Python Cryptography Module

Note: I’m writing from a Python 3.5 perspective.

There are a few different options for doing cryptographic stuff with Python. I have landed on the cryptography module which has been working out pretty well for me so far. Here is a short account of how I ended up there…

Python has a built-in cryptography module crypt which is just a “pass-through” to the UNIX/Linux crypt function. From the Python 3.5 docs:

This module implements an interface to the crypt(3) routine, which is a one-way hash function based upon a modified DES algorithm; see the Unix man page for further details. Possible uses include storing hashed passwords so you can check passwords without storing the actual password, or attempting to crack Unix passwords with a dictionary.

Notice that the behavior of this module depends on the actual implementation of the crypt(3) routine in the running system. Therefore, any extensions available on the current implementation will also be available on this module.

This is not available on Windows. Also, it sounds like it is not much more than a set of hashing functions, so it is probably not broadly useful for application-level security needs anyway. Happily, there is a third-party Python library called cryptography which may offer a complete cryptography/security solution for software applications. From the docs:

cryptography is a Python library which exposes cryptographic recipes and primitives. Our goal is for it to be your “cryptographic standard library”.

I installed this module on a virtual Linux machine running Ubuntu Server 16.04. I first tried to install the package via  pip3 but got a bunch of semi-cryptic errors. It turned out that I first needed to install build dependencies via Ubuntu package manager, apt:

$ sudo apt install build-essential libssl-dev libffi-dev python-dev

I then was able to easily install   cryptography via pip3:

$ pip3 install cryptography

As an aside, if on a command-line-only OS such as Ubuntu Server, it is sometimes helpful to reroute program output to temporary text files so you can review standard output and error output if something fails:

$ pip3 install cryptography > pipout.txt 2> piperr.txt

The first output redirect, > pipout.txt, writes all standard output to a file called pipout.txt in the current working directory. The second redirect, 2> piperr.txt, writes all error output to a file called piperr.txt in the current working directory. These files can then be reviewed in a text editor such as vim:

$ vim pipout.txt

This was helpful in debugging the installation problems 🙂


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s