Crypto

nucypher.crypto.api.ecdsa_sign(message: bytes, privkey: umbral.keys.UmbralPrivateKey) → bytes[source]

Accepts a hashed message and signs it with the private key given.

Parameters
  • message – Message to hash and sign

  • privkey – Private key to sign with

Returns

signature

nucypher.crypto.api.ecdsa_verify(message: bytes, signature: bytes, pubkey: umbral.keys.UmbralPublicKey) → bool[source]

Accepts a message and signature and verifies it with the provided public key.

Parameters
  • message – Message to verify

  • signature – Signature to verify

  • pubkey – UmbralPublicKey to verify signature with

Returns

True if valid, False if invalid.

nucypher.crypto.api.keccak_digest(*messages) → bytes[source]

Accepts an iterable containing bytes and digests it returning a Keccak digest of 32 bytes (keccak_256).

Although we use SHA256 in many cases, we keep keccak handy in order to provide compatibility with the Ethereum blockchain.

Parameters

bytes – Data to hash

Return type

bytes

Returns

bytestring of digested data

nucypher.crypto.api.secure_random(num_bytes: int) → bytes[source]

Returns an amount num_bytes of data from the OS’s random device. If a randomness source isn’t found, returns a NotImplementedError. In this case, a secure random source most likely doesn’t exist and randomness will have to found elsewhere.

Parameters

num_bytes – Number of bytes to return.

Returns

bytes

nucypher.crypto.api.secure_random_range(min: int, max: int) → int[source]

Returns a number from a secure random source betwee the range of min and max - 1.

Parameters
  • min – Minimum number in the range

  • max – Maximum number in the range

Returns

int

class nucypher.crypto.powers.BlockchainPower(blockchain: Blockchain, account: str)[source]

Allows for transacting on a Blockchain via web3 backend.

not_found_error

alias of NoBlockchainPower

sign_message(message: bytes)[source]

Signs the message with the private key of the BlockchainPower.

unlock_account(password: str, duration: int = None)[source]

Unlocks the account for the specified duration. If no duration is provided, it will remain unlocked indefinitely.

verify_message(address: str, pubkey: bytes, message: bytes, signature_bytes: bytes)[source]

Verifies that the message was signed by the keypair.

class nucypher.crypto.powers.CryptoPowerUp[source]

Gives you MORE CryptoPower!

class nucypher.crypto.powers.DecryptingPower(pubkey: umbral.keys.UmbralPublicKey = None, keypair: nucypher.keystore.keypairs.Keypair = None)[source]
not_found_error

alias of NoDecryptingPower

class nucypher.crypto.powers.DelegatingPower(keying_material: Optional[bytes] = None, password: Optional[bytes] = None)[source]
generate_kfrags(bob_pubkey_enc, signer, label, m, n) → Tuple[umbral.keys.UmbralPublicKey, List][source]

Generates re-encryption key frags (“KFrags”) and returns them.

These KFrags can be used by Ursula to re-encrypt a Capsule for Bob so that he can activate the Capsule. :param bob_pubkey_enc: Bob’s public key :param m: Minimum number of KFrags needed to rebuild ciphertext :param n: Total number of KFrags to generate

class nucypher.crypto.powers.DerivedKeyBasedPower[source]

Rather than rely on an established KeyPair, this type of power derives a key at moments defined by the user.

class nucypher.crypto.powers.KeyPairBasedPower(pubkey: umbral.keys.UmbralPublicKey = None, keypair: nucypher.keystore.keypairs.Keypair = None)[source]
exception nucypher.crypto.powers.NoBlockchainPower[source]
exception nucypher.crypto.powers.NoDecryptingPower[source]
exception nucypher.crypto.powers.NoSigningPower[source]
exception nucypher.crypto.powers.PowerUpError[source]
class nucypher.crypto.powers.SigningPower(pubkey: umbral.keys.UmbralPublicKey = None, keypair: nucypher.keystore.keypairs.Keypair = None)[source]
not_found_error

alias of NoSigningPower

exception nucypher.crypto.signing.InvalidSignature[source]

Raised when a Signature is not valid.

class nucypher.crypto.signing.SignatureStamp(verifying_key, signer: umbral.signing.Signer = None)[source]

Can be called to sign something or used to express the signing public key as bytes.

fingerprint()[source]

Hashes the key using keccak-256 and returns the hexdigest in bytes.

Returns

Hexdigest fingerprint of key (keccak-256) in bytes

class nucypher.crypto.signing.StrangerStamp(verifying_key, signer: umbral.signing.Signer = None)[source]

SignatureStamp of a stranger (ie, can only be used to glean public key, not to sign)

nucypher.crypto.utils.construct_policy_id(label: bytes, stamp: bytes) → bytes[source]

Forms an ID unique to the policy per label and Bob’s signing pubkey via a keccak hash of the two.

nucypher.crypto.utils.fingerprint_from_key(public_key: Any)[source]

Hashes a key using keccak-256 and returns the hexdigest in bytes. :return: Hexdigest fingerprint of key (keccak-256) in bytes

nucypher.crypto.utils.get_signature_recovery_value(message: bytes, signature: Union[bytes, umbral.signing.Signature], public_key: Union[bytes, umbral.keys.UmbralPublicKey], is_prehashed: bool = False) → bytes[source]

Obtains the recovery value of a standard ECDSA signature.

Parameters
  • message – Signed message

  • signature – The signature from which the pubkey is recovered

  • public_key – The public key for verifying the signature

  • is_prehashed – True if the message is already pre-hashed. Default is False, and message will be hashed with SHA256

Returns

The compressed byte-serialized representation of the recovered public key

nucypher.crypto.utils.recover_pubkey_from_signature(message: bytes, signature: Union[bytes, umbral.signing.Signature], v_value_to_try: int, is_prehashed: bool = False) → bytes[source]

Recovers a serialized, compressed public key from a signature. It allows to specify a potential v value, in which case it assumes the signature has the traditional (r,s) raw format. If a v value is not present, it assumes the signature has the recoverable format (r, s, v).

Parameters
  • message – Signed message

  • signature – The signature from which the pubkey is recovered

  • v_value_to_try – A potential v value to try

  • is_prehashed – True if the message is already pre-hashed. Default is False, and message will be hashed with SHA256

Returns

The compressed byte-serialized representation of the recovered public key