API Reference

Reference implementation of the Gemina specification.

For more details see the section Description.

The initialization vector for CBC, the keys, and the salt for HMAC are created with os.urandom().

The key argument for the functions encrypt_with_key(), decrypt_with_key(), and verify_with_key() should be created with create_secret_key().

Overview

DecryptError

Raised if data could not be decrypted.

Version

Version enum.

create_secret_key

Create a secret key.

decrypt_with_key

Decrypt data using a secret key.

decrypt_with_password

Decrypt data using a password.

encrypt_with_key

Encrypt data using a secret key.

encrypt_with_password

Encrypt data using a password.

verify_with_key

Verify the encrypted data.

verify_with_password

Verify the encrypted data.
exception gemina.DecryptError[source]

Raised if data could not be decrypted.

class gemina.Version(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Version enum.

V1 = b'\x8a'

version 1

V2 = b'\x8b'

version 2

V3 = b'\x8c'

version 3

V4 = b'\x8d'

version 4

V5 = b'\x8e'

version 5

gemina.create_secret_key(*, version=<Version.V1>)[source]

Create a secret key.

It can be used with the functions encrypt_with_key(), decrypt_with_key(), and verify_with_key().

Returns:

secret key

Return type:

bytes

gemina.decrypt_with_key(key, data)[source]

Decrypt data using a secret key.

The data must have been encrypted with encrypt_with_key().

Parameters:

  • key (bytes) – the secret key

  • data (bytes) – the encrypted data

Returns:

decrypted data

Return type:

bytes

Raises:
gemina.decrypt_with_password(password, data)[source]

Decrypt data using a password.

The data must have been encrypted with encrypt_with_password().

Parameters:

  • password (bytes) – the password

  • data (bytes) – the encrypted data

Returns:

decrypted data

Return type:

bytes

Raises:
gemina.encrypt_with_key(key, data, *, version=<Version.V1>)[source]

Encrypt data using a secret key.

Parameters:

  • key (bytes) – the secret key

  • data (bytes) – the data to encrypt

Returns:

encrypted data

Return type:

bytes

Raises:
gemina.encrypt_with_password(password, data, *, version=<Version.V1>)[source]

Encrypt data using a password.

The data will be encrypted with a key derived from the password and signed.

Parameters:

  • password (bytes) – the password

  • data (bytes) – the data to encrypt

Returns:

encrypted data

Return type:

bytes

Raises:

TypeError – if password or data are not bytes

gemina.verify_with_key(key, data)[source]

Verify the encrypted data.

This function verifies the authenticity and the integrity of the data with the given key. This is also done during decryption.

The data must have been encrypted with encrypt_with_key().

Parameters:

  • key (bytes) – the secret key

  • data (bytes) – the encrypted data

Returns:

True if secret key, authenticity and integrity are okay

Return type:

bool

Raises:
gemina.verify_with_password(password, data)[source]

Verify the encrypted data.

This function verifies the authenticity and the integrity of the data with the key derived from the password. This is also done during decryption.

The data must have been encrypted with encrypt_with_password().

Parameters:

  • password (bytes) – the password

  • data (bytes) – the encrypted data

Returns:

True if password, authenticity and integrity are okay

Return type:

bool

Raises:

TypeError – if password or data are not bytes