Keyring-backed multi-recipient encryption provider for Swarmauri
Project description
Swarmauri MRE Crypto Keyring
Multi-recipient encryption provider using external keyrings/HSMs.
Features
- Uses asynchronous keyring clients that implement
id,wrap_cek, andunwrap_cekto delegate CEK storage and policy enforcement to external systems. - Encrypts payloads with AES-256-GCM by default and automatically enables
XChaCha20-Poly1305 when the
cryptographydependency exposes the implementation. - Accepts additional authenticated data (AAD) during encryption and enforces a
configurable quorum (
opts['quorum_k']) before releasing the payload. - Supports
rewrapoperations to add or revoke keyrings and can rotate the payload CEK when deauthorizing recipients. - Requires the
cryptographypackage at runtime, which is installed alongside this provider.
Installation
Install the package with your preferred Python packaging tool:
pip install swarmauri_mre_crypto_keyring
poetry add swarmauri_mre_crypto_keyring
uv pip install swarmauri_mre_crypto_keyring
Usage
KeyringMreCrypto delegates CEK (content-encryption key) management to
user-provided keyring clients. Each client must implement id,
wrap_cek, and unwrap_cek. Key references supplied to the provider should use
the shape {"kind": "keyring_client", "client": <client>, "context": {...}},
where context is an optional mapping of str to bytes shared with the
client during wrapping and unwrapping. The example below registers an in-memory
keyring and uses it to encrypt and decrypt a payload while the default quorum of
1 is satisfied.
import asyncio
import secrets
from swarmauri_mre_crypto_keyring import KeyringMreCrypto
class MemoryKeyring:
def __init__(self):
self._store = {}
def id(self) -> str:
return "memory"
async def wrap_cek(self, cek: bytes, *, context):
token = secrets.token_bytes(8)
self._store[token] = cek
return token
async def unwrap_cek(self, header: bytes, *, context):
return self._store[header]
async def main():
keyring = MemoryKeyring()
keyref = {"kind": "keyring_client", "client": keyring}
crypto = KeyringMreCrypto()
env = await crypto.encrypt_for_many([keyref], b"sensitive data")
recovered = await crypto.open_for(keyref, env)
assert recovered == b"sensitive data"
asyncio.run(main())
The snippet encrypts b"sensitive data" for the memory keyring and
recovers the original plaintext using the same keyring client.
Want to help?
If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file swarmauri_mre_crypto_keyring-0.11.0.dev1.tar.gz.
File metadata
- Download URL: swarmauri_mre_crypto_keyring-0.11.0.dev1.tar.gz
- Upload date:
- Size: 10.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d69bc8ccc44263f8bd47801c005eb2088dcce7867d771def322a5efd346956bc
|
|
| MD5 |
cc10119b234f9596b674f471fc91531d
|
|
| BLAKE2b-256 |
36d35de168b8c05edee589865a6a5494f84321235f99e5a991b0aa5871400b00
|
File details
Details for the file swarmauri_mre_crypto_keyring-0.11.0.dev1-py3-none-any.whl.
File metadata
- Download URL: swarmauri_mre_crypto_keyring-0.11.0.dev1-py3-none-any.whl
- Upload date:
- Size: 11.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9a3e7f4e8de92459d868c3ba7323fda7143d6ed5e934d5e5b93c8038e888c754
|
|
| MD5 |
1b55b281d5895a85e010bbfb8b9482c5
|
|
| BLAKE2b-256 |
817557e026479f6996f669793d3750bf3dae0c4c4548a45ec7c7dbe9ab8cdb2a
|