PyOTP is a Python library for generating and verifying one-time passwords. It can be used to implement two-factor (2FA) or multi-factor (MFA) authentication methods in web applications and in other systems that require users to log in.

This package provides a Python implementation of the SPAKE2 Password-Authenticated Key Exchange algorithm.

This is a python wrapper for the curve25519 library with ed25519 signatures. The C code was pulled from libaxolotl-android. At the moment this wrapper is meant for use by python-axolotl.

Keyrings in this package may have security risks or other implications. These backends were extracted from the main keyring project to make them available for those who wish to employ them, but are discouraged for general production use. Include this module and use its backends at your own risk.

PyOpenSSL is a high-level wrapper around a subset of the OpenSSL library.

Currently, PGPy can load keys and signatures of all kinds in both ASCII armored and binary formats.

It can create and verify RSA, DSA, and ECDSA signatures, at the moment. It can also encrypt and decrypt messages using RSA and ECDH.

The Python keyring lib provides a easy way to access the system keyring service from python. It can be used in any application that needs safe password storage.

M2Crypto is a complete Python wrapper for OpenSSL featuring RSA, DSA, DH, EC, HMACs, message digests, symmetric ciphers (including AES); TLS functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; M2Crypto can also be used to provide TLS for Twisted. Smartcards supported through the Engine interface.

This package provides a small library, built on top of pyOpenSSL, which allows for creating a custom certificate authority (CA) certificate, and generating on-demand dynamic host certs using that CA certificate. It is most useful for use with a man-in-the-middle HTTPS proxy, for example, for recording or replaying web content.

PyCryptodome is a self-contained Python package of low-level cryptographic primitives. It's not a wrapper to a separate C library like OpenSSL. To the largest possible extent, algorithms are implemented in pure Python. Only the pieces that are extremely critical to performance (e.g., block ciphers) are implemented as C extensions.

You are expected to have a solid understanding of cryptography and security engineering to successfully use these primitives. You must also be able to recognize that some are obsolete (e.g., TDES) or even insecure (RC4).

It provides many enhancements over the last release of PyCrypto (2.6.1):

• Authenticated encryption modes (GCM, CCM, EAX, SIV, OCB)

• Accelerated AES on Intel platforms via AES-NI

• First-class support for PyPy

• Elliptic curves cryptography (NIST P-256 curve only)

• Better and more compact API (nonce and iv attributes for ciphers, automatic generation of random nonces and IVs, simplified CTR cipher mode, and more)

• SHA-3 (including SHAKE XOFs) and BLAKE2 hash algorithms

• Salsa20 and ChaCha20 stream ciphers

• scrypt and HKDF

• Deterministic (EC)DSA

• Password-protected PKCS#8 key containers

• Shamir’s Secret Sharing scheme

• Random numbers get sourced directly from the OS (and not from a CSPRNG in userspace)

• Cleaner RSA and DSA key generation (largely based on FIPS 186-4)

• Major clean-ups and simplification of the code base

PyCryptodomex is the stand-alone version of PyCryptodome that no longer provides drop-in compatibility with PyCrypto.

Argon2 is a secure password hashing algorithm. It is designed to have both a configurable runtime as well as memory consumption. This means that you can decide how long it takes to hash a password and how much memory is required.

trustme is a tiny Python package that does one thing: it gives you a fake certificate authority (CA) that you can use to generate fake TLS certs to use in your tests.

Pure-Python implementation of the blurhash algorithm.

OMEMO cryptography library that was forked from python-axolotl.

service_identity aspires to give you all the tools you need for verifying whether a certificate is valid for the intended purposes. In the simplest case, this means host name verification. However, service_identity implements RFC 6125 fully and plans to add other relevant RFCs too.

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS#1 version 1.5. It can be used as a Python library as well as on the command line.

This package contains a pure-Python implementation of the AES block cipher algorithm and the common modes of operation (CBC, CFB, CTR, ECB and OFB).

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS#1 version 1.5. It can be used as a Python library as well as on the command line.

This is a low-level, pure Python DBus protocol client. It has an I/O-free core, and integration modules for different event loops.

This package provides a Elliptic Curve Library in pure Python.

PyNaCl is a Python binding to libsodium, which is a fork of the Networking and Cryptography library. These libraries have a stated goal of improving usability, security and speed.

This library handles the low-level details of NTLM authentication for use in authenticating with a service that uses NTLM. It will create and parse the 3 different message types in the order required and produce a base64 encoded value that can be attached to the HTTP header.

The goal of this library is to offer full NTLM support including signing and sealing of messages as well as supporting MIC for message integrity and the ability to customise and set limits on the messages sent. Please see Features and Backlog for a list of what is and is not currently supported.

Bcrypt is a Python module which provides a password hashing method based on the Blowfish password hashing algorithm, as described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.

Certifi is a Python library that contains a CA certificate bundle, which is used by the Requests library to verify HTTPS requests.