SymmetricCrypto Class

Properties   Methods   Events   Config Settings   Errors  

The SymmetricCrypto class supports encrypting and decrypting messages.

Syntax

class secureblackbox.SymmetricCrypto

Remarks

SymmetricCrypto allows you to encrypt and decrypt messages.

Property List

---

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

Method List

---

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

Event List

---

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

Config Settings

---

The following is a list of config settings for the class with short descriptions. Click on the links for further details.

associated_data Property

Provides Associated Data for AEAD algorithms.

Syntax

def get_associated_data() -> bytes: ...
def set_associated_data(value: bytes) -> None: ...

associated_data = property(get_associated_data, set_associated_data)

Remarks

Use this property to set up Associated Data for AEAD encryption algorithms.

block_size Property

The block size of the chosen symmetric cipher.

Syntax

def get_block_size() -> int: ...

block_size = property(get_block_size, None)

Default Value

0

Remarks

This property returns the block size of the chosen symmetric cipher.

Modern symmetric algorithms typically use blocks of 16 bytes. Some older algorithms, such as DES or Blowfish, use 8-byte blocks.

This property is read-only.

encryption_algorithm Property

The encryption algorithm to use for encrypting the data.

Syntax

def get_encryption_algorithm() -> str: ...
def set_encryption_algorithm(value: str) -> None: ...

encryption_algorithm = property(get_encryption_algorithm, set_encryption_algorithm)

Default Value

"AES256"

Remarks

This property specifies the base symmetric algorithm to use (e.g. AES128). Use it in conjunction with mode to set up the complete encryption scheme (such as AES128-CBC or AES128-GCM).

fips_mode Property

Reserved.

Syntax

def get_fips_mode() -> bool: ...
def set_fips_mode(value: bool) -> None: ...

fips_mode = property(get_fips_mode, set_fips_mode)

Default Value

FALSE

Remarks

This property is reserved for future use.

hash_algorithm Property

The hash algorithm to use during encryption.

Syntax

def get_hash_algorithm() -> str: ...
def set_hash_algorithm(value: str) -> None: ...

hash_algorithm = property(get_hash_algorithm, set_hash_algorithm)

Default Value

"SHA256"

Remarks

Use this property to provide the hash algorithm to be used with the encryption operation. This only applies to certain encryption algorithms/modes.

input_encoding Property

The encoding to apply to the input data.

Syntax

def get_input_encoding() -> int: ...
def set_input_encoding(value: int) -> None: ...

input_encoding = property(get_input_encoding, set_input_encoding)

Default Value

0

Remarks

key_algorithm Property

The algorithm of the cryptographic key.

Syntax

def get_key_algorithm() -> str: ...
def set_key_algorithm(value: str) -> None: ...

key_algorithm = property(get_key_algorithm, set_key_algorithm)

Default Value

""

Remarks

The algorithm of the cryptographic key. A cryptokey object may hold either symmetric, MAC, or public key. Public key algorithms: RSA, ECDSA, Elgamal, DH.

key_bits Property

The length of the key in bits.

Syntax

def get_key_bits() -> int: ...

key_bits = property(get_key_bits, None)

Default Value

0

Remarks

The length of the key in bits.

This property is read-only.

key_curve Property

This property specifies the name of the curve the EC key is built on.

Syntax

def get_key_curve() -> str: ...
def set_key_curve(value: str) -> None: ...

key_curve = property(get_key_curve, set_key_curve)

Default Value

""

Remarks

This property specifies the name of the curve the EC key is built on.

key_exportable Property

Returns True if the key is exportable (can be serialized into an array of bytes), and False otherwise.

Syntax

def get_key_exportable() -> bool: ...

key_exportable = property(get_key_exportable, None)

Default Value

FALSE

Remarks

Returns True if the key is exportable (can be serialized into an array of bytes), and False otherwise.

This property is read-only.

key_handle Property

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

def get_key_handle() -> int: ...
def set_key_handle(value: int) -> None: ...

key_handle = property(get_key_handle, set_key_handle)

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

key_id Property

Provides access to a storage-specific key identifier.

