-
Notifications
You must be signed in to change notification settings - Fork 13
/
encryption.py
98 lines (74 loc) · 3.19 KB
/
encryption.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# -*- coding: utf-8 -*-
# # If nacl/encryption is optional. Also, the checks in functions would probably
# # then be best as a wrapper.
# try:
# import nacl.utils
# import nacl.public
# NACL_AVAILABLE = True
# except ImportError:
# print(
# 'Importing car.encrypt, but note that the functions in this module '
# 'require PyNaCl, which appears not to be available.')
# NACL_AVAILABLE = False
def generate_nacl_keypair():
"""
Returns two objects, (a nacl.public.PublicKey, a nacl.public.PrivateKey)
for encryption using nacl.public.Box or nacl.public.SealedBox.
(We'll use SealedBox in this code, since we provide code signing
separately.)
"""
# if not NACL_AVAILABLE:
# # TODO: Consider a dependency error class.
# raise Exception('encrypt() requires PyNaCl, which is not available.')
private = nacl.public.PrivateKey.generate()
public = private.public_key
return private, public
def raw_key_from_nacl_key(nacl_key):
"""
Given an nacl.public.PrivateKey or an nacl.public.PublicKey, returns the
underlying 32-byte key value (a Curve25519 key).
"""
if not (isinstance(nacl_key, nacl.public.PublicKey)
or isinstance(nacl_key, nacl.public.PrivateKey)):
raise TypeError('Expecting a PublicKey or PrivateKey object')
return nacl_key.encode()
def private_nacl_key_from_raw_key(key_value):
"""
Given a raw key value (32 bytes, a Curve25519 key), generates an
nacl.public.PrivateKey object using that key value, which can then be used
for encryption and decryption via the PyNaCl library (nacl.public).
"""
# ✅ TODO: Argument validation (bytes, Python2 & Python3)
nacl.public.PrivateKey(key_value)
def public_nacl_key_from_raw_key(key_value):
"""
Given a raw key value (32 bytes, a Curve25519 key), generates an
nacl.public.PublicKey object using that key value, which can then be used
for encryption via the PyNaCl library (nacl.public).
"""
# ✅ TODO: Argument validation (bytes, Python2 & Python3)
nacl.public.PublicKey(key_value)
def encrypt(data, public_key):
"""
Takes bytes and a public key (nacl.public.PublicKey), returns encrypted
data (bytes) that can be decrypted using the corresponding private key.
"""
# if not NACL_AVAILABLE:
# # TODO: Consider a dependency error class.
# raise Exception('encrypt() requires PyNaCl, which is not available.')
if not isinstance(public_key, nacl.public.PublicKey):
raise TypeError('Arg "public_key" must be a nacl.public.PublicKey.')
encryptor = nacl.public.SealedBox(public_key)
return encryptor.encrypt(data)
def decrypt(encrypted, private_key):
"""
Takes bytes and a private key (nacl.public.PrivateKey), returns decrypted
data (bytes).
"""
# if not NACL_AVAILABLE:
# # TODO: Consider a dependency error class.
# raise Exception('decrypt() requires PyNaCl, which is not available.')
if not isinstance(private_key, nacl.public.PrivateKey):
raise TypeError('Arg "private_key" must be a nacl.public.PrivateKey.')
decryptor = nacl.public.SealedBox(private_key)
return decryptor.decrypt(encrypted)