A Python-based file encryption tool using the Serpent block cipher with parallel processing support for improved performance on multi-core systems.
This is an improvement of the serpent-crypt repo (https://github.com/freqnik/serpent-crypt)
Serpent is a symmetric key block cipher that was a finalist in the Advanced Encryption Standard (AES) competition. While Rijndael was ultimately selected as AES, Serpent is considered to have a more conservative security margin and remains a highly secure encryption algorithm.
This tool provides a command-line interface for encrypting and decrypting files using the Serpent cipher, with support for both CBC (Cipher Block Chaining) and CTR (Counter) modes of operation.
- Serpent 256-bit encryption - Uses a 256-bit key for strong security
- Multiple cipher modes - Supports both CBC and CTR modes
- Parallel processing - Utilizes all CPU cores for faster encryption/decryption
- Automatic key management - Generates and saves encryption keys automatically
- Backward compatible - Can decrypt files created with older versions
- Python 3.7 or higher
- pip package manager
Install the required packages:
pip install pyserpent pycryptodome
Clone the repository or download the script directly:
git clone https://github.com/yourusername/serpent-encryptor.git
cd serpent-encryptor
python serpent_encryptor.py [-e | -d] [-k KEYFILE] [-m MODE] input_file output_file|. Argument. | Description |
|------------------|------------------------------------------------|
| -e, --encrypt | Encrypt the input file |
| -d, --decrypt | Decrypt the input file |
| -k, --key-file | Path to the key file (for saving or reading) |
| -m, --mode | Encryption mode: ctr (default) or cbc |
| input_file | Path to the input file |
| output_file. | Path to the output file |
python serpent_encryptor.py -e -k secret.key -m ctr document.pdf document.pdf.encpython serpent_encryptor.py -e -k secret.key -m cbc document.pdf document.pdf.encpython serpent_encryptor.py -d -k secret.key document.pdf.enc document_decrypted.pdfThe decryption process automatically detects which mode was used during encryption.
If you omit the -k flag, the program will prompt you for a key file name:
python serpent_encryptor.py -e document.pdf document.pdf.enc
Enter the key file name (for saving or reading): my_secret.keyCTR mode transforms the block cipher into a stream cipher by encrypting successive values of a counter and XORing the result with the plaintext.
Advantages:
- Fully parallelizable for both encryption and decryption
- Best performance on multi-core systems
- No padding required (though this implementation uses padding for consistency)
- Random access to encrypted data is possible
How it works:
Each block can be encrypted/decrypted independently, allowing parallel processing. A nonce combined with a counter value is encrypted, then XORed with the plaintext to produce ciphertext.
CBC mode chains each plaintext block with the previous ciphertext block before encryption, providing better diffusion.
Advantages:
- Well-established and widely analyzed
- Errors in one ciphertext block only affect two plaintext blocks
- Decryption can be parallelized
Limitations:
- Encryption must be performed sequentially
- Requires an initialization vector (IV)
The parallel implementation distributes work across all available CPU cores. Performance gains depend on your system's core count and the file size.
For files smaller than approximately 1.6KB (100 blocks), the tool automatically falls back to sequential processing to avoid the overhead of process creation.
Encrypted files are stored in the following format:
| | Offset | Size | Description | | |--------|------|-------------| | | 0 | 3 bytes | Mode marker (CTR) | | | | 3 | 8 bytes | Nonce | | | | 11 | Variable | Encrypted data | |
| | Offset | Size | Description | | |--------|------|-------------| | | 0 | 3 bytes | Mode marker (CBC) | | | | 3 | 16 bytes | Initialization Vector (IV) | | | | 19 | Variable | Encrypted data | |
Files without a mode marker are assumed to be CBC-encrypted with the IV stored in the first 16 bytes.
- Keys are automatically generated using cryptographically secure random bytes
- Keys are stored in a separate file - protect this file carefully
- Without the key file, encrypted data cannot be recovered
- Consider using appropriate file permissions on the key file:
chmod 600 secret.key- A unique random IV (CBC) or nonce (CTR) is generated for each encryption
- The IV/nonce is stored with the encrypted file (this is standard practice and does not weaken security)
- Never reuse a key+nonce combination in CTR mode
- Use CTR mode for best performance while maintaining security
- Back up your key files in a secure location
- Use strong file permissions to protect key files
- Generate a new key for different security contexts
- Verify decryption by comparing file hashes before and after
You can also import and use the encryption functions in your own Python code:
from serpent_encryptor import encrypt_file, decrypt_file
encrypt_file(
input_file='document.pdf',
output_file='document.pdf.enc',
key_file='secret.key',
mode='ctr'
)
decrypt_file(
input_file='document.pdf.enc',
output_file='document_decrypted.pdf',
key_file='secret.key'
)This project is licensed under the MIT License. See the LICENSE file for details.
- The Serpent cipher was designed by Ross Anderson, Eli Biham, and Lars Knudsen
- This implementation uses the pyserpent library
- Padding and random number generation provided by PyCryptodome
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (git checkout -b feature/amazing-feature)
- Commit your changes (git commit -m 'Add some amazing feature')
- Push to the branch (git push origin feature/amazing-feature)
- Open a Pull Request