How to use the libnacl.secret function in libnacl
To help you get started, we’ve selected a few libnacl examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
saltstack / libnacl / tests / unit / test_secret.py View on Github 
def test_secret(self):
msg = b'But then of course African swallows are not migratory.'
box = libnacl.secret.SecretBox()
ctxt = box.encrypt(msg)
self.assertNotEqual(msg, ctxt)
box2 = libnacl.secret.SecretBox(box.sk)
clear1 = box.decrypt(ctxt)
self.assertEqual(msg, clear1)
clear2 = box2.decrypt(ctxt)
self.assertEqual(clear1, clear2)
ctxt2 = box2.encrypt(msg)
clear3 = box.decrypt(ctxt2)
self.assertEqual(clear3, msg)def test_secret_key_encryption(self):
msg = b'But then of course African swallows are not migratory.'
# Create a SecretBox object, if not passed in the secret key is
# Generated purely from random data
box = libnacl.secret.SecretBox()
# Messages can now be safely encrypted
ctxt = box.encrypt(msg)
# An addition box can be created from the original box secret key
box2 = libnacl.secret.SecretBox(box.sk)
# Messages can now be easily encrypted and decrypted
clear1 = box.decrypt(ctxt)
clear2 = box2.decrypt(ctxt)
ctxt2 = box2.encrypt(msg)
clear3 = box.decrypt(ctxt2)
self.assertEqual(clear1, clear2)
self.assertEqual(clear2, clear3)
self.assertEqual(msg, clear1)"""
Encrypt the provided value with symmetric encryption
:param val: the value to encrypt
:param secretKey: Optional key, if provided should be either in hex or bytes
:return: Tuple of the encrypted value and secret key encoded in hex
"""
if isinstance(val, str):
val = val.encode("utf-8")
if secretKey:
if isHex(secretKey):
secretKey = bytes(bytearray.fromhex(secretKey))
elif not isinstance(secretKey, bytes):
error("Secret key must be either in hex or bytes")
box = libnacl.secret.SecretBox(secretKey)
else:
box = libnacl.secret.SecretBox()
return box.encrypt(val).hex(), box.sk.hex()CLI Examples:
.. code-block:: bash
salt-call nacl.secretbox_decrypt pEXHQM6cuaF7A=
salt-call --local nacl.secretbox_decrypt data='pEXHQM6cuaF7A=' sk_file=/etc/salt/pki/master/nacl
salt-call --local nacl.secretbox_decrypt data='pEXHQM6cuaF7A=' sk='YmFkcGFzcwo='
'''
if data is None:
return None
# ensure data is in bytes
data = salt.utils.stringutils.to_bytes(data)
key = _get_sk(**kwargs)
b = libnacl.secret.SecretBox(key=key)
return b.decrypt(base64.b64decode(data))
val, secretKey: Union[str, bytes]=None) -> Tuple[str, str]:
"""
Encrypt the provided value with symmetric encryption
:param val: the value to encrypt
:param secretKey: Optional key, if provided should be either in hex or bytes
:return: Tuple of the encrypted value and secret key encoded in hex
"""
if isinstance(val, str):
val = val.encode("utf-8")
if secretKey:
if isHex(secretKey):
secretKey = bytes(bytearray.fromhex(secretKey))
elif not isinstance(secretKey, bytes):
error("Secret key must be either in hex or bytes")
box = libnacl.secret.SecretBox(secretKey)
else:
box = libnacl.secret.SecretBox()
return box.encrypt(val).hex(), box.sk.hex()"""
Encrypt the provided value with symmetric encryption
:param val: the value to encrypt
:param secretKey: Optional key, if provided should be either in hex or bytes
:return: Tuple of the encrypted value and secret key encoded in hex
"""
if isinstance(val, str):
val = val.encode("utf-8")
if secretKey:
if isHex(secretKey):
secretKey = bytes(bytearray.fromhex(secretKey))
elif not isinstance(secretKey, bytes):
error("Secret key must be either in hex or bytes")
box = libnacl.secret.SecretBox(secretKey)
else:
box = libnacl.secret.SecretBox()
return box.encrypt(val).hex(), box.sk.hex()def _sk_decrypt(key, nonce, data):
"""
Decrypt data by using secret-key decryption.
Arguments:
- `key`: A secret key.
- `nonce`: The nonce of the encrypted message.
- `data`: Encrypted data (bytes).
Return the decrypted data.
"""
# Decrypt payload
box = libnacl.secret.SecretBox(key=key)
return box.decrypt(data, nonce=nonce)return libnacl.dual.DualSecret(
libnacl.encode.hex_decode(key_data['priv']),
libnacl.encode.hex_decode(key_data['sign']))
elif 'priv' in key_data and 'pub' in key_data:
return libnacl.public.SecretKey(
libnacl.encode.hex_decode(key_data['priv']))
elif 'sign' in key_data:
return libnacl.sign.Signer(
libnacl.encode.hex_decode(key_data['sign']))
elif 'pub' in key_data:
return libnacl.public.PublicKey(
libnacl.encode.hex_decode(key_data['pub']))
elif 'verify' in key_data:
return libnacl.sign.Verifier(key_data['verify'])
elif 'priv' in key_data:
return libnacl.secret.SecretBox(
libnacl.encode.hex_decode(key_data['priv']))
raise ValueError('Found no key data'):param val: the value to encrypt
:param secretKey: Optional key, if provided should be either in hex or bytes
:return: Tuple of the encrypted value and secret key encoded in hex
"""
if isinstance(val, str):
val = val.encode("utf-8")
if secretKey:
if isHex(secretKey):
secretKey = bytes(bytearray.fromhex(secretKey))
elif not isinstance(secretKey, bytes):
error("Secret key must be either in hex or bytes")
box = libnacl.secret.SecretBox(secretKey)
else:
box = libnacl.secret.SecretBox()
return box.encrypt(val).hex(), box.sk.hex()
def getSymmetricallyDecryptedVal(val, secretKey: Union[str, bytes]) -> str:
if isHex(val):
val = bytes(bytearray.fromhex(val))
elif isinstance(val, str):
val = val.encode("utf-8")
if isHex(secretKey):
secretKey = bytes(bytearray.fromhex(secretKey))
elif isinstance(secretKey, str):
secretKey = secretKey.encode()
box = libnacl.secret.SecretBox(secretKey)
return box.decrypt(val).decode()libnacl
Python bindings for libsodium based on ctypes
Package Health Score
68 / 100Popular libnacl functions
- libnacl.crypto_box_beforenm
- libnacl.crypto_generichash
- libnacl.crypto_hash_sha256
- libnacl.crypto_sign_open
- libnacl.crypto_sign_seed_keypair
- libnacl.dual.DualSecret
- libnacl.encode.hex_decode
- libnacl.encode.hex_encode
- libnacl.public
- libnacl.public.Box
- libnacl.public.PublicKey
- libnacl.public.SecretKey
- libnacl.randombytes
- libnacl.sealed.SealedBox
- libnacl.secret
- libnacl.secret.SecretBox
- libnacl.sign.Signer
- libnacl.sign.Verifier
- libnacl.utils
- libnacl.utils.rand_nonce