{"id":15396567,"url":"https://github.com/hupe1980/cryptoshredding","last_synced_at":"2025-10-16T12:07:33.806Z","repository":{"id":62565524,"uuid":"334744116","full_name":"hupe1980/cryptoshredding","owner":"hupe1980","description":"Crypto shredding for Python","archived":false,"fork":false,"pushed_at":"2021-02-10T19:36:06.000Z","size":91,"stargazers_count":2,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-11-20T03:54:21.641Z","etag":null,"topics":["aws","client-side-encryption","crypto","dynamodb","gdpr","kinesis","kms","s3","shredding"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hupe1980.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-01-31T19:56:08.000Z","updated_at":"2024-01-19T10:28:01.000Z","dependencies_parsed_at":"2022-11-03T17:46:31.129Z","dependency_job_id":null,"html_url":"https://github.com/hupe1980/cryptoshredding","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hupe1980%2Fcryptoshredding","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hupe1980%2Fcryptoshredding/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hupe1980%2Fcryptoshredding/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hupe1980%2Fcryptoshredding/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hupe1980","download_url":"https://codeload.github.com/hupe1980/cryptoshredding/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228546174,"owners_count":17934861,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","client-side-encryption","crypto","dynamodb","gdpr","kinesis","kms","s3","shredding"],"created_at":"2024-10-01T15:34:11.974Z","updated_at":"2025-10-16T12:07:28.746Z","avatar_url":"https://github.com/hupe1980.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"###############\nCryptoShredding\n###############\n\n.. image:: https://img.shields.io/pypi/v/cryptoshredding.svg\n   :target: https://pypi.python.org/pypi/cryptoshredding\n   :alt: Latest Version\n\n.. image:: https://img.shields.io/pypi/pyversions/cryptoshredding.svg\n   :target: https://pypi.org/project/cryptoshredding\n   :alt: Supported Python Versions\n\n.. image:: https://github.com/hupe1980/cryptoshredding/workflows/ci/badge.svg\n   :target: https://github.com/hupe1980/cryptoshredding/actions?query=workflow%3Aci\n   :alt: ci\n\nCrypto shredding is the practice of 'deleting' data through the destruction of the cryptographic keys protecting the data.\n\nYou can find the source on `GitHub`_.\n\n***************\nGetting Started\n***************\n\nRequired Prerequisites\n======================\n\n* Python 3.6+\n\nInstallation\n============\n\n.. note::\n\n   If you have not already installed `cryptography`_, you might need to install additional\n   prerequisites as detailed in the `cryptography installation guide`_ for your operating\n   system.\n\n   .. code::\n\n       $ pip install cryptoshredding\n\n*****\nUsage\n*****\n\nKeyStore\n========\n\n.. code-block:: python\n\n    import boto3\n    from cryptoshredding import DynamodbKeyStore\n    from dynamodb_encryption_sdk.material_providers.aws_kms import AwsKmsCryptographicMaterialsProvider\n    \n    aws_cmk_id = \"arn:aws:kms:YOUR_KEY\"\n    aws_kms_cmp = AwsKmsCryptographicMaterialsProvider(key_id=aws_cmk_id)\n    \n    table = boto3.resource(\"dynamodb\").Table(\"key_store_table\") \n    key_store = DynamodbKeyStore(table=table, materials_provider=aws_kms_cmp)\n    \n    key_id = \"key4711\"\n    key_store.create_main_key(key_id)\n    \n    main_key = key_store.get_main_key(key_id)\n    \n    key_store.delete_main_key(key_id)  # shredding\n\nMainKey\n=======\n\n.. code-block:: python\n\n    import boto3\n    from cryptoshredding import MainKey\n\n    main_key = key_store.get_main_key(key_id)\n    data_key, encrypted_data_key = main_key.generate_data_key()\n\n    decrypted_data_key = main_key.decrypt(encrypted_data_key)\n    assert data_key == decrypted_data_key\n\n\nDynamodb\n========\n\n.. code-block:: python\n\n    import boto3\n    from cryptoshredding.dynamodb import CryptoTable\n    \n    table = boto3.resource(\"dynamodb\").Table(\"data_table\") \n    crypto_table = CryptoTable(\n       table=table,\n       key_store=key_store,\n    )\n    \n    crypto_table.put_item(\n       CSEKeyId=key_id,\n       Item=plaintext_item\n    )\n    \n    index_key = {\"id\": \"foo\"}\n    encrypted_item = table.get_item(Key=index_key)[\"Item\"]\n    decrypted_item = crypto_table.get_item(Key=index_key)[\"Item\"]\n\n    encrypted_items = table.scan()[\"Items\"]\n    decrypted_items = crypto_table.scan()[\"Items\"]\n\n    assert len(encrypted_items) == 1\n    assert len(decrypted_items) == 1\n    \n    key_store.delete_main_key(key_id)  # shredding\n\n    encrypted_items = table.scan()[\"Items\"]\n    decrypted_items = crypto_table.scan()[\"Items\"]\n\n    assert len(encrypted_items) == 1\n    assert len(decrypted_items) == 0  # !!!   \n\nS3\n==\n\n.. code-block:: python\n\n    import boto3\n    from cryptoshredding.s3 import CryptoClient\n\n    s3 = boto3.client(\"s3\", region_name=\"us-east-1\")\n    crypto_client = CryptoClient(\n       client=s3,\n       key_store=key_store,\n    )\n    \n    crypto_s3.put_object(\n       CSEKeyId=key_id,\n       Bucket=bucket.name,\n       Key=\"object\",\n       Body=\"foo bar\"\",\n    )\n    \n    encrypted_obj = s3.get_object(\n       Bucket=bucket.name,\n       Key=\"object\",\n    )\n    \n    decrypted_obj = crypto_s3.get_object(\n       Bucket=bucket.name,\n       Key=\"object\",\n    ) \n\nFile\n====\n\n.. code-block:: python\n\n    from cryptoshredding.raw import CryptoFile\n\n    crypto_file = CryptoFile(\n       key_store=key_store,\n    )\n    \n    crypto_file.encrypt(\n       key_id=key_id,\n       plaintext_filename=\"plain.txt\",\n       ciphertext_filename=\"cipher.txt\"\n    )\n    \n    crypto_file.decrypt(\n       ciphertext_filename=\"cipher.txt\",\n       plaintext_filename=\"decrypt.txt\",\n    )\n\nBytes\n=====\n\n.. code-block:: python\n\n    from cryptoshredding.raw import CryptoBytes\n\n    crypto_bytes = CryptoBytes(\n       key_store=key_store,\n    )\n    \n    encrypted, encrypted_header = crypto_bytes.encrypt(\n       key_id=key_id,\n       data=plain,\n    )\n    \n    decrypted, decrypted_header = crypto_bytes.decrypt(\n       data=encrypted,\n    )\n\nKinesis\n=======\n\n.. code-block:: python\n    \n    import boto3\n    from cryptoshredding.kinesis import CryptoClient\n\n    kinesis = boto3.client(\"kinesis\", region_name=\"us-east-1\")\n    crypto_kinesis = CryptoClient(\n        client=kinesis,\n        key_store=key_store,\n    )\n\n    data = b\"foo bar\"\n\n    crypto_kinesis.put_record(\n        CSEKeyId=key_id,\n        StreamName=stream_name,\n        Data=data,\n        PartitionKey=\"key1\",\n    )\n\n    response = crypto_kinesis.describe_stream(\n        StreamName=stream_name,\n    )\n    shard_id = response[\"StreamDescription\"][\"Shards\"][0][\"ShardId\"]\n\n    response = crypto_kinesis.get_shard_iterator(\n        StreamName=stream_name,\n        ShardId=shard_id,\n        ShardIteratorType=\"TRIM_HORIZON\",\n    )\n    shard_iterator = response[\"ShardIterator\"]\n\n    encrypred_response = kinesis.get_records(ShardIterator=shard_iterator)\n    decrypred_response = crypto_kinesis.get_records(ShardIterator=shard_iterator)\n\n    assert len(encrypred_response[\"Records\"]) == 1\n    assert data != encrypred_response[\"Records\"][0][\"Data\"]\n\n    assert len(decrypred_response[\"Records\"]) == 1\n    assert data == decrypred_response[\"Records\"][0][\"Data\"]\n\nMongodb\n=======\n\nSqlalchemy\n==========\n\n.. _cryptography: https://cryptography.io/en/latest/\n.. _cryptography installation guide: https://cryptography.io/en/latest/installation.html\n.. _GitHub: https://github.com/hupe1980/cryptoshredding/","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhupe1980%2Fcryptoshredding","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhupe1980%2Fcryptoshredding","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhupe1980%2Fcryptoshredding/lists"}