nucypher.crypto

Submodules

exception InvalidNodeCertificate

Bases: RuntimeError

Raised when an Ursula’s certificate is not valid because it is missing the checksum address.

secure_random(num_bytes: int)bytes

Returns an amount num_bytes of data from the OS’s random device. If a randomness source isn’t found, returns a NotImplementedError. In this case, a secure random source most likely doesn’t exist and randomness will have to found elsewhere.

Parameters

num_bytes – Number of bytes to return.

Returns

bytes

secure_random_range(min: int, max: int)int

Returns a number from a secure random source betwee the range of min and max - 1.

Parameters
  • min – Minimum number in the range

  • max – Maximum number in the range

Returns

int

keccak_digest(*messages: bytes)bytes

Accepts an iterable containing bytes and digests it returning a Keccak digest of 32 bytes (keccak_256).

Although we use SHA256 in many cases, we keep keccak handy in order to provide compatibility with the Ethereum blockchain.

Parameters

bytes – Data to hash

Return type

bytes

Returns

bytestring of digested data

sha256_digest(*messages: bytes)bytes

Accepts an iterable containing bytes and digests it returning a SHA256 digest of 32 bytes

Parameters

bytes – Data to hash

Return type

bytes

Returns

bytestring of digested data

ecdsa_sign(message: bytes, private_key: umbral.keys.UmbralPrivateKey)bytes

Accepts a hashed message and signs it with the private key given.

Parameters
  • message – Message to hash and sign

  • private_key – Private key to sign with

Returns

signature

recover_address_eip_191(message: bytes, signature: bytes)str

Recover checksum address from EIP-191 signature

verify_eip_191(address: str, message: bytes, signature: bytes)bool

EIP-191 Compatible signature verification for usage with w3.eth.sign.

verify_ecdsa(message: bytes, signature: bytes, public_key: umbral.keys.UmbralPublicKey)bool

Accepts a message and signature and verifies it with the provided public key.

Parameters
  • message – Message to verify

  • signature – Signature to verify

  • public_key – UmbralPublicKey to verify signature with

Returns

True if valid, False if invalid.

generate_teacher_certificate(checksum_address: str, *args, **kwargs)
generate_self_signed_certificate(*args, **kwargs)
read_certificate_pseudonym(certificate: cryptography.x509.base.Certificate)

Return the checksum address written into a TLS certificates pseudonym field or raise an error.

encrypt_and_sign(recipient_pubkey_enc: umbral.keys.UmbralPublicKey, plaintext: bytes, signer: SignatureStamp, sign_plaintext: bool = True) → Tuple[nucypher.crypto.kits.PolicyMessageKit, umbral.signing.Signature]
class Keypair(private_key=None, public_key=None, generate_keys_if_needed=True)

Bases: object

A parent Keypair class for all types of Keypairs.

serialize_pubkey(as_b64=False)bytes

Serializes the pubkey for storage/transport in either urlsafe base64 or as a bytestring.

Parameters

as_b64 – Return the pubkey as urlsafe base64 byte string

Returns

The serialized pubkey in bytes

fingerprint()

Hashes the key using keccak-256 and returns the hexdigest in bytes.

Returns

Hexdigest fingerprint of key (keccak-256) in bytes

class DecryptingKeypair(*args, **kwargs)

Bases: nucypher.crypto.keypairs.Keypair

A keypair for Umbral

decrypt(message_kit: nucypher.crypto.kits.MessageKit)bytes

Decrypt data encrypted with Umbral.

Returns

bytes

class SigningKeypair(*args, **kwargs)

Bases: nucypher.crypto.keypairs.Keypair

A SigningKeypair that uses ECDSA.

sign(message: bytes)bytes

Signs a hashed message and returns a signature.

Parameters

message – The message to sign

Returns

Signature in bytes

get_signature_stamp()
class HostingKeypair(host: str, checksum_address: str = None, private_key: Union[umbral.keys.UmbralPrivateKey, umbral.keys.UmbralPublicKey] = None, curve=None, certificate=None, certificate_filepath: str = None, generate_certificate=True)

Bases: nucypher.crypto.keypairs.Keypair

A keypair for TLS’ing.

get_deployer(rest_app, port)
class CryptoKit

Bases: object

A package of discrete items, meant to be sent over the wire or saved to disk (in either case, as bytes), capable of performing a distinct cryptological function.

splitter = None
classmethod split_bytes(some_bytes)
classmethod from_bytes(some_bytes)
class MessageKit(capsule, sender_verifying_key=None, ciphertext=None, signature=NOT_SIGNED)

Bases: nucypher.crypto.kits.CryptoKit

All the components needed to transmit and verify an encrypted message.

to_bytes(include_alice_pubkey=True)
classmethod splitter(*args, **kwargs)
property signature
class PolicyMessageKit(*args, **kwargs)

Bases: nucypher.crypto.kits.MessageKit

A MessageKit which includes sufficient additional information to be retrieved on the NuCypher Network.

property sender
UmbralMessageKit

alias of nucypher.crypto.kits.PolicyMessageKit

class RevocationKit(policy: Policy, signer: SignatureStamp)

Bases: object

property revokable_addresses

Returns a Set of revokable addresses in the checksum address formatting

add_confirmation(node_id, signed_receipt)

Adds a signed confirmation of Ursula’s ability to revoke the arrangement.

exception PowerUpError

Bases: TypeError

exception NoSigningPower

Bases: nucypher.crypto.powers.PowerUpError

exception NoDecryptingPower

Bases: nucypher.crypto.powers.PowerUpError

exception NoTransactingPower

Bases: nucypher.crypto.powers.PowerUpError

class CryptoPower(power_ups: list = None)

