SSLCrypto - Easy, Fast Crypto for Python

Latest News

SSLCrypto 0.1.1 now released - all python pickling has been replaced by bencode serialisation - thus removing possible pickle exploits.

** Warning ** - If you are exchanging SSLCrypto key objects over the internet, it is imperative you switch immediately to SSLCrypto 0.1.1. If you stay with SSLCrypto 0.1, you could be susceptible to malformed pickle attacks.

Introduction

SSLCrypto is a package for Python that dramatically eases the task of adding encryption to Python programs.

It provides a unified API that is almost totally compatible with that of ezPyCrypto, except that it takes advantage of the OpenSSL Crypto Library to deliver massive improvements in speed and security.

After using ezPyCrypto myself, I found that while it performed ok with smaller public key sizes, it proved impossibly slow with larger keys. This slowness, resulting from non-optimal code in its backend (the Python Cryptography Toolkit) meant that on a 1.5 GHz Athlon XP, it was taking several minutes to generate 4096-bit keys. Completely unacceptable if you need real security.

Performance is absolutely critical for an encryption API. If slowness deters people from using adequate-sized keys, security will be severely compromised, almost to the extent that there's little point in using encryption in the first place.

OpenSSL is a performance dream. It can generate truly military-grade keys in acceptable times, and supports these keys with cipher implementations that aggressively guard against known attacks. So, at the price of a library dependency (on non-windoze systems), you get a crypto API, whose key class is compatible with ezPyCrypto, but whose performance imposes no deterrent to truly strong cryptography.

We are confident that the security offered by SSLCrypto is more than enough for your everyday needs, and will prove a major resource-consuming deterrent against even the most powerful interests who would compromise your privacy. To test this claim, we have laid down a crypto challenge in which you are invited to take part.

Requirements

SSLCrypto requires Python 2.2 .

To help windoze users, the SSLCrypto package is also available as a self-installing EXE file (for Python 2.3 only - if running earlier version, please upgrade) with no external dependencies. (The SSLCrypto.pyd file contained therein is statically linked against the OpenSSL Windows libraries, which means you won't even need to know about OpenSSL). Just install and use!

On Linux and *BSD systems, you'll have to build SSLCrypto from the source code. This is trivial if you have the following prerequisite software installed:

Pyrex compiler - fortunately this is easy to install and set up - get it from the Pyrex Website
OpenSSL development library and headers - available on most Linux and *BSD feeds as openssl-dev or similar, or from the OpenSSL Website

Documentation

You can view the SSLCrypto documentation here

Examples

You can view the example programs online here.
These will show you just how easy crypto programming in Python can be.

Downloads

Windows SSLCrypto zip file. Includes self-Installer EXE file and documentation
Platform-independent source code tarball. Includes build scripts and documentation

Legal Issues

Possession or use of this software is illegal in some countries, and may result in substantial fines or jail time.
In certain semi-free countries like UK and Australia, you may be legally obliged to disclose encryption keys to government officials on pain of serious jail time. Please consult a legal specialist.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)
The SSLCrypto code is released under the GNU General Public License. Please feel welcome to use the code freely in non-commercial and open-source-commercial software. (Commercial licenses, authorising use of this code in closed-source applications, are available - please contact the author).