Stream cypher (encrypt) with digital envelope in Python

Generating. storing and keeping inventory of hundreds of terabyte large database backups is a challenge by itself which we do on daily basis. It’s even a bigger challenge to store them encrypted which is the requirement sometimes. The backup data is being pushed through a socket generated by percona-xtrabackup. On the receiving end this is stored on SAN devices. Because of the size of the backups it’s unfeasible to reread the binary and encrypt them after the full backup data arrived. We had to come up with a solution which can do the whole thing in the stream time while minimising the amount of unnecessary disk reads and writes…

Digital envelope

The idea of digital envelope is not a new concept. Actually it’s very simple if you understand it. It generates a random symmetric key which is being used to do stream cypher and encrypt the data with a symmetric key block cypher (like ARC4). During this operation your envelope is “open”. When it’s finished the public key of the asymmetric key pair you encode your passphrase and store it with the encrypted data.

Only in the possession of the private key can the envelope be opened again. The decryption process is straightforwards from there. You retrieve the passphrase by decrypting the encrypted passphrase and use that to decipher the data with the chosen block cypher (ARC4 in the example)


I published the basic implementation on my github:

Example usage (writing/encryption):

Example usage (read/decrypt):

You might like these too

Python error: AttributeError: __exit__ I just had a 30 minutes worth of debugging on a stupid mistake I made. I wanted to check the free space on the target server before I actually start t...
Solr Stats component is available in sunburnt StatsComponent is now available with stats function in the suburnt Solr python client library. More info:
Stop using await in a Python forloop Disclaimer: This might sound to be a rant but stay with me and you will see this will be a very good practical advise to speed up your async python c...