Crypto

nucypher.crypto.api.ecdsa_sign(message: bytes, private_key: umbral.keys.UmbralPrivateKey) → bytes[source]

Accepts a hashed message and signs it with the private key given.

Parameters
  • message – Message to hash and sign

  • private_key – Private key to sign with

Returns

signature

nucypher.crypto.api.keccak_digest(*messages: bytes) → bytes[source]

Accepts an iterable containing bytes and digests it returning a Keccak digest of 32 bytes (keccak_256).

Although we use SHA256 in many cases, we keep keccak handy in order to provide compatibility with the Ethereum blockchain.

Parameters

bytes – Data to hash

Return type

bytes

Returns

bytestring of digested data

nucypher.crypto.api.recover_address_eip_191(message: bytes, signature: bytes) → str[source]

Recover checksum address from EIP-191 signature

nucypher.crypto.api.secure_random(num_bytes: int) → bytes[source]

Returns an amount num_bytes of data from the OS’s random device. If a randomness source isn’t found, returns a NotImplementedError. In this case, a secure random source most likely doesn’t exist and randomness will have to found elsewhere.

Parameters

num_bytes – Number of bytes to return.

Returns

bytes

nucypher.crypto.api.secure_random_range(min: int, max: int) → int[source]

Returns a number from a secure random source betwee the range of min and max - 1.

Parameters
  • min – Minimum number in the range

  • max – Maximum number in the range

Returns

int

nucypher.crypto.api.sha256_digest(*messages: bytes) → bytes[source]

Accepts an iterable containing bytes and digests it returning a SHA256 digest of 32 bytes

Parameters

bytes – Data to hash

Return type

bytes

Returns

bytestring of digested data

nucypher.crypto.api.verify_ecdsa(message: bytes, signature: bytes, public_key: umbral.keys.UmbralPublicKey) → bool[source]

Accepts a message and signature and verifies it with the provided public key.

Parameters
  • message – Message to verify

  • signature – Signature to verify

  • public_key – UmbralPublicKey to verify signature with

Returns

True if valid, False if invalid.

nucypher.crypto.api.verify_eip_191(address: str, message: bytes, signature: bytes) → bool[source]

EIP-191 Compatible signature verification for usage with w3.eth.sign.

class nucypher.crypto.powers.CryptoPowerUp[source]

Gives you MORE CryptoPower!

class nucypher.crypto.powers.DecryptingPower(public_key: umbral.keys.UmbralPublicKey = None, keypair: nucypher.keystore.keypairs.Keypair = None)[source]
not_found_error

alias of NoDecryptingPower

class nucypher.crypto.powers.DelegatingPower(keying_material: Optional[bytes] = None, password: Optional[bytes] = None)[source]
generate_kfrags(bob_pubkey_enc, signer, label: bytes, m: int, n: int) → Tuple[umbral.keys.UmbralPublicKey, List][source]

Generates re-encryption key frags (“KFrags”) and returns them.

These KFrags can be used by Ursula to re-encrypt a Capsule for Bob so that he can activate the Capsule. :param bob_pubkey_enc: Bob’s public key :param m: Minimum number of KFrags needed to rebuild ciphertext :param n: Total number of KFrags to generate

class nucypher.crypto.powers.DerivedKeyBasedPower[source]

Rather than rely on an established KeyPair, this type of power derives a key at moments defined by the user.

class nucypher.crypto.powers.KeyPairBasedPower(public_key: umbral.keys.UmbralPublicKey = None, keypair: nucypher.keystore.keypairs.Keypair = None)[source]
exception nucypher.crypto.powers.NoDecryptingPower[source]
exception nucypher.crypto.powers.NoSigningPower[source]
exception nucypher.crypto.powers.NoTransactingPower[source]
exception nucypher.crypto.powers.PowerUpError[source]
class nucypher.crypto.powers.SigningPower(public_key: umbral.keys.UmbralPublicKey = None, keypair: nucypher.keystore.keypairs.Keypair = None)[source]
not_found_error

alias of NoSigningPower

class nucypher.crypto.powers.TransactingPower(account: str, provider_uri: str = None, password: str = None, cache: bool = False)[source]

Allows for transacting on a Blockchain via web3 backend.

exception AccountLocked[source]
exception InvalidSigningRequest[source]
exception NoBlockchainConnection[source]
activate(password: str = None)[source]

Be Consumed

property is_active

Returns True if the blockchain currently has this transacting power attached.

not_found_error

alias of NoTransactingPower

sign_message(message: bytes) → bytes[source]

Signs the message with the private key of the TransactingPower.

sign_transaction(unsigned_transaction: dict) → hexbytes.main.HexBytes[source]

Signs the transaction with the private key of the TransactingPower.

exception nucypher.crypto.signing.InvalidSignature[source]

Raised when a Signature is not valid.

class nucypher.crypto.signing.SignatureStamp(verifying_key, signer: umbral.signing.Signer = None)[source]

Can be called to sign something or used to express the signing public key as bytes.

fingerprint()[source]

Hashes the key using keccak-256 and returns the hexdigest in bytes.

Returns

Hexdigest fingerprint of key (keccak-256) in bytes

class nucypher.crypto.signing.StrangerStamp(verifying_key, signer: umbral.signing.Signer = None)[source]

SignatureStamp of a stranger (ie, can only be used to glean public key, not to sign)

nucypher.crypto.utils.construct_policy_id(label: bytes, stamp: bytes) → bytes[source]

Forms an ID unique to the policy per label and Bob’s signing pubkey via a keccak hash of the two.

nucypher.crypto.utils.fingerprint_from_key(public_key: Any)[source]

Hashes a key using keccak-256 and returns the hexdigest in bytes. :return: Hexdigest fingerprint of key (keccak-256) in bytes

nucypher.crypto.utils.get_signature_recovery_value(message: bytes, signature: Union[bytes, umbral.signing.Signature], public_key: Union[bytes, umbral.keys.UmbralPublicKey], is_prehashed: bool = False) → bytes[source]

Obtains the recovery value of a standard ECDSA signature.

Parameters
  • message – Signed message

  • signature – The signature from which the pubkey is recovered

  • public_key – The public key for verifying the signature

  • is_prehashed – True if the message is already pre-hashed. Default is False, and message will be hashed with SHA256

Returns

The compressed byte-serialized representation of the recovered public key

nucypher.crypto.utils.recover_pubkey_from_signature(message: bytes, signature: Union[bytes, umbral.signing.Signature], v_value_to_try: int, is_prehashed: bool = False) → bytes[source]

Recovers a serialized, compressed public key from a signature. It allows to specify a potential v value, in which case it assumes the signature has the traditional (r,s) raw format. If a v value is not present, it assumes the signature has the recoverable format (r, s, v).

Parameters
  • message – Signed message

  • signature – The signature from which the pubkey is recovered

  • v_value_to_try – A potential v value to try

  • is_prehashed – True if the message is already pre-hashed. Default is False, and message will be hashed with SHA256

Returns

The compressed byte-serialized representation of the recovered public key