python-pycryptodomex 3.11.0 Low-level cryptographic Python library

PyCryptodome is a self-contained Python package of low-level cryptographic primitives. It's not a wrapper to a separate C library like OpenSSL. To the largest possible extent, algorithms are implemented in pure Python. Only the pieces that are extremely critical to performance (e.g., block ciphers) are implemented as C extensions.

You are expected to have a solid understanding of cryptography and security engineering to successfully use these primitives. You must also be able to recognize that some are obsolete (e.g., TDES) or even insecure (RC4).

It provides many enhancements over the last release of PyCrypto (2.6.1):

  • Authenticated encryption modes (GCM, CCM, EAX, SIV, OCB)

  • Accelerated AES on Intel platforms via AES-NI

  • First-class support for PyPy

  • Elliptic curves cryptography (NIST P-256 curve only)

  • Better and more compact API (nonce and iv attributes for ciphers, automatic generation of random nonces and IVs, simplified CTR cipher mode, and more)

  • SHA-3 (including SHAKE XOFs) and BLAKE2 hash algorithms

  • Salsa20 and ChaCha20 stream ciphers

  • scrypt and HKDF

  • Deterministic (EC)DSA

  • Password-protected PKCS#8 key containers

  • Shamir’s Secret Sharing scheme

  • Random numbers get sourced directly from the OS (and not from a CSPRNG in userspace)

  • Cleaner RSA and DSA key generation (largely based on FIPS 186-4)

  • Major clean-ups and simplification of the code base

PyCryptodomex is the stand-alone version of PyCryptodome that no longer provides drop-in compatibility with PyCrypto.