Alpha. Vary is under active development and not ready for production use. Syntax, APIs, performance, and behaviour may change between releases.

Crypto

The crypto module wraps JVM cryptography primitives behind safe, opinionated APIs. All algorithms use modern defaults: SHA-256/512, AES-256-GCM, HMAC-SHA-256, and Ed25519.

from crypto import sha256, encrypt, generate_secret_key

Hashing

from crypto import sha256, sha512

let h = sha256("hello")
print(h)    # CryptoHash with hex digest

let h2 = sha512("hello")

Function	Returns	Description
`sha256(text)`	`CryptoHash`	SHA-256 hash
`sha512(text)`	`CryptoHash`	SHA-512 hash

Secure random

from crypto import random_bytes, random_hex, random_int

let bytes = random_bytes(32)
let hex = random_hex(16)
let n = random_int(1, 100)

Function	Returns	Description
`random_bytes(n)`	`Str`	n cryptographically random bytes
`random_hex(n)`	`Str`	n random bytes as hex string
`random_int(min, max)`	`Int`	Random integer in [min, max]

Password hashing

Hash and verify passwords using a secure key derivation function:

from crypto import hash_password, verify_password

let stored = hash_password("s3cret")
let ok = verify_password("s3cret", stored)    # True
let bad = verify_password("wrong", stored)    # False

Function	Returns	Description
`hash_password(password)`	`CryptoPasswordHash`	Hash a password
`verify_password(password, stored)`	`Bool`	Check password against stored hash

Symmetric encryption (AES-GCM)

Encrypt and decrypt with a shared secret key. Uses AES-256-GCM with a random nonce per encryption.

from crypto import generate_secret_key, encrypt, decrypt

let key = generate_secret_key()
let ct = encrypt(key, "secret message")
let pt = decrypt(key, ct)    # "secret message"

Function	Returns	Description
`generate_secret_key()`	`CryptoSecretKey`	Generate an AES-256 key
`encrypt(key, plaintext)`	`CryptoCipherText`	Encrypt with AES-GCM
`decrypt(key, ciphertext)`	`Str`	Decrypt ciphertext

Message authentication (HMAC-SHA-256)

Create and verify message authentication codes:

from crypto import generate_hmac_key, hmac_sha256, verify_hmac

let key = generate_hmac_key()
let tag = hmac_sha256(key, "important data")
let valid = verify_hmac(key, "important data", tag)    # True

Function	Returns	Description
`generate_hmac_key()`	`CryptoHmacKey`	Generate an HMAC key
`hmac_sha256(key, msg)`	`CryptoMacTag`	Compute HMAC-SHA-256 tag
`verify_hmac(key, msg, tag)`	`Bool`	Verify HMAC tag

Public-key signatures (Ed25519)

Sign and verify messages with asymmetric key pairs:

from crypto import generate_signing_keypair, sign, verify_signature

let kp = generate_signing_keypair()
let sig = sign(kp.private_key(), "message")
let ok = verify_signature(kp.public_key(), "message", sig)    # True

Function	Returns	Description
`generate_signing_keypair()`	`CryptoKeyPair`	Generate Ed25519 key pair
`sign(private_key, msg)`	`CryptoSignature`	Sign a message
`verify_signature(public_key, msg, sig)`	`Bool`	Verify a signature

Encoding helpers

from crypto import base64_encode, base64_decode, hex_encode, hex_decode

let b64 = base64_encode("hello")     # "aGVsbG8="
let raw = base64_decode(b64)         # "hello"

let hex = hex_encode("hi")
let raw2 = hex_decode(hex)           # "hi"

Function	Returns	Description
`base64_encode(input)`	`Str`	Base64-encode a string
`base64_decode(encoded)`	`Str`	Base64-decode a string
`hex_encode(input)`	`Str`	Hex-encode a string
`hex_decode(encoded)`	`Str`	Hex-decode a string

Test mode

For deterministic tests, seed the random number generator:

from crypto import set_test_seed, clear_test_seed

set_test_seed(42)
# random_bytes, random_hex, random_int now produce repeatable output
clear_test_seed()

Function	Returns	Description
`set_test_seed(seed)`	`None`	Fix RNG seed for deterministic output
`clear_test_seed()`	`None`	Restore cryptographic randomness

HTTP Client Collections