Encryption-Decryption
This repo contains the python tool to encrypt and decrypt large files by using pycrypto library and integrates with GOOGLE CLOUD KMS to encrypt tht DEK(Data Encryption Key) which there by provides a two layer security for the file
Setup Instructions
Pre-Requisites
Install the following on the machine that tool is running
- Python 3 or later version, instructions can be found here
- Install pip3 from the python3 package
sudo apt install python3-pip - Install the requirements using pip3
sudo pip3 install -r requirements.txt - A service account that has cloud KMS encryptor decryptor scopes in your GCP project to encrypt the DEK(Data Encryption Key)
NOTE
update the KMS details in the encryption.py
Usage
- To encrypt any txt file in any directory.
./encryption.py encrypt -d <directory name> -k <service account with KMS access> - To decrypt any already encrypted files.
./encryption.py decrypt -d <directory name> -k <service account with KMS access>Concept
- Encrypts any size txt files using a random generated password of 32 bytes(DEK - Data Encryption Key)
- Encrypt method encrypts all the txt files in any given directory and then encrypts the DEK with Cloud KMS(KEK - Key Encryption Key)
- Stores the encrypted DEK in the directory root for further use
- Decrypt method decrypts the DEK with KEK and then decrypts all the .enc files in give already encrypted directory