{"id":28667898,"url":"https://github.com/p-sira/hycrypt","last_synced_at":"2026-03-06T23:32:23.170Z","repository":{"id":296592810,"uuid":"993893494","full_name":"p-sira/hycrypt","owner":"p-sira","description":"Stateless-overwrite hybrid cryptosystem for Python","archived":false,"fork":false,"pushed_at":"2025-06-01T03:54:55.000Z","size":3592,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-23T14:54:55.956Z","etag":null,"topics":["cryptography","hybrid-cryptosystem","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/p-sira.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-31T18:45:08.000Z","updated_at":"2025-06-01T03:51:08.000Z","dependencies_parsed_at":"2025-06-01T07:03:41.150Z","dependency_job_id":"b1f4b864-dc4c-4a71-976b-f01c5790d173","html_url":"https://github.com/p-sira/hycrypt","commit_stats":null,"previous_names":["p-sira/hycrypt"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/p-sira/hycrypt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p-sira%2Fhycrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p-sira%2Fhycrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p-sira%2Fhycrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p-sira%2Fhycrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/p-sira","download_url":"https://codeload.github.com/p-sira/hycrypt/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p-sira%2Fhycrypt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30203346,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T19:07:06.838Z","status":"ssl_error","status_checked_at":"2026-03-06T18:57:34.882Z","response_time":250,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","hybrid-cryptosystem","python"],"created_at":"2025-06-13T16:11:25.994Z","updated_at":"2026-03-06T23:32:23.152Z","avatar_url":"https://github.com/p-sira.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Hycrypt\n**Stateless-overwrite hybrid cryptosystem for Python**\n\n[![License: BSD-3-Clause](https://img.shields.io/badge/License-BSD--3--Clause-brightgreen.svg)](https://opensource.org/license/BSD-3-clause)\n[![PyPI Package Version](https://img.shields.io/pypi/v/hycrypt?label=pypi%20package\u0026color=a190ff)](https://pypi.org/project/hycrypt/)\n[![Package Total Downloads](https://img.shields.io/pepy/dt/hycrypt)](https://pepy.tech/projects/hycrypt)\n[![Documentation](https://img.shields.io/badge/Docs-github.io-blue)](https://p-sira.github.io/hycrypt/)\n\n![Hybrid cryptosystem diagram](https://github.com/p-sira/hycrypt/blob/main/images/hybrid-cs.svg?raw=true\")\n\n**Hycrypt** is a stateless-overwrite hybrid cryptosystem designed for **secure data encryption and password-free updates**. This makes it ideal for secure communication and storage systems where only the recipient can decrypt the data — yet the data can be updated without the password.\n\nThe caveat is that this cryptosystem does not guarantee authenticity of the message. Anyone with the public key can overwrite the message. However, without the private key (or password), they cannot read the encrypted message.\n\n## Features\n\n- 🔒 **Hybrid encryption** using RSA + AES-CBC + HMAC\n- 🔁 **Stateless overwrite** using only the public key, removing the need to retain user secrets\n- 🔑 **Password-based protection** using PBKDF2\n- 📦 **Simple, yet flexible API** for file-based and in-memory encryption\n\n## Quick Start\n\nUsing FileCipher to manage file encryption,\n```python\nfrom hycrypt.file_cryptosystem import FileCipher\n\nfile = \"home/data.txt\"\nplaintext = b\"secret\"\npassword = b\"correcthorsebatterystaple\"\ncipher = FileCipher(file)\n\ncipher.create(password)\ncipher.write(plaintext)\ndecrypted_text = cipher.read(password)\n```\n\nFor more flexible use,\n```python\nimport hycrypt\n\nplaintext = b\"secret\"\nciphertext, public_key = hycrypt.encrypt_with_password(plaintext, password=b\"password1\")\n\ndecrypted_message = hycrypt.decrypt_with_password(ciphertext, password=b\"password1\")\nassert decrypted_message == plaintext\n\nnew_plaintext = b\"my new secret\"\nnew_ciphertext = hycrypt.encrypt_with_public_key(previous_data=ciphertext, plaintext=new_plaintext, public_key=public_key)\n\nnew_decrypted_message = hycrypt.decrypt_with_password(new_ciphertext, password=b\"password1\")\nassert new_decrypted_message == new_plaintext\n```\n\nSee examples and use cases in [examples/](https://github.com/p-sira/hycrypt/tree/main/examples).\n\nTo install hycrypt using pip:\n```\npip install hycrypt\n```\n\n## How It Works\n\n![Hybrid cryptosystem with password](https://github.com/p-sira/hycrypt/blob/main/images/hybrid-cs-with-password.svg?raw=true\")\n\n### Encryption\n1. A **symmetric key** is randomly generated to encrypt to plaintext into ciphertext. The encryption uses [Fernet](https://cryptography.io/en/latest/fernet/) implementation by [cryptography](https://github.com/pyca/cryptography).\n2. An **RSA key pair** (private and public key) is generated.\n3. The **public key** is used to encrypt the symmetric key. The public key can be shared safely.\n4. The user selects a **password**.\n5. The password is combined with a **random salt** to produce a **password-derived symmetric key** using `PBKDF2` (Password-Based Key Derivation Function 2).\n6. The password-derived key is used to **encrypt the private key**.\n7. The ciphertext is stored along with the encrypted symmetric key, the salt, and the encrypted private key.\n\n### Decryption\n1. The user inputs the **password**.\n2. The password is combined with the stored **salt** using `PBKDF2` to recreate the same **password-derived symmetric key**.\n3. The password-derived key **decrypts the private key** in the file.\n4. The recovered private key decrypts the **symmetric key** that was used to encrypt the file data.\n5. The symmetric key decrypts the ciphertext into plaintext.\n\n### Overwriting Data Without Password\n1. A new **symmetric key** is generated randomly.\n2. The symmetric key encrypts the **new plaintext** into ciphertext.\n3. The original **public key** is used to encrypt the new symmetric key.\n4. The file is updated with the new encrypted symmetric key and the new ciphertext.\n\nDespite the writer not knowing the password, the data can be overwritten using public key. The encrypted private key remains a secret. Because the encrypted private key corresponds to the public key, the recipient who knows the password can still decrypt the data.\n\n## Disclaimer\nHycrypt is intended for educational and experimental uses. While it employs reasonably secure cryptographic practices, it has not undergone formal security audits. Hence, it is not recommended for production environment without thorough review and modification. Consider opening an issue or submitting a pull request for potential issues and improvement.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fp-sira%2Fhycrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fp-sira%2Fhycrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fp-sira%2Fhycrypt/lists"}