Bases: object

consume_power_up(power_up, *args, **kwargs)
power_ups(power_up_class)
class CryptoPowerUp

Bases: object

Gives you MORE CryptoPower!

confers_public_key = False
activate(*args, **kwargs)
class TransactingPower(account: str, signer: nucypher.blockchain.eth.signers.base.Signer = None, password: str = None, cache: bool = False)

Bases: nucypher.crypto.powers.CryptoPowerUp

The power to sign ethereum transactions as the custodian of a private key through a signing backend.

not_found_error

alias of NoTransactingPower

exception AccountLocked

Bases: nucypher.crypto.powers.PowerUpError

Raised when signing cannot be performed due to a locked account

property blockchain

Lazy evaluation of existing connection

property is_active

Returns True if the blockchain currently has this transacting power attached.

property account
property is_unlocked
property is_device
activate(password: str = None)None

Called during power consumption

lock_account()None
unlock_account(password: str = None, duration: int = None)bool

Unlocks the account with provided or cached password.

sign_message(message: bytes)bytes

Signs the message with the private key of the TransactingPower.

sign_transaction(transaction_dict: dict) → hexbytes.main.HexBytes

Signs the transaction with the private key of the TransactingPower.

class KeyPairBasedPower(public_key: umbral.keys.UmbralPublicKey = None, keypair: nucypher.crypto.keypairs.Keypair = None)

Bases: nucypher.crypto.powers.CryptoPowerUp

confers_public_key = True
public_key() → umbral.keys.UmbralPublicKey
class SigningPower(public_key: umbral.keys.UmbralPublicKey = None, keypair: nucypher.crypto.keypairs.Keypair = None)

Bases: nucypher.crypto.powers.KeyPairBasedPower

not_found_error

alias of NoSigningPower

provides = ('sign', 'get_signature_stamp')
class DecryptingPower(public_key: umbral.keys.UmbralPublicKey = None, keypair: nucypher.crypto.keypairs.Keypair = None)

Bases: nucypher.crypto.powers.KeyPairBasedPower

not_found_error

alias of NoDecryptingPower

provides = ('decrypt',)
class DerivedKeyBasedPower

Bases: nucypher.crypto.powers.CryptoPowerUp

Rather than rely on an established KeyPair, this type of power derives a key at moments defined by the user.

class DelegatingPower(keying_material: Optional[bytes] = None, password: Optional[bytes] = None)

Bases: nucypher.crypto.powers.DerivedKeyBasedPower

get_pubkey_from_label(label)
generate_kfrags(bob_pubkey_enc, signer, label: bytes, m: int, n: int) → Tuple[umbral.keys.UmbralPublicKey, List]

Generates re-encryption key frags (“KFrags”) and returns them.

These KFrags can be used by Ursula to re-encrypt a Capsule for Bob so that he can activate the Capsule. :param bob_pubkey_enc: Bob’s public key :param m: Minimum number of KFrags needed to rebuild ciphertext :param n: Total number of KFrags to generate

get_decrypting_power_from_label(label)
class SignatureStamp(verifying_key, signer: umbral.signing.Signer = None)

Bases: object

Can be called to sign something or used to express the signing public key as bytes.

as_umbral_pubkey()
fingerprint()

Hashes the key using keccak-256 and returns the hexdigest in bytes.

Returns

Hexdigest fingerprint of key (keccak-256) in bytes

class StrangerStamp(verifying_key, signer: umbral.signing.Signer = None)

Bases: nucypher.crypto.signing.SignatureStamp

SignatureStamp of a stranger (ie, can only be used to glean public key, not to sign)

exception InvalidSignature

Bases: Exception

Raised when a Signature is not valid.

fingerprint_from_key(public_key: Any)

Hashes a key using keccak-256 and returns the hexdigest in bytes. :return: Hexdigest fingerprint of key (keccak-256) in bytes

construct_policy_id(label: bytes, stamp: bytes)bytes

Forms an ID unique to the policy per label and Bob’s signing pubkey via a keccak hash of the two.

canonical_address_from_umbral_key(public_key: umbral.keys.UmbralPublicKey)bytes
recover_pubkey_from_signature(message: bytes, signature: Union[bytes, umbral.signing.Signature], v_value_to_try: int, is_prehashed: bool = False)bytes

Recovers a serialized, compressed public key from a signature. It allows to specify a potential v value, in which case it assumes the signature has the traditional (r,s) raw format. If a v value is not present, it assumes the signature has the recoverable format (r, s, v).

Parameters
  • message – Signed message

  • signature – The signature from which the pubkey is recovered

  • v_value_to_try – A potential v value to try

  • is_prehashed – True if the message is already pre-hashed. Default is False, and message will be hashed with SHA256

Returns

The compressed byte-serialized representation of the recovered public key

get_signature_recovery_value(message: bytes, signature: Union[bytes, umbral.signing.Signature], public_key: Union[bytes, umbral.keys.UmbralPublicKey], is_prehashed: bool = False)bytes

Obtains the recovery value of a standard ECDSA signature.

Parameters
  • message – Signed message

  • signature – The signature from which the pubkey is recovered

  • public_key – The public key for verifying the signature

  • is_prehashed – True if the message is already pre-hashed. Default is False, and message will be hashed with SHA256

Returns

The compressed byte-serialized representation of the recovered public key

get_coordinates_as_bytes(point: Union[umbral.point.Point, umbral.keys.UmbralPublicKey, nucypher.crypto.signing.SignatureStamp], x_coord=True, y_coord=True)bytes