RFC7539 is an IETF specification for an authenticated encryption algorithm that will be incorporated into TLSv1.3. It is comprised of a stream cipher (ChaCha20) and a MAC (Poly1305), both written by Daniel J. Bernstein. The C implementations for both of these primitives are taken from the NSS library (the reason being that openSSL has license incompatibilities and also requires the openSSL headers which is more overhead than we need to implement these fairly basic primitives). The NSS code has been slightly modified to account for the 96 bit nonce and 32 bit counter specified in the RFC.
pip install rfc7539
git clone https://github.com/AntonKueltz/rfc7539.git
cd rfc7539
python setup.py install
Takes a key, nonce, plaintext and additional data and returns a ciphertext and MAC.
def encrypt_and_tag(
key: bytes,
nonce: bytes,
plaintext: bytes,
aad: bytes
) -> (bytes, bytes)
Takes a key, nonce, ciphertext, MAC and additional data and returns a plaintext.
def verify_and_decrypt(
key: bytes,
nonce: bytes,
ciphertext: bytes,
mac: bytes,
aad: bytes
) -> bytes
You should use the authenticated encryption mode unless you really need to use one of the primitives by itself:
from rfc7539 import aead
from os import urandom
key = urandom(32) # key is 32 bytes
nonce = b'thisisanonce' # nonce is 12 bytes (DO NOT REUSE A NONCE WITH THE SAME KEY)
message = b'Some message to be encrypted'
additional_data = b'Some additional data' # this will not be encrypted but will be verified for integrity
# encryption
ciphertext, mac = aead.encrypt_and_tag(key, nonce, message, additional_data)
# decryption (which yields plaintext == message)
plaintext = aead.verify_and_decrypt(key, nonce, ciphertext, mac, additional_data)
Note that all operations in this package work on bytes. You'll need to call e.g. encode()
on strings
before passing them as arguments.