Metadata-Version: 2.4
Name: winhello-crypto
Version: 2.1.9
Summary: Secure AWS credential storage and file encryption using Windows Hello biometric authentication
Home-page: https://github.com/SergeDubovsky/WinHello-Crypto
Author: Serge Dubovsky
Author-email: Serge Dubovsky <serge@lavinna.com>
License: Apache-2.0
Project-URL: Homepage, https://github.com/SergeDubovsky/WinHello-Crypto
Project-URL: Repository, https://github.com/SergeDubovsky/WinHello-Crypto
Project-URL: Bug Reports, https://github.com/SergeDubovsky/WinHello-Crypto/issues
Project-URL: Documentation, https://github.com/SergeDubovsky/WinHello-Crypto/blob/main/README.md
Keywords: windows-hello,biometric,authentication,encryption,aws,credentials,security,cryptography
Platform: Windows
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: Microsoft :: Windows :: Windows 10
Classifier: Operating System :: Microsoft :: Windows :: Windows 11
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: System :: Systems Administration :: Authentication/Directory
Classifier: Topic :: Utilities
Requires-Python: >=3.7
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: cryptography<46.0.0,>=45.0.6
Requires-Dist: winrt-runtime<4.0.0,>=3.2.0; platform_system == "Windows"
Requires-Dist: winrt-Windows.Security.Credentials<4.0.0,>=3.2.0; platform_system == "Windows"
Requires-Dist: winrt-Windows.Storage.Streams<4.0.0,>=3.2.0; platform_system == "Windows"
Provides-Extra: dev
Requires-Dist: pytest<9.0.0,>=8.3.0; extra == "dev"
Requires-Dist: pytest-asyncio<1.0.0,>=0.24.0; extra == "dev"
Requires-Dist: pytest-cov<6.0.0,>=5.0.0; extra == "dev"
Requires-Dist: black<25.0.0,>=24.0.0; extra == "dev"
Requires-Dist: flake8<8.0.0,>=7.1.0; extra == "dev"
Requires-Dist: mypy<2.0.0,>=1.11.0; extra == "dev"
Provides-Extra: security
Requires-Dist: bandit<2.0.0,>=1.7.5; extra == "security"
Requires-Dist: safety<3.3.0,>=3.2.0; extra == "security"
Provides-Extra: docs
Requires-Dist: sphinx<8.0.0,>=7.0.0; extra == "docs"
Requires-Dist: sphinx-rtd-theme<3.0.0,>=2.0.0; extra == "docs"
Dynamic: author
Dynamic: home-page
Dynamic: license-file
Dynamic: platform
Dynamic: requires-python

# WinHello-Crypto

[![CI](https://github.com/SergeDubovsky/WinHello-Crypto/actions/workflows/ci.yml/badge.svg)](https://github.com/SergeDubovsky/WinHello-Crypto/actions/workflows/ci.yml)
[![Security Tests](https://github.com/SergeDubovsky/WinHello-Crypto/actions/workflows/security-tests.yml/badge.svg)](https://github.com/SergeDubovsky/WinHello-Crypto/actions/workflows/security-tests.yml)
[![codecov](https://codecov.io/gh/SergeDubovsky/WinHello-Crypto/branch/main/graph/badge.svg)](https://codecov.io/gh/SergeDubovsky/WinHello-Crypto)
[![PyPI version](https://badge.fury.io/py/winhello-crypto.svg)](https://badge.fury.io/py/winhello-crypto)
[![Python Support](https://img.shields.io/pypi/pyversions/winhello-crypto.svg)](https://pypi.org/project/winhello-crypto/)
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)

Secure AWS credential storage and file encryption using Windows Hello biometric authentication.