Syntax

def get_key_id() -> bytes: ...
def set_key_id(value: bytes) -> None: ...

key_id = property(get_key_id, set_key_id)

Remarks

Provides access to a storage-specific key identifier. Key identifiers are used by cryptographic providers to refer to a particular key and/or distinguish between different keys. They are typically unique within a storage, but there is no guarantee that a particular cryptoprovider will conform to that (or will assign any key IDs at all).

key_iv Property

The initialization vector (IV) of a symmetric key.

Syntax

def get_key_iv() -> bytes: ...
def set_key_iv(value: bytes) -> None: ...

key_iv = property(get_key_iv, set_key_iv)

Remarks

The initialization vector (IV) of a symmetric key. This is normally a public part of a symmetric key, the idea of which is to introduce randomness to the encrypted data and/or serve as a first block in chaining ciphers.

key_key Property

The byte array representation of the key.

Syntax

def get_key_key() -> bytes: ...

key_key = property(get_key_key, None)

Remarks

The byte array representation of the key. This may not be available for non-key_exportable keys.

This property is read-only.

key_nonce Property

A nonce value associated with a key.

Syntax

def get_key_nonce() -> bytes: ...
def set_key_nonce(value: bytes) -> None: ...

key_nonce = property(get_key_nonce, set_key_nonce)

Remarks

A nonce value associated with a key. It is similar to IV, but its only purpose is to introduce randomness.

key_private Property

Returns True if the object hosts a private key, and False otherwise.

Syntax

def get_key_private() -> bool: ...

key_private = property(get_key_private, None)

Default Value

FALSE

Remarks

Returns True if the object hosts a private key, and False otherwise.

This property is read-only.

key_public Property

Returns True if the object hosts a public key, and False otherwise.

Syntax

def get_key_public() -> bool: ...

key_public = property(get_key_public, None)

Default Value

FALSE

Remarks

Returns True if the object hosts a public key, and False otherwise.

This property is read-only.

key_subject Property

Returns the key subject.

Syntax

def get_key_subject() -> bytes: ...
def set_key_subject(value: bytes) -> None: ...

key_subject = property(get_key_subject, set_key_subject)

Remarks

Returns the key subject. This is a cryptoprovider-dependent value, which normally aims to provide some user-friendly insight into the key owner.

key_symmetric Property

Returns True if the object contains a symmetric key, and False otherwise.

Syntax

def get_key_symmetric() -> bool: ...

key_symmetric = property(get_key_symmetric, None)

Default Value

FALSE

Remarks

Returns True if the object contains a symmetric key, and False otherwise.

This property is read-only.

key_valid Property

Returns True if this key is valid.

Syntax

def get_key_valid() -> bool: ...

key_valid = property(get_key_valid, None)

Default Value

FALSE

Remarks

Returns True if this key is valid. The term Valid highly depends on the kind of the key being stored. A symmetric key is considered valid if its length fits the algorithm being set. The validity of an RSA key also ensures that the RSA key elements (primes, exponents, and modulus) are consistent.

This property is read-only.

key_size Property

Returns the cryptographic key size in bytes.

Syntax

def get_key_size() -> int: ...

key_size = property(get_key_size, None)

Default Value

0

Remarks

Use this property to read the cryptographic key size. For the majority of the symmetric algorithms this is hard-coded in the algorithm itself (such as 16 bytes for AES128), but may be variable for certain exceptions, such as Blowfish or RC4.

This property is read-only.

mac_algorithm Property

The (H)MAC algorithm to use during encryption.

Syntax

def get_mac_algorithm() -> str: ...
def set_mac_algorithm(value: str) -> None: ...

mac_algorithm = property(get_mac_algorithm, set_mac_algorithm)

Default Value

""

Remarks

Use this property to configure the HMAC algorithm to use with the encryption operation. This only applies to a small subset of algorithms/modes.

mode Property

Specifies the symmetric cipher mode of operation.

Syntax

def get_mode() -> int: ...
def set_mode(value: int) -> None: ...

mode = property(get_mode, set_mode)

Default Value

0

Remarks

Use this property to specify the mode of operation as required by your environment. The default setting is CBC.

nonce Property

Specifies the Nonce value to employ.

