mbedtls.cipher Package API

The cipher package provide symmetric encryption and decryption.

The API follows the recommendations from PEP 272 “API for Block Encryption Algorithms”

class mbedtls.cipher.Mode

An enumeration.

CBC = 2
CCM = 8
CFB = 3
CHACHAPOLY = 10
CTR = 5
ECB = 1
GCM = 6
OFB = 4
STREAM = 7
XTS = 9
mbedtls.cipher.MODE_ECB
mbedtls.cipher.MODE_CBC
mbedtls.cipher.MODE_CFB
mbedtls.cipher.MODE_CTR
mbedtls.cipher.MODE_GCM
mbedtls.cipher.MODE_CCM

mbedtls.cipher.AES Module

Advanced Encryption Standard (AES) cipher established by the U.S. NIST in 2001.

mbedtls.cipher.AES.new(key, mode, iv=None, ad=None)[source]

Return a Cipher object that can perform AES encryption and decryption.

Advanced Encryption Standard (AES) cipher established by the U.S. NIST in 2001.

Parameters
  • key (bytes or None) – The key to encrypt decrypt. If None, encryption and decryption are unavailable.

  • mode (int) – The mode of operation of the cipher.

  • iv (bytes or None) – The initialization vector (IV). The IV is required for every mode but ECB and CTR where it is ignored. If not set, the IV is initialized to all 0, which should not be used for encryption.

mbedtls.cipher.AES.block_size = 16

Block size in bytes.

mbedtls.cipher.AES.key_size = None

Key size in bytes.

mbedtls.cipher.ARC4 Module

Alleged River Cipher 4 cipher (ARC4 or ARCFOUR) designed in 1987 at RSA Security.

mbedtls.cipher.ARC4.new(key, mode=None, iv=None)[source]

Return a Cipher object that can perform ARC4 encryption and decryption.

Alleged River Cipher 4 cipher (ARC4 or ARCFOUR) designed in 1987 at RSA Security.

Parameters
  • key (bytes or None) – The key to encrypt decrypt. If None, encryption and decryption are unavailable.

  • mode (None) – The feedback mode is ignored for ARC4.

  • iv (None) – ARC4 does not use IV.

mbedtls.cipher.ARC4.block_size = 1

Block size in bytes.

mbedtls.cipher.ARC4.key_size = 16

Key size in bytes.

mbedtls.cipher.Blowfish Module

Blowfish cipher designed by Bruce Schneier in 1993.

mbedtls.cipher.Blowfish.new(key, mode, iv=None)[source]

Return a Cipher object that can perform Blowfish encryption and decryption.

Blowfish cipher designed by Bruce Schneier in 1993.

Parameters
  • key (bytes or None) – The key to encrypt decrypt. If None, encryption and decryption are unavailable.

  • mode (Mode) – The mode of operation of the cipher.

  • iv (bytes or None) – The initialization vector (IV). The IV is required for every mode but ECB and CTR where it is ignored. If not set, the IV is initialized to all 0, which should not be used for encryption.

mbedtls.cipher.Blowfish.block_size = 8

Block size in bytes.

mbedtls.cipher.Blowfish.key_size = None

Key size in bytes.

mbedtls.cipher.Camellia Module

Camellia cipher developed by Japan’s Mitsubishi an NTT in 2000.

mbedtls.cipher.Camellia.new(key, mode, iv=None)[source]

Return a Cipher object that can perform Camellia encryption and decryption.

Camellia cipher developed by Japan’s Mitsubishi an NTT in 2000.

Parameters
  • key (bytes or None) – The key to encrypt decrypt. If None, encryption and decryption are unavailable.

  • mode (Mode) – The mode of operation of the cipher.

  • iv (bytes or None) – The initialization vector (IV). The IV is required for every mode but ECB and CTR where it is ignored. If not set, the IV is initialized to all 0, which should not be used for encryption.

mbedtls.cipher.Camellia.block_size = 16

Block size in bytes.

mbedtls.cipher.Camellia.key_size = None

Key size in bytes.

mbedtls.cipher.DES Module

Data Encryption Standard (DES) cipher developed by IBM in the 70’s.

mbedtls.cipher.DES.new(key, mode, iv=None)[source]

Return a Cipher object that can perform DES encryption and decryption.

Data Encryption Standard (DES) cipher developed by IBM in the 70’s.

Parameters
  • key (bytes or None) – The key to encrypt decrypt. If None, encryption and decryption are unavailable.

  • mode (Mode) – The mode of operation of the cipher.

  • iv (bytes or None) – The initialization vector (IV). The IV is required for every mode but ECB and CTR where it is ignored. If not set, the IV is initialized to all 0, which should not be used for encryption.

mbedtls.cipher.DES.block_size = 8

Block size in bytes.

mbedtls.cipher.DES.key_size = 8

Key size in bytes.

mbedtls.cipher.DES3dbl Module

Two-key triple DES cipher (also known as DES3, 3DES, Triple DES, or DES-EDE).

mbedtls.cipher.DES3dbl.new(key, mode, iv=None)[source]

Return a Cipher object that can perform two-key triple DES encryption and decryption.

Two-key triple DES cipher (also known as DES3, 3DES, Triple DES, or DES-EDE).

Parameters
  • key (bytes or None) – The key to encrypt decrypt. If None, encryption and decryption are unavailable.

  • mode (Mode) – The mode of operation of the cipher.

  • iv (bytes or None) – The initialization vector (IV). The IV is required for every mode but ECB and CTR where it is ignored. If not set, the IV is initialized to all 0, which should not be used for encryption.

mbedtls.cipher.DES3dbl.block_size = 8

Block size in bytes.

mbedtls.cipher.DES3dbl.key_size = 16

Key size in bytes.

mbedtls.cipher.DES3 Module

Three-key triple DES cipher (also known as DES3, 3DES, Triple DES, or DES-EDE3).

mbedtls.cipher.DES3.new(key, mode, iv=None)[source]

Return a Cipher object that can perform three-key triple DES encryption and decryption.

Three-key triple DES cipher (also known as DES3, 3DES, Triple DES, or DES-EDE3).

Parameters
  • key (bytes or None) – The key to encrypt decrypt. If None, encryption and decryption are unavailable.

  • mode (Mode) – The mode of operation of the cipher.

  • iv (bytes or None) – The initialization vector (IV). The IV is required for every mode but ECB and CTR where it is ignored. If not set, the IV is initialized to all 0, which should not be used for encryption.

mbedtls.cipher.DES3.block_size = 8

Block size in bytes.

mbedtls.cipher.DES3.key_size = 24

Key size in bytes.