python/examples/deterministic_aead/deterministic_aead_basic.py - third_party/tink - Git at Google

 # Copyright 2022 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS-IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 """A minimal example for using the deterministic AEAD API."""
 # [START deterministic-aead-basic-example]
 import tink
 from tink import cleartext_keyset_handle
 from tink import daead


 def example():
   """Encrypt and decrypt using deterministic AEAD."""
   # Register the deterministic AEAD key manager. This is needed to create a
   # DeterministicAead primitive later.
   daead.register()

   # A keyset created with "tinkey create-keyset --key-template=AES256_SIV". Note
   # that this keyset has the secret key information in cleartext.
   keyset = r"""{
       "key": [{
           "keyData": {
               "keyMaterialType":
                   "SYMMETRIC",
               "typeUrl":
                   "type.googleapis.com/google.crypto.tink.AesSivKey",
               "value":
                   "EkAl9HCMmKTN1p3V186uhZpJQ+tivyc4IKyE+opg6SsEbWQ/WesWHzwCRrlgRuxdaggvgMzwWhjPnkk9gptBnGLK"
           },
           "keyId": 1919301694,
           "outputPrefixType": "TINK",
           "status": "ENABLED"
       }],
       "primaryKeyId": 1919301694
   }"""

   # Create a keyset handle from the cleartext keyset in the previous
   # step. The keyset handle provides abstract access to the underlying keyset to
   # limit the exposure of accessing the raw key material. WARNING: In practice
   # it is unlikely you will want to use a cleartext_keyset_handle, as it implies
   # that your key material is passed in cleartext which is a security risk.
   keyset_handle = cleartext_keyset_handle.read(tink.JsonKeysetReader(keyset))

   # Retrieve the DeterministicAead primitive we want to use from the keyset
   # handle.
   primitive = keyset_handle.primitive(daead.DeterministicAead)

   # Use the primitive to encrypt a message. In this case the primary key of the
   # keyset will be used (which is also the only key in this example).
   ciphertext = primitive.encrypt_deterministically(b'msg', b'associated_data')

   # Use the primitive to decrypt the message. Decrypt finds the correct key in
   # the keyset and decrypts the ciphertext. If no key is found or decryption
   # fails, it raises an error.
   output = primitive.decrypt_deterministically(ciphertext, b'associated_data')
   # [END deterministic-aead-basic-example]
   assert output == b'msg'
	# Copyright 2022 Google LLC
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS-IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	"""A minimal example for using the deterministic AEAD API."""
	# [START deterministic-aead-basic-example]
	import tink
	from tink import cleartext_keyset_handle
	from tink import daead


	def example():
	"""Encrypt and decrypt using deterministic AEAD."""
	# Register the deterministic AEAD key manager. This is needed to create a
	# DeterministicAead primitive later.
	daead.register()

	# A keyset created with "tinkey create-keyset --key-template=AES256_SIV". Note
	# that this keyset has the secret key information in cleartext.
	keyset = r"""{
	"key": [{
	"keyData": {
	"keyMaterialType":
	"SYMMETRIC",
	"typeUrl":
	"type.googleapis.com/google.crypto.tink.AesSivKey",
	"value":
	"EkAl9HCMmKTN1p3V186uhZpJQ+tivyc4IKyE+opg6SsEbWQ/WesWHzwCRrlgRuxdaggvgMzwWhjPnkk9gptBnGLK"
	},
	"keyId": 1919301694,
	"outputPrefixType": "TINK",
	"status": "ENABLED"
	}],
	"primaryKeyId": 1919301694
	}"""

	# Create a keyset handle from the cleartext keyset in the previous
	# step. The keyset handle provides abstract access to the underlying keyset to
	# limit the exposure of accessing the raw key material. WARNING: In practice
	# it is unlikely you will want to use a cleartext_keyset_handle, as it implies
	# that your key material is passed in cleartext which is a security risk.
	keyset_handle = cleartext_keyset_handle.read(tink.JsonKeysetReader(keyset))

	# Retrieve the DeterministicAead primitive we want to use from the keyset
	# handle.
	primitive = keyset_handle.primitive(daead.DeterministicAead)

	# Use the primitive to encrypt a message. In this case the primary key of the
	# keyset will be used (which is also the only key in this example).
	ciphertext = primitive.encrypt_deterministically(b'msg', b'associated_data')

	# Use the primitive to decrypt the message. Decrypt finds the correct key in
	# the keyset and decrypts the ciphertext. If no key is found or decryption
	# fails, it raises an error.
	output = primitive.decrypt_deterministically(ciphertext, b'associated_data')
	# [END deterministic-aead-basic-example]
	assert output == b'msg'