nucypher.crypto.api.ecdsa_sign(message: bytes, privkey: umbral.keys.UmbralPrivateKey) → bytes[source]

Accepts a hashed message and signs it with the private key given.

  • message – Message to hash and sign
  • privkey – Private key to sign with


nucypher.crypto.api.ecdsa_verify(message: bytes, signature: bytes, pubkey: umbral.keys.UmbralPublicKey) → bool[source]

Accepts a message and signature and verifies it with the provided public key.

  • message – Message to verify
  • signature – Signature to verify
  • pubkey – UmbralPublicKey to verify signature with

True if valid, False if invalid.

nucypher.crypto.api.keccak_digest(*messages) → bytes[source]

Accepts an iterable containing bytes and digests it returning a Keccak digest of 32 bytes (keccak_256).

Although we use SHA256 in many cases, we keep keccak handy in order to provide compatibility with the Ethereum blockchain.

Parameters:bytes – Data to hash
Return type:bytes
Returns:bytestring of digested data
nucypher.crypto.api.secure_random(num_bytes: int) → bytes[source]

Returns an amount num_bytes of data from the OS’s random device. If a randomness source isn’t found, returns a NotImplementedError. In this case, a secure random source most likely doesn’t exist and randomness will have to found elsewhere.

Parameters:num_bytes – Number of bytes to return.
nucypher.crypto.api.secure_random_range(min: int, max: int) → int[source]

Returns a number from a secure random source betwee the range of min and max - 1.

  • min – Minimum number in the range
  • max – Maximum number in the range


class nucypher.crypto.powers.BlockchainPower(blockchain: Blockchain, account: str)[source]

Allows for transacting on a Blockchain via web3 backend.


alias of NoBlockchainPower

sign_message(message: bytes)[source]

Signs the message with the private key of the BlockchainPower.

unlock_account(password: str, duration: int = None)[source]

Unlocks the account for the specified duration. If no duration is provided, it will remain unlocked indefinitely.

verify_message(address: str, pubkey: bytes, message: bytes, signature_bytes: bytes)[source]

Verifies that the message was signed by the keypair.

class nucypher.crypto.powers.CryptoPowerUp[source]

Gives you MORE CryptoPower!

class nucypher.crypto.powers.DecryptingPower(pubkey: umbral.keys.UmbralPublicKey = None, keypair: nucypher.keystore.keypairs.Keypair = None)[source]

alias of NoDecryptingPower

class nucypher.crypto.powers.DelegatingPower(keying_material: Optional[bytes] = None, password: Optional[bytes] = None)[source]
generate_kfrags(bob_pubkey_enc, signer, label, m, n) → Tuple[umbral.keys.UmbralPublicKey, List][source]

Generates re-encryption key frags (“KFrags”) and returns them.

These KFrags can be used by Ursula to re-encrypt a Capsule for Bob so that he can activate the Capsule. :param bob_pubkey_enc: Bob’s public key :param m: Minimum number of KFrags needed to rebuild ciphertext :param n: Total number of KFrags to generate

class nucypher.crypto.powers.DerivedKeyBasedPower[source]

Rather than rely on an established KeyPair, this type of power derives a key at moments defined by the user.

class nucypher.crypto.powers.KeyPairBasedPower(pubkey: umbral.keys.UmbralPublicKey = None, keypair: nucypher.keystore.keypairs.Keypair = None)[source]
exception nucypher.crypto.powers.NoBlockchainPower[source]
exception nucypher.crypto.powers.NoDecryptingPower[source]
exception nucypher.crypto.powers.NoSigningPower[source]
exception nucypher.crypto.powers.PowerUpError[source]
class nucypher.crypto.powers.SigningPower(pubkey: umbral.keys.UmbralPublicKey = None, keypair: nucypher.keystore.keypairs.Keypair = None)[source]

alias of NoSigningPower

exception nucypher.crypto.signing.InvalidSignature[source]

Raised when a Signature is not valid.

class nucypher.crypto.signing.SignatureStamp(verifying_key, signer: umbral.signing.Signer = None)[source]

Can be called to sign something or used to express the signing public key as bytes.


Hashes the key using keccak-256 and returns the hexdigest in bytes.

Returns:Hexdigest fingerprint of key (keccak-256) in bytes
class nucypher.crypto.signing.StrangerStamp(verifying_key, signer: umbral.signing.Signer = None)[source]

SignatureStamp of a stranger (ie, can only be used to glean public key, not to sign)

nucypher.crypto.utils.fingerprint_from_key(public_key: Any)[source]

Hashes a key using keccak-256 and returns the hexdigest in bytes. :return: Hexdigest fingerprint of key (keccak-256) in bytes