Cryptography helper functions

Requires pycryptodomex

class pyaltt2.crypto.Rioja(key, bits=256)

Rioja (ˈrjoxa) is a crypto engine, similar to Fernet, but:

  • implements AES-CBC-HMAC up to AES256 (default)
  • more simple to use
Parameters:
  • key – encryption key
  • bits – key size (128, 192 or 256, default is 256)
decrypt(enc, b64=True)
Parameters:
  • enc – data to decrypt
  • b64 – decode data from base64 (default: True)
Raises:

ValueError – if HMAC auth failed
encrypt(raw, b64=True)
Parameters:
  • raw – bytes to encrypt
  • b64 – encode result in base64 (default: True)
pyaltt2.crypto.decrypt(enc, key, hmac_key=None, key_is_hash=False, b64=True, bits=256)

Decrypt encoded data with AES-CBC

Parameters:
  • enc – data to decrypt
  • key – decryption key
  • key_is_hash – consider decryption key is sha256 hash
  • hmac_key – HMAC key (optional), True or custom key
  • b64 – decode data from base64 (default: True)
  • bits – key size (128, 192 or 256, default is 256)
Raises:

ValueError – if HMAC auth failed

note: if hmac_key is True and key is hash, sha512 sum is required

pyaltt2.crypto.default_public_key = None

default per-project public key for signature verification

pyaltt2.crypto.encrypt(raw, key, hmac_key=None, key_is_hash=False, b64=True, bits=256)

Encrypt bytes with AES-CBC

Parameters:
  • raw – bytes to encrypt
  • key – encryption key
  • hmac_key – HMAC key (optional), True or custom key
  • key_is_hash – consider encryption key is sha256 hash
  • b64 – encode result in base64 (default: True)
  • bits – key size (128, 192 or 256, default is 256)
Returns:

encrypted block + 32-byte HMAC signature (if hmac_key is specified)

note: if hmac_key is True and key is hash, sha512 sum is required

pyaltt2.crypto.gen_random_str(length=32)

Generate random string (letters+numbers)

Parameters:length – string length (default: 32)
pyaltt2.crypto.sign(content, private_key, key_password=None)

Sign content with RSA key :param content: content to sign :param private_key: private RSA (PEM) key :param key_password: key password (optional)

Returns:base64-encoded RSA signature
pyaltt2.crypto.verify_signature(content, signature, public_key=None)

Verify content with RSA signature

If public key is not specified, global per-project key is used

Parameters:
  • content – content to sign
  • signature – base64-encoded RSA signature
  • public_key – public RSA (PEM) key
Returns:

base64-encoded RSA signature