aboutsummaryrefslogtreecommitdiffstats
path: root/docs/index.rst
blob: b800bcaf16ff214bca81e9e8392f3d5f30d2fb42 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
Welcome to ``cryptography``
===========================

``cryptography`` is a Python library which exposes cryptographic recipes and
primitives. We hope it'll be your one-stop-shop for all your cryptographic
needs in Python.

Installing
----------

You can install ``cryptography`` with ``pip``:

.. code-block:: console

    $ pip install cryptography

.. note::

    If you're on Windows you'll need to make sure you have OpenSSL installed.
    There are `pre-compiled binaries`_ available. If your installation is in
    an unusual location set the ``LIB`` and ``INCLUDE`` environment variables
    to include the corresponding locations. For example:
    
    .. code-block:: console
    
        C:\> \path\to\vcvarsall.bat x86_amd64
        C:\> set LIB=C:\OpenSSL-1.0.1f-64bit\lib;%LIB%
        C:\> set INCLUDE=C:\OpenSSL-1.0.1f-64bit\include;%INCLUDE%
        C:\> pip install cryptography


Why a new crypto library for Python?
------------------------------------

If you've done cryptographic work in Python before, you've probably seen some
other libraries in Python, such as *M2Crypto*, *PyCrypto*, or *PyOpenSSL*. In
building ``cryptography`` we wanted to address a few issues we observed in the
existing libraries:

* Lack of PyPy and Python 3 support.
* Lack of maintenance.
* Use of poor implementations of algorithms (i.e. ones with known side-channel
  attacks).
* Lack of high level, "Cryptography for humans", APIs.
* Absence of algorithms such as AES-GCM.
* Poor introspectability, and thus poor testability.
* Extremely error prone APIs, and bad defaults.

Layout
------

``cryptography`` is broadly divided into two levels. One with safe
cryptographic recipes, "cryptography for humans" if you will. These are safe
and easy to use and don't require developers to make many decisions.

The other level is low-level cryptographic primitives. These are often
dangerous and can be used incorrectly. They require making decisions and having
an in-depth knowledge of the cryptographic concepts at work. Because of the
potential danger in working at this level, this is referred to as the
"hazardous materials" or "hazmat" layer. These live in the
``cryptography.hazmat`` package, and their documentation will always contain an
admonition at the top.

We recommend using the recipes layer whenever possible, and falling back to the
hazmat layer only when necessary.

The recipes layer
~~~~~~~~~~~~~~~~~

.. toctree::
    :maxdepth: 2

    fernet
    exceptions
    glossary

The hazardous materials layer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. toctree::
    :maxdepth: 2

    hazmat/primitives/index
    hazmat/backends/index
    hazmat/bindings/index

The ``cryptography`` open source project
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. toctree::
    :maxdepth: 2

    contributing
    security
    api-stability
    doing-a-release
    changelog
    community


.. _`pre-compiled binaries`: https://www.openssl.org/related/binaries.html