Tools
This module provides utility functions to simplify key management.
We strongly recommend using these functions for reading and generating keys to ensure forward compatibility with future versions of the library. These tools abstract away common pitfalls and offer a clean interface for both file-based and in-memory key handling.
- fast_file_encryption.read_public_key(public_key)
Load a PEM-encoded public RSA key.
You can provide the key in multiple formats:
A Path object pointing to a PEM file
A str or bytes object containing the PEM-encoded key
- Parameters:
public_key (Union[pathlib.Path, str, bytes]) – The input source for the public key.
- Returns:
A parsed public key object for use in encryption operations.
- Return type:
RSAPublicKey
- fast_file_encryption.read_private_key(private_key, password=None)
Load a PEM-encoded private RSA key.
Accepts file paths, strings, or bytes. If the key is password-protected, you can provide the password as a string or byte sequence.
- Parameters:
private_key (Union[pathlib.Path, str, bytes]) – The input source for the private key.
password (Optional[Union[str, bytes]]) – Optional password to decrypt the key if it is protected.
- Returns:
A parsed private key object for use in decryption operations.
- Return type:
RSAPrivateKey
- fast_file_encryption.save_key_pair(*, public_key, private_key)
Generate and save a new RSA 4096-bit key pair.
This function creates a new private and public key pair, and writes each to a separate file using the PEM format. This is the recommended way to create key material for this library.
- Parameters:
public_key (pathlib.Path) – Path where the PEM-encoded public key will be written.
private_key (pathlib.Path) – Path where the PEM-encoded private key will be written.
Warning
For automation and scripting purposes, the generated private key is not encrypted with a password. Make sure you store it securely—ideally in a protected location such as a hardware security module (HSM) or secure key vault.