Syntax

def get_nonce() -> bytes: ...
def set_nonce(value: bytes) -> None: ...

nonce = property(get_nonce, set_nonce)

Remarks

Use this property to specify the Nonce value for the symmetric operation. Not every algorithm or mode uses nonce.

output_encoding Property

The encoding to apply to the output data.

Syntax

def get_output_encoding() -> int: ...
def set_output_encoding(value: int) -> None: ...

output_encoding = property(get_output_encoding, set_output_encoding)

Default Value

0

Remarks

padding Property

The padding type to apply to the encrypted data.

Syntax

def get_padding() -> int: ...
def set_padding(value: int) -> None: ...

padding = property(get_padding, set_padding)

Default Value

1

Remarks

Use this property to specify the padding type to use with the encrypted data. A padding type commonly used in modern security environments is PKCS#5.

payload_size Property

Specifies the payload size, in bytes.

Syntax

def get_payload_size() -> int: ...
def set_payload_size(value: int) -> None: ...

payload_size = property(get_payload_size, set_payload_size)

Default Value

0

Remarks

Use this property to specify the size of the input data in bytes. This is only used by a subset of algorithms/modes, such as CCM.

stream_cipher Property

Returns true if the selected algorithms works as a stream cipher.

Syntax

def get_stream_cipher() -> bool: ...

stream_cipher = property(get_stream_cipher, None)

Default Value

FALSE

Remarks

This property returns true if the selected algorithm processes data as a stream (byte-by-byte), rather than block-by-block. This affects the need to use a proper padding settings.

This property is read-only.

tag_size Property

Specifies the AEAD tag size, in bytes.

Syntax

def get_tag_size() -> int: ...
def set_tag_size(value: int) -> None: ...

tag_size = property(get_tag_size, set_tag_size)

Default Value

16

Remarks

Use this property to specify/customize the tag size for AEAD encryption.

config Method

Sets or retrieves a configuration setting.

Syntax

def config(configuration_string: str) -> str: ...

Remarks

config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

decrypt Method

Decrypts a buffer.

Syntax

def decrypt(buffer: bytes) -> bytes: ...

Remarks

Use this method to decrypt a byte array and get the encrypted message in another byte array.

Specify the decryption key in key property.

decrypt_file Method

Decrypts a file.

Syntax

def decrypt_file(source_file: str, dest_file: str) -> None: ...

Remarks

Use this method to decrypt an encrypted file and save the decrypted data to another file.

Specify the decryption key in key property before calling this method.

decrypt_final Method

Finalization of decryption by blocks.

Syntax

def decrypt_final() -> bytes: ...

Remarks

Use this method to finalize of decryption by blocks.

Specify decryption key in key property.

decrypt_init Method

Initializes a per-block decryption process.

Syntax

def decrypt_init() -> None: ...

Remarks

Use this method to start a block-by-block decryption process.

Specify the decryption key in key property before starting the decryption.

decrypt_update Method

Decrypts the next block of encrypted data.

Syntax

def decrypt_update(buffer: bytes) -> bytes: ...

Remarks

When using block-by-block decryption, pass every subsequent block of the encrypted message to this method until the entire message is processed. For each encrypted block the method returns a piece of decrypted data.

Please note that in general case there is no direct correspondence between the data actually contained in the encrypted block with the output of this method. The component may choose to cache a piece of the provided buffer internally if it doesn't constitute a full block of encrypted data.

Remember to call decrypt_init before calling this method to prepare the control for the decryption process.

do_action Method

Performs an additional action.

Syntax

def do_action(action_id: str, action_params: str) -> str: ...

Remarks

do_action is a generic method available in every class. It is used to perform an additional action introduced after the product major release. The list of actions is not fixed, and may be flexibly extended over time.

The unique identifier (case insensitive) of the action is provided in the ActionID parameter.

ActionParams contains the value of a single parameter, or a list of multiple parameters for the action in the form of PARAM1=VALUE1;PARAM2=VALUE2;....

encrypt Method

Encrypts a buffer.

Syntax

def encrypt(buffer: bytes) -> bytes: ...

Remarks

Use this method to encrypt a byte array and get the protected message in another byte array.

Specify the encryption key in key property before calling this method.

