ChaCha Class

Properties   Methods   Events   Config Settings   Errors  

The ChaCha class can be used to encrypt and decrypt data with the ChaCha20 algorithm.

Syntax

class ipworksencrypt.ChaCha

Remarks

The class implements ChaCha20 as defined in RFC 7539. This may be used to both encrypt and decrypt data. The class also support Authenticated Encryption with Additional Data (AEAD) via AEAD_CHACHA20_POLY1305. To enable the use of AEAD set use_aead to True.

Data may be encrypted and decrypted in its entirety by calling encrypt and decrypt or chunk by chunk by calling encrypt_block and decrypt_block.

In all operations a key and iv must be used. If iv is not set one is automatically generated. key_password may be set in order to automatically generate both a key and iv when a method is called. The same key_password, or key and iv pair are used on both sides of the operation data can be encrypted and decrypted.

Encrypt Notes

encrypt will encrypt the specified data. The following properties are applicable:

• iv (required)
• key (required)
• use_aead (optional)
• additional_auth_data (optional - applicable if use_aead is True);

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

• input_file
• input_message

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

• output_file
• output_message: The output data is written to this property if no other destination is specified.

Additional Notes

The key property must be set to a 256 bit (32 byte) value. This is the only allowed value for ChaCha20. If key_password is set both key and iv will be automatically generated when encrypt is called.

The iv should typically be set to a 96 bit (12 byte) value. See the iv property for details on using a 64 bit (8 byte) value. If iv is not set a 96 bit (12 byte) value will automatically be generated by the class when encrypt is called.

InitialCounter may be set for specific cases where an initial counter of 1 is needed. The default value is 0 and is recommended.

During encryption the on_progress event will fire as data is encrypted.

Encrypt Example

Chacha chacha = new Chacha(); chacha.KeyB = new byte[]{ 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; chacha.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; chacha.InputMessage = "hello chacha!"; chacha.Encrypt(); //chacha.OutputMessageB contains the byte[] of the encrypted data. The above code produces the following encrypted bytes. // {0x35, 0xBA, 0x31, 0x60, 0x02, 0x77, 0x57, 0x06, 0x5F, 0x6E, 0xE0, 0xD4, 0x76}

AEAD Notes

When encrypting and use_aead is True additional_auth_data optionally holds data that is authenticated but not encrypted.

After encrypting the message the auth_tag property will be populated. To include the auth_tag in the output set IncludeAuthTag to True.

Encrypt with AEAD Example

Chacha chacha = new Chacha(); chacha.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; chacha.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; chacha.UseAEAD = true; chacha.AdditionalAuthData = "my auth data."; chacha.InputMessage = "hello chacha!"; chacha.Encrypt(); //chacha.OutputMessageB contains the byte[] of the encrypted data. The above code produces the following encrypted bytes: // {0x67, 0xF5, 0xC7, 0xE4, 0xE6, 0xD6, 0xC2, 0xF4, 0x09, 0xE3, 0x90, 0xF2, 0x65} //chacha.AuthTagB contains the byte[] of the AuthTag. The above code produces the following authentication tag: // {0x46, 0x35, 0xFD, 0x33, 0x30, 0x52, 0xAA, 0x6B, 0xBA, 0x32, 0x16, 0xA6, 0x48, 0x12, 0x52, 0x78}

Encrypt Block Notes

encrypt_block will encrypt the input data and return the encrypted block. The encrypted block will always be the same length as the decrypted data. The following properties are applicable:

• iv (required)
• key (required)

InputBuffer specifies the input data to encrypt.

LastBlock specifies whether the block is the last block. Required when use_aead is True. When LastBlock is True the class will calculate the auth_tag value. If use_aead is False the value of LastBlock is not used.

EncryptBlock Example

Chacha chacha = new Chacha(); chacha.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; chacha.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; chacha.UseAEAD = true; byte[] tempEncryptedBlock; //Encrypt any number of blocks of any size tempEncryptedBlock = chacha.EncryptBlock(part1, false); tempEncryptedBlock = chacha.EncryptBlock(part2, false); //Pass true for the last block tempEncryptedBlock = chacha.EncryptBlock(part3, true); //Save AuthTag for use when decrypting byte[] authTag = chacha.AuthTagB;

Decrypt Notes

decrypt will decrypt the specified data. The following properties are applicable:

• iv (required)
• key (required)
• use_aead (optional)
• auth_tag (conditional - required if use_aead is True)
• additional_auth_data (optional - applicable if use_aead is True);

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

• input_file
• input_message

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

• output_file
• output_message: The output data is written to this property if no other destination is specified.

