
sslcrypto is a fast and simple library for AES, ECIES and ECDSA for Python.
License: MIT + BSD-2 for ripemd implementation (see
sslcrypto can use OpenSSL in case it's available in your system for speedup,
but pure-Python code is also available and is heavily optimized.
N.B. There are alternatives like coincurve which are faster in some cases
(e.g. when using secp256k1). They don't include ECIES implementation and some
useful ECDSA features and are specialized on a single curve. If that's enough
for you and libsecp256k1 bindings are available for all OSes you need to
support, use those libraries. Coincurve,
in particular, ships pre-compiled packages for all major OSes and building from
source does not require an existing libsecp256k1 installation.
N.B. While there are other mature cryptography libraries, they are too heavy
for simple stuff and require OpenSSL that is not available by default on Windows
(most likely many other OSes as well). That said, in case you're processing
big data, not much data, the speed advantage you get from libraries is too
small to use heavy alternatives.
pip install sslcrypto
Additionally, you can download this repository and run
python install
import sslcrypto
key = sslcrypto.aes.new_key()
data = b"Hello, world!"
ciphertext, iv = sslcrypto.aes.encrypt(data, key)
assert sslcrypto.aes.decrypt(ciphertext, iv, key) == data
By default, aes-256-cbc cipher is used. You can specify another one if you want.
The following ciphers are supported:
- aes-128-cbc, aes-192-cbc, aes-256-cbc
- aes-128-ctr, aes-192-ctr, aes-256-ctr
- aes-128-cfb, aes-192-cfb, aes-256-cfb
- aes-128-ofb, aes-192-ofb, aes-256-ofb
import sslcrypto
key = sslcrypto.aes.new_key(algo="aes-192-cfb")
data = b"Hello, world!"
ciphertext, iv = sslcrypto.aes.encrypt(data, key, algo="aes-192-cfb")
assert sslcrypto.aes.decrypt(ciphertext, iv, key, algo="aes-192-cfb") == data
The following curves are supported:
- secp112r1, secp112r2
- secp128r1, secp128r2
- secp160k1, secp160r1, secp160r2
- secp192k1, prime192v1
- secp224k1, secp224r1
- secp256k1, prime256v1
- secp384r1
- secp521r1
Please tell me if you want to add any other curves.
import sslcrypto
curve = sslcrypto.ecc.get_curve("secp256k1")
private_key = curve.new_private_key(is_compressed=True)
public_key = curve.private_to_public(private_key)
x, y = curve.decode_public_key(public_key)
electrum_public_key = x + y
data = b"Hello, world!"
ciphertext = curve.encrypt(data, public_key, algo="aes-256-ofb")
assert curve.decrypt(ciphertext, private_key, algo="aes-256-ofb") == data
import sslcrypto
curve = sslcrypto.ecc.get_curve("secp256k1")
private_key = curve.new_private_key()
public_key = curve.private_to_public(private_key)
data = b"Hello, world!"
signature = curve.sign(data, private_key)
assert curve.verify(signature, data, public_key) == True
Additionally, you can create recoverable signatures:
import sslcrypto
curve = sslcrypto.ecc.get_curve("secp256k1")
private_key = curve.new_private_key()
public_key = curve.private_to_public(private_key)
data = b"Hello, world!"
signature = curve.sign(data, private_key, recoverable=True)
assert curve.recover(signature, data) == public_key
Bitcoin-related functions
import sslcrypto
curve = sslcrypto.ecc.get_curve("secp256k1")
private_key = curve.new_private_key()
public_key = curve.private_to_public(private_key)
wif = curve.private_to_wif(private_key)
assert curve.wif_to_private(wif) == private_key
address = curve.private_to_address(private_key)
assert address == curve.public_to_address(public_key)
curve.child_derive(private_key, 123)
import sslcrypto
You can override OpenSSL path discovery:
from sslcrypto.openssl import discovery = lambda: ["openssl_lib.dll"]
If you want to go low-level, you can get curve parameters:
import sslcrypto
curve = sslcrypto.ecc.get_curve("secp256k1")
Running tests
sslcrypto uses pytest framework. Install it with pip and run python3 -m pytest test
in sslcrypto repository.