This documents all interfaces of cryptio.

Open Interface

cryptio.io.open(file, mode='rb', *, key, _open=None, **kwargs)[source]

open() is a wrapper around io.open(), with a few differences:

  • instead of some variant of an io.FileIO object, a CryptIO wrapper is returned
  • only binary modes are supported


key = os.urandom(32)  # 16 and 24-byte keys are also valid
f = open('filename', 'rb', key=key)

For more information on how to manipulate the object returned by open(), see CryptIO

  • file – path-like object; see open
  • mode – mode string
  • key – aes symmetric key

encrypted file object wrapper

Return type:


File Interface

class cryptio.io.CryptIO(_file, key)[source]

CryptIO is a minimal file-like object wrapper that only specifically implements read(), write(), and close().


chunk = f.read(1024)

CryptIO is also a context manager, and can be used with the with statement like a normal FileIO object.

The difference between FileIO and CryptIO:

  • read() and write() transparently handle aes-gcm decryption and encryption, respectively.
  • close() transparently handles message validation and file header updates
  • initialization vectors and gcm authentication tags are handled automatically

In addition to closing the underlying file object, also handle any outstanding encryptor or decryptor finalization as necessary.

Raises:InvalidTag – if the GCM tag does not match the ciphertext

Read a ciphertext chunk from the underlying file object, and decrypt the result.

Parameters:size (int) – number of bytes to be read
Returns:plaintext chunk
Return type:bytes

Encrypts chunk, and writes the ciphertext to the underlying file object.

Parameters:chunk (bytes) – bytes or similar
Returns:number of ciphertext bytes written
Return type:int