Metadata-Version: 2.3
Name: dreamstone
Version: 0.1.4
Summary: Secure hybrid RSA + AES encryption library with CLI
License: MIT
Author: Renks
Requires-Python: >=3.11,<4.0
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Requires-Dist: cryptography (>=45.0.5,<46.0.0)
Requires-Dist: typer[all] (>=0.16.0,<0.17.0)
Description-Content-Type: text/markdown

# Dreamstone

**Dreamstone** is a modern Python library and CLI tool for secure hybrid encryption using RSA (asymmetric) + AES-GCM (symmetric). It enables you to easily generate keys, encrypt/decrypt files or base64 data, and handle encrypted payloads as JSON. Usable both as a library and CLI.

---

## Features

* RSA + AES-GCM hybrid encryption
* Key generation with password protection (optional)
* Encrypt/decrypt files or base64 strings
* Output and input in structured JSON
* CLI with short aliases for scripting
* Easily embeddable in Python apps

---

## Installation

```bash
poetry install
poetry run dreamstone --help
```

For production use (once published):

```bash
pip install dreamstone
```

---

## CLI Commands

Each command has long and short versions.

| Command   | Alias | Description                    |
| --------- | ----- | ------------------------------ |
| `genkey`  | `gk`  | Generate RSA key pair          |
| `encrypt` | `enc` | Encrypt file or base64 string  |
| `decrypt` | `dec` | Decrypt encrypted JSON payload |

---

### 🔐 Generate RSA Key Pair

```bash
dreamstone genkey \
  --private-path private.pem \
  --public-path public.pem \
  --password "mypassword"
```

#### Arguments

| Argument          | Alias   | Required | Description                                          |
| ----------------- | ------- | -------- | ---------------------------------------------------- |
| `--private-path`  | `-prip` | ✅        | Path to save private key                             |
| `--public-path`   | `-pubp` | ✅        | Path to save public key                              |
| `--password`      | `-p`    | ❌        | Password to encrypt private key                      |
| `--show-password` | `-sp`   | ❌        | Show generated password in terminal if none provided |
| `--password-path` | `-pp`   | ❌        | File path to save generated password                 |

---

### 🔒 Encrypt File or Base64

```bash
dreamstone encrypt \
  --input-file secret.txt \
  --public-key-file public.pem \
  --output-file encrypted.json
```

Or encrypt base64 data directly:

```bash
dreamstone encrypt \
  --input-data "SGVsbG8gd29ybGQ=" \
  --output-file encrypted.json
```

#### Arguments

| Argument             | Alias    | Required | Description                                         |
| -------------------- | -------- | -------- | --------------------------------------------------- |
| `--input-file`       | `-if`    | ✅        | Path to input file                                  |
| `--input-data`       | `-id`    | ✅        | Raw input data (can be base64 if `--base64` is set) |
| `--base64`           | `-b64`   | ❌        | Indicates input_data is base64-encoded              |
| `--public-key-file`  | `-pkf`   | ❌        | Path to public key (auto-generated if omitted)      |
| `--private-key-path` | `-prikp` | ❌        | Where to save generated private key                 |
| `--public-key-path`  | `-pubkp` | ❌        | Where to save generated public key                  |
| `--password`         | `-p`     | ❌        | Password for generated private key                  |
| `--password-path`    | `-pp`    | ❌        | Password file path for generated private key        |
| `--output-file`      | `-of`    | ✅        | Output path for encrypted JSON                      |
| `--key-output-dir`   | `-kod`   | ❌        | Directory to save generated keys if paths not given |

---

### 🔓 Decrypt JSON Payload

```bash
dreamstone decrypt \
  encrypted.json \
  --private-key-file private.pem \
  --password "mypassword" \
  --output-file decrypted.txt
```

Or use password file:

```bash
dreamstone decrypt \
  encrypted.json \
  --private-key-file private.pem \
  --password-path secret.key \
  --output-file decrypted.txt
```

#### Arguments

| Argument             | Alias  | Required | Description                     |
| -------------------- | ------ | -------- | ------------------------------- |
| `encrypted_file`     | -      | ✅        | Encrypted JSON file path        |
| `--private-key-file` | `-pkf` | ✅        | RSA private key file            |
| `--password`         | `-p`   | ❌        | Password to decrypt private key |
| `--password-path`    | `-pp`  | ❌        | File containing password        |
| `--output-file`      | `-of`  | ❌        | Output file for decrypted data  |

---

## Output JSON Format

Encrypted output is stored as a JSON object:

```json
{
  "encrypted_key": "base64...",
  "nonce": "base64...",
  "ciphertext": "base64...",
  "algorithm": "AES-GCM",
  "key_type": "RSA"
}
```

---

## Python Example

```python
from dreamstone.core.keys import generate_rsa_keypair
from dreamstone.core.encryption import encrypt
from dreamstone.core.decryption import decrypt
from dreamstone.models.payload import EncryptedPayload

# Generate keypair
priv, pub = generate_rsa_keypair()

# Encrypt
payload_dict = encrypt(b"secret", pub)
payload = EncryptedPayload(**payload_dict)

# Decrypt
decrypted = decrypt(
    encrypted_key=payload.encrypted_key,
    nonce=payload.nonce,
    ciphertext=payload.ciphertext,
    private_key=priv
)

print(decrypted.decode())  # "secret"
```

## Example CLI Flow

```bash
poetry run dreamstone encrypt --input-file .env \
  --output-file env.enc.json \
  --private-key-path secrets/private.pem \
  --public-key-path secrets/public.pem \
  --password-path secrets/secret.key

poetry run dreamstone decrypt env.enc.json \
  --private-key-file secrets/private.pem \
  --password-path secrets/secret.key \
  --output-file .env
```


---

## License

MIT License

---

## Author

By Renks

