This document summarizes the state of cryptography libraries for Python. It discusses how the cryptography library was created to address limitations in existing Python crypto libraries like pycrypto and pyopenssl. The cryptography library uses tested, reviewed C backends like OpenSSL but exposes them through Pythonic APIs. It has strong test coverage, many contributors, and is used by downstream projects like PyOpenSSL. Future work may include adding support for X.509 certificates, TLS, and less common algorithms.

1. StateofcryptoinPythonA library created by people who make poor life choices.

2. HowDidWeGetHere
At Rackspace we work on an OpenStack,
key management product named Barbican.
We needed to use crypto.
Cue the 80s working montage

3. WhatDoWeWant
Algorithm support Open Source MAINTAINED & Tested Python Support
Trust

4. WHyc?
All major cryptographic libraries are currently implemented in a low level language,
mostly C or C++.
Reviewed Code
Several C libraries have been sponsored through the review
process for professional crypto review including various
compliances that some customers care about.
Future possibilities
There are some exciting options for future work in the crypto
space with languages like Rust / Go. Unfortunately, these
aren’t usable from Python right now.
Timing / Memory Attacks
These attacks relate to exploiting timing differentials or
securely wiping memory. They are difficult or impossible to
remediate without the low level control exposed by C.
Existing Code
Writing good crypto code is hard. Most existing libraries have
a long history including significant bug-fixing / research.

5. StateofC
OSS
X-Platform
Maintained
Ubiquitous
Std. Algorithms
FIPS
OpenSSL
NSS
NaCl
Botan
CommonCrypto
MS CSP
Libgcrypt
LibreSSL

6. StateOfPython
Backend
Maintained
Python Support
Reviewed
Completeness
m2crypto
openssl
recently active
pypy with patch, no py3
no
openssl swig
pycrypto
bespoke*
yes
no pypy
no
no AEAD (without alpha)
pyopenssl
openssl*
yes
yes (with crypto)
no
Thin openssl bindings
python-nss
NSS
low
unknown
no
exposes some of NSS
botan
botan
yes
py3, maybe pypy
no
exposes most of botan
Most of these libraries require / assume the user understands how to use the underlying C library
correctly.

7. a new crypto library for Python
• Support for PyPy and
Python 3
• Large, active team
• Encourages use of strong,
secure algorithms
• “Cryptography for humans”,
APIs
• Support for modern
algorithms such as AES-
GCM and HKDF
• Improved debug-ability and
testability
• Sane, secure API design
(where possible)
cryptography
Grandiose Vision:
A cryptographic standard library for Python.

8. Python Cryptographic Authority
• PyNaCl – Python bindings for the NaCL library
• cryptography – Python library to expose
cryptographic constructs
• service_identity – Service identity (hostname
verification) for PyOpenSSL.
• PyOpenSSL – Python bindings for OpenSSL
• bcrypt – Python wrapper for bcrypt library
• ed25519 – Pure Python implementation of one elliptic
curve signature schemeLogo courtesy of GitHub’s auto-
generation.
PYCA

9. TheStructure
Bindings
Hazmat
Recipes

10. Backends
OpenSSL
Our primary (and only guaranteed) backend. We don’t
currently package OpenSSL to allow for flexibility for package
maintainers.
Common Crypto
Available on OS X and iOS, this is the preferred backend on
OS X. Apple has decided not to ship newer version of
OpenSSL, leaving developers with a old version lacking
modern algorithms.
Cryptography is designed around the concept of backends. Each backend implements a set of defined
interfaces. This allows us to implement a backend for each C library and exchange them transparently.
MULTIBACKEND
This meta-backend allows composition and prioritization of
multiple backends. This creates a superset of operations in
Python, isolating the developer from variations in C libraries.
Moar!
Any C backend can be included. We have spoken with many
of the C library maintainers about writing a backend for
cryptography.

11. Tests per run
Testify
73,813
575+ Million tests per week
78 Runs per build
5,757,414 Tests per build
15 Builds per day
45 Documentation runs per day

12. Alex Gaynor (Alex_gaynor) Paul Kehrer (reaperhulk) David Reid (dreid) Alex Stapleton (alexs)
ourPeople
5+ Commit Club
aryx, skeuomorf, lvh, dstufft, cyli, exarkun, hynek, ashfall, juliankrause, wallrj, lvoz, phibos, chrisglass
+ 22 more contributors

13. currentSupport
Symmetric
Currently support a variety of common ciphers such as AES,
Camellia, 3DES, CAST5, etc. Most non-patent encumbered
block cipher modes are also supported.
hashing
Support for common hashing algorithm like SHA1 / SHA2,
RIPEMD160, Whirlpool and MD5, including HMAC support
for all supported hashes. Support for KDFs and TOTP.
Asymmetric Support
Supports RSA, DSA and elliptic curve for signing, verification,
encryption and decryption (for RSA). PKCS #1 and #8 key
loading done now.
fernet
A high level recipe designed to provide easy to use
authenticated encryption.
Tl;dr Authenticated Encryption at rest, Public key signatures & encryption,
Hashing, HMAC, Key derivation, two-factor (OTP)

14. DownstreamConsumers
PyOpenssl
Current based on cryptography. Pure python
package, gained support for PyPy and Py3
Pycrypto
Currently in prototype / investigation phase.
Paramiko
Work in progress PR for rebasing.
Conch
Interest expressed in switching. Someone
interested in writing a patch?0
50000
100000
150000
200000
250000
300000
350000
400000
450000
0.1 0.2 0.3 0.4 0.5
Cryptography PyPI download counts

15. DualLicensing
Project Licensing
Cryptography is licensed using Apache 2
and two-clause BSD (in-progress).
Backend Licensing
Set by the backend author, can
accommodate any license structure.
• Van Lindberg
• Chairman of the Python
Software Foundation
• Wrote “Intellectual Property and
Open Source”
• Rackspace IP Head Honcho
if you don’t like it, blame van

16. LetsReview
Algorithm support Open Source MAINTAINED & Tested Python Support
Multi-Backend
& Openssl
Apache 2 &
BSD
575+ Million Tests
40+ contributors
2.6, 2.7, 3.2, 3.3, 3.4,
& pypy

17. FutureWork
X509
Support for parsing all extension and object types defined in
RFC3280 and RFC5280.
TLS
TLS 1.2 support, modern cipher suites, stripe open source
grant winner working on TLS for cryptography.
Less Common Primitives
Chacha20, Salsa20, non-NIST elliptic curves.
Multiple backend support
Allows for backends to live in separate packages and be
used by cryptography at runtime.
Github
github.com/pyca/cryptography
Website
cryptography.io
Install
pip install cryptography

18. ~ fin ~