class nucypher.policy.models.Arrangement(alice: nucypher.characters.lawful.Alice, expiration: maya.core.MayaDT, value: int = None, ursula: nucypher.characters.lawful.Ursula = None, arrangement_id: bytes = None, kfrag: umbral.kfrags.KFrag = UNKNOWN_KFRAG)[source]

A Policy must be implemented by arrangements with n Ursulas. This class tracks the status of that implementation.


Craft an offer to send to Ursula.

abstract revoke()[source]

Revoke arrangement.

value = None

These will normally not be set if Alice is drawing up this arrangement - she hasn’t assigned a kfrag yet (because she doesn’t know if this Arrangement will be accepted). She doesn’t have an Ursula, for the same reason.

class nucypher.policy.models.FederatedPolicy(ursulas: Set[nucypher.characters.lawful.Ursula], *args, **kwargs)[source]
make_arrangements(network_middleware: nucypher.network.middleware.RestMiddleware, value: int, expiration: maya.core.MayaDT, handpicked_ursulas: Set[nucypher.characters.lawful.Ursula] = None) → None[source]

Create and consider n Arrangement objects.

class nucypher.policy.models.Policy(alice, label, bob=None, kfrags=(UNKNOWN_KFRAG, ), public_key=None, m: int = None, alice_signature=NOT_SIGNED)[source]

An edict by Alice, arranged with n Ursulas, to perform re-encryption for a specific Bob for a specific path.

Once Alice is ready to enact a Policy, she generates KFrags, which become part of the Policy.

Each Ursula is offered a Arrangement (see above) for a given Policy by Alice.

Once Alice has secured agreement with n Ursulas to enact a Policy, she sends each a KFrag, and generates a TreasureMap for the Policy, recording which Ursulas got a KFrag.

exception MoreKFragsThanArrangements[source]

Raised when a Policy has been used to generate Arrangements with Ursulas insufficient number such that we don’t have enough KFrags to give to each Ursula.

enact(network_middleware, publish=True) → dict[source]

Assign kfrags to ursulas_on_network, and distribute them via REST, populating enacted_arrangements

hrac() → bytes[source]

# TODO: #180 - This function is hanging on for dear life. After 180 is closed, it can be completely deprecated.

The “hashed resource authentication code”.

A hash of: * Alice’s public key * Bob’s public key * the label

Alice and Bob have all the information they need to construct this. Ursula does not, so we share it with her.

abstract make_arrangements(network_middleware: nucypher.network.middleware.RestMiddleware, deposit: int, expiration: maya.core.MayaDT, ursulas: Set[nucypher.characters.lawful.Ursula] = None) → None[source]

Create and consider n Arrangement objects.

publish(network_middleware: nucypher.network.middleware.RestMiddleware) → dict[source]

Spread word of this Policy far and wide.

Base publication method for spreading news of the policy. If this is a blockchain policy, this includes writing to PolicyManager contract storage.

class nucypher.policy.models.Revocation(arrangement_id: bytes, signer: SignatureStamp = None, signature: umbral.signing.Signature = None)[source]

Represents a string used by characters to perform a revocation on a specific Ursula. It’s a bytestring made of the following format: REVOKE-<arrangement id to revoke><signature of the previous string> This is sent as a payload in a DELETE method to the /KFrag/ endpoint.

verify_signature(alice_pubkey: umbral.keys.UmbralPublicKey)[source]

Verifies the revocation was from the provided pubkey.