jenc/Markor decrypt/encrypt library
https://github.com/clach04/jenc-py
IMPORTANT before using the optionally encryption features, ensure that it is legal in your country to use the specific encryption ciphers. Some countries have also have restrictions on import, export, and usage see http://www.cryptolaw.org/cls-sum.htm
The aim is to have a pure python (with crypto dependencies) library that is able to read/write .jenc files as used by Markor which uses the jenc format decrypt/encrypt Java library.
Table of contents generated with markdown-toc
pip install jenc
Picking up the latest version
pip uninstall jenc; python -m pip install --upgrade git+https://github.com/clach04/jenc.git
# pip uninstall jenc
# python -m pip install -r requirements.txt
# TODO requirements_optional.txt
python -m pip install -e .
python -m jenc.tests.testsuite
python -m jenc.tests.testsuite -v
Help:
Usage: [options] in_filename
Command line tool to encrypt/decrypt; .jenc / Markor / jpencconverter files
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-o FILE, --output=FILE
write output to FILE
-d, --decrypt decrypt in_filename
-e, --encrypt encrypt in_filename
-E ENVVAR, --envvar=ENVVAR
Name of environment variable to get password from
(defaults to JENC_PASSWORD) - unsafe
-p PASSWORD, --password=PASSWORD
password, if omitted but OS env JENC_PASSWORD is set
use that, if missing prompt - unsafe
-P PASSWORD_FILE, --password_file=PASSWORD_FILE
file name where password is to be read from, trailing
blanks are ignored
-j JENC_VERSION, --jenc-version=JENC_VERSION, --jenc_version=JENC_VERSION
jenc version to use, case sensitive
-v, --verbose
-s, --silent if specified do not warn about stdin using
To stdout
# Test V001 file from jpencconverter
python -m jenc -p geheim jenc\tests\data\Test3.md.jenc
To a file named output.txt
python -m jenc -p geheim jenc\tests\data\Test3.md.jenc -o output.txt
Encrypt stdin, into output.txt.jenc
echo hello| python -m jenc --encrypt -p geheim - -o output.txt.jenc
echo hello| python -m jenc -e -p geheim - -o output.txt.jenc
Test jenc file https://github.com/opensource21/jpencconverter/blob/master/src/test/encrypted/Test3.md.jenc
Test password geheim
from https://github.com/opensource21/jpencconverter/blob/master/src/test/resources/application.properties
import jenc
password = 'geheim' # same password used in demos for Java version https://github.com/opensource21/jpencconverter/tree/master/src/test/encrypted
encrypted_bytes = jenc.encrypt(password, b"Hello World")
plaintext_bytes = jenc.decrypt(password, encrypted_bytes)
There are multiple versions V001 (and the old U001).
TL;DR AES-256-GCM (No Padding), using KDF pbkdf2-hmac-sha512 with 10000 iterations.
File format:
- 4 bytes - define the version.
- nonce bytes - bytes as nonce for cipher depends. The length depends on the version. 32-bytes for latest version.
- salt bytes - bytes to salt the password. The length depends on the version. 64-bytes for latest version.
- content bytes - the encrypted content-bytes.
From the original Java code for jpencconverter it appears that strings are converted to/from UTF-8 (i.e. passwords and plaintext).
From Python code:
# note CamelCase to match https://github.com/opensource21/jpencconverter/blob/f65b630ea190e597ff138d9c1ffa9409bb4d56f7/src/main/java/de/stanetz/jpencconverter/cryption/JavaPasswordbasedCryption.java#L229
'keyFactory': 'PBKDF2WithHmacSHA512',
'keyIterationCount': 10000, # this is probably too small/few in 2024
'keyLength': 256,
'keyAlgorithm': 'AES',
'keySaltLength': 64, # in bytes
'cipher': 'AES/GCM/NoPadding',
'nonceLenth': 32, # nonceLenth (sic.) == Nonce Length, i.e. IV length # in bytes
From Python code:
'U001': { # NOTE Deprecated, i.e. not recommended
'keyFactory': JENC_PBKDF2WithHmacSHA1,
'keyIterationCount': 10000, # this is probably too small/few in 2024
'keyLength': 256,
'keyAlgorithm': 'AES',
'keySaltLength': 64, # in bytes
'cipher': JENC_AES_GCM_NoPadding,
'nonceLenth': 32, # nonceLenth (sic.) == Nonce Length, i.e. IV length # in bytes