Additional Notes

The key property must be set to the 256 bit (32 byte) value originally used to encrypt the data. iv must be set to the original IV value used to encrypt the data.

If using a password, key_password must be set to the same key_password used when encrypting the data. This will automatically generate both key and iv when decrypt is called.

InitialCounter may be set for specific cases where an initial counter of 1 is needed. The default value is 0 and is recommended.

During decryption the on_progress event will fire as data is decrypted.

Decrypt Example

Chacha chacha = new Chacha(); chacha.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; chacha.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; chacha.InputMessageB = new byte[] { 0x35, 0xBA, 0x31, 0x60, 0x02, 0x77, 0x57, 0x06, 0x5F, 0x6E, 0xE0, 0xD4, 0x76 }; chacha.Decrypt(); Console.WriteLine(chacha.OutputMessage); //outputs "hello chacha!"

AEAD Notes

When decrypting additional_auth_data must be set to the same value that was specified when encrypting. auth_tag must be set to the auth_tag value produced when encrypting.

Note: IncludeAuthTag may be set to True if the auth_tag value was included in the encrypted message.

Decrypt with AEAD Example

Chacha chacha = new Chacha(); chacha.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; chacha.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; chacha.AuthTagB = new byte[] { 0x46, 0x35, 0xFD, 0x33, 0x30, 0x52, 0xAA, 0x6B, 0xBA, 0x32, 0x16, 0xA6, 0x48, 0x12, 0x52, 0x78 }; chacha.InputMessageB = new byte[] { 0x67, 0xF5, 0xC7, 0xE4, 0xE6, 0xD6, 0xC2, 0xF4, 0x09, 0xE3, 0x90, 0xF2, 0x65 }; chacha.UseAEAD = true; chacha.AdditionalAuthData = "my auth data."; chacha.Decrypt(); Console.WriteLine(chacha.OutputMessage); //outputs "hello chacha!"

Decrypt Block Notes

decrypt_block will decrypt the input data and return the decrypted block. The decrypted block will always be the same length as the encrypted data. The following properties are applicable:

• iv (required)
• key (required)

InputBuffer specifies the input data to decrypt.

LastBlock specifies whether the block is the last block. Required when use_aead is True. When LastBlock is True the class will validate the auth_tag value. If use_aead is False the value of LastBlock is not used.

DecryptBlock Example

Chacha chacha = new Chacha(); chacha.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; chacha.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; chacha.UseAEAD = true; chacha.AuthTagB = authTag; //Value calculated during encryption. byte[] tempDecryptedBlock; //Decrypt any number of blocks of any size tempDecryptedBlock = chacha.DecryptBlock(part1, false); tempDecryptedBlock = chacha.DecryptBlock(part2, false); //Pass true for the last block tempDecryptedBlock = chacha.DecryptBlock(part3, true);

Property List

---

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

Method List

---

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

Event List

---

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

Config Settings

---

The following is a list of config settings for the class with short descriptions. Click on the links for further details.

additional_auth_data Property

Additional Authentication Data (AAD) used when UseAEAD is True.

Syntax

def get_additional_auth_data() -> bytes: ...
def set_additional_auth_data(value: bytes) -> None: ...

additional_auth_data = property(get_additional_auth_data, set_additional_auth_data)

Default Value

""

Remarks

This property specifies data that is authentication but not encrypted. This is only applicable when use_aead is True.

Note that AAD data is authenticated but not encrypted, so it is not included in the output.

auth_tag Property

The authentication tag used when UseAEAD is set to True.

Syntax

def get_auth_tag() -> bytes: ...
def set_auth_tag(value: bytes) -> None: ...

auth_tag = property(get_auth_tag, set_auth_tag)

Default Value

""

Remarks

This property holds the 128 bit authentication tag used when use_aead is set to True. It is only applicable when use_aead is True.

This is populated after calling encrypt. To also include the value in the output set IncludeAuthTag to True.

This must be set before calling decrypt. If the auth tag is included in the encrypted data set IncludeAuthTag to True before calling decrypt.

input_file Property

The file to process.

Syntax

def get_input_file() -> str: ...
def set_input_file(value: str) -> None: ...

input_file = property(get_input_file, set_input_file)

Default Value

""

Remarks

This property specifies the file to be processed. Set this property to the full or relative path to the file which will be processed.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

• input_file
• input_message

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

• output_file
• output_message: The output data is written to this property if no other destination is specified.

input_message Property

The message to process.

