SecretStore Module

class secretstore.module.SecretStore(web3: web3.main.Web3 = None, ss_endpoint_uri: str = None, logger: logging.Logger = None)[source]

The class holding together the secretstore module API- and session calls.

Parameters:
  • web3 (web3.Web3, optional) – The web3.Web3 instance. Defaults to None, in which case it tries to auto import it.
  • ss_endpoint_uri (str, optional) – The endpoint where Secret Store is listening for requests (for sessions). Defaults to None.
  • logger (logging.Logger, optional) – The logger object. Defaults to None and instantiates a default logger in this case with log level INFO.
web3

The web3.Web3 instance.

Type:web3.Web3
session

The Session instance.

Type:Session
Returns:The signed hash.
Return type:str
decrypt(account: str, pwd: str, encrypted_key: str, encrypted_document: str) → str[source]

This method can be used to decrypt document, encrypted by encrypt() method before.

Parameters:
  • account (str) – The account of SS user.
  • pwd (str) – The password of SS user.
  • encrypted_key (str) – Document key encrypted with requester’s public key.
  • encrypted_document (str) – Encrypted document data, returned by encrypt()
Returns:

The decrypted secret document.
Return type:

str
Raises:

ValueError – If there is an error in the response.
encrypt(account, pwd, encrypted_key, hex_document) → str[source]

You can use it to encrypt a small document.

An encryption key is needed, typically obtained from the store by running a document key retrieval session or a server- and document key generation session.

Parameters:
  • account (str) – The account of SS user.
  • pwd (str) – The password of SS user.
  • encrypted_key (str) – Document key encrypted with requester’s public key.
  • hex_document (str) – Hex encoded document data.
Returns:

The encrypted secret document.
Return type:

str
Raises:

ValueError – If there is an error in the response.
generateDocumentKey(account: str, pwd: str, server_key: str) → web3.datastructures.AttributeDict[source]

Securely generates document key, so that it remains unknown to all key servers.

Parameters:
  • account (str) – The account of SS user.
  • pwd (str) – The password of SS user.
  • server_key (str) – The server key, returned by a server key generating session.
Returns:

The document key.
Return type:

web3.datastructures.AttributeDict
Raises:

ValueError – If there is an error in the response.
serversSetHash(node_ids: list) → str[source]
Computes the hash of nodes ids, required to compute nodes set signature
for manual nodes set change session .
Parameters:node_ids (list(str)) – List of node ID’s (public keys).
Returns:The hash.
Return type:str
Raises:ValueError – If there is an error in the response.
shadowDecrypt(account, pwd, decrypted_secret, common_point, decrypt_shadows, encrypted_document) → str[source]

This method can be used to decrypt document, encrypted by encrypt() method before. .

Document key can be obtained by a document key shadow retrieval session

Parameters:
  • account (str) – The account of SS user.
  • pwd (str) – The password of SS user.
  • decrypted_secret (str) – The hex-encoded decrypted secret portion of an encrypted document key.
  • common_point (str) – The hex-encoded common point portion of an encrypted document key.
  • decrypt_shadows (str) – The hex-encoded encrypted point portion of an encrypted document key.
  • encrypted_document (str) – Encrypted document data, returned by encrypt().
Returns:

The decrypted secret document.
Return type:

str
Raises:

ValueError – If there is an error in the response.
signRawHash(account: str, pwd: str, rawhash: str) → str[source]

Computes recoverable ECDSA signatures.

Typically used for signatures of server key id and signatures of nodes-set hash in the Secret Store.

Parameters:
  • account (str) – The account of SS user.
  • pwd (str) – The password of SS user.
  • rawhash (str) – A 256-bit hash to be signed, e.g.: server key id or nodes-set hash.
Returns:

The signed hash.
Return type:

str
Raises:

ValueError – If there is an error in the response.