Note: I’m writing from a Python 3.5 perspective.
There are a few different options for doing cryptographic stuff with Python. I have landed on the
cryptography module which has been working out pretty well for me so far. Here is a short account of how I ended up there…
Python has a built-in cryptography module
crypt which is just a “pass-through” to the UNIX/Linux
crypt function. From the Python 3.5 docs:
This module implements an interface to the crypt(3) routine, which is a one-way hash function based upon a modified DES algorithm; see the Unix man page for further details. Possible uses include storing hashed passwords so you can check passwords without storing the actual password, or attempting to crack Unix passwords with a dictionary.
Notice that the behavior of this module depends on the actual implementation of the crypt(3) routine in the running system. Therefore, any extensions available on the current implementation will also be available on this module.
This is not available on Windows. Also, it sounds like it is not much more than a set of hashing functions, so it is probably not broadly useful for application-level security needs anyway. Happily, there is a third-party Python library called
cryptography which may offer a complete cryptography/security solution for software applications. From the docs:
cryptographyis a Python library which exposes cryptographic recipes and primitives. Our goal is for it to be your “cryptographic standard library”.
I installed this module on a virtual Linux machine running Ubuntu Server 16.04. I first tried to install the package via
pip3 but got a bunch of semi-cryptic errors. It turned out that I first needed to install build dependencies via Ubuntu package manager,
$ sudo apt install build-essential libssl-dev libffi-dev python-dev
I then was able to easily install
$ pip3 install cryptography
As an aside, if on a command-line-only OS such as Ubuntu Server, it is sometimes helpful to reroute program output to temporary text files so you can review standard output and error output if something fails:
$ pip3 install cryptography > pipout.txt 2> piperr.txt
The first output redirect,
> pipout.txt, writes all standard output to a file called
pipout.txt in the current working directory. The second redirect,
2> piperr.txt, writes all error output to a file called
piperr.txt in the current working directory. These files can then be reviewed in a text editor such as
$ vim pipout.txt
This was helpful in debugging the installation problems 🙂