Syntax

def get_input_message() -> bytes: ...
def set_input_message(value: bytes) -> None: ...

input_message = property(get_input_message, set_input_message)

Default Value

""

Remarks

This property specifies the message to be processed.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

• input_file
• input_message

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

• output_file
• output_message: The output data is written to this property if no other destination is specified.

iv Property

The initialization vector (IV).

Syntax

def get_iv() -> bytes: ...
def set_iv(value: bytes) -> None: ...

iv = property(get_iv, set_iv)

Default Value

""

Remarks

This property specifies the initialization vector (IV). This is also referred to as the nonce. By default this property is empty and the class will automatically generate a new iv value if key_password or key is set before encrypt or encrypt_block is called.

The size of the IV may be either 96 bits in length (12 bytes) or 64 bits in length (8 bytes).

Compatibility Notes

A 96 bit length value is used for implementations implementing RFC 7539. A 64 bit length value may be used by implementations that follow the original draft of ChaCha. When using a 96 bit length value the maximum file size of data is 256 GB.

If another entity is performing the decryption and it is not known whether it supports 64 bit length values, choose a 96 bit length value by default. This follows the RFC and should be the most widely implemented value.

The class supports both lengths.

Note: If key is specified but iv is not, an iv will be automatically generated. To control the length of the iv that is generated set IVLength.

key Property

The secret key for the symmetric algorithm.

Syntax

def get_key() -> bytes: ...
def set_key(value: bytes) -> None: ...

key = property(get_key, set_key)

Default Value

""

Remarks

This secret key is used both for encryption and decryption. The secret key should be known only to the sender and the receiver. This key must be 256 bits in length (32 bytes).

If this property is left empty and key_password is specified, a key value will be generated by the class as necessary.

key_password Property

A password to generate the Key and IV .

Syntax

def get_key_password() -> str: ...
def set_key_password(value: str) -> None: ...

key_password = property(get_key_password, set_key_password)

Default Value

""

Remarks

When this property is set the class will calculate values for key and iv using the PKCS5 password digest algorithm. This provides a simpler alternative to creating and managing key and iv values directly.

output_file Property

The output file when encrypting or decrypting.

Syntax

def get_output_file() -> str: ...
def set_output_file(value: str) -> None: ...

output_file = property(get_output_file, set_output_file)

Default Value

""

Remarks

This property specifies the file to which the output will be written when encrypt or decrypt is called. This may be set to an absolute or relative path.

This property is only applicable to encrypt and decrypt.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

• input_file
• input_message

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

• output_file
• output_message: The output data is written to this property if no other destination is specified.

output_message Property

The output message after processing.

Syntax

def get_output_message() -> bytes: ...

output_message = property(get_output_message, None)

Default Value

""

Remarks

This property will be populated with the output from the operation if output_file is not set.

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

• input_file
• input_message

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

• output_file
• output_message: The output data is written to this property if no other destination is specified.

This property is read-only.

overwrite Property

Indicates whether or not the class should overwrite files.

Syntax

def get_overwrite() -> bool: ...
def set_overwrite(value: bool) -> None: ...

overwrite = property(get_overwrite, set_overwrite)

Default Value

FALSE

Remarks

This property indicates whether or not the class will overwrite output_file. If overwrite is False, an error will be thrown whenever output_file exists before an operation. The default value is False.

use_aead Property

Whether to use AEAD (Authenticated Encryption with Additional Data).

Syntax

def get_use_aead() -> bool: ...
def set_use_aead(value: bool) -> None: ...

use_aead = property(get_use_aead, set_use_aead)

Default Value

FALSE

Remarks

If this property is set to True the class uses the algorithm AEAD_CHACHA20_POLY1305 as defined in RFC 7539 to construct a message using AEAD. See encrypt and decrypt for details.

use_hex Property

Whether input or output is hex encoded.

Syntax

def get_use_hex() -> bool: ...
def set_use_hex(value: bool) -> None: ...

use_hex = property(get_use_hex, set_use_hex)

Default Value

FALSE

Remarks

This property specifies whether the encrypted data is hex encoded.

If set to True, when encrypt is called the class will perform the encryption as normal and then hex encode the output. output_message or output_file will hold hex encoded data.

If set to True, when decrypt is called the class will expect input_message or input_file to hold hex encoded data. The class will then hex decode the data and perform decryption as normal.

AEAD Notes

When use_aead is set to True this property also applies to auth_tag. After calling encrypt auth_tag will hold a hex encoded value. Before calling decrypt auth_tag must be set to a hex encoded value.

config Method

Sets or retrieves a configuration setting.

Syntax

def config(configuration_string: str) -> str: ...

