cape_encrypt package

Submodules

• cape_encrypt.cape_encrypt module
  • ConnectionError
  • ExecutionError
  • decrypt()
  • encrypt()

Module contents

cape_encrypt.decrypt(ciphertext)

Decrypt a plaintext with a Cape Key within a Cape Enclave.

This function is intended only for use within a function deployed in a Cape Enclave. This function utilizes the Cape Key associated to the function’s owner to decrypt previously Cape Encrypted input.

Parameters:

b64ciphertext – Base64 encoded bytes of a previously Cape Encrypted plaintext, prefixed with b"cape:"

Return type:

bytes

Returns:

Bytes represeting the plaintext result of the decrypted ciphertext

Raises:

• TypeError – if the input is not of the correct type

• ValueError – if the input is formatted incorrectly or empty

• ConnectionError – if an error is thrown from the socket connection

• ExecutionError – if a server error is reported during the remote encryption process

cape_encrypt.encrypt(plaintext)

Encrypt a plaintext with a Cape Key within a Cape Enclave.

This function is intended only for use within a function deployed in a Cape Enclave. It uses envelope encryption. The plaintext is first AES-encrypted with anephemeral AES key, and then this key is itself encrypted with the Cape Key associated with the Cape account that owns the function.

Parameters:

plaintext (bytes) – bytes to encrypt.

Return type:

bytes

Returns:

Bytes representing the base64 encoded encryption of the plaintext. The bytes are a concatenation of the AES-ciphertext of the plaintext, an AES nonce, and the RSA-ciphertext of the AES key prefixed by b"cape:"

Raises:

• TypeError – if the input is not of the correct type

• ValueError – if the input is empty

• ConnectionError – if an error is thrown from the socket connection

• ExecutionError – if a server error is reported during the remote encryption process