Module: aea

This module implements the Apple Encrypted Archive format.

API Reference

def encode(data: bytes, **kwargs) -> bytes
def encode_stream(input: BinaryIO, output: BinaryIO, **kwargs) -> None

def decode(data: bytes, **kwargs) -> bytes
def decode_stream(input: BinaryIO, output: BinaryIO, **kwargs) -> None

def id(data: bytes) -> bytes

class ProfileType(enum.IntEnum)
class ChecksumAlgorithm(enum.IntEnum)
class CompressionAlgorithm(enum.IntEnum)

class ParseError(Exception)
class SignatureValidationError(ParseError)
class MACValidationError(ParseError)
class ChecksumValidationError(ParseError)

Encoding

The following keyword argument is optional and specifies how the archive is encrypted and signed. If it is omitted, the profile type is inferred from the remaining keyword arguments:

If one of the following keyword arguments is specified, the archive is encrypted. No more than one of them may be specified:

  • symmetric_key: bytes (32 bytes)
  • recipient_pub: bytes
  • password: str

If the following keyword argument is specified, the archive is signed

  • signature_priv: bytes

The following keyword arguments may also be specified:

  • auth_data: bytes = b""
  • segment_size: int = 0x100000
  • segments_per_cluster: int = 256
  • checksum_algorithm: str = SHA256
  • compression_algorithm: int = LZFSE
  • scrypt_strength: int = 0

Decoding

For decoding, the profile type is read from the file header. Depending on the profile type, the following keyword arguments may be required:

  • symmetric_key: bytes (32 bytes)
  • recipient_priv: bytes
  • password: str
  • signature_pub: bytes

The following exceptions may be raised by this function:

  • ParseError
  • SignatureValidationError
  • MACValidationError
  • ChecksumValidationError

Id

This method returns the archive id of the file, which is the same as the SHA-256 hash of its prologue.

ProfileType

SIGNED = 0
SYMMETRIC_ENCRYPTION = 1
SYMMETRIC_ENCRYPTION_SIGNED = 2
ASYMMETRIC_ENCRYPTION = 3
ASYMMETRIC_ENCRYPTION_SIGNED = 4
PASSWORD_ENCRYPTION = 5

ChecksumAlgorithm

NONE = 0
MURMUR = 1
SHA256 = 2

CompressionAlgorithm

NONE = '-'
LZ4 = '4'
LZBITMAP = 'b'
LZFSE = 'e'
LZVN = 'f'
LZMA = 'x'
ZLIB = 'z'