envelope_crypto

3 Commits 1 Branch 4 Tags 97 KiB

Author	SHA1	Message	Date
disqualifier	313b0c7d56	fix: forward password to private-key fingerprinting (v0.1.1) get_rsa_key_fingerprint(is_private=True) called load_pem_private_key(password=None), so an encrypted private key raised a raw TypeError. add an optional password param forwarded to the load; unencrypted keys ignore it. verified: encrypted private key fingerprints with its password and matches the public key's fingerprint; missing password still raises. Signed-off-by: disqualifier <dev@disqualifier.me>	2026-06-28 15:53:04 -04:00
disqualifier	659aa7849d	add package: pyproject + src EnvelopeCrypto: hybrid envelope encryption for dict records — a random AES-256-GCM data key (DEK) encrypts the data, wrapped per-system via RSA-OAEP (SHA-256) for distribution. config-free (DEK + key paths injected), storage-agnostic, object-only. covers bootstrap/self_test, authorize/deauthorize, rotate + reencrypt, and record-level decrypt. src/ layout, hatchling build, cryptography backend. Signed-off-by: disqualifier <dev@disqualifier.me>	2026-06-24 21:36:43 -04:00
disqualifier	0b708cdf9a	init: envelope encryption (RSA-OAEP + AES-256-GCM) for dict records Signed-off-by: disqualifier <dev@disqualifier.me>	2026-06-24 21:25:27 -04:00

Author

SHA1

Message

Date

disqualifier

313b0c7d56

fix: forward password to private-key fingerprinting (v0.1.1)

get_rsa_key_fingerprint(is_private=True) called load_pem_private_key(password=None),
so an encrypted private key raised a raw TypeError. add an optional password param
forwarded to the load; unencrypted keys ignore it.

verified: encrypted private key fingerprints with its password and matches the
public key's fingerprint; missing password still raises.

Signed-off-by: disqualifier <dev@disqualifier.me>

2026-06-28 15:53:04 -04:00

disqualifier

659aa7849d

add package: pyproject + src

EnvelopeCrypto: hybrid envelope encryption for dict records — a random
AES-256-GCM data key (DEK) encrypts the data, wrapped per-system via
RSA-OAEP (SHA-256) for distribution. config-free (DEK + key paths
injected), storage-agnostic, object-only. covers bootstrap/self_test,
authorize/deauthorize, rotate + reencrypt, and record-level decrypt.
src/ layout, hatchling build, cryptography backend.

Signed-off-by: disqualifier <dev@disqualifier.me>

2026-06-24 21:36:43 -04:00

disqualifier

0b708cdf9a

init: envelope encryption (RSA-OAEP + AES-256-GCM) for dict records

Signed-off-by: disqualifier <dev@disqualifier.me>

2026-06-24 21:25:27 -04:00