhosted.org/packages/c5/04/d33ec6551d3f8faa1242e909cb096a3bcbfc4bdbbbc6cb19c1bf40d48b4d/winhello_crypto-2.1.9-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "6d27ff74ede319df7a4d884a8ab5ce8b164a475fd2346436e9d714961de391ae",
"md5": "bc264a59263b78c2fa9ebc27b5c21d08",
"sha256": "e0671a769d503bd16296b732a0f4fbe82f6b05f6459e0daa99227932dd84b3d1"
},
"downloads": -1,
"filename": "winhello_crypto-2.1.9.tar.gz",
"has_sig": false,
"md5_digest": "bc264a59263b78c2fa9ebc27b5c21d08",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 61716,
"upload_time": "2025-08-06T22:54:01",
"upload_time_iso_8601": "2025-08-06T22:54:01.403458Z",
"url": "https://files.pythonhosted.org/packages/6d/27/ff74ede319df7a4d884a8ab5ce8b164a475fd2346436e9d714961de391ae/winhello_crypto-2.1.9.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-08-06 22:54:01",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "SergeDubovsky",
"github_project": "WinHello-Crypto",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "bandit",
"specs": [
[
"<",
"2.0.0"
],
[
">=",
"1.7.5"
]
]
},
{
"name": "safety",
"specs": [
[
">=",
"3.2.0"
],
[
"<",
"3.3.0"
]
]
},
{
"name": "sphinx",
"specs": [
[
"<",
"8.0.0"
],
[
">=",
"7.0.0"
]
]
},
{
"name": "sphinx-rtd-theme",
"specs": [
[
"<",
"3.0.0"
],
[
">=",
"2.0.0"
]
]
},
{
"name": "cryptography",
"specs": [
[
"<",
"46.0.0"
],
[
">=",
"45.0.6"
]
]
},
{
"name": "winrt-runtime",
"specs": [
[
">=",
"3.2.0"
],
[
"<",
"4.0.0"
]
]
},
{
"name": "winrt-Windows.Security.Credentials",
"specs": [
[
">=",
"3.2.0"
],
[
"<",
"4.0.0"
]
]
},
{
"name": "winrt-Windows.Storage.Streams",
"specs": [
[
">=",
"3.2.0"
],
[
"<",
"4.0.0"
]
]
},
{
"name": "psutil",
"specs": [
[
"<",
"6.0.0"
],
[
">=",
"5.9.0"
]
]
},
{
"name": "pytest",
"specs": [
[
">=",
"8.3.0"
],
[
"<",
"9.0.0"
]
]
},
{
"name": "pytest-asyncio",
"specs": [
[
"<",
"1.0.0"
],
[
">=",
"0.24.0"
]
]
},
{
"name": "pytest-cov",
"specs": [
[
"<",
"6.0.0"
],
[
">=",
"5.0.0"
]
]
},
{
"name": "black",
"specs": [
[
"<",
"25.0.0"
],
[
">=",
"24.0.0"
]
]
},
{
"name": "flake8",
"specs": [
[
">=",
"7.1.0"
],
[
"<",
"8.0.0"
]
]
},
{
"name": "mypy",
"specs": [
[
"<",
"2.0.0"
],
[
">=",
"1.11.0"
]
]
}
],
"lcname": "winhello-crypto"
}
JSON