Remarks

config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

decrypt Method

Decrypts the data.

Syntax

def decrypt() -> None: ...

Remarks

decrypt will decrypt the specified data. The following properties are applicable:

• iv (required)
• key (required)
• use_aead (optional)
• auth_tag (conditional - required if use_aead is True)
• additional_auth_data (optional - applicable if use_aead is True);

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

• input_file
• input_message

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

• output_file
• output_message: The output data is written to this property if no other destination is specified.

Additional Notes

The key property must be set to the 256 bit (32 byte) value originally used to encrypt the data. iv must be set to the original IV value used to encrypt the data.

If using a password, key_password must be set to the same key_password used when encrypting the data. This will automatically generate both key and iv when decrypt is called.

InitialCounter may be set for specific cases where an initial counter of 1 is needed. The default value is 0 and is recommended.

During decryption the on_progress event will fire as data is decrypted.

Decrypt Example

Chacha chacha = new Chacha(); chacha.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; chacha.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; chacha.InputMessageB = new byte[] { 0x35, 0xBA, 0x31, 0x60, 0x02, 0x77, 0x57, 0x06, 0x5F, 0x6E, 0xE0, 0xD4, 0x76 }; chacha.Decrypt(); Console.WriteLine(chacha.OutputMessage); //outputs "hello chacha!"

AEAD Notes

When decrypting additional_auth_data must be set to the same value that was specified when encrypting. auth_tag must be set to the auth_tag value produced when encrypting.

Note: IncludeAuthTag may be set to True if the auth_tag value was included in the encrypted message.

Decrypt with AEAD Example

Chacha chacha = new Chacha(); chacha.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; chacha.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; chacha.AuthTagB = new byte[] { 0x46, 0x35, 0xFD, 0x33, 0x30, 0x52, 0xAA, 0x6B, 0xBA, 0x32, 0x16, 0xA6, 0x48, 0x12, 0x52, 0x78 }; chacha.InputMessageB = new byte[] { 0x67, 0xF5, 0xC7, 0xE4, 0xE6, 0xD6, 0xC2, 0xF4, 0x09, 0xE3, 0x90, 0xF2, 0x65 }; chacha.UseAEAD = true; chacha.AdditionalAuthData = "my auth data."; chacha.Decrypt(); Console.WriteLine(chacha.OutputMessage); //outputs "hello chacha!"

decrypt_block Method

Decrypts a block and returns the decrypted data.

Syntax

def decrypt_block(input_buffer: bytes, last_block: bool) -> bytes: ...

Remarks

decrypt_block will decrypt the input data and return the decrypted block. The decrypted block will always be the same length as the encrypted data. The following properties are applicable:

• iv (required)
• key (required)

InputBuffer specifies the input data to decrypt.

LastBlock specifies whether the block is the last block. Required when use_aead is True. When LastBlock is True the class will validate the auth_tag value. If use_aead is False the value of LastBlock is not used.

DecryptBlock Example

Chacha chacha = new Chacha(); chacha.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; chacha.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; chacha.UseAEAD = true; chacha.AuthTagB = authTag; //Value calculated during encryption. byte[] tempDecryptedBlock; //Decrypt any number of blocks of any size tempDecryptedBlock = chacha.DecryptBlock(part1, false); tempDecryptedBlock = chacha.DecryptBlock(part2, false); //Pass true for the last block tempDecryptedBlock = chacha.DecryptBlock(part3, true);

encrypt Method

Encrypts the data.

Syntax

def encrypt() -> None: ...

Remarks

encrypt will encrypt the specified data. The following properties are applicable:

• iv (required)
• key (required)
• use_aead (optional)
• additional_auth_data (optional - applicable if use_aead is True);

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

• input_file
• input_message

When a valid source is found, the search stops. The order in which the output properties are checked is as follows:

• output_file
• output_message: The output data is written to this property if no other destination is specified.

Additional Notes

The key property must be set to a 256 bit (32 byte) value. This is the only allowed value for ChaCha20. If key_password is set both key and iv will be automatically generated when encrypt is called.

The iv should typically be set to a 96 bit (12 byte) value. See the iv property for details on using a 64 bit (8 byte) value. If iv is not set a 96 bit (12 byte) value will automatically be generated by the class when encrypt is called.

InitialCounter may be set for specific cases where an initial counter of 1 is needed. The default value is 0 and is recommended.

During encryption the on_progress event will fire as data is encrypted.

