How to use the tink.python.core.crypto_format function in tink
To help you get started, we’ve selected a few tink examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
google / tink / python / aead / aead_wrapper.py View on Github 
def decrypt(self, ciphertext: bytes, associated_data: bytes) -> bytes:
if len(ciphertext) > crypto_format.NON_RAW_PREFIX_SIZE:
prefix = ciphertext[:crypto_format.NON_RAW_PREFIX_SIZE]
ciphertext_no_prefix = ciphertext[crypto_format.NON_RAW_PREFIX_SIZE:]
for entry in self._primitive_set.primitive_from_identifier(prefix):
try:
return entry.primitive.decrypt(ciphertext_no_prefix,
associated_data)
except tink_error.TinkError as e:
logging.info(
'ciphertext prefix matches a key, but cannot decrypt: %s', e)
# Let's try all RAW keys.
for entry in self._primitive_set.raw_primitives():
try:
return entry.primitive.decrypt(ciphertext, associated_data)
except tink_error.TinkError as e:
pass
# nothing works.
raise tink_error.TinkError('Decryption failed.')def verify(self, signature: bytes, data: bytes):
"""Verifies that signature is a digital signature for data.
Args:
signature: The signature bytes to be checked.
data: The data bytes to be checked.
Raises:
tink_error.TinkError if the verification fails.
"""
if len(signature) <= crypto_format.NON_RAW_PREFIX_SIZE:
# This also rejects raw signatures with size of 4 bytes or fewer.
# We're not aware of any schemes that output signatures that small.
raise tink_error.TinkError('signature too short')
key_id = signature[:crypto_format.NON_RAW_PREFIX_SIZE]
raw_sig = signature[crypto_format.NON_RAW_PREFIX_SIZE:]
for entry in self._primitive_set.primitive_from_identifier(key_id):
try:
if entry.output_prefix_type == tink_pb2.LEGACY:
entry.primitive.verify(raw_sig,
data + crypto_format.LEGACY_START_BYTE)
else:
entry.primitive.verify(raw_sig, data)
# Signature is valid, we can return
returndef decrypt_deterministically(self, ciphertext: bytes,
associated_data: bytes) -> bytes:
if len(ciphertext) > crypto_format.NON_RAW_PREFIX_SIZE:
prefix = ciphertext[:crypto_format.NON_RAW_PREFIX_SIZE]
ciphertext_no_prefix = ciphertext[crypto_format.NON_RAW_PREFIX_SIZE:]
for entry in self._primitive_set.primitive_from_identifier(prefix):
try:
return entry.primitive.decrypt_deterministically(ciphertext_no_prefix,
associated_data)
except tink_error.TinkError as e:
logging.info(
'ciphertext prefix matches a key, but cannot decrypt: %s', e)
# Let's try all RAW keys.
for entry in self._primitive_set.raw_primitives():
try:
return entry.primitive.decrypt_deterministically(ciphertext,
associated_data)
except tink_error.TinkError as e:
passdef decrypt(self, ciphertext: bytes, context_info: bytes) -> bytes:
if len(ciphertext) > crypto_format.NON_RAW_PREFIX_SIZE:
prefix = ciphertext[:crypto_format.NON_RAW_PREFIX_SIZE]
ciphertext_no_prefix = ciphertext[crypto_format.NON_RAW_PREFIX_SIZE:]
for entry in self._primitive_set.primitive_from_identifier(prefix):
try:
return entry.primitive.decrypt(ciphertext_no_prefix,
context_info)
except tink_error.TinkError as e:
logging.info(
'ciphertext prefix matches a key, but cannot decrypt: %s', e)
# Let's try all RAW keys.
for entry in self._primitive_set.raw_primitives():
try:
return entry.primitive.decrypt(ciphertext, context_info)
except tink_error.TinkError as e:
pass
# nothing works.def decrypt(self, ciphertext: bytes, associated_data: bytes) -> bytes:
if len(ciphertext) > crypto_format.NON_RAW_PREFIX_SIZE:
prefix = ciphertext[:crypto_format.NON_RAW_PREFIX_SIZE]
ciphertext_no_prefix = ciphertext[crypto_format.NON_RAW_PREFIX_SIZE:]
for entry in self._primitive_set.primitive_from_identifier(prefix):
try:
return entry.primitive.decrypt(ciphertext_no_prefix,
associated_data)
except tink_error.TinkError as e:
logging.info(
'ciphertext prefix matches a key, but cannot decrypt: %s', e)
