nucypher.crypto¶
Submodules¶
-
exception
InvalidNodeCertificate
¶ Bases:
RuntimeError
Raised when an Ursula’s certificate is not valid because it is missing the checksum address.
-
secure_random
(num_bytes: int) → bytes¶ Returns an amount num_bytes of data from the OS’s random device. If a randomness source isn’t found, returns a NotImplementedError. In this case, a secure random source most likely doesn’t exist and randomness will have to found elsewhere.
- Parameters
num_bytes – Number of bytes to return.
- Returns
bytes
-
secure_random_range
(min: int, max: int) → int¶ Returns a number from a secure random source betwee the range of min and max - 1.
- Parameters
min – Minimum number in the range
max – Maximum number in the range
- Returns
int
-
keccak_digest
(*messages: bytes) → bytes¶ Accepts an iterable containing bytes and digests it returning a Keccak digest of 32 bytes (keccak_256).
Although we use SHA256 in many cases, we keep keccak handy in order to provide compatibility with the Ethereum blockchain.
- Parameters
bytes – Data to hash
- Return type
- Returns
bytestring of digested data
-
sha256_digest
(*messages: bytes) → bytes¶ Accepts an iterable containing bytes and digests it returning a SHA256 digest of 32 bytes
- Parameters
bytes – Data to hash
- Return type
- Returns
bytestring of digested data
-
ecdsa_sign
(message: bytes, private_key: umbral.keys.UmbralPrivateKey) → bytes¶ Accepts a hashed message and signs it with the private key given.
- Parameters
message – Message to hash and sign
private_key – Private key to sign with
- Returns
signature
-
recover_address_eip_191
(message: bytes, signature: bytes) → str¶ Recover checksum address from EIP-191 signature
-
verify_eip_191
(address: str, message: bytes, signature: bytes) → bool¶ EIP-191 Compatible signature verification for usage with w3.eth.sign.
-
verify_ecdsa
(message: bytes, signature: bytes, public_key: umbral.keys.UmbralPublicKey) → bool¶ Accepts a message and signature and verifies it with the provided public key.
- Parameters
message – Message to verify
signature – Signature to verify
public_key – UmbralPublicKey to verify signature with
- Returns
True if valid, False if invalid.
-
generate_self_signed_certificate
(*args, **kwargs)¶
-
read_certificate_pseudonym
(certificate: cryptography.x509.base.Certificate)¶ Return the checksum address written into a TLS certificates pseudonym field or raise an error.
-
encrypt_and_sign
(recipient_pubkey_enc: umbral.keys.UmbralPublicKey, plaintext: bytes, signer: SignatureStamp, sign_plaintext: bool = True) → Tuple[nucypher.crypto.kits.PolicyMessageKit, umbral.signing.Signature]¶
-
class
Keypair
(private_key=None, public_key=None, generate_keys_if_needed=True)¶ Bases:
object
A parent Keypair class for all types of Keypairs.
-
serialize_pubkey
(as_b64=False) → bytes¶ Serializes the pubkey for storage/transport in either urlsafe base64 or as a bytestring.
- Parameters
as_b64 – Return the pubkey as urlsafe base64 byte string
- Returns
The serialized pubkey in bytes
-
fingerprint
()¶ Hashes the key using keccak-256 and returns the hexdigest in bytes.
- Returns
Hexdigest fingerprint of key (keccak-256) in bytes
-
-
class
DecryptingKeypair
(*args, **kwargs)¶ Bases:
nucypher.crypto.keypairs.Keypair
A keypair for Umbral
-
decrypt
(message_kit: nucypher.crypto.kits.MessageKit) → bytes¶ Decrypt data encrypted with Umbral.
- Returns
bytes
-
-
class
SigningKeypair
(*args, **kwargs)¶ Bases:
nucypher.crypto.keypairs.Keypair
A SigningKeypair that uses ECDSA.
-
sign
(message: bytes) → bytes¶ Signs a hashed message and returns a signature.
