This page lists the low-level primitives that PyCryptodome provides.
You are expected to have a solid understanding of cryptography and security engineering to successfully use them.
You must also be able to recognize that some primitives are obsolete (e.g. TDES) or even unsecure (RC4). They are provided only to enable backward compatibility where required by the applications.
A list of useful resources in that area can be found on Matthew Green’s blog.
Single and Triple DES (legacy)
Traditional modes of operations for symmetric ciphers:
OpenPGP (a variant of CFB, RFC4880)
CCM (AES only)
GCM (AES only)
SIV (AES only)
OCB (AES only)
SHA-2 hashes (224, 256, 384, 512, 512/224, 512/256)
SHA-3 hashes (224, 256, 384, 512) and XOFs (SHAKE128, SHAKE256)
Functions derived from SHA-3 (cSHAKE128, cSHAKE256, TupleHash128, TupleHash256)
Keccak (original submission to SHA-3)
BLAKE2b and BLAKE2s
Message Authentication Codes (MAC):
KMAC128 and KMAC256
Asymmetric key generation:
ECC (NIST P-curves; Ed25519, Ed448)
Export and import format for asymmetric keys:
PEM (clear and encrypted)
PKCS#8 (clear and encrypted)
Asymmetric digital signatures:
Nonce-based (FIPS 186-3)
Other cryptographic protocols:
Shamir Secret Sharing