Metadata-Version: 2.1
Name: Cryptorix
Version: 1.0.0
Summary: A Python package that provides robust encryption and decryption mechanisms, utilizing hybrid encryption, JSON Web Encryption (JWE), AWS KMS, and AWS Secrets Manager. Ensure the confidentiality and integrity of your data, with secure management of encryption keys.
Author: M Santhosh Kumar
Author-email: santhoshse7en@gmail.com
Project-URL: Documentation, https://github.com/santhoshse7en/cryptorix#readme
Project-URL: Source, https://github.com/santhoshse7en/cryptorix
Project-URL: Tracker, https://github.com/santhoshse7en/cryptorix/issues
Keywords: Hybrid Encryption,JWE,KMS,Secret Manager,Encryption,Decryption,AWS,Security
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.9
Description-Content-Type: text/markdown
Requires-Dist: jwcrypto
Requires-Dist: pycryptodome
Requires-Dist: boto3

# Cryptorix
**Cryptorix** is a Python package that provides robust encryption and decryption mechanisms 
using hybrid encryption, JSON Web Encryption (JWE), AWS KMS, and AWS Secrets Manager. 
It leverages both symmetric (AES) and asymmetric (RSA) encryption techniques to ensure the 
confidentiality and integrity of your data. The package also integrates with 
AWS KMS and Secrets Manager to manage encryption keys securely.

## Table of Contents
* Overview
* Modules
  * JWE
  * Hybrid Encryption
  * KMS
  * Secrets Manager
* Installation
* Usage
* Exceptions
* Logging

## Overview
Cryptorix allows you to encrypt and decrypt data using industry-standard encryption algorithms, 
focusing on hybrid encryption for data security, JWE for secure token exchange, and 
AWS services (KMS and Secrets Manager) for key management. The package ensures seamless integration 
with AWS services for encryption at rest and in transit.

## Modules

### JWE (JSON Web Encryption)

This module facilitates the encryption and decryption of data using the JWE standard, 
combining RSA encryption for key management and AES-GCM encryption for content.

**Functions:**
* `encrypt(api_response, secret_name, secret_key, kms_id)`: Encrypts a dictionary into a JWE token 
using RSA encryption for the AES key and AES-GCM for the content.
* `decrypt(jwe_payload, secret_name, secret_key, kms_id)`: Decrypts a JWE token into its original 
dictionary form using the RSA private key.

### Hybrid Encryption
This module implements hybrid encryption using AES for data encryption and RSA for key encryption. 
The encrypted data is Base64-encoded for secure transmission.

**Functions:**

* `encrypt_data(api_response, secret_name, secret_key, kms_id)`: Encrypts data using AES-GCM for 
encryption and RSA for encrypting the AES key.
* `decrypt_data(encrypted_data, encrypted_key, secret_name, secret_key, kms_id)`: Decrypts the 
encrypted data using RSA and AES-GCM.

### KMS (Key Management System)
This module provides AWS KMS-based encryption and decryption of data. 
It integrates with AWS KMS to securely manage encryption keys.

**Functions:**

* `decrypt(encrypted_value, lambda_function_name, kms_id)`: Decrypts a KMS-encrypted, 
base64-encoded string.
* `encrypt(plaintext, kms_id)`: Encrypts a plaintext string using AWS KMS and returns the encrypted 
value as a base64 string.

### Secrets Manager
This module interacts with AWS Secrets Manager to retrieve and decrypt secrets, 
ensuring that sensitive information is handled securely.

**Functions:**

* `get_rsa_key(secret_name, secret_key, kms_id)`: Retrieves and decrypts the RSA key from 
AWS Secrets Manager using KMS.
* `get_secrets(secret_name, secret_key)`: Retrieves a specific key from a secret stored in 
AWS Secrets Manager.
* `decrypt_kms_ciphertext(ciphertext, kms_id)`: Decrypts base64-encoded ciphertext using AWS KMS.

## Installation

To install the Cryptorix package, use pip:

```bash
pip install Cryptorix
```
You also need to install dependencies such as boto3, pycryptodome, and jwcrypto. 
You can install them with:

```bash
pip install boto3 pycryptodome jwcrypto
```

## Usage
Here is a basic example of how to use the package:

### Encrypting Data (Hybrid Encryption):

```python
from Cryptorix.hybrid_encryption import encrypt

# Data to encrypt
api_response = {"user": "John Doe", "account_id": "123456"}

# Encrypt data using hybrid encryption
encrypted_data = encrypt(api_response, secret_name, secret_key, kms_id)
```

### Encrypting Data (JWE):

```python
from Cryptorix.jwe import encrypt

# Data to encrypt
api_response = {"user": "John Doe", "account_id": "123456"}

# Encrypt data using JWE
jwe_token = encrypt(api_response, secret_name, secret_key, kms_id)
```

### Encrypting Data (KMS):

```python
from Cryptorix.kms import encrypt

# Encrypt plaintext using AWS KMS
kms_encrypted_data = encrypt("Sensitive Data", kms_id)
```

### Decrypting Data (Hybrid Encryption):

```python
from Cryptorix.hybrid_encryption import decrypt

# AES-encrypted data & RSA-encrypted AES key to decrypt
encrypted_data = "your-encrypted-data"
encrypted_key = "your-encrypted-key"

# Decrypt data using hybrid encryption
decrypted_data = decrypt(encrypted_data, encrypted_key, secret_name, secret_key, kms_id)
```

### Decrypting Data (JWE):

```python
from Cryptorix.jwe import decrypt

# JWE token to decrypt
jwe_token = "your-encrypted-jwe-token"

# Decrypt data using JWE
decrypted_payload = decrypt(jwe_token, secret_name, secret_key, kms_id)
```

### Decrypting Data (KMS):

```python
from Cryptorix.kms import decrypt

# Decrypt KMS-encrypted data
decrypted_value = decrypt(encrypted_value, lambda_function_name, kms_id)
```

### Exceptions
Cryptorix provides custom exceptions for error handling:
* **HybridEncryptionError**: Raised during hybrid encryption/decryption failures.
* **JWEError**: Raised during JWE encryption/decryption failures.
* **KMSDecryptionError**: Raised if decryption via AWS KMS fails.
* **KMSEncryptionError**: Raised if encryption via AWS KMS fails.
* **SecretRetrievalError**: Raised if secrets cannot be retrieved or decrypted from AWS Secrets Manager.


## Logging
Cryptorix uses a logging system to capture and record exceptions. The log messages provide useful information, including the function name, error messages, and the relevant AWS KMS key ID.

Example of logging configuration:
```python
import logging

logger = logging.getLogger(__name__)
logger.setLevel(logging.ERROR)
```
This will capture all error-level logs related to encryption and decryption operations.

