Hubert Chathi 7e0c827703 release 3.2.16 2023-11-23 12:38:51 -05:00
docs python: Import improved python bindings. 2018-07-18 17:44:32 -04:00
dummy fix Python build 2021-06-17 11:56:08 -04:00
olm Fix breakage in setuptools-69.0.0 by cleaning up setup.py 2023-11-21 16:07:46 -05:00
tests actually remove dependency on future 2023-04-26 10:00:34 -04:00
.gitignore generate python/include/olm/olm.h automatically 2018-10-12 18:53:18 -04:00
.gitlab-ci.yml update Python versions in CI 2023-11-21 21:25:02 -05:00
MANIFEST.in improve Python packaging 2023-04-25 18:47:14 -04:00
Makefile re-add olm-python3 rule that was accidentally removed 2022-05-13 16:21:54 -04:00
README.md release 3.2.15 2023-05-01 11:35:20 -04:00
make_sdist.sh use pypa/build instead of setup.py when building sdist 2023-11-21 21:25:55 -05:00
olm_build.py improve compatibility with Windows (though it still doesn't work) 2023-04-27 18:52:39 -04:00
packaging.diff improve compatibility with Windows (though it still doesn't work) 2023-04-27 18:52:39 -04:00
pyproject.toml release 3.2.16 2023-11-23 12:38:51 -05:00
requirements.txt we are already living in the future 2023-01-09 09:51:37 -05:00
setup.cfg Fix breakage in setuptools-69.0.0 by cleaning up setup.py 2023-11-21 16:07:46 -05:00
setup.py Fix breakage in setuptools-69.0.0 by cleaning up setup.py 2023-11-21 16:07:46 -05:00
test-requirements.txt tests: Drop hypothesis from the tests. 2019-06-20 13:45:33 +02:00
tox.ini fix tox config to work with newer version 2022-12-23 17:50:09 -05:00



Python bindings for Olm.

The specification of the Olm cryptographic ratchet which is used for peer to peer sessions of this library can be found here.

The specification of the Megolm cryptographic ratchet which is used for group sessions of this library can be found here.

An example of the implementation of the Olm and Megolm cryptographic protocol can be found in the Matrix protocol for which the implementation guide can be found here.

The full API reference can be found here.

Installation instructions

To install from the source package, you will need:

  • cmake (recommended) or GNU make
  • a C/C++ compiler

You can then run pip install python-olm.

This should work in UNIX-like environments, including macOS, and may work in other environments too, but is known to not work yet in Windows.


Accounts create and hold the central identity of the Olm protocol, they consist of a fingerprint and identity key pair. They also produce one time keys that are used to start peer to peer encrypted communication channels.

Account Creation

A new account is created with the Account class, it creates a new Olm key pair. The public parts of the key pair are available using the identity_keys property of the class.

>>> alice = Account()
>>> alice.identity_keys
{'curve25519': '2PytGagXercwHjzQETLcMa3JOsaU2qkPIESaqoi59zE',
 'ed25519': 'HHpOuFYdHwoa54GxSttz9YmaTmbuVU3js92UTUjYJgM'}

One Time keys

One time keys need to be generated before people can start an encrypted peer to peer channel to an account.

>>> alice.generate_one_time_keys(1)
>>> alice.one_time_keys
{'curve25519': {'AAAAAQ': 'KiHoW6CIy905UC4V1Frmwr3VW8bTWkBL4uWtWFFllxM'}}

After the one time keys are published they should be marked as such so they aren't reused.

>>> alice.mark_keys_as_published()
>>> alice.one_time_keys
{'curve25519': {}}


Accounts should be stored for later reuse, storing an account is done with the pickle method while the restoring step is done with the from_pickle class method.

>>> pickle = alice.pickle()
>>> restored = Account.from_pickle(pickle)


Sessions are used to create an encrypted peer to peer communication channel between two accounts.

Session Creation

>>> alice = Account()
>>> bob = Account()
>>> bob.generate_one_time_keys(1)
>>> id_key = bob.identity_keys["curve25519"]
>>> one_time = list(bob.one_time_keys["curve25519"].values())[0]
>>> alice_session = OutboundSession(alice, id_key, one_time)


After an outbound session is created an encrypted message can be exchanged:

>>> message = alice_session.encrypt("It's a secret to everybody")
>>> message.ciphertext
>>> message.message_type

After the message is transfered, bob can create an InboundSession to decrypt the message.

>>> bob_session = InboundSession(bob, message)
>>> bob_session.decrypt(message)
"It's a secret to everybody"


Sessions like accounts can be stored for later use the API is the same as for accounts.

>>> pickle = session.pickle()
>>> restored = Session.from_pickle(pickle)

Group Sessions

Group Sessions are used to create a one-to-many encrypted communication channel. The group session key needs to be shared with all participants that should be able to decrypt the group messages. Another thing to notice is that, since the group session key is ratcheted every time a message is encrypted, the session key should be shared before any messages are encrypted.

Group Session Creation

Group sessions aren't bound to an account like peer-to-peer sessions so their creation is straightforward.

>>> alice_group = OutboundGroupSession()
>>> bob_inbound_group = InboundGroupSession(alice_group.session_key)

Group Encryption

Group encryption is pretty simple. The important part is to share the session key with all participants over a secure channel (e.g. peer-to-peer Olm sessions).

>>> message = alice_group.encrypt("It's a secret to everybody")
>>> bob_inbound_group.decrypt(message)
("It's a secret to everybody", 0)


Pickling works the same way as for peer-to-peer Olm sessions.

>>> pickle = session.pickle()
>>> restored = InboundGroupSession.from_pickle(pickle)