oneid.keychain

Credentials

class oneid.keychain.Credentials(identity, keypair)[source]

Container for User/Server/Device Encryption Key, Signing Key, Identity

Variables:
  • identity – UUID of the identity.
  • keypairBaseKeypair instance.

ProjectCredentials

class oneid.keychain.ProjectCredentials(project_id, keypair, encryption_key)[source]
encrypt(plain_text)[source]

Encrypt plain text with the project encryption key.

Parameters:plain_text – String or bytes to encrypt with project encryption key.
Returns:Dictionary with cipher text and encryption params.
decrypt(cipher_text, iv=None, cipher='aes', mode='gcm', tag_size=128)[source]

Decrypt cipher text that was encrypted with the project encryption key

Parameters:
  • cipher_text – Encrypted text or dict (as returned by :py:encrypt:)
  • iv – Base64 encoded initialization vector
  • cipher – [deprecated]
  • mode – [deprecated]
  • tag_size – [deprecated]
Returns:

plain text

Return_type:

bytes

Keypair

class oneid.keychain.Keypair(*args, **kwargs)[source]
secret_as_der

Write out the private key as a DER format

Returns:DER encoded private key
secret_as_pem

Write out the private key as a PEM format

Returns:Pem Encoded private key
classmethod from_secret_pem(key_bytes=None, path=None)[source]

Create a Keypair from a PEM-formatted private ECDSA key

Returns:Keypair instance
classmethod from_public_pem(key_bytes=None, path=None)[source]

Create a Keypair from a PEM-formatted public ECDSA key

Note that this keypair will not be capable of signing, only verifying.

Returns:Keypair instance
classmethod from_secret_der(der_key)[source]

Read a der_key, convert it a private key

Parameters:path – der formatted key
Returns:
classmethod from_public_der(public_key)[source]

Given a DER-format public key, convert it into a token to validate signatures

Parameters:public_key – der formatted key
Returns:Keypair instance
classmethod from_jwk(jwk)[source]

Create a Keypair from a JWK

Parameters:jwk – oneID-standard JWK
Returns:Keypair instance
Raises:InvalidFormatError – if not a valid JWK
jwk

The keys as a JSON Web Key (JWK) Private key will be included only if present

Returns:oneID-standard JWK
jwk_public

The public key as a JSON Web Key (JWK)

Returns:oneID-standard JWK
jwk_private

The private key as a JSON Web Key (JWK)

Returns:oneID-standard JWK
Raises:InvalidFormatError – if not a private key
verify(payload, signature)[source]

Verify that the token signed the data

Parameters:
  • payload (String) – message that was signed and needs verified
  • signature (Base64 URL Safe) – Signature that can verify the sender’s identity and payload
Returns:

sign(payload)[source]

Sign a payload

Parameters:payload – String (usually jwt payload)
Returns:URL safe base64 signature
ecdh(peer_keypair, algorithm='A256GCM', party_u_info=None, party_v_info=None)[source]

Derive a shared symmetric key for encrypting data to a given recipient

Parameters:
  • peer_keypair (Keypair) – Public key of the recipient
  • algorithm (str) – The algorithm associated with the operation (defaults to ‘A256GCM’)
  • party_u_info (str or bytes) – shared identifying information about the sender (optional)
  • party_v_info (str or bytes) – shared identifying information about the recipient (optional)
Returns:

a 256-bit encryption key

Return_type:

bytes

Raises:

InvalidFormatError – if self is not a private key

public_key

If the private key is defined, generate the public key

Returns:
public_key_der

DER formatted public key

Returns:Public Key in DER format
public_key_pem

PEM formatted public key

Returns:Public Key in PEM format