nucypher.crypto¶
Submodules¶
-
class
Keypair
(private_key=None, public_key=None, generate_keys_if_needed=True)¶ Bases:
object
A parent Keypair class for all types of Keypairs.
-
fingerprint
()¶ Hashes the key using keccak-256 and returns the hexdigest in bytes.
- Returns
Hexdigest fingerprint of key (keccak-256) in bytes
-
-
class
DecryptingKeypair
(*args, **kwargs)¶ Bases:
nucypher.crypto.keypairs.Keypair
A keypair for Umbral
-
decrypt_message_kit
(message_kit: nucypher_core.MessageKit) → bytes¶ Decrypt data encrypted with Umbral.
- Returns
bytes
-
decrypt_kfrag
(ekfrag: nucypher_core.EncryptedKeyFrag, hrac: nucypher_core.HRAC, publisher_verifying_key: umbral.PublicKey) → umbral.VerifiedKeyFrag¶
-
decrypt_treasure_map
(etmap: nucypher_core.EncryptedTreasureMap, publisher_verifying_key: umbral.PublicKey) → nucypher_core.TreasureMap¶
-
-
class
SigningKeypair
(*args, **kwargs)¶ Bases:
nucypher.crypto.keypairs.Keypair
A SigningKeypair that uses ECDSA.
-
sign
(message: bytes) → umbral.Signature¶ Signs the given message and returns a signature.
- Parameters
message – The message to sign
- Returns
Signature
-
get_signature_stamp
()¶
-
-
class
HostingKeypair
(host: str, checksum_address: str = None, private_key: Union[umbral.SecretKey, umbral.PublicKey] = None, certificate=None, certificate_filepath: Optional[pathlib.Path] = None, generate_certificate=False)¶ Bases:
nucypher.crypto.keypairs.Keypair
A keypair for TLS’ing.
-
get_deployer
(rest_app, port)¶
-
-
exception
InvalidPassword
¶ Bases:
ValueError
-
generate_keystore_filepath
(parent: pathlib.Path, id: str) → pathlib.Path¶
-
validate_keystore_filename
(path: pathlib.Path) → None¶
-
class
Keystore
(keystore_path: pathlib.Path)¶ Bases:
object
-
exception
Exists
¶ Bases:
FileExistsError
-
exception
NotFound
¶ Bases:
FileNotFoundError
-
exception
Locked
¶ Bases:
RuntimeError
-
exception
AuthenticationFailed
¶ Bases:
RuntimeError
-
classmethod
load
(id: str, keystore_dir: pathlib.Path = PosixPath('/home/docs/.local/share/nucypher/keystore')) → nucypher.crypto.keystore.Keystore¶
-
classmethod
import_secure
(key_material: bytes, password: str, keystore_dir: Optional[pathlib.Path] = None) → nucypher.crypto.keystore.Keystore¶ Generate a Keystore using a a custom pre-secured entropy blob. This method of keystore creation does not generate a mnemonic phrase - it is assumed that the provided blob is recoverable and secure.
-
classmethod
restore
(words: str, password: str, keystore_dir: Optional[pathlib.Path] = None) → nucypher.crypto.keystore.Keystore¶ Restore a keystore from seed words
-
classmethod
generate
(password: str, keystore_dir: Optional[pathlib.Path] = None, interactive: bool = True) → Union[nucypher.crypto.keystore.Keystore, Tuple[nucypher.crypto.keystore.Keystore, str]]¶ Generate a new nucypher keystore for use with characters
-
property
id
¶
-
property
is_unlocked
¶
-
derive_crypto_power
(power_class: ClassVar[nucypher.crypto.powers.CryptoPowerUp], *power_args, **power_kwargs) → Union[nucypher.crypto.powers.KeyPairBasedPower, nucypher.crypto.powers.DerivedKeyBasedPower]¶
-
exception
-
derive_key_material_from_password
(password: bytes, salt: bytes) → bytes¶ Derives a symmetric encryption key seed from a pair of password and salt.
This is secure, but takes a long time. So only call it once, and use the resulting key material as a seed for specific keys (e.g by passing it to derive_wrapping_key_from_key_material, secret_box_encrypt or secret_box_decrypt)
- Parameters
password – byte-encoded password used to derive a symmetric key
salt – cryptographic salt added during key derivation
- Returns
-
derive_wrapping_key_from_key_material
(key_material: bytes, salt: bytes) → bytes¶ Uses HKDF to derive a 32 byte wrapping key to encrypt key material with.
-
exception
NoSigningPower
¶
-
exception
NoDecryptingPower
¶
-
exception
NoTransactingPower
¶
-
class
CryptoPower
(power_ups: list = None)¶ Bases:
object
-
consume_power_up
(power_up, *args, **kwargs)¶
-
power_ups
(power_up_class)¶
-
-
class
CryptoPowerUp
¶ Bases:
object
Gives you MORE CryptoPower!
-
confers_public_key
= False¶
-
activate
(*args, **kwargs)¶
-
-
class
TransactingPower
(account: NewType.<locals>.new_type, signer: nucypher.blockchain.eth.signers.base.Signer, password: str = None, cache: bool = False)¶ Bases:
nucypher.crypto.powers.CryptoPowerUp
The power to sign ethereum transactions as the custodian of a private key through a signing backend.
