cryptoshredding

Release 0.0.4

Crypto shredding for Python

Homepage PyPI Python

Keywords
cryptoshredding, gdpr, aws, kms, client-side-encryption, dynamodb, s3, crypto, kinesis, shredding
License
MIT
Install
pip install cryptoshredding==0.0.4

Documentation

CryptoShredding

Latest Version Supported Python Versions ci

Crypto shredding is the practice of 'deleting' data through the destruction of the cryptographic keys protecting the data.

You can find the source on GitHub.

Getting Started

Required Prerequisites

  • Python 3.6+

Installation

Note

If you have not already installed cryptography, you might need to install additional prerequisites as detailed in the cryptography installation guide for your operating system.

$ pip install cryptoshredding

Usage

KeyStore

>>> import boto3
>>> from cryptoshredding import DynamodbKeyStore
>>> from dynamodb_encryption_sdk.material_providers.aws_kms import AwsKmsCryptographicMaterialsProvider
>>>
>>> aws_cmk_id = "arn:aws:kms:YOUR_KEY"
>>> aws_kms_cmp = AwsKmsCryptographicMaterialsProvider(key_id=aws_cmk_id)
>>>
>>> table = boto3.resource("dynamodb").Table("key_store_table")
>>>
>>> key_store = DynamodbKeyStore(table=table, materials_provider=aws_kms_cmp)
>>>
>>> key_store.create_main_key("foo")
>>>
>>> main_key = key_store.get_main_key("foo")
>>>
>>> key_store.delete_main_key("foo")  # shredding

MainKey

>>> import boto3
>>> from cryptoshredding import MainKey
>>>
>>> main_key = key_store.get_main_key("foo")
>>>
>>> data_key, encrypted_data_key = main_key.generate_data_key()
>>>
>>> decrypted_data_key = main_key.decrypt(encrypted_data_key)
>>>
>>> assert data_key == decrypted_data_key

Dynamodb

>>> import boto3
>>> from cryptoshredding.dynamodb import CryptoTable
>>>
>>> table = boto3.resource("dynamodb").Table("data_table")
>>>
>>> crypto_table = CryptoTable(
...    table=table,
...    key_store=key_store,
... )
>>> crypto_table.put_item(
...    CSEKeyId=key_id,
...    Item=plaintext_item
... )
>>>
>>> index_key = {"id": "foo"}
>>> encrypted_item = table.get_item(Key=index_key)["Item"]
>>> decrypted_item = crypto_table.get_item(Key=index_key)["Item"]
>>>
>>> encrypted_items = table.scan()["Items"]
>>> decrypted_items = crypto_table.scan()["Items"]
>>>
>>> assert len(encrypted_items) == 1
>>> assert len(decrypted_items) == 1
>>>
>>> key_store.delete_main_key(key_id)  # shredding
>>>
>>> encrypted_items = table.scan()["Items"]
>>> decrypted_items = crypto_table.scan()["Items"]
>>>
>>> assert len(encrypted_items) == 1
>>> assert len(decrypted_items) == 0  # !!!

S3

>>> import boto3
>>> from cryptoshredding.s3 import CryptoClient
>>>
>>> s3 = boto3.client("s3", region_name="us-east-1")
>>>
>>> crypto_client = CryptoClient(
...    client=s3,
...    key_store=key_store,
... )
>>> crypto_s3.put_object(
...    CSEKeyId=key_id,
...    Bucket=bucket.name,
...    Key="object",
...    Body="foo bar"",
... )
>>> encrypted_obj = s3.get_object(
...    Bucket=bucket.name,
...    Key="object",
... )
>>> decrypted_obj = crypto_s3.get_object(
...    Bucket=bucket.name,
...    Key="object",
... )

File

>>> from cryptoshredding.raw import CryptoFile
>>>
>>> crypto_file = CryptoFile(
...    key_store=key_store,
... )
>>> crypto_file.encrypt(
...    key_id=key_id,
...    plaintext_filename="plain.txt",
...    ciphertext_filename="cipher.txt"
... )
>>> crypto_file.decrypt(
...    ciphertext_filename="cipher.txt",
...    plaintext_filename="decrypt.txt",
... )

Bytes

>>> from cryptoshredding.raw import CryptoBytes
>>>
>>> crypto_bytes = CryptoBytes(
...    key_store=key_store,
... )
>>> encrypted, encrypted_header = crypto_bytes.encrypt(
...    key_id=key_id,
...    data=plain,
... )
>>> decrypted, decrypted_header = crypto_bytes.decrypt(
...    data=encrypted,
... )

Kinesis

Mongodb

Sqlalchemy

Stats

Dependencies
6
Dependent packages
0
Dependent repositories
0
Total releases
4
Latest release
First release
Stars
0
Forks
0
Watchers
1
Contributors
1
Repository size
74.2 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.0.4
0.0.3
0.0.2
0.0.1

Contributors

Frank Hübner


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-13 16:33:52 UTC

Login to resync this project