Encrypt Example

Chacha chacha = new Chacha(); chacha.KeyB = new byte[]{ 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; chacha.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; chacha.InputMessage = "hello chacha!"; chacha.Encrypt(); //chacha.OutputMessageB contains the byte[] of the encrypted data. The above code produces the following encrypted bytes. // {0x35, 0xBA, 0x31, 0x60, 0x02, 0x77, 0x57, 0x06, 0x5F, 0x6E, 0xE0, 0xD4, 0x76}

AEAD Notes

When encrypting and use_aead is True additional_auth_data optionally holds data that is authenticated but not encrypted.

After encrypting the message the auth_tag property will be populated. To include the auth_tag in the output set IncludeAuthTag to True.

Encrypt with AEAD Example

Chacha chacha = new Chacha(); chacha.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; chacha.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; chacha.UseAEAD = true; chacha.AdditionalAuthData = "my auth data."; chacha.InputMessage = "hello chacha!"; chacha.Encrypt(); //chacha.OutputMessageB contains the byte[] of the encrypted data. The above code produces the following encrypted bytes: // {0x67, 0xF5, 0xC7, 0xE4, 0xE6, 0xD6, 0xC2, 0xF4, 0x09, 0xE3, 0x90, 0xF2, 0x65} //chacha.AuthTagB contains the byte[] of the AuthTag. The above code produces the following authentication tag: // {0x46, 0x35, 0xFD, 0x33, 0x30, 0x52, 0xAA, 0x6B, 0xBA, 0x32, 0x16, 0xA6, 0x48, 0x12, 0x52, 0x78}

encrypt_block Method

Encrypts data and returns the encrypted block.

Syntax

def encrypt_block(input_buffer: bytes, last_block: bool) -> bytes: ...

Remarks

encrypt_block will encrypt the input data and return the encrypted block. The encrypted block will always be the same length as the decrypted data. The following properties are applicable:

• iv (required)
• key (required)

InputBuffer specifies the input data to encrypt.

LastBlock specifies whether the block is the last block. Required when use_aead is True. When LastBlock is True the class will calculate the auth_tag value. If use_aead is False the value of LastBlock is not used.

EncryptBlock Example

Chacha chacha = new Chacha(); chacha.KeyB = new byte[] { 0xBB, 0x76, 0x17, 0xC9, 0x05, 0x73, 0x4A, 0x8D, 0x59, 0x9D, 0x7B, 0x0D, 0x86, 0x2A, 0x03, 0x82, 0x50, 0x6A, 0x70, 0xFB, 0xA8, 0x56, 0x47, 0x1B, 0x1E, 0x68, 0x0B, 0x2B, 0x34, 0x18, 0x0F, 0xE2 }; chacha.IVB = new byte[] { 0x0D, 0xE4, 0x43, 0x40, 0x29, 0xAD, 0x70, 0x7D, 0x7B, 0x32, 0xB5, 0xC7 }; chacha.UseAEAD = true; byte[] tempEncryptedBlock; //Encrypt any number of blocks of any size tempEncryptedBlock = chacha.EncryptBlock(part1, false); tempEncryptedBlock = chacha.EncryptBlock(part2, false); //Pass true for the last block tempEncryptedBlock = chacha.EncryptBlock(part3, true); //Save AuthTag for use when decrypting byte[] authTag = chacha.AuthTagB;

reset Method

Resets the class.

Syntax

def reset() -> None: ...

Remarks

When called, the class will reset all of its properties to their default values.

on_error Event

Fired when information is available about errors during data delivery.

Syntax

class ChaChaErrorEventParams(object):
  @property
  def error_code() -> int: ...

  @property
  def description() -> str: ...

# In class ChaCha:
@property
def on_error() -> Callable[[ChaChaErrorEventParams], None]: ...
@on_error.setter
def on_error(event_hook: Callable[[ChaChaErrorEventParams], None]) -> None: ...

Remarks

The on_error event is fired in case of exceptional conditions during message processing. Normally the class fails with an error.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

on_progress Event

Fired as progress is made.

Syntax

class ChaChaProgressEventParams(object):
  @property
  def bytes_processed() -> int: ...

  @property
  def percent_processed() -> int: ...

# In class ChaCha:
@property
def on_progress() -> Callable[[ChaChaProgressEventParams], None]: ...
@on_progress.setter
def on_progress(event_hook: Callable[[ChaChaProgressEventParams], None]) -> None: ...

Remarks

This event is fired automatically as data is processed by the class.

The PercentProcessed parameter indicates the current status of the operation.

The BytesProcessed parameter holds the total number of bytes processed so far.

ChaCha Config Settings

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.

ChaCha Config Settings

Base Config Settings

ChaCha Errors

ChaCha Errors