rethink-public/envelope_crypto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4 Commits 1 Branch 4 Tags 97 KiB
v0.1.1
Commit Graph

4 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
disqualifier
16205e810a fix: deepcopy in reencrypt/decrypt_record so input is not mutated 
both used record.copy() (shallow), leaving unencrypted mutable fields shared between the input and the returned dict, violating the documented 'input is not mutated' contract. switched to copy.deepcopy.

Signed-off-by: disqualifier <dev@disqualifier.me>
 2026-06-28 17:18:28 -04:00
disqualifier
313b0c7d56 fix: forward password to private-key fingerprinting (v0.1.1) 
get_rsa_key_fingerprint(is_private=True) called load_pem_private_key(password=None),
so an encrypted private key raised a raw TypeError. add an optional password param
forwarded to the load; unencrypted keys ignore it.

verified: encrypted private key fingerprints with its password and matches the
public key's fingerprint; missing password still raises.

Signed-off-by: disqualifier <dev@disqualifier.me>
 2026-06-28 15:53:04 -04:00
disqualifier
659aa7849d add package: pyproject + src 
EnvelopeCrypto: hybrid envelope encryption for dict records — a random
AES-256-GCM data key (DEK) encrypts the data, wrapped per-system via
RSA-OAEP (SHA-256) for distribution. config-free (DEK + key paths
injected), storage-agnostic, object-only. covers bootstrap/self_test,
authorize/deauthorize, rotate + reencrypt, and record-level decrypt.
src/ layout, hatchling build, cryptography backend.

Signed-off-by: disqualifier <dev@disqualifier.me>
 2026-06-24 21:36:43 -04:00
disqualifier
0b708cdf9a init: envelope encryption (RSA-OAEP + AES-256-GCM) for dict records 
Signed-off-by: disqualifier <dev@disqualifier.me>
 2026-06-24 21:25:27 -04:00