[Cryptography-dev] Create Fernet API allowing streaming encryption and decryption from file-like objects.

[Michael Iverson]

Hello,

I'm new to the cryptography library, and I'm definitely excited about
having a well-reviewed cryptographic library with a simple API.

However, I'm noticing that there is area that might improve the usefulness
of the high level methods. The Fernet API is where my interest lies, as I'm
presently in need of a symmetric algorithm. However, the idea could be
equally applicable for other APIs.

The fernet API presently requires that a complete buffer containing the
plaintext or cyphertext be passed to the encryption or decryption methods.
This requirement becomes memory inefficient for moderately sized objects,
and can prevent processing of large objects entirely, especially on memory
constrained systems.

Furthermore, many python libraries use file handles as an abstraction for
incrementally consuming or producing data.  Examples include http responses
in Tornado and Cyclone, and the SFTP interface in paramiko.

I'd like to propose the addition of an alternate API that would accept and
return file handles, and incrementally encrypt or decrypt using the
handles. I think this would make the library more useful for a variety of
solutions, enhancing adoption.

On the surface, it appears that the main cryptographic primitives, (hmac,
padding, aes, etc.) are designed to operate on in an incremental fashion,
using the update() method to incrementally compute data, and finalize() to
return the final result, so the change may not be overly difficult.

I'm willing to contribute the code for such an endeavor, as I'm going to
write it anyway for a current project. Contributing the code will help
ensure it it is adequately reviewed.

Does anyone feel this would be a worthwhile improvement?

-- 
Michael Iverson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20150119/a5e8ce47/attachment.html>