{"id":8894,"library":"chacha20poly1305-reuseable","title":"ChaCha20Poly1305 Reusable for Asyncio","description":"This library provides a Python implementation of the ChaCha20Poly1305 authenticated encryption algorithm, specifically designed for asynchronous I/O (asyncio) contexts. While it aimed to offer a reusable cipher object for efficiency, it is now considered obsolete for new projects due to the `cryptography` library's adoption of a high-performance, Rust-based ChaCha20Poly1305 implementation. The library is currently at version 0.13.2, with recent maintenance releases, but its utility for new development is superseded.","status":"deprecated","version":"0.13.2","language":"en","source_language":"en","source_url":"https://github.com/bdraco/chacha20poly1305-reuseable","tags":["cryptography","asyncio","security","encryption","deprecated"],"install":[{"cmd":"pip install chacha20poly1305-reuseable","lang":"bash","label":"Latest stable version"}],"dependencies":[{"reason":"Provides the underlying cryptographic primitives for ChaCha20 and Poly1305. The 'chacha20poly1305-reuseable' library leverages 'cryptography' for its core functions.","package":"cryptography"}],"imports":[{"symbol":"ChaCha20Poly1305Reusable","correct":"from chacha20poly1305_reuseable import ChaCha20Poly1305Reusable"}],"quickstart":{"code":"import os\nfrom chacha20poly1305_reuseable import ChaCha20Poly1305Reusable\n\n# In a real application, securely load your key (32 bytes).\n# For demonstration, a random key is generated.\nkey = os.urandom(32)\n\n# Associated data (AAD) is optional, but recommended for integrity checks.\nassociated_data = b\"Config data, not encrypted but authenticated.\"\nplaintext = b\"This is the secret message to be encrypted.\"\n\n# Initialize the cipher object with the key\ncipher = ChaCha20Poly1305Reusable(key)\n\n# Encrypt the plaintext\n# The nonce is generated internally and returned, must be unique per encryption.\nnonce, ciphertext, tag = cipher.encrypt(plaintext, associated_data)\nprint(f\"Encryption successful:\")\nprint(f\"  Nonce: {nonce.hex()}\")\nprint(f\"  Ciphertext: {ciphertext.hex()}\")\nprint(f\"  Tag: {tag.hex()}\")\n\n# Decrypt the ciphertext\ntry:\n    decrypted_text = cipher.decrypt(nonce, ciphertext, tag, associated_data)\n    print(f\"Decryption successful: {decrypted_text.decode()}\")\n    assert decrypted_text == plaintext\n    print(\"Message integrity verified.\")\nexcept Exception as e:\n    print(f\"Decryption failed: {e}\")\n\n# The 'cipher' object can be reused for subsequent encryptions/decryptions\n# with a *new*, unique nonce for each operation.\nnew_plaintext = b\"Another secret message, secured by the same key.\"\nnew_nonce, new_ciphertext, new_tag = cipher.encrypt(new_plaintext, associated_data)\nprint(f\"\\nReused cipher for new encryption (new nonce): {new_nonce.hex()}\")\n","lang":"python","description":"This quickstart demonstrates how to initialize the `ChaCha20Poly1305Reusable` cipher with a 32-byte key, encrypt plaintext with optional associated data (AAD), and then decrypt it, verifying integrity. It highlights how the cipher object itself can be reused, but crucially, a new cryptographic nonce is generated and required for each distinct encryption operation."},"warnings":[{"fix":"For new projects, use `from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305` instead. For existing projects, consider migrating to `cryptography`'s native AEAD for long-term support and performance.","message":"This library is considered obsolete for new projects. The underlying `cryptography` library now provides its own highly optimized, Rust-based implementation of ChaCha20Poly1305. It is recommended to use `cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305` directly instead of this wrapper library for modern applications.","severity":"breaking","affected_versions":"All versions, especially from v0.13.0 onwards due to underlying `cryptography` changes."},{"fix":"Always generate a cryptographically secure, unique nonce (usually 12 bytes) for each encryption operation under the same key. The `encrypt` method of this library generates a new nonce for you by default; ensure you store and transmit it with the ciphertext.","message":"Despite the library's name including 'reuseable', this refers to the Python object instance, not the cryptographic nonce. Reusing the same nonce (IV) with the same key for two different plaintexts is a critical security vulnerability that completely compromises the confidentiality of ChaCha20Poly1305. A unique nonce *must* be used for every encryption with a given key.","severity":"gotcha","affected_versions":"All versions."},{"fix":"Upgrade to `chacha20poly1305-reuseable` version 0.12.1 or newer to ensure compatibility with recent `cryptography` releases. If upgrading is not possible, pin `cryptography<42` for older versions of this library.","message":"Older versions of `chacha20poly1305-reuseable` (prior to v0.12.1) had compatibility issues with `cryptography` library versions, specifically `cryptography 42`, due to internal cipher checks. This could lead to runtime errors or unexpected behavior if `cryptography` was updated independently.","severity":"gotcha","affected_versions":"<0.12.1"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Ensure that the `key`, `nonce`, `ciphertext`, `tag`, and `associated_data` used during decryption are precisely the same as those used during encryption and that none have been modified in transit. Verify the integrity of the message source.","cause":"During decryption, the authentication tag (MAC) generated from the provided ciphertext, associated data, and key does not match the tag received. This indicates that either the ciphertext or the associated data has been tampered with, or an incorrect key/nonce/tag was used for decryption.","error":"ValueError: MAC did not verify"},{"fix":"First, ensure the library is installed: `pip install chacha20poly1305-reuseable`. Then, use the correct import statement: `from chacha20poly1305_reuseable import ChaCha20Poly1305Reusable`.","cause":"The main class `ChaCha20Poly1305Reusable` was not found. This typically happens if the library is not installed, or the import path is incorrect (e.g., trying `import chacha20poly1305_reuseable` directly and accessing attributes from it).","error":"AttributeError: module 'chacha20poly1305_reuseable' has no attribute 'ChaCha20Poly1305Reusable'"},{"fix":"Always use a unique, randomly generated nonce for every single encryption operation performed with a given key. The `encrypt` method in `chacha20poly1305-reuseable` automatically generates a new nonce for each call, so this issue primarily arises from manual misuse if a fixed nonce is forced.","cause":"Attempting to encrypt multiple distinct messages using the same cryptographic key and the same nonce. While the library itself handles nonce generation for its `encrypt` method, manual or incorrect nonce management can lead to this vulnerability.","error":"Security warning: Nonce reuse detected with ChaCha20Poly1305"}]}