dataforge/fn_registry
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
512eebf7f472b15d1788f8baafa2a3b3036a78c4
fn_registry/python/functions/cybersecurity/envelope_decrypt.md
T
egutierrez 837563c3ba feat: funciones Python datascience, finance, cybersecurity y pipelines 
Datascience: aggregate_by_group, deduplicate_entities/relations, detect_drift,
diff_entities/relations, extract_entities/relations_llm, hotness_score, melt,
merge_graphs, pivot, build_entity/relation_schema_prompt.
Finance: avellaneda_stoikov_quotes, generate_gbm_prices, generate_taker_order,
hawkes_intensity + módulo finance.py.
Cybersecurity: envelope_encrypt/decrypt + módulo cybersecurity.py.
Pipelines: extraction_pipeline, monte_carlo_market, run_market_sim.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 17:11:32 +02:00

2.3 KiB
Raw Blame History

name, kind, lang, domain, version, purity, signature, description, tags, uses_functions, uses_types, returns, returns_optional, error_type, imports, tested, tests, test_file_path, file_path
name kind lang domain version purity signature description tags uses_functions uses_types returns returns_optional error_type imports tested tests test_file_path file_path
envelope_decrypt function py cybersecurity 1.0.0 impure def envelope_decrypt(ciphertext: bytes, master_key: bytes) -> bytes Descifra datos cifrados con envelope_encrypt. Si los datos no comienzan con el magic b'OVE1', los retorna sin modificar (passthrough). Soporta archivos que pueden o no estar cifrados sin necesidad de chequeo previo.
decryption
aes
gcm
envelope-encryption
dek
kek
cryptography
cybersecurity
passthrough
envelope_encrypt_py_cybersecurity
false error_go_core
cryptography
struct
true
decrypt de datos cifrados
decrypt de datos no cifrados passthrough
key incorrecta
envelope truncado
magic invalido
python/functions/cybersecurity/envelope_encrypt_test.py python/functions/cybersecurity/cybersecurity.py

Ejemplo

import secrets
from cybersecurity import envelope_encrypt, envelope_decrypt

master_key = secrets.token_bytes(32)

# Caso 1: descifrar datos cifrados
ciphertext = envelope_encrypt(b"datos secretos", master_key)
plaintext = envelope_decrypt(ciphertext, master_key)
# plaintext == b"datos secretos"

# Caso 2: passthrough — datos no cifrados
raw = b"archivo en plano"
result = envelope_decrypt(raw, master_key)
# result == b"archivo en plano"  (sin modificar)

# Caso 3: key incorrecta — lanza InvalidTag
wrong_key = secrets.token_bytes(32)
# envelope_decrypt(ciphertext, wrong_key)  → cryptography.exceptions.InvalidTag

Notas

Implementacion original inspirada en OpenViking openviking/crypto/encryptor.py (AGPL-3.0). Reimplementada desde cero.

  • Passthrough: si ciphertext no empieza con b"OVE1", se retorna sin modificar. Permite usar la funcion indistintamente en archivos cifrados y no cifrados.
  • Autenticacion GCM: si la master_key es incorrecta o los datos fueron manipulados, cryptography.exceptions.InvalidTag es lanzado por la capa GCM — nunca se retorna texto corrupto.
  • ValueError: lanzado si el envelope tiene magic correcto pero estructura invalida (truncado o version no soportada).
  • master_key debe ser de exactamente 32 bytes para AES-256.
  • Requiere cryptography instalado: uv add cryptography.
Reference in New Issue View Git Blame Copy Permalink