This roadmap outlines potential improvements and milestones for SecureCrypto-PythonBridge. Use it as a living plan—check items off as they ship and open issues/PRs to discuss changes.
- Python wrapper with AES/RSA/Hash/HMAC/Sign/Verify helpers
- Examples folder (AES, Hybrid RSA, Sign/Verify)
- Cheatsheet (PDF), Implementation Ideas doc
- README with badges + Windows CI workflow
- CONTRIBUTING, LICENSE (MIT), CHANGELOG, Release template
- Signature I/O helpers and extra encoding utilities
- Publish to PyPI (
pip install securecrypto-bridge) with wheel - Add structured exceptions and error messages (e.g.,
KeyLoadError,DecryptError) - Add richer type hints + docstrings for every function
- Add
encrypt_and_sign/verify_and_decryptconvenience pairs - CLI tool (
python -m securecrypto ...) for quick terminal usage - More examples: API HMAC signing; encrypted notes demo
- Benchmarks: AES/Hybrid performance on typical files
- Unit tests for wrapper behavior (pytest)
- Fixtures for temporary keys/files
- Extended CI steps: run tests, coverage report artifact
- Linting + formatting (ruff/black) and pre-commit hooks
- Linux/macOS CI jobs with .NET runtime configuration (Mono/.NET)
- Docs for installing dependencies on Linux/macOS
- Validate DLL interop or offer .NET 6/7 cross-platform build
- Optional key storage integrations: DPAPI (Windows), Keychain (macOS), libsecret (Linux)
- Encrypted private key export (password-protected PEM/XML)
- Add key rotation patterns and helpers
- Timing-safe compare for HMAC verification (constant-time)
- Pre-built releases with signed assets
- Versioned
SecureCrypto.dllwith strong name or code signing -
pipxinstall instructions for CLI - Docker dev container for examples/tests
- Full API Reference (mkdocs + mkdocstrings)
- Tutorials: file encryption workflow, signed update pipeline
- Architecture diagram: AES + RSA hybrid format details
- Security FAQ and best practices
- Streaming/chunked file encryption for very large files
- Parallel encryption paths for performance
- Optional authenticated encryption (AES-GCM) path
- Pluggable KDF (Argon2id option in addition to PBKDF2)
- Backward-compatible on-disk formats with version bytes
- Minimal REST service example for server-side operations
- GUI demo (Tkinter/PySide) for encrypt/sign workflows
- Example integration with FastAPI/Flask
- Key discovery and trust model patterns (pubkey fingerprints)
- Example: S3 encrypted backups with lifecycle policies
- Localization-ready strings for CLI outputs
- Adopt Semantic Versioning; reflect breaking changes with major bumps.
- Keep CHANGELOG updated; tag releases following
vX.Y.Z. - Prioritize API stability and security best practices.