-
not_found_error
¶ alias of
NoTransactingPower
-
exception
AccountLocked
¶ Bases:
nucypher.crypto.powers.PowerUpError
Raised when signing cannot be performed due to a locked account
-
property
account
¶
-
property
is_device
¶
-
unlock
(password: str = None, duration: int = None) → bool¶ Unlocks the account with provided or cached password.
-
-
class
KeyPairBasedPower
(public_key: umbral.PublicKey = None, keypair: nucypher.crypto.keypairs.Keypair = None)¶ Bases:
nucypher.crypto.powers.CryptoPowerUp
-
confers_public_key
= True¶
-
public_key
() → umbral.PublicKey¶
-
-
class
SigningPower
(public_key: umbral.PublicKey = None, keypair: nucypher.crypto.keypairs.Keypair = None)¶ Bases:
nucypher.crypto.powers.KeyPairBasedPower
-
not_found_error
¶ alias of
NoSigningPower
-
provides
= ('sign', 'get_signature_stamp')¶
-
-
class
DecryptingPower
(public_key: umbral.PublicKey = None, keypair: nucypher.crypto.keypairs.Keypair = None)¶ Bases:
nucypher.crypto.powers.KeyPairBasedPower
-
not_found_error
¶ alias of
NoDecryptingPower
-
provides
= ('decrypt_message_kit', 'decrypt_kfrag', 'decrypt_treasure_map')¶
-
-
class
DerivedKeyBasedPower
¶ Bases:
nucypher.crypto.powers.CryptoPowerUp
Rather than rely on an established KeyPair, this type of power derives a key at moments defined by the user.
-
class
DelegatingPower
(secret_key_factory: Optional[umbral.SecretKeyFactory] = None)¶ Bases:
nucypher.crypto.powers.DerivedKeyBasedPower
-
get_pubkey_from_label
(label)¶
-
generate_kfrags
(bob_pubkey_enc, signer, label: bytes, threshold: int, shares: int) → Tuple[umbral.PublicKey, List]¶ Generates re-encryption key frags (“KFrags”) and returns them.
These KFrags can be used by Ursula to re-encrypt a Capsule for Bob so that he can activate the Capsule. :param bob_pubkey_enc: Bob’s public key :param threshold: Minimum number of KFrags needed to rebuild ciphertext :param shares: Total number of KFrags to generate
-
get_decrypting_power_from_label
(label)¶
-
-
class
TLSHostingPower
(host: str, public_certificate=None, public_certificate_filepath=None, *args, **kwargs)¶ Bases:
nucypher.crypto.powers.KeyPairBasedPower
-
provides
= ('get_deployer',)¶
-
exception
NoHostingPower
¶
-
not_found_error
¶ alias of
TLSHostingPower.NoHostingPower
-
-
class
SignatureStamp
(verifying_key, signer: umbral.Signer = None)¶ Bases:
object
Can be called to sign something or used to express the signing public key as bytes.
-
as_umbral_signer
()¶
-
as_umbral_pubkey
()¶
-
fingerprint
()¶ Hashes the key using keccak-256 and returns the hexdigest in bytes.
- Returns
Hexdigest fingerprint of key (keccak-256) in bytes
-
-
class
StrangerStamp
(verifying_key, signer: umbral.Signer = None)¶ Bases:
nucypher.crypto.signing.SignatureStamp
SignatureStamp of a stranger (ie, can only be used to glean public key, not to sign)
-
generate_self_signed_certificate
(host: str, private_key: umbral.SecretKey = None, days_valid: int = 365, curve: ClassVar[cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve] = <class 'cryptography.hazmat.primitives.asymmetric.ec.SECP384R1'>) → Tuple[cryptography.x509.base.Certificate, cryptography.hazmat.backends.openssl.ec._EllipticCurvePrivateKey]¶
-
canonical_address_from_umbral_key
(public_key: Union[umbral.PublicKey, nucypher.crypto.signing.SignatureStamp]) → bytes¶
-
secure_random
(num_bytes: int) → bytes¶ Returns an amount num_bytes of data from the OS’s random device. If a randomness source isn’t found, returns a NotImplementedError. In this case, a secure random source most likely doesn’t exist and randomness will have to found elsewhere.
- Parameters
num_bytes – Number of bytes to return.
- Returns
bytes
-
secure_random_range
(min: int, max: int) → int¶ Returns a number from a secure random source betwee the range of min and max - 1.
- Parameters
min – Minimum number in the range
max – Maximum number in the range
- Returns
int
-
keccak_digest
(*messages: bytes) → bytes¶ Accepts an iterable containing bytes and digests it returning a Keccak digest of 32 bytes (keccak_256).
Although we use SHA256 in many cases, we keep keccak handy in order to provide compatibility with the Ethereum blockchain.
- Parameters
bytes – Data to hash
- Return type
- Returns
bytestring of digested data
-
sha256_digest
(*messages: bytes) → bytes¶ Accepts an iterable containing bytes and digests it returning a SHA256 digest of 32 bytes
- Parameters
bytes – Data to hash
- Return type
- Returns
bytestring of digested data