Crypto shredding for Python
Project description
Crypto shredding is the practice of ‘deleting’ data through the destruction of the cryptographic keys protecting the data.
Getting Started
Required Prerequisites
Python 3.6+
Installation
Usage
KeyStore
>>> import boto3
>>> from cryptoshredding import DynamodbKeyStore
>>> from dynamodb_encryption_sdk.material_providers.aws_kms import AwsKmsCryptographicMaterialsProvider
>>>
>>> aws_cmk_id = "arn:aws:kms:YOUR_KEY"
>>> aws_kms_cmp = AwsKmsCryptographicMaterialsProvider(key_id=aws_cmk_id)
>>>
>>> table = boto3.resource("dynamodb").Table("key_store_table")
>>>
>>> key_store = DynamodbKeyStore(table=table, materials_provider=aws_kms_cmp)
>>>
>>> key_store.create_main_key("foo")
>>>
>>> main_key = key_store.get_main_key("foo")
>>>
>>> key_store.delete_main_key("foo") # shredding
MainKey
>>> import boto3
>>> from cryptoshredding import MainKey
>>>
>>> main_key = key_store.get_main_key("foo")
>>>
>>> data_key, encrypted_data_key = main_key.generate_data_key()
>>>
>>> decrypted_data_key = main_key.decrypt(encrypted_data_key)
>>>
>>> assert data_key == decrypted_data_key
Dynamodb
>>> import boto3
>>> from cryptoshredding.dynamodb import CryptoTable
>>>
>>> table = boto3.resource("dynamodb").Table("data_table")
>>>
>>> crypto_table = CryptoTable(
... table=table,
... key_store=key_store,
... )
>>> crypto_table.put_item(
... CSEKeyId=key_id,
... Item=plaintext_item
... )
>>>
>>> index_key = {"id": "foo"}
>>> encrypted_item = table.get_item(Key=index_key)["Item"]
>>> decrypted_item = crypto_table.get_item(Key=index_key)["Item"]
>>>
>>> encrypted_items = table.scan()["Items"]
>>> decrypted_items = crypto_table.scan()["Items"]
>>>
>>> assert len(encrypted_items) == 1
>>> assert len(decrypted_items) == 1
>>>
>>> key_store.delete_main_key(key_id) # shredding
>>>
>>> encrypted_items = table.scan()["Items"]
>>> decrypted_items = crypto_table.scan()["Items"]
>>>
>>> assert len(encrypted_items) == 1
>>> assert len(decrypted_items) == 0 # !!!
S3
>>> import boto3
>>> from cryptoshredding.s3 import CryptoClient
>>>
>>> s3 = boto3.client("s3", region_name="us-east-1")
>>>
>>> crypto_client = CryptoClient(
... client=s3,
... key_store=key_store,
... )
>>> crypto_s3.put_object(
... CSEKeyId=key_id,
... Bucket=bucket.name,
... Key="object",
... Body="foo bar"",
... )
>>> encrypted_obj = s3.get_object(
... Bucket=bucket.name,
... Key="object",
... )
>>> decrypted_obj = crypto_s3.get_object(
... Bucket=bucket.name,
... Key="object",
... )
File
>>> from cryptoshredding.raw import CryptoFile
>>>
>>> crypto_file = CryptoFile(
... key_store=key_store,
... )
>>> crypto_file.encrypt(
... key_id=key_id,
... plaintext_filename="plain.txt",
... ciphertext_filename="cipher.txt"
... )
>>> crypto_file.decrypt(
... ciphertext_filename="cipher.txt",
... plaintext_filename="decrypt.txt",
... )
String
>>> from cryptoshredding.raw import CryptoString
>>>
>>> crypto_string = CryptoString(
... key_store=key_store,
... )
>>> encrypted_text, encrypted_header = crypto_string.encrypt(
... key_id=key_id,
... source=plain_text,
... )
>>> decrypted_text, decrypted_header = crypto_string.decrypt(
... source=encrypted_text,
... )
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
cryptoshredding-0.0.3.tar.gz
(10.2 kB
view hashes)
Built Distributions
Close
Hashes for cryptoshredding-0.0.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | e5d2ab02ccfefcafa9ca3551bce87d7d8ef20896bc562bdf5d845065971f2136 |
|
MD5 | 5a1aed7848424fae0b3499ac61ca3dce |
|
BLAKE2b-256 | d06656ebda0bc6a25fb998aa7cba362af1ddf541a82676431dd0a522dd3aaec3 |
Close
Hashes for cryptoshredding-0.0.3-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | bfadcdc910d6ba56dbda67eb640ee41a093136519c8676f2f8fdc5a72a4b8130 |
|
MD5 | 40c18b30ea55b74035c79f835c5a3f08 |
|
BLAKE2b-256 | 5495f76f2e9b1b655564d9580f16d89ad5c61c21f08aea18db5b00ed36b10ba9 |