1. Marti R.
  2. pyaes


Clone wiki

pyaes / Home

pyaes is:

  • an implementation of AES (Advanced Encryption Standard) cipher in pure Python, including ECB & CBC modes
  • easy to use: it has a simple PEP 272 cipher API, like PyCrypto
  • not too slow: it's as fast as Python permits without obfuscating the code
  • well-tested: it includes a test runner to check the operation against NIST published test vectors
  • raw cipher only: it does not do padding/verification/key derivation -- any secure crypto protocol should
  • liberal: Licensed under the permissive MIT license

Show me the code!

View in browser or Download or check out the source with Mercurial:

hg clone https://bitbucket.org/intgr/pyaes


>>> import pyaes
>>> cryptor = pyaes.new('secret_secretkey', pyaes.MODE_CBC, IV='_some_random_iv_')
>>> ciphertext = cryptor.encrypt('This is a test! What could possibly go wrong?___')
>>> ciphertext
>>> decryptor = pyaes.new('secret_secretkey', pyaes.MODE_CBC, IV='_some_random_iv_')
>>> decryptor.decrypt(ciphertext)
'This is a test! What could possibly go wrong?___'


Please beware that the nature of Python makes cryptography susceptible to timing attacks. Python (and other interpreted languages) introduce lots of data-dependent branches and have a higher cache footprint than native code. Their general slowness also makes it easier to measure timing variations. When in doubt, always use native code cryptography like PyCrypto.


The main motivation for writing this was to provide the PyPy project with a crypto benchmark for speed.pypy.org.

I was looking at the SlowAES project first; it was very slow, so I created an optimization branch of it. However, I still wasn't happy with the way the code was written. Its legacy as C code that was converted to JavaScript, then converted to Python, was showing. The API was also weird by Python standards.

So pyaes was born! Written from scratch to be Pythonic and benchmark-quality.


Even though pyaes is an optimized Python implementation, Python itself is still slow. It should be capable of around 80 kB/s on modern hardware; that's 1000x slower than pure C implementations.

If you have any ideas how to make it faster, I'm interested in hearing your thoughts. :)