cape_encrypt package#

Submodules#

Module contents#

cape_encrypt.decrypt(ciphertext)[source]#

Decrypt a plaintext with a Cape Key within a Cape Enclave.

This function is intended only for use within a function deployed in a Cape Enclave. This function utilizes the Cape Key associated to the function’s owner to decrypt previously Cape Encrypted input.

Parameters:

b64ciphertext – Base64 encoded bytes of a previously Cape Encrypted plaintext, prefixed with b"cape:"

Return type:

bytes

Returns:

Bytes represeting the plaintext result of the decrypted ciphertext

Raises:
  • TypeError – if the input is not of the correct type

  • ValueError – if the input is formatted incorrectly or empty

  • ConnectionError – if an error is thrown from the socket connection

  • ExecutionError – if a server error is reported during the remote encryption process

cape_encrypt.encrypt(plaintext)[source]#

Encrypt a plaintext with a Cape Key within a Cape Enclave.

This function is intended only for use within a function deployed in a Cape Enclave. It uses envelope encryption. The plaintext is first AES-encrypted with anephemeral AES key, and then this key is itself encrypted with the Cape Key associated with the Cape account that owns the function.

Parameters:

plaintext (bytes) – bytes to encrypt.

Return type:

bytes

Returns:

Bytes representing the base64 encoded encryption of the plaintext. The bytes are a concatenation of the AES-ciphertext of the plaintext, an AES nonce, and the RSA-ciphertext of the AES key prefixed by b"cape:"

Raises:
  • TypeError – if the input is not of the correct type

  • ValueError – if the input is empty

  • ConnectionError – if an error is thrown from the socket connection

  • ExecutionError – if a server error is reported during the remote encryption process