{"id":15060,"library":"x25519","title":"x25519","description":"The `x25519` library (version 0.0.2) provides a pure Python implementation of the Curve25519 elliptic curve for Diffie-Hellman key exchange. It was last released in October 2021 and appears to be unmaintained, with no active development or official GitHub repository discoverable at the provided link. This library is distinct from the more robust and actively maintained X25519 implementations found in the `cryptography` library.","status":"abandoned","version":"0.0.2","language":"en","source_language":"en","source_url":"https://github.com/1ocalhost/x25519","tags":["cryptography","x25519","curve25519","pure-python","key-exchange","diffie-hellman"],"install":[{"cmd":"pip install x25519","lang":"bash","label":"Install latest version"}],"dependencies":[],"imports":[{"note":"This library is a separate, pure-Python implementation, not part of the 'cryptography' project.","wrong":"from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey","symbol":"scalar_base_mult","correct":"import x25519\npublic_key = x25519.scalar_base_mult(private_key)"},{"note":"The API for this `x25519` package uses functional calls, not object methods like the `cryptography` library.","wrong":"private_key.exchange(peer_public_key)","symbol":"scalar_mult","correct":"import x25519\nshared_secret = x25519.scalar_mult(private_key, peer_public_key)"}],"quickstart":{"code":"import x25519\nfrom binascii import hexlify\n\n# Generate a 32-byte private key (randomly in a real application)\nprivate_key_a = b'\\x01' * 32 # Example: should be randomly generated\nprivate_key_b = b'\\x02' * 32 # Example: should be randomly generated\n\n# Derive public keys\npublic_key_a = x25519.scalar_base_mult(private_key_a)\npublic_key_b = x25519.scalar_base_mult(private_key_b)\n\nprint(f\"Public Key A: {hexlify(public_key_a).decode()}\")\nprint(f\"Public Key B: {hexlify(public_key_b).decode()}\")\n\n# Compute shared secrets\nshared_secret_ab = x25519.scalar_mult(private_key_a, public_key_b)\nshared_secret_ba = x25519.scalar_mult(private_key_b, public_key_a)\n\nprint(f\"Shared Secret A->B: {hexlify(shared_secret_ab).decode()}\")\nprint(f\"Shared Secret B->A: {hexlify(shared_secret_ba).decode()}\")\n\nassert shared_secret_ab == shared_secret_ba\nprint(\"Shared secrets match!\")","lang":"python","description":"This quickstart demonstrates how to generate X25519 private and public keys and then derive a shared secret using the `x25519` library's `scalar_base_mult` and `scalar_mult` functions. Ensure private keys are truly random bytes in a real-world scenario."},"warnings":[{"fix":"Migrate to a actively maintained and audited cryptography library, such as `cryptography` (e.g., `cryptography.hazmat.primitives.asymmetric.x25519`).","message":"The GitHub repository linked in the PyPI metadata for this library is non-existent (404 Not Found), indicating the project is likely unmaintained and should not be used for new development.","severity":"breaking","affected_versions":"0.0.2 and potentially earlier"},{"fix":"For security-critical applications, prefer native code implementations (like those in `cryptography` which wraps OpenSSL) that are designed for constant-time execution.","message":"Pure Python cryptographic implementations, especially for operations like X25519, can be vulnerable to timing attacks due to variations in execution time based on input values. This can leak sensitive information.","severity":"gotcha","affected_versions":"All versions"},{"fix":"If you intend to use the widely-accepted and audited X25519 implementation, install `cryptography` (`pip install cryptography`) and import from `cryptography.hazmat.primitives.asymmetric.x25519`.","message":"This `x25519` PyPI package is a distinct, pure-Python implementation and is NOT the X25519 implementation provided by the `cryptography` library, which is the standard and recommended choice for robust cryptography in Python.","severity":"gotcha","affected_versions":"All versions"},{"fix":"After obtaining the `shared_secret`, apply a KDF (e.g., from `cryptography.hazmat.primitives.kdf.hkdf`) to derive a secure symmetric key.","message":"The raw shared secret derived from X25519 should generally not be used directly as an encryption key. It should be processed through a Key Derivation Function (KDF) like HKDF to produce a strong, fixed-length key suitable for symmetric encryption.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"The `x25519` package uses functional calls (e.g., `x25519.scalar_base_mult`). If you intended to use the `cryptography` library, ensure it's installed (`pip install cryptography`) and import `from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey`.","cause":"Attempting to use `cryptography` library's object-oriented API with the `x25519` pure Python package.","error":"AttributeError: module 'x25519' has no attribute 'X25519PrivateKey'"},{"fix":"Ensure all key material (private keys, public keys) are precisely 32-byte `bytes` objects. Avoid passing strings or integers directly.","cause":"Incorrect input type for cryptographic functions. X25519 operations typically expect 32-byte `bytes` objects for keys.","error":"TypeError: 'bytes' object cannot be interpreted as an integer"}],"ecosystem":"pypi"}