User Tools

Site Tools


budget:pysf

This is an old revision of the document!


pysf - Transparent File Encryption in Python

A C library and Python wrapper allowing strong encryption of a file allowing for relatively random access patterns without having to decrypt the entire file in memory.

Overview

The file is locked with a passphrase and this is used to derive an encryption key via the PBKDF2 function. Files are split into fixed size blocks and each block is separately encrypted with a block cipher, where the IV is generated via a pseudo-random function for each block. Stream ciphers may be in appropriate as repeatedly encrypting different data with the same initial state can allow attacks to derive the key.

Splitting files into blocks allows more or less random access, as each block can be independently decrypted. The library can handle selection of blocks to load and decrypt, as well as any caching that might be required. The C API hides all aspects of this and allows two simple primitives to read and write a specific block of data from a specified offset within the file.

File Header

0 1 2 3
0 0xAA 0x5F Version
4 Header length Cipher Mode
8 Key size Block size
12 Salt (encryption)
16
20 Salt (checksum)
24
28 Checksum
32
36
40
44
budget/pysf.1349544512.txt.gz · Last modified: 2012/10/12 07:32 (external edit)