Cryptographic Context

class CryptoContext(computation_uuid: str, side: Side, words: Union[str, Tuple[str, str, str]], ed25519_seed: Optional[bytes] = None, symkey: Optional[bytes] = None)

CryptoContext class for cryptographic keys.

Parameters
computation_uuidstr

Computation UUID (Universally Unique IDentifier) of the computation.

sideSide

Role in the computation. Could be Side.CodeProvider, Side.DataProvider or Side.ResultConsumer.

wordsUnion[str, Tuple[str, str, str]]

3 words used as the pre-shared secret between participants.

ed25519_seedOptional[bytes]

Ed25519 private key used for signature.

symkeyOptional[bytes]

XSalsa20-Poly1305 symmetric key used for encryption/decryption.

Attributes
ed25519_pkbytes

Ed25519 public key.

ed25519_seedbytes

Ed25519 seed.

ed25519_skbytes

Ed25519 private key.

ed25519_fingerprintbytes

Fingerprint of the Ed25519 public key.

_symkeybytes

Symmetric key used for encryption/decryption with XSalsa20-Poly1305.

_words: Tuple[str, str, str]

3 words used as the pre-shared secret between participants.

preshared_skbytes

Pre-shared key derived from the pre-shared secret.

classmethod from_path(computation_uuid: str, side: Side, words: Union[str, Tuple[str, str, str]], private_key: Optional[Path], password: Optional[bytes], symmetric_key: Optional[Path])

Create CryptoContext from files.

Parameters
computation_uuidstr

Computation UUID (Universally Unique IDentifier) of the computation.

sideSide

Role in the computation. Could be Side.CodeProvider, Side.DataProvider or Side.ResultConsumer.

wordsUnion[str, Tuple[str, str, str]]

3 words used as the pre-shared secret between participants.

private_keyOptional[Path]

Ed25519 private key file in PEM format for digital signature.

passwordOptional[bytes]

Password for PEM private key file.

symmetric_keyOptional[Path]

XSalsa20-Poly1305 symmetric key used for encryption/decryption stored as raw bytes in a file.

classmethod from_dict(d: Dict[str, Union[str, bytes]])

Create CryptoContext from dict.

classmethod from_json(value: str)

Create CryptoContext from JSON string.

to_dict() Dict[str, Union[str, bytes]]

Serialize to dict.

to_json() str

Serialize to JSON string.

property public_key: bytes

Ed25519 public key.

property fingerprint: bytes

Fingerprint of the public key.

property symkey: bytes

XSalsa20-Poly1305 symmetric key used for encryption.

property words: Tuple[str, str, str]

Pre-shared secret between participants.

encrypt(data: bytes) bytes

Encrypt bytes data using XSalsa20-Poly1305.

Parameters
databytes

Data to be encrypted.

Returns
bytes

Ciphertext of data encrypted using self._symkey.

encrypt_file(path: Path) Path

Encrypt file path using XSalsa20-Poly1305.

Parameters
pathPath

Path to the data to be encrypted.

Returns
Path

Path to the encrypted file path with self._symkey.

encrypt_directory(dir_path: Path, patterns: List[str], exceptions: List[str], dir_exceptions: List[str], out_dir_path: Path) bool

Encrypt the content of directory dir_path using XSalsa20-Poly1305.

Parameters
dir_pathPath

Path to the directory to be encrypted.

patterns: List[str]

List of patterns to be matched in the directory.

exceptions: List[str]

List of files which won’t be encrypted.

dir_exceptions: List[str]

List of directories which won’t be encrypted recursively.

out_dir_path: Path

Output directory path.

Returns
bool

True if success, raise an exception otherwise.

decrypt(encrypted_data: bytes) bytes

Decrypt bytes encrypted_data using XSalsa20-Poly1305.

Parameters
encrypted_databytes

Encrypted data to be decrypted.

Returns
bytes

Cleartext of encrypted_data decrypted using self._symkey.

decrypt_file(path: Path) Path

Decrypt file path using XSalsa20-Poly1305.

Parameters
pathPath

Path to the data to be decrypted.

Returns
Path

Path to the decrypted file path with self._symkey.

decrypt_directory(dir_path: Path) bool

Decrypt the content of directory dir_path using XSalsa20-Poly1305.

Parameters
dir_pathPath

Path to the directory to be decrypted.

Returns
bool

True if success, raise an exception otherwise.

Notes

It looks for files with extension ENC_EXT.

sign(data: bytes) bytes

Sign data with self.ed25519_seed.

Parameters
databytes

Data to be signed.

Returns
bytes

64 bytes Ed25519 signature.

seal_symkey(ed25519_recipient_pk: bytes) bytes

Seal your symmetric key and sign the box.

Parameters
ed25519_recipient_pkbytes

Recipent X25519 public key (32 bytes).

Returns
bytes

sig (64) || seal_box (112).

Notes

Use seal box of libsodium (X25519 and XSalsa20-Poly1305) by converting the Ed25519 public key into X25519 public key first:

ephemeral_pk ‖ box(m,
                   recipient_pk,
                   ephemeral_sk,
                   nonce=blake2b(ephemeral_pk ‖ x25519_recipient_pk)))