Class swarmauri_core.crypto.ICrypto.ICrypto
swarmauri_core.crypto.ICrypto.ICrypto
Bases: ABC
supports
abstractmethod
supports()
Return a capability map describing supported algorithms.
Expected keys (all optional; omit if unsupported): - "encrypt" / "decrypt": AEAD algorithms for each direction - "wrap" / "unwrap": key-wrapping algorithms - "seal" / "unseal": sealed-box style algorithms
Example::
return {
"encrypt": ("AES-256-GCM", "XCHACHA20-POLY1305"),
"decrypt": ("AES-256-GCM",),
"wrap": ("AES-KW", "RSA-OAEP-SHA256"),
"unwrap": ("AES-KW", "RSA-OAEP-SHA256"),
"seal": ("X25519-SEALEDBOX",),
"unseal": ("X25519-SEALEDBOX",),
}
Source code in swarmauri_core/crypto/ICrypto.py
55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
|
encrypt
abstractmethod
async
encrypt(key, pt, *, alg=None, aad=None, nonce=None)
AEAD-encrypt 'pt' with the provided DEK 'key'.
PARAMETER | DESCRIPTION |
---|---|
key
|
KeyRef for a data-encryption key (DEK) usable with 'alg'.
|
pt
|
plaintext bytes.
|
alg
|
AEAD algorithm identifier; if None, provider chooses a default.
|
aad
|
optional additional authenticated data; not encrypted, but bound.
|
nonce
|
algorithm-specific nonce/IV; provider MAY generate if None.
|
RETURNS | DESCRIPTION |
---|---|
AEADCiphertext
|
(kid, version, alg, nonce, ct, tag[, aad])
TYPE:
|
Source code in swarmauri_core/crypto/ICrypto.py
80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
|
decrypt
abstractmethod
async
decrypt(key, ct, *, aad=None)
AEAD-decrypt 'ct' with the DEK 'key'. If 'aad' is provided, it must match the value supplied during encryption.
Raises on authentication failure.
Source code in swarmauri_core/crypto/ICrypto.py
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 |
|
wrap
abstractmethod
async
wrap(kek, *, dek=None, wrap_alg=None, nonce=None, aad=None)
Protect a DEK under a KEK.
PARAMETER | DESCRIPTION |
---|---|
kek
|
KeyRef for the key-encryption key (KEK).
|
dek
|
raw DEK bytes to wrap. If None, provider MAY generate a new DEK.
|
wrap_alg
|
wrapping algorithm identifier; provider MAY default if None.
|
nonce
|
optional per-wrap nonce/IV (algorithm-specific).
|
aad
|
optional additional authenticated data bound to the wrap.
|
RETURNS | DESCRIPTION |
---|---|
WrappedKey
|
opaque blob + metadata to later recover the DEK.
TYPE:
|
Notes
- Providers SHOULD honor ExportPolicy/KeyUse from both KEK and DEK KeyRefs.
- Some HSM-backed providers may encode handles/labels rather than raw bytes.
Source code in swarmauri_core/crypto/ICrypto.py
123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 |
|
unwrap
abstractmethod
async
unwrap(kek, wrapped, *, aad=None)
Recover a DEK from 'wrapped' using KEK 'kek'.
PARAMETER | DESCRIPTION |
---|---|
aad
|
optional additional authenticated data to validate.
|
RETURNS | DESCRIPTION |
---|---|
bytes
|
the raw DEK.
TYPE:
|
Notes
- HSM-backed providers may refuse export and instead return a handle; such providers SHOULD document their behavior or expose a separate decrypt() that accepts handles, not bytes.
Source code in swarmauri_core/crypto/ICrypto.py
152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 |
|
seal
abstractmethod
async
seal(recipient, pt, *, alg=None)
Public-key 'sealed' encryption to 'recipient' without caller-managed DEKs. Example algs: "OpenPGP-SEAL", "X25519-SEALEDBOX", "RSA-OAEP-SHA256-SEAL".
RETURNS | DESCRIPTION |
---|---|
bytes
|
sealed ciphertext.
TYPE:
|
Notes
- Sealed primitives typically do not bind external AAD. If you need authenticated metadata, prefer AEAD or wrap a CEK with AEAD outside.
Source code in swarmauri_core/crypto/ICrypto.py
178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 |
|
unseal
abstractmethod
async
unseal(recipient_priv, sealed, *, alg=None)
Decrypt 'sealed' bytes addressed to 'recipient_priv'.
RETURNS | DESCRIPTION |
---|---|
bytes
|
plaintext.
TYPE:
|
Raises on authentication/decryption failure.
Source code in swarmauri_core/crypto/ICrypto.py
199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 |
|