## Quick Start

### Install
```bash
pip install winhello-crypto
```

### AWS Credentials Manager
```bash
# Store AWS credentials
aws-hello-creds set myprofile --access-key AKIA... --secret-key secret123

# Use stored credentials  
aws-hello-creds get myprofile

# List all profiles
aws-hello-creds list

# Export as environment variables
aws-hello-creds export myprofile
```

### File Encryption
```bash
# Encrypt a file
winhello-crypto encrypt myfile.txt

# Decrypt a file
winhello-crypto decrypt myfile.txt.enc
```

## AWS Credentials Manager Commands

### Basic Operations
```bash
# Store credentials
aws-hello-creds set <profile> --access-key <key> --secret-key <secret> [--session-token <token>] [--region <region>]

# Retrieve credentials
aws-hello-creds get <profile> [--format json|env|ini]

# List all profiles
aws-hello-creds list [--format table|json]

# Delete credentials
aws-hello-creds delete <profile>

# Check if profile exists
aws-hello-creds exists <profile>
```

### Advanced Operations
```bash
# Backup all credentials to encrypted file
aws-hello-creds backup --file backup.enc

# Restore credentials from backup
aws-hello-creds restore --file backup.enc

# Rotate credentials (requires AWS CLI configured)
aws-hello-creds rotate <profile>

# Export as environment variables
aws-hello-creds export <profile> [--shell bash|powershell|cmd]

# Copy profile
aws-hello-creds copy <source> <destination>

# Update existing profile
aws-hello-creds update <profile> [--access-key <key>] [--secret-key <secret>] [--session-token <token>] [--region <region>]
```

### File Operations
```bash
# Encrypt file with profile credentials
aws-hello-creds encrypt-file <profile> <input-file> [--output <output-file>]

# Decrypt file with profile credentials
aws-hello-creds decrypt-file <profile> <input-file> [--output <output-file>]
```

## File Encryption Commands

```bash
# Encrypt file
winhello-crypto encrypt <input-file> [--output <output-file>]

# Decrypt file
winhello-crypto decrypt <input-file> [--output <output-file>]

# Verify integrity
winhello-crypto verify <encrypted-file>
```

## Use Cases

### Development Workflows
```bash
# Set up dev environment
aws-hello-creds set dev --access-key AKIA... --secret-key secret123 --region us-west-2
aws-hello-creds export dev --shell powershell

# Switch to production
aws-hello-creds export prod --shell powershell
```

### CI/CD Integration
```bash
# Backup before deployment
aws-hello-creds backup --file pre-deploy-backup.enc

# Restore if needed
aws-hello-creds restore --file pre-deploy-backup.enc
```

### Secure File Sharing
```bash
# Encrypt sensitive files
winhello-crypto encrypt config.json
winhello-crypto encrypt database-backup.sql

# Share encrypted files safely
# Recipients need Windows Hello to decrypt
```

## Security Features

- **Windows Hello Integration**: Uses biometric authentication (fingerprint, face, PIN)
- **AES-256-GCM Encryption**: Military-grade encryption for stored credentials
- **No Plain Text Storage**: All credentials encrypted at rest
- **Secure Key Derivation**: PBKDF2 with high iteration count
- **Memory Protection**: Sensitive data cleared from memory after use

## Requirements

- Windows 10/11 with Windows Hello enabled
- Python 3.7+
- Biometric device (fingerprint reader, camera) or PIN set up

## Troubleshooting

### Windows Hello Not Available
```
Error: Windows Hello is not available on this device
```
**Solution**: Enable Windows Hello in Settings > Accounts > Sign-in options

### Authentication Failed
```
Error: User verification failed
```
**Solution**: 
- Ensure biometric device is working
- Try using PIN if biometric fails
- Check Windows Hello is enabled for apps

### Profile Not Found
```
Error: Profile 'myprofile' not found
```
**Solution**: Use `aws-hello-creds list` to see available profiles

### Permission Denied
```
Error: Access denied to Windows Credential Manager
```
**Solution**: Run as administrator or check Windows Credential Manager permissions

## Development

```bash
# Install development dependencies
pip install -e ".[dev]"

# Run tests
pytest

# Run security checks
bandit -r .
safety check

# Format code
black .
```

## License

Apache License 2.0 - see [LICENSE](LICENSE) for details.
