API documentation

All cryptographic functionalities are organized in sub-packages; each sub-package is dedicated to solving a specific class of problems.




Modules for protecting confidentiality that is, for encrypting and decrypting data (example: AES).


Modules for assuring authenticity, that is, for creating and verifying digital signatures of messages (example: PKCS#1 v1.5).


Modules for creating cryptographic digests (example: SHA-256).


Modules for generating, exporting or importing public keys (example: RSA or ECC).


Modules for faciliting secure communications between parties, in most cases by leveraging cryptograpic primitives from other modules (example: Shamir’s Secret Sharing scheme).


Modules for dealing with encodings commonly used for cryptographic data (example: PEM).


Modules for generating random data.


General purpose routines (example: XOR for byte strings).

In certain cases, there is some overlap between these categories. For instance, authenticity is also provided by Message Authentication Codes, and some can be built using digests, so they are included in the Crypto.Hash package (example: HMAC). Also, cryptographers have over time realized that encryption without authentication is often of limited value so recent ciphers found in the Crypto.Cipher package embed it (example: GCM).

PyCryptodome strives to maintain strong backward compatibility with the old PyCrypto’s API (except for those few cases where that is harmful to security) so a few modules don’t appear where they should (example: the ASN.1 module is under Crypto.Util as opposed to Crypto.IO).