Cryptography code examples using libsodium and mbedtls C libraries and Python cryptography and PyNaCl modules
This repository contains some practical code examples of using the following cryptography libraries:
These code examples use an AES block cipher with a 256-bit key in Galois Counter Mode (GCM). The C code examples use the mbedTLS library, while the Python examples use the cryptography module.
The following example uses the PyNaCl wrapper around libsodium along with the SecretBox authenticated encryption API.
These code examples use an Elliptic-curve Diffie-Hellman ECDH key agreement protocol to establish a shared secret over an insecure channel. The C code examples use the mbedTLS library, while the Python examples use the cryptography module.
These code examples demonstrate how to use a Key Derivation Function KDF to derive one or more shared keys from a shared secret.
These examples use the PyNaCl wrapper around libsodium to support public-key digital signatures using the Ed25519 algorithm.
These examples use RSA-PSS digital signatures. The C code examples use the mbedTLS library, while the Python examples use the cryptography module.
The libsodium C code examples are all in the sodium directory and can be built using the Cmake cross-platform build tool along with your platform default C compiler installed on Windows, macOS, or Linux.
The first stage of building is the same on all platforms:
cd sodium
rm -rf build
mkdir build
cd build
cmake ..
The second stage of building is platform dependent and will create the following executable files:
make
This produces the executable files directly in the build directory.
devenv hello_sodium.sln /build Debug
This creates the executable files under the build\Debug directory.
The Python examples are located in the root directory and should work with Python 3.4 or newer. The Python examples require a mix of the following Python packages:
The required dependencies can easily be installed using Pipenv:
pipenv install
Then a shell using the underlying virtual environment can be entered with:
pipenv shell
Inside that Pipenv shell, any of the examples can be ran directly. e.g.:
python ./aes_gcm_cryptography.py
The Python examples are intended to interoperate with either the libsodium or mbedTLS C code examples. Thus encryption or signing can be done in C and decryption or verifying can be done in Python or vice versa.
The mbedTLS C code examples are located in the root directory and build mbedTLS from source from the mbedtls directory.
Build requires CMake and platform default C compiler installed and works on both Windows, macOS, and Linux.
The first stage of building is the same on all platforms:
rm -rf build
mkdir build
cd build
cmake ..
The second stage of building is platform dependent ...
make
This produces the following executable files directly in the build directory:
devenv mbed_AES.sln /build Debug
This creates the following executable files under the build\Debug directory:
This repository includes the following basic intro presentation:
I am not an expert in cryptography. I am just a software developer who wanted to learn more about how to use cryptography effectively. If anyone looking at this is an expert in cryptography and happens to notice any weaknesses, inaccuracies, or mistakes and/or has constructive feedback for how to improve the examples then Pull Requests or Issues would be sincerely appreciated.