This is a one-off encryption method. Don't use it with granular per-block methods (encrypt_init, encrypt_update, encrypt_final).

encrypt_file Method

Encrypts a file.

Syntax

def encrypt_file(source_file: str, dest_file: str) -> None: ...

Remarks

Use this method to encrypt a file and save the protected message in another file.

Specify the encryption key in key property before commencing encryption.

encrypt_final Method

Finalization of encryption by blocks.

Syntax

def encrypt_final() -> bytes: ...

Remarks

Use this method to finalize of encryption by blocks.

Specify encryption key in key property.

encrypt_init Method

Initializes a per-block encryption process.

Syntax

def encrypt_init() -> None: ...

Remarks

Use this method to initialize a block-by-block encryption process. Follow it with calls to encrypt_update (as many as needed), and complete the encryption with an encrypt_final call.

Specify the encryption key in key property before calling this method.

encrypt_update Method

Encrypts the next block of data.

Syntax

def encrypt_update(buffer: bytes) -> bytes: ...

Remarks

Use this method to encrypt the next block of data contained in Buffer.

Call this method after calling encrypt_init for as many times as needed, until the whole volume of data is processed. Having done that, call encrypt_final to complete the encryption and get the terminating encrypted trailer.

on_error Event

Reports errors during encryption or decryption.

Syntax

class SymmetricCryptoErrorEventParams(object):
  @property
  def error_code() -> int: ...

  @property
  def description() -> str: ...

# In class SymmetricCrypto:
@property
def on_error() -> Callable[[SymmetricCryptoErrorEventParams], None]: ...
@on_error.setter
def on_error(event_hook: Callable[[SymmetricCryptoErrorEventParams], None]) -> None: ...

Remarks

class fires this event in case of exceptional conditions during a cryptographic operation.

ErrorCode contains an error code and Description contains a textual description of the error.

on_notification Event

This event notifies the application about an underlying control flow event.

Syntax

class SymmetricCryptoNotificationEventParams(object):
  @property
  def event_id() -> str: ...

  @property
  def event_param() -> str: ...

# In class SymmetricCrypto:
@property
def on_notification() -> Callable[[SymmetricCryptoNotificationEventParams], None]: ...
@on_notification.setter
def on_notification(event_hook: Callable[[SymmetricCryptoNotificationEventParams], None]) -> None: ...

Remarks

The class fires this event to let the application know about some event, occurrence, or milestone in the class. For example, it may fire to report completion of the document processing. The list of events being reported is not fixed, and may be flexibly extended over time.

The unique identifier of the event is provided in the EventID parameter. EventParam contains any parameters accompanying the occurrence. Depending on the type of the class, the exact action it is performing, or the document being processed, one or both may be omitted.

on_progress Event

Reports the data encryption/decryption progress.

Syntax

class SymmetricCryptoProgressEventParams(object):
  @property
  def total() -> int: ...

  @property
  def current() -> int: ...

  @property
  def cancel() -> bool: ...
  @cancel.setter
  def cancel(value) -> None: ...

# In class SymmetricCrypto:
@property
def on_progress() -> Callable[[SymmetricCryptoProgressEventParams], None]: ...
@on_progress.setter
def on_progress(event_hook: Callable[[SymmetricCryptoProgressEventParams], None]) -> None: ...

Remarks

This event fires periodically during a file encrypt/decrypt operation to report its progress.

Use the Cancel parameter to terminate the encryption/decryption if needed.

SymmetricCrypto Config Settings

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.

SymmetricCrypto Config Settings

Base Config Settings

SymmetricCrypto Errors

SymmetricCrypto Errors

	1048577   Invalid parameter value (SB_ERROR_INVALID_PARAMETER)
	1048578   Class is configured incorrectly (SB_ERROR_INVALID_SETUP)
	1048579   Operation cannot be executed in the current state (SB_ERROR_INVALID_STATE)
	1048580   Attempt to set an invalid value to a property (SB_ERROR_INVALID_VALUE)
	1048581   Certificate does not have its private key loaded (SB_ERROR_NO_PRIVATE_KEY)
	1048581   Cancelled by the user (SB_ERROR_CANCELLED_BY_USER)