{"id":13806896,"url":"https://github.com/tleonhardt/practical_cryptography_engineering","last_synced_at":"2025-10-24T10:37:59.286Z","repository":{"id":117888975,"uuid":"122282684","full_name":"tleonhardt/practical_cryptography_engineering","owner":"tleonhardt","description":"Cryptography code examples using libsodium and mbedtls C libraries and Python cryptography and PyNaCl modules","archived":false,"fork":false,"pushed_at":"2019-11-09T17:33:20.000Z","size":910,"stargazers_count":71,"open_issues_count":1,"forks_count":8,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-08-31T19:36:27.148Z","etag":null,"topics":["c","cryptography","libsodium","mbedtls","practical","python"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tleonhardt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-02-21T02:17:14.000Z","updated_at":"2024-10-24T14:11:44.000Z","dependencies_parsed_at":null,"dependency_job_id":"b129bf9a-b3a4-4f82-962f-88c20fed0e2c","html_url":"https://github.com/tleonhardt/practical_cryptography_engineering","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/tleonhardt/practical_cryptography_engineering","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tleonhardt%2Fpractical_cryptography_engineering","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tleonhardt%2Fpractical_cryptography_engineering/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tleonhardt%2Fpractical_cryptography_engineering/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tleonhardt%2Fpractical_cryptography_engineering/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tleonhardt","download_url":"https://codeload.github.com/tleonhardt/practical_cryptography_engineering/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tleonhardt%2Fpractical_cryptography_engineering/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280783783,"owners_count":26390274,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-24T02:00:06.418Z","response_time":73,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","cryptography","libsodium","mbedtls","practical","python"],"created_at":"2024-08-04T01:01:17.661Z","updated_at":"2025-10-24T10:37:59.270Z","avatar_url":"https://github.com/tleonhardt.png","language":"C","funding_links":[],"categories":["C"],"sub_categories":[],"readme":"Practical Cryptography Engineering\n==================================\nThis repository contains some practical code examples of using the following cryptography libraries:\n* [libsodium](https://github.com/jedisct1/libsodium)\n    * A modern, portable, easy to use crypto library written in C with a small number of high quality primitives\n    * Focuses on making it easy to use cryptography correctly\n* [mbedTLS](https://github.com/ARMmbed/mbedtls)\n    * An ultra-portable crypto library written in C which should build anywhere\n    * Provides a wide range of the most common cryptographic primitives and associated infrastructure\n* [cryptography](https://github.com/pyca/cryptography)\n    * Python's \"standard\" cryptographic library which is a wrapper around [OpenSSL](https://www.openssl.org)\n    * Provides almost all cryptographic primitives you would want in Python\n* [PyNaCl](https://github.com/pyca/pynacl)\n    * Python bindings for libsodium (very partial wrapper around libsodium)\n    * Provides a few nice cryptographic primitives not currently available in the cryptography module\n\n\nFile Contents\n=============\n\nBuild-related and Miscellaneous\n-------------------------------\n* CMakeLists.txt\n    * CMake file for building the mbedTLS C code projects\n* mbedtls\n    * Directory containing the mbedTLS C code\n* sodium\n    * Directory containing libsodium examples, headers, and Windows pre-compiled library\n    * See the Readme.md in this directory for more info on these examples\n    \nSymmetric Encryption\n--------------------\nThese code examples use an [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher with a 256-bit \nkey in [Galois Counter Mode](https://en.wikipedia.org/wiki/Galois/Counter_Mode) (GCM).  The C code examples use the \nmbedTLS library, while the Python examples use the cryptography module.\n\n* aes_gcm.c\n    * Simple self-contained C code example of using AES-256 in Galois Counter Mode (GCM) using hard-coded everything\n* aes_gcm_cryptography.py\n    * Simple self-contained Python code example identical to the above\n* aesgcm_file.c\n    * C code example of file-based AES-256 GCM, works with aesgcm_file.py\n    * Takes arguments on command line and produces output to file\n* aesgcm_file.py\n    * Python code example of file-based AES-256 GCM, works with aesgcm_file.c\n\nThe following example uses the PyNaCl wrapper around libsodium along with the **SecretBox** authenticated\nencryption API.\n* nacl_symmetric_gen.py\n    * Generates a random 256-bit (32-byte) secret symmetric key and saves it to a file\n    * Then uses it to encrypt a fixed message and verify that it can decrypt it and get the same message\n    \nKey Exchange\n------------\nThese code examples use an Elliptic-curve Diffie-Hellman [ECDH](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie–Hellman)\nkey agreement protocol to establish a shared secret over an insecure channel.  The C code examples use the mbedTLS \nlibrary, while the Python examples use the cryptography module.\n\n* ecdh.c\n    * Elliptic Curve Diffie-Hellman key exchange C code example\n* ecdh.py\n    * Elliptic Curve Diffie-Hellman key exchange Python code example\n    \nKey Derivation\n--------------\nThese code examples demonstrate how to use a Key Derivation Function [KDF](https://en.wikipedia.org/wiki/Key_derivation_function)\nto derive one or more shared keys from a shared secret.\n\n* kdf.c\n    * Key Derivation Function (KDF) C code example\n* kdf.py\n    * Key Derivation Function (KDF) Python code example\n    \nDigital Signatures\n------------------\nThese examples use the PyNaCl wrapper around libsodium to support public-key digital signatures using the Ed25519 algorithm.