- Parameters
message – The message to sign
- Returns
Signature in bytes
-
get_signature_stamp
()¶
-
-
class
HostingKeypair
(host: str, checksum_address: str = None, private_key: Union[umbral.keys.UmbralPrivateKey, umbral.keys.UmbralPublicKey] = None, certificate=None, certificate_filepath: str = None, generate_certificate=False)¶ Bases:
nucypher.crypto.keypairs.Keypair
A keypair for TLS’ing.
-
get_deployer
(rest_app, port)¶
-
-
class
CryptoKit
¶ Bases:
object
A package of discrete items, meant to be sent over the wire or saved to disk (in either case, as bytes), capable of performing a distinct cryptological function.
-
splitter
= None¶
-
classmethod
split_bytes
(some_bytes)¶
-
classmethod
from_bytes
(some_bytes)¶
-
-
class
MessageKit
(capsule, sender_verifying_key=None, ciphertext=None, signature=NOT_SIGNED)¶ Bases:
nucypher.crypto.kits.CryptoKit
All the components needed to transmit and verify an encrypted message.
-
to_bytes
(include_alice_pubkey=True)¶
-
classmethod
splitter
(*args, **kwargs)¶
-
property
signature
¶
-
-
class
PolicyMessageKit
(*args, **kwargs)¶ Bases:
nucypher.crypto.kits.MessageKit
A MessageKit which includes sufficient additional information to be retrieved on the NuCypher Network.
-
property
sender
¶
-
ensure_correct_sender
(enrico: Optional[Enrico] = None, policy_encrypting_key: Optional[umbral.keys.UmbralPublicKey] = None)¶ Make sure that the sender of the message kit is set and corresponds to the given
enrico
, or create it from the givenpolicy_encrypting_key
.
-
property
-
UmbralMessageKit
¶
-
class
RevocationKit
(treasure_map, signer: SignatureStamp)¶ Bases:
object
-
property
revokable_addresses
¶ Returns a Set of revokable addresses in the checksum address formatting
-
add_confirmation
(node_id, signed_receipt)¶ Adds a signed confirmation of Ursula’s ability to revoke the arrangement.
-
property
-
exception
NoSigningPower
¶
-
exception
NoDecryptingPower
¶
-
exception
NoTransactingPower
¶
-
class
CryptoPower
(power_ups: list = None)¶ Bases:
object
-
consume_power_up
(power_up, *args, **kwargs)¶
-
power_ups
(power_up_class)¶
-
-
class
CryptoPowerUp
¶ Bases:
object
Gives you MORE CryptoPower!
-
confers_public_key
= False¶
-
activate
(*args, **kwargs)¶
-
-
class
TransactingPower
(account: NewType.<locals>.new_type, signer: nucypher.blockchain.eth.signers.base.Signer, password: str = None, cache: bool = False)¶ Bases:
nucypher.crypto.powers.CryptoPowerUp
The power to sign ethereum transactions as the custodian of a private key through a signing backend.
-
not_found_error
¶ alias of
NoTransactingPower
-
exception
AccountLocked
¶ Bases:
nucypher.crypto.powers.PowerUpError
Raised when signing cannot be performed due to a locked account
-
property
account
¶
-
property
is_device
¶
-
unlock
(password: str = None, duration: int = None) → bool¶ Unlocks the account with provided or cached password.
