openssh_key.cipher.integrity.ConfidentialityIntegrityCipher¶
- class openssh_key.cipher.integrity.ConfidentialityIntegrityCipher¶
Bases:
openssh_key.cipher.common.InitializationVectorCipher,abc.ABCA symmetric-key cipher that offers guarantees of confidentiality (secrecy) and integrity (authentication).
- __init__()¶
Methods
__init__()decrypt(kdf, passphrase, cipher_bytes)Decrypts the given ciphertext bytes using the given options of a key derivation function and the given passphrase to derive the encryption key.
decrypt_with_key_iv(cipher_bytes, ...)Decrypts the given ciphertext bytes using the given cipher key and initialization vector.
encrypt(kdf, passphrase, plain_bytes)Encrypts the given plaintext bytes using the given options of a key derivation function and the given passphrase to derive the encryption key.
encrypt_with_key_iv(plain_bytes, cipher_key, ...)Encrypts the given plaintext bytes using the given cipher key and initialization vector.
The block size for this cipher.
The initialization vector length for this cipher in bytes.
The key length for this cipher in bytes.
The length of the authentication tag of this cipher in bytes.
Attributes
BLOCK_SIZEThe block size for this cipher.
IV_LENGTHThe initialization vector length for this cipher in bytes.
KEY_LENGTHThe key length for this cipher in bytes.
The length of the authentication tag of this cipher in bytes.
- TAG_LENGTH = 0¶
The length of the authentication tag of this cipher in bytes.
In OpenSSH private keys, the tag’s length is not included as part of the length of the Pascal-style cipher byte string. The
ConfidentialityIntegrityCipher.encrypt()method appends the tag to the end of the returned cipher byte string, and the caller should separate it. Analogously, theConfidentialityIntegrityCipher.decrypt()method requires that the caller first append the tag to the cipher byte string.
- classmethod decrypt(kdf, passphrase, cipher_bytes)¶
Decrypts the given ciphertext bytes using the given options of a key derivation function and the given passphrase to derive the encryption key.
- Parameters
kdf (
KDFOptions) – The options of a key derivation function.passphrase (
str) – The passphrase from which the cipher key is derived.cipher_bytes (
bytes) – Ciphertext bytes to be decrypted.
- Return type
- Returns
Plaintext bytes.
- abstract classmethod decrypt_with_key_iv(cipher_bytes, cipher_key, initialization_vector)¶
Decrypts the given ciphertext bytes using the given cipher key and initialization vector.
- classmethod encrypt(kdf, passphrase, plain_bytes)¶
Encrypts the given plaintext bytes using the given options of a key derivation function and the given passphrase to derive the encryption key.
- Parameters
kdf (
KDFOptions) – The options of a key derivation function.passphrase (
str) – The passphrase from which the cipher key is derived.plain_bytes (
bytes) – Plaintext bytes to be encrypted.
- Return type
- Returns
Ciphertext bytes.
- abstract classmethod encrypt_with_key_iv(plain_bytes, cipher_key, initialization_vector)¶
Encrypts the given plaintext bytes using the given cipher key and initialization vector.
- abstract classmethod get_iv_length()¶
The initialization vector length for this cipher in bytes. Defaults to the block size.
- Return type
- abstract classmethod get_tag_length()¶
The length of the authentication tag of this cipher in bytes.
In OpenSSH private keys, the tag’s length is not included as part of the length of the Pascal-style cipher byte string. The
ConfidentialityIntegrityCipher.encrypt()method appends the tag to the end of the returned cipher byte string, and the caller should separate it. Analogously, theConfidentialityIntegrityCipher.decrypt()method requires that the caller append the tag to the cipher byte string.- Return type