Low-level cryptographic Python library
PyCryptodome is a self-contained Python package of low-level cryptographic primitives. It's not a wrapper to a separate C library like OpenSSL. To the largest possible extent, algorithms are implemented in pure Python. Only the pieces that are extremely critical to performance (e.g., block ciphers) are implemented as C extensions.
You are expected to have a solid understanding of cryptography and security engineering to successfully use these primitives. You must also be able to recognize that some are obsolete (e.g., TDES) or even insecure (RC4).
It provides many enhancements over the last release of PyCrypto (2.6.1):
Authenticated encryption modes (GCM, CCM, EAX, SIV, OCB)
Accelerated AES on Intel platforms via AES-NI
First-class support for PyPy
Elliptic curves cryptography (NIST P-256 curve only)
Better and more compact API (nonce and iv attributes for ciphers, automatic generation of random nonces and IVs, simplified CTR cipher mode, and more)
SHA-3 (including SHAKE XOFs) and BLAKE2 hash algorithms
Salsa20 and ChaCha20 stream ciphers
scrypt and HKDF
Password-protected PKCS#8 key containers
Shamir’s Secret Sharing scheme
Random numbers get sourced directly from the OS (and not from a CSPRNG in userspace)
Cleaner RSA and DSA key generation (largely based on FIPS 186-4)
Major clean-ups and simplification of the code base
PyCryptodomex is the stand-alone version of PyCryptodome that no longer provides drop-in compatibility with PyCrypto.
|No lint warnings ✓|