# Let's try all RAW keys.
for entry in self._primitive_set.raw_primitives():
try:
return entry.primitive.decrypt(ciphertext, associated_data)
except tink_error.TinkError as e:
pass
# nothing works.def decrypt(self, ciphertext: bytes, context_info: bytes) -> bytes:
if len(ciphertext) > crypto_format.NON_RAW_PREFIX_SIZE:
prefix = ciphertext[:crypto_format.NON_RAW_PREFIX_SIZE]
ciphertext_no_prefix = ciphertext[crypto_format.NON_RAW_PREFIX_SIZE:]
for entry in self._primitive_set.primitive_from_identifier(prefix):
try:
return entry.primitive.decrypt(ciphertext_no_prefix,
context_info)
except tink_error.TinkError as e:
logging.info(
'ciphertext prefix matches a key, but cannot decrypt: %s', e)
# Let's try all RAW keys.
for entry in self._primitive_set.raw_primitives():
try:
return entry.primitive.decrypt(ciphertext, context_info)
except tink_error.TinkError as e:
pass
# nothing works.
raise tink_error.TinkError('Decryption failed.')def decrypt_deterministically(self, ciphertext: bytes,
associated_data: bytes) -> bytes:
if len(ciphertext) > crypto_format.NON_RAW_PREFIX_SIZE:
prefix = ciphertext[:crypto_format.NON_RAW_PREFIX_SIZE]
ciphertext_no_prefix = ciphertext[crypto_format.NON_RAW_PREFIX_SIZE:]
for entry in self._primitive_set.primitive_from_identifier(prefix):
try:
return entry.primitive.decrypt_deterministically(ciphertext_no_prefix,
associated_data)
except tink_error.TinkError as e:
logging.info(
'ciphertext prefix matches a key, but cannot decrypt: %s', e)
# Let's try all RAW keys.
for entry in self._primitive_set.raw_primitives():
try:
return entry.primitive.decrypt_deterministically(ciphertext,
associated_data)
except tink_error.TinkError as e:
pass
# nothing works.
raise tink_error.TinkError('Decryption failed.')"""Verifies that signature is a digital signature for data.
Args:
signature: The signature bytes to be checked.
data: The data bytes to be checked.
Raises:
tink_error.TinkError if the verification fails.
"""
if len(signature) <= crypto_format.NON_RAW_PREFIX_SIZE:
# This also rejects raw signatures with size of 4 bytes or fewer.
# We're not aware of any schemes that output signatures that small.
raise tink_error.TinkError('signature too short')
key_id = signature[:crypto_format.NON_RAW_PREFIX_SIZE]
raw_sig = signature[crypto_format.NON_RAW_PREFIX_SIZE:]
for entry in self._primitive_set.primitive_from_identifier(key_id):
try:
if entry.output_prefix_type == tink_pb2.LEGACY:
entry.primitive.verify(raw_sig,
data + crypto_format.LEGACY_START_BYTE)
else:
entry.primitive.verify(raw_sig, data)
# Signature is valid, we can return
return
except tink_error.TinkError as err:
logging.info('signature prefix matches a key, but cannot verify: %s',
err)
# No matching key succeeded with verification, try all RAW keys
for entry in self._primitive_set.raw_primitives():tink
A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Package Health Score
74 / 100Popular tink functions
- tink.core.cleartext_keyset_handle.CleartextKeysetHandle
- tink.proto.common_pb2
- tink.proto.common_pb2.SHA256
- tink.proto.tink_pb2
- tink.proto.tink_pb2.EncryptedKeyset
- tink.proto.tink_pb2.KeyData
- tink.proto.tink_pb2.Keyset
- tink.proto.tink_pb2.Keyset.FromString
- tink.proto.tink_pb2.KeysetInfo
- tink.proto.tink_pb2.KeyTemplate
- tink.proto.tink_pb2.TINK
- tink.python.aead.aead.Aead
- tink.python.core.crypto_format
- tink.python.core.key_manager
- tink.python.core.primitive_set.PrimitiveSet
- tink.python.core.primitive_wrapper.PrimitiveWrapper
- tink.python.core.tink_error
- tink.python.core.tink_error.TinkError
- tink.python.core.tink_error.use_tink_errors