Cryptography

The Delta Crypto package provides functionality for client-side cryptography.

covata.delta.crypto.generate_private_key()[source]

Generates a RSAPrivateKey object. The public key object can be extracted by calling public_key() method on the generated key object.

Returns:the generated private key object
Return type:RSAPrivateKey
covata.delta.crypto.serialize_public_key(public_key)[source]

Serializes the provided public key object as base-64-encoded DER format using X.509 SubjectPublicKeyInfo with PKCS1.

Parameters:public_key (RSAPublicKey) – the public key object
Returns:the key as base64 encoded unicode string
Return type:str
covata.delta.crypto.calculate_sha256hex(payload)[source]

Calculates the SHA256 hex digest of the given payload.

Parameters:payload (str) – the payload to be calculated
Returns:SHA256 hex digest
Return type:bytes
covata.delta.crypto.generate_secret_key()[source]

Generates a 256 bits secret key.

Uses /dev/urandom on UNIX platforms, and CryptGenRandom on Windows.

Returns:the 256 bits secret key
Return type:bytes
covata.delta.crypto.generate_initialisation_vector()[source]

Generates a 128 bits initialisation vector.

Uses /dev/urandom on UNIX platforms, and CryptGenRandom on Windows.

Returns:the 128 bits initialisation vector
Return type:bytes
covata.delta.crypto.encrypt(data, secret_key, initialisation_vector)[source]

Encrypts data using the given secret key and initialisation vector.

Parameters:
  • data (bytes) – the plaintext bytes to be encrypted
  • secret_key (bytes) – the key to be used for encryption
  • initialisation_vector (bytes) – the initialisation vector
Returns:

the cipher text and GCM authentication tag tuple
Return type:

(bytes, bytes)
covata.delta.crypto.decrypt(ciphertext, tag, secret_key, initialisation_vector)[source]

Decrypts a cipher text using the given GCM authentication tag, secret key and initialisation vector.

Parameters:
  • ciphertext (bytes) – the cipher text to be decrypted
  • tag (bytes) – the GCM authentication tag
  • secret_key (bytes) – the key to be used for encryption
  • initialisation_vector (bytes) – the initialisation vector
Returns:

the decrypted plaintext
Return type:

bytes
covata.delta.crypto.encrypt_key_with_public_key(secret_key, public_encryption_key)[source]

Encrypts the given secret key with the public key.

Parameters:
  • secret_key (bytes) – the key to encrypt
  • public_encryption_key (RSAPublicKey) – the public encryption key
Returns:

the encrypted key
Return type:

bytes
covata.delta.crypto.decrypt_with_private_key(secret_key, private_encryption_key)[source]

Decrypts the given secret key with the private key.

Parameters:
  • secret_key (bytes) – the secret key to decrypt
  • private_encryption_key (RSAPrivateKey) – the private encryption key
Returns:

the decrypted key
Return type:

bytes
covata.delta.crypto.deserialize_public_key(b64_encoded_public_key)[source]

loads a RSAPublicKey object from a serialized public key.

Parameters:b64_encoded_public_key (str) – the key as base64 encoded string
Returns:the public key object
Return type:RSAPublicKey