Skip to main content

JSON encryption API for use with Couchbase Python SDK

Project description

# Couchbase Python Encryption

Python encryption for use with the Couchbase Server

## AES-256-HMAC-SHA256

The AES256CryptoProvider is a symmetric encryption provider for use with Couchbase server to encrypt fields within a JSON document. The provider requires a keystore and the name of the private key used to sign / verify with. Once a provider has been created it needs to be registered with the bucket and then any calls to encrypt_document and decrypt_document will use the provider.

The provider can be used like this:

from cbencryption import AES256CryptoProvider
# create insecure key store and register both public and private keys
keystore = InMemoryKeyStore()
keystore.set_key('mypublickey', '!mysecretkey#9^5usdk39d&dlf)03sL')
keystore.set_key('myprivatekey', 'myauthpassword')

# create and register provider
provider = AES256CryptoProvider(keystore, 'mypublickey', 'myprivatekey')
bucket.register_crypto_provider('AES-256-HMAC-SHA256', provider)

# encrypt document, the alg name must match the provider name and the kid must match a key in the keystore
prefix = '__crypt_'
document = {'message': 'The old grey goose jumped over the wrickety gate.'}
encrypted_document = bucket.encrypt_document(document,
[{'alg': 'AES-256-HMAC-SHA256', 'name': 'message'}],

# decrypt document using registered provider
decrypted_document = bucket.decrypt_document(encrypted, prefix)

The output JSON looks like the below and can be stored in Couchbase:

"__crypt_message": {
"alg": "AES-256-HMAC-SHA256",
"ciphertext": "sR6AFEIGWS5Fy9QObNOhbCgfg3vXH4NHVRK1qkhKLQqjkByg2n69lot89qFEJuBsVNTXR77PZR6RjN4h4M9evg==",
"sig": "rT89aCj1WosYjWHHu0mf92S195vYnEGA/reDnYelQsM=",
"iv": "Cfq84/46Qjet3EEQ1HUwSg=="

## Keystore

The key store is a managed way to retrieve keys used during encryption / decryption and the following method is required:

def get_key(key_id):
Returns the key as byte array
return b'my-secret-key'

### JavaKeystore

The key store is a managed way to retrieve keys used during encryption / decryption using a JCEKS keystore. An example of using the JavaKeyStore is below:

from cbencryption import JavaKeyStore

# create keystore using path to keystore file and its passphrase
keystore = JavaKeyStore('path/to/keystore.jceks', 'keystore_passphrase')

Project details

Release history Release notifications

This version
History Node


History Node


History Node


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
cbencryption-0.1.2.tar.gz (4.2 kB) Copy SHA256 hash SHA256 Source None May 17, 2018

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page