\n\n* nacl_genkey.py\n    * Generates a random ed25519 SigningKey/VerifyingKey key pair for use with a digital signature system \n* nacl_sign.py\n    * Uses PyNaCl to sign a message using ed25519 digital signature algorithm\n* nacl_verify.py\n    * Uses PyNaCl  to verify an ed25519 signature for a given message\n\nThese examples use RSA-PSS digital signatures.  The C code examples use the mbedTLS library, while the Python examples \nuse the cryptography module.\n* rsa_signature.c\n    * RSA Signature C code example\n* rsa_signature.py\n    * RSA Signature Python code example\n\n\nBuilding\n========\n\nlibsodium C examples\n--------------------\n\nThe [libsodium](https://download.libsodium.org/doc/) C code examples are all in the **sodium** directory and can be \nbuilt using the [Cmake](https://cmake.org) cross-platform build tool along with your platform default C compiler\ninstalled on Windows, macOS, or Linux.\n\nThe first stage of building is the same on all platforms:\n\n```bash\ncd sodium\nrm -rf build\nmkdir build\ncd build\ncmake ..\n```\n\nThe second stage of building is platform dependent and will create the following executable files:\n\n* hello_sodium\n* nacl_keygen\n* nacl_sign\n* nacl_verify\n* symmetric_decrypt\n* symmetric_encrypt\n* symmetric_keygen\n* test_ed25519\n* test_pynacl_compatibility\n\n### Linux or macOS\n```bash\nmake\n```\n\nThis produces the  executable files directly in the **build** directory.\n\n### Windows\n```bash\ndevenv hello_sodium.sln /build Debug\n```\nThis creates the executable files under the **build\\Debug** directory.\n\nPython examples\n---------------\n\nThe Python examples are located in the root directory and should work with Python 3.4 or newer.  The Python examples \nrequire a mix of the following Python packages:\n\n* [cryptography](https://cryptography.io/en/latest/) - high-level wrapper around [OpenSSL](https://www.openssl.org)\n* [pynacl](https://pynacl.readthedocs.io/en/stable/) - Python binding to [libsodium](https://libsodium.org)\n* [colorama](https://github.com/tartley/colorama) - cross-platform colored terminal text\n\nThe required dependencies can easily be installed using [Pipenv](https://github.com/pypa/pipenv):\n```shell script\npipenv install\n```\n\nThen a shell using the underlying virtual environment can be entered with:\n```shell script\npipenv shell\n```\n\nInside that Pipenv shell, any of the examples can be ran directly. e.g.:\n```shell script\npython ./aes_gcm_cryptography.py\n```\n\nThe Python examples are intended to interoperate with either the libsodium or mbedTLS C code examples.  Thus encryption\nor signing can be done in C and decryption or verifying can be done in Python or vice versa.\n\nmbedtls C examples\n------------------\nThe [mbedTLS](https://github.com/ARMmbed/mbedtls) C code examples are located in the root directory and build mbedTLS\nfrom source from the **mbedtls** directory.\n\nBuild requires CMake and platform default C compiler installed and works on both Windows, macOS, and Linux.\n\nThe first stage of building is the same on all platforms:\n\n```bash\nrm -rf build\nmkdir build\ncd build\ncmake ..\n```\n\nThe second stage of building is platform dependent ...\n\n### Linux or macOS\n```bash\nmake\n```\n\nThis produces the following executable files directly in the **build** directory:\n\n* aes_gcm\n* aesgcm_file\n* ecdh\n* kdf\n* rsa_signature\n\n### Windows\n```bash\ndevenv mbed_AES.sln /build Debug\n```\nThis creates the following executable files under the **build\\Debug** directory:\n\n* aes_gcm.exe\n* aesgcm_file.exe\n* ecdh.exe\n* kdf.exe\n* rsa_signature.exe\n\n\nWhere to learn more about cryptography\n======================================\n\nBooks\n-----\n\n* [Cryptography Engineering](https://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246)\nby Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno\n    * Extremely well written and easy to understand\n    * Focuses on the practical aspects that often result in weak crypto when used incorrectly\n    * Discusses how to build an entire cryptographic system from the ground up\n* [Understanding Cryptography](https://www.amazon.com/Understanding-Cryptography-Textbook-Students-Practitioners/dp/3642041000)\nby Christof Paar, Jan Pelzl, and Bart Preneel\n    * Amazing book which makes it relatively easy to teach yourself cryptography\n    * [Website](http://www.crypto-textbook.com)\n    * YouTube lecture [videos](https://www.youtube.com/watch?v=2aHkqB2-46k\u0026list=PL6N5qY2nvvJE8X75VkXglSrVhLv1tVcfy)\n    * [Solutions](http://wiki.crypto.rub.de/Buch/en/download/Understanding_Cryptography_Odd_Solutions.pdf) Manual,\n    Lecture [Slides](http://wiki.crypto.rub.de/Buch/en/slides.php)\n    \nOnline Courses    \n--------------\n\n* [Cryptography I](https://www.coursera.org/learn/crypto)\n    * Taught by Stanford University professor Dan Boneh\n    * Available for free on Coursera\n* [Applied Cryptography](https://www.udacity.com/course/applied-cryptography--cs387)\n    * Taught by University of Virginia professor Dave Evans\n    * Available for free on Udacity\n    \n   \nPresentation\n------------\nThis repository includes the following basic intro presentation:\n* [Practical Cryptography Engineering](https://github.com/tleonhardt/practical_cryptography_engineering/blob/master/Practical_Cryptography_Engineering.pdf)\n    \n    \nDisclaimer\n==========\nI am not an expert in cryptography.  I am just a software developer who wanted to learn more about how to use \ncryptography effectively.  If anyone looking at this **is** an expert in cryptography and happens to notice any \nweaknesses, inaccuracies, or mistakes and/or has constructive feedback for how to improve the examples then Pull \nRequests or Issues would be sincerely appreciated.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftleonhardt%2Fpractical_cryptography_engineering","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftleonhardt%2Fpractical_cryptography_engineering","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftleonhardt%2Fpractical_cryptography_engineering/lists"}