ABDM ECDH encryption/decryption for secure health data exchange
Project description
abdm-ecdh
Python library implementing the ABDM (Ayushman Bharat Digital Mission) ECDH encryption protocol for secure health data exchange.
Installation
pip install abdm-ecdh
Usage
from abdm_ecdh import generate_key_material, encrypt, decrypt
# Each party generates their own key material
sender = generate_key_material()
requester = generate_key_material()
# Sender encrypts
enc = encrypt(
string_to_encrypt="sensitive health data",
sender_nonce=sender.nonce,
requester_nonce=requester.nonce,
sender_private_key=sender.private_key,
requester_public_key=requester.x509_public_key,
)
# Requester decrypts
dec = decrypt(
encrypted_data=enc.encrypted_data,
sender_nonce=sender.nonce,
requester_nonce=requester.nonce,
requester_private_key=requester.private_key,
sender_public_key=sender.x509_public_key,
)
print(dec.decrypted_data) # "sensitive health data"
API
generate_key_material() -> KeyMaterial
Generates an ECDH key pair on Curve25519 (Weierstrass form) and a random 32-byte nonce.
Returns a KeyMaterial dataclass with fields:
private_key— base64-encoded private scalarpublic_key— base64-encoded uncompressed EC point (65 bytes)x509_public_key— base64-encoded X.509 SubjectPublicKeyInfo DERnonce— base64-encoded 32-byte random nonce
encrypt(...) -> EncryptionResponse
Encrypts a plaintext string using ECDH shared secret derivation + HKDF-SHA256 + AES-256-GCM.
Parameters: string_to_encrypt, sender_nonce, requester_nonce, sender_private_key, requester_public_key
Returns EncryptionResponse with encrypted_data (base64 string).
decrypt(...) -> DecryptionResponse
Decrypts ciphertext using ECDH shared secret derivation + HKDF-SHA256 + AES-256-GCM.
Parameters: encrypted_data, sender_nonce, requester_nonce, requester_private_key, sender_public_key
Returns DecryptionResponse with decrypted_data (string).
Cryptographic Details
- Key Agreement: ECDH on Curve25519 (Weierstrass form), compatible with Java/BouncyCastle
- Key Derivation: HKDF-SHA256
- Encryption: AES-256-GCM
- Nonce Handling: IV and salt derived from XOR of sender and requester nonces
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file abdm_ecdh-1.0.0.tar.gz.
File metadata
- Download URL: abdm_ecdh-1.0.0.tar.gz
- Upload date:
- Size: 6.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
73be21255c0f890fe7fb9d9b2562be7bccd8d7449e0fcd584a307b082cb49a2c
|
|
| MD5 |
f54243e7997e8d2278be8c21024e529c
|
|
| BLAKE2b-256 |
f3d26a9a0dfe90aa8ed9199b7456bc9f78e8b899aa50f6334eb297d5448e140f
|
File details
Details for the file abdm_ecdh-1.0.0-py3-none-any.whl.
File metadata
- Download URL: abdm_ecdh-1.0.0-py3-none-any.whl
- Upload date:
- Size: 7.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b4b8f88326bb1edbec93ce217e071c4065a9390ed3322bf19716f6c97f083264
|
|
| MD5 |
73b4faea6962ec061eab65e7f45c1c05
|
|
| BLAKE2b-256 |
addce0c4b176e548353bf8256520eb0521585b641410df478017f2eca916e9b9
|