-
-
class
KeyPairBasedPower
(public_key: umbral.keys.UmbralPublicKey = None, keypair: nucypher.crypto.keypairs.Keypair = None)¶ Bases:
nucypher.crypto.powers.CryptoPowerUp
-
confers_public_key
= True¶
-
public_key
() → umbral.keys.UmbralPublicKey¶
-
-
class
SigningPower
(public_key: umbral.keys.UmbralPublicKey = None, keypair: nucypher.crypto.keypairs.Keypair = None)¶ Bases:
nucypher.crypto.powers.KeyPairBasedPower
-
not_found_error
¶ alias of
NoSigningPower
-
provides
= ('sign', 'get_signature_stamp')¶
-
-
class
DecryptingPower
(public_key: umbral.keys.UmbralPublicKey = None, keypair: nucypher.crypto.keypairs.Keypair = None)¶ Bases:
nucypher.crypto.powers.KeyPairBasedPower
-
not_found_error
¶ alias of
NoDecryptingPower
-
provides
= ('decrypt',)¶
-
-
class
DerivedKeyBasedPower
¶ Bases:
nucypher.crypto.powers.CryptoPowerUp
Rather than rely on an established KeyPair, this type of power derives a key at moments defined by the user.
-
class
DelegatingPower
(keying_material: Optional[bytes] = None, password: Optional[bytes] = None)¶ Bases:
nucypher.crypto.powers.DerivedKeyBasedPower
-
get_pubkey_from_label
(label)¶
-
generate_kfrags
(bob_pubkey_enc, signer, label: bytes, m: int, n: int) → Tuple[umbral.keys.UmbralPublicKey, List]¶ Generates re-encryption key frags (“KFrags”) and returns them.
These KFrags can be used by Ursula to re-encrypt a Capsule for Bob so that he can activate the Capsule. :param bob_pubkey_enc: Bob’s public key :param m: Minimum number of KFrags needed to rebuild ciphertext :param n: Total number of KFrags to generate
-
get_decrypting_power_from_label
(label)¶
-
-
class
SignatureStamp
(verifying_key, signer: umbral.signing.Signer = None)¶ Bases:
object
Can be called to sign something or used to express the signing public key as bytes.
-
as_umbral_pubkey
()¶
-
fingerprint
()¶ Hashes the key using keccak-256 and returns the hexdigest in bytes.
- Returns
Hexdigest fingerprint of key (keccak-256) in bytes
-
-
class
StrangerStamp
(verifying_key, signer: umbral.signing.Signer = None)¶ Bases:
nucypher.crypto.signing.SignatureStamp
SignatureStamp of a stranger (ie, can only be used to glean public key, not to sign)
-
fingerprint_from_key
(public_key: Any)¶ Hashes a key using keccak-256 and returns the hexdigest in bytes. :return: Hexdigest fingerprint of key (keccak-256) in bytes
-
construct_policy_id
(label: bytes, stamp: bytes) → bytes¶ Forms an ID unique to the policy per label and Bob’s signing pubkey via a keccak hash of the two.
-
recover_pubkey_from_signature
(message: bytes, signature: Union[bytes, umbral.signing.Signature], v_value_to_try: int, is_prehashed: bool = False) → bytes¶ Recovers a serialized, compressed public key from a signature. It allows to specify a potential v value, in which case it assumes the signature has the traditional (r,s) raw format. If a v value is not present, it assumes the signature has the recoverable format (r, s, v).
- Parameters
message – Signed message
signature – The signature from which the pubkey is recovered
v_value_to_try – A potential v value to try
is_prehashed – True if the message is already pre-hashed. Default is False, and message will be hashed with SHA256
- Returns
The compressed byte-serialized representation of the recovered public key
-
get_signature_recovery_value
(message: bytes, signature: Union[bytes, umbral.signing.Signature], public_key: Union[bytes, umbral.keys.UmbralPublicKey], is_prehashed: bool = False) → bytes¶ Obtains the recovery value of a standard ECDSA signature.
- Parameters
message – Signed message
signature – The signature from which the pubkey is recovered
public_key – The public key for verifying the signature
is_prehashed – True if the message is already pre-hashed. Default is False, and message will be hashed with SHA256
- Returns
The compressed byte-serialized representation of the recovered public key
-
get_coordinates_as_bytes
(point: Union[umbral.point.Point, umbral.keys.UmbralPublicKey, nucypher.crypto.signing.SignatureStamp], x_coord=True, y_coord=True) → bytes¶