SecretStore Module¶
-
class
secretstore.module.
SecretStore
(web3: web3.main.Web3 = None, ss_endpoint_uri: str = None, logger: logging.Logger = None)[source]¶ The class holding together the secretstore module API- and session calls.
Parameters: - web3 (
web3.Web3
, optional) – Theweb3.Web3
instance. Defaults to None, in which case it tries to auto import it. - ss_endpoint_uri (str, optional) – The endpoint where Secret Store is listening for requests (for sessions). Defaults to None.
- logger (
logging.Logger
, optional) – The logger object. Defaults to None and instantiates a default logger in this case with log level INFO.
Returns: The signed hash. Return type: str -
decrypt
(account: str, pwd: str, encrypted_key: str, encrypted_document: str) → str[source]¶ This method can be used to decrypt document, encrypted by
encrypt()
method before.Parameters: Returns: The decrypted secret document.
Return type: Raises: ValueError
– If there is an error in the response.
-
encrypt
(account, pwd, encrypted_key, hex_document) → str[source]¶ You can use it to encrypt a small document.
An encryption key is needed, typically obtained from the store by running a document key retrieval session or a server- and document key generation session.
Parameters: Returns: The encrypted secret document.
Return type: Raises: ValueError
– If there is an error in the response.
-
generateDocumentKey
(account: str, pwd: str, server_key: str) → web3.datastructures.AttributeDict[source]¶ Securely generates document key, so that it remains unknown to all key servers.
Parameters: Returns: The document key.
Return type: web3.datastructures.AttributeDict
Raises: ValueError
– If there is an error in the response.
-
serversSetHash
(node_ids: list) → str[source]¶ - Computes the hash of nodes ids, required to compute nodes set signature
- for manual nodes set change session .
Parameters: node_ids (list(str)) – List of node ID’s (public keys). Returns: The hash. Return type: str Raises: ValueError
– If there is an error in the response.
-
shadowDecrypt
(account, pwd, decrypted_secret, common_point, decrypt_shadows, encrypted_document) → str[source]¶ This method can be used to decrypt document, encrypted by
encrypt()
method before. .Document key can be obtained by a document key shadow retrieval session
Parameters: - account (str) – The account of SS user.
- pwd (str) – The password of SS user.
- decrypted_secret (str) – The hex-encoded decrypted secret portion of an encrypted document key.
- common_point (str) – The hex-encoded common point portion of an encrypted document key.
- decrypt_shadows (str) – The hex-encoded encrypted point portion of an encrypted document key.
- encrypted_document (str) – Encrypted document data, returned by
encrypt()
.
Returns: The decrypted secret document.
Return type: Raises: ValueError
– If there is an error in the response.
-
signRawHash
(account: str, pwd: str, rawhash: str) → str[source]¶ Computes recoverable ECDSA signatures.
Typically used for signatures of server key id and signatures of nodes-set hash in the Secret Store.
Parameters: Returns: The signed hash.
Return type: Raises: ValueError
– If there is an error in the response.
- web3 (