age.primitives package¶
Submodules¶
age.primitives.bech32 module¶
Reference implementation for Bech32 and segwit addresses.
-
age.primitives.bech32.
bech32_decode
(bech)¶ Validate a Bech32 string, and determine HRP and data.
age.primitives.encode module¶
-
age.primitives.encode.
decode
(data)¶ Decode base64url (RFC 4648) encoded text
- Parameters
data (
str
) – Base64-encoded data- Return type
- Returns
Raw data
- Raises
TypeError – if
data
is not a stringValueError – if base64-decoding fails (e.g. if data contains non-base64 characters)
>>> decode('dGVzdA') b'test'
age.primitives.encrypt module¶
-
age.primitives.encrypt.
decrypt
(key, ciphertext)¶ Decrypt plaintext with the 32 byte key ChaCha20 + Poly1305 (RFC 7539) using a zero nonce.
- Parameters
- Return type
- Returns
Decrypted data
- Raises
cryptography.exceptions.InvalidTag – if authentication fails
age.primitives.hashes module¶
age.primitives.hkdf module¶
age.primitives.hmac module¶
-
class
age.primitives.hmac.
HMAC
(key)¶ Bases:
object
HMAC-SHA256 from RFC 2104
- Parameters
key (
bytes
) – Shared symmetrical key, used for authentication, needed for authentication checks
-
generate
(message)¶ Generate authentication value for the given message
-
is_valid
(message, tag)¶ Check whether authentication value for the given message is correct (returning the authentication result)
- Parameters
message (
bytes
) – Message to authenticatetag (
bytes
) – Authentication tag fromgenerate()
- Return type
- Returns
True if validation succeeds, False otherwise
-
verify
(message, tag)¶ Verify authentication value for the given message (raising an exception on failure)
- Parameters
message (
bytes
) – Message to authenticatetag (
bytes
) – Authentication tag fromgenerate()
- Raises
cryptography.exceptions.InvalidSignature – on failed validation
- Return type
age.primitives.random module¶
-
age.primitives.random.
random
(n)¶ Generate n random bytes suitable for cryptographic use
Implemented through
os.urandom()
age.primitives.rsa_oaep module¶
-
age.primitives.rsa_oaep.
rsa_decrypt
(private_key, label, ciphertext)¶ Deccrypt ciphertext using RSA with OAEP padding (RFC 8017)
- Parameters
private_key (
RSAPrivateKey
) – Private key to decrypt withlabel (
bytes
) – Extra data, must match label provided torsa_encrypt()
ciphertext (
bytes
) –
- Return type
- Returns
Plaintext
- Raises
ValueError – if decryption fails
-
age.primitives.rsa_oaep.
rsa_encrypt
(public_key, label, plaintext)¶ Encrypt plaintext using RSA with OAEP padding (RFC 8017)
- Parameters
public_key (
RSAPublicKey
) – Public key to encrypt tolabel (
bytes
) – Extra data, stored in OAEP paddingplaintext (
bytes
) – Data to encrypt
- Return type
- Returns
Ciphertext
age.primitives.scrypt module¶
age.primitives.x25519 module¶
-
age.primitives.x25519.
ECPoint
¶ Curve25519 point (commonly called P), as bytes instance of length 32
alias of
bytes
-
age.primitives.x25519.
ECScalar
¶ Curve25519 scalar (commonly called n), as bytes instance of length 32
alias of
bytes
-
age.primitives.x25519.
x25519_reduce
(k)¶ Reduce the scalar k in the Curve25519 field
Corresponds to the following calculation: \(r = k % (2^252 + \text{0x14DEF9DEA2F79CD65812631A5CF5D3ED})\)
-
age.primitives.x25519.
x25519_scalarmult
(secret_scalar, point)¶ Scalar multiplication of
point
with (secret)scalar
- Parameters
- Return type
- Returns
New point on curve: \(nP = P + P + P + P + P + \text{...}\) (n times)
-
age.primitives.x25519.
x25519_scalarmult_base
(scalar)¶ Scalar multiplication of the ED25519 base point with scalar
The base point according to the Curve25519 paper is \(P = 9\). This function is commonly used to generate a public key (point) from a private scalar.
Module contents¶
This module defines encryption primitives used within age