Skip to content

The new styling applies starting with version 5.2.0. For earlier versions, visit legacy-sdk.humanprotocol.org.

LegacyEncryption

Legacy encryption utilities for backward compatibility.

This module provides deprecated encryption functionality maintained for backward compatibility with older versions of the SDK. For new implementations, use the human_protocol_sdk.encryption module instead.

Warning

This module is deprecated and will be removed in a future version. Please migrate to human_protocol_sdk.encryption.Encryption and human_protocol_sdk.encryption.EncryptionUtils.

Example 
# Deprecated - for backward compatibility only
from human_protocol_sdk.legacy_encryption import LegacyEncryption

# Recommended - use this instead
from human_protocol_sdk.encryption import Encryption

DecryptionError

Bases: Exception

Exception raised when a message could not be decrypted.

Encryption

Encryption class specialized in encrypting and decrypting byte strings using ECIES.

This class implements Elliptic Curve Integrated Encryption Scheme (ECIES) using SECP256K1 elliptic curve, AES256 cipher, and HMAC-SHA-256-32.

Attributes:

Name Type Description
ELLIPTIC_CURVE EllipticCurve

SECP256K1 elliptic curve definition.
KEY_LEN int

Key length for ECIES (32 bytes for AES256 and HMAC-SHA-256-32).
CIPHER

AES cipher algorithm definition.
MODE

CTR cipher mode definition.
PUBLIC_KEY_LEN int

Length of public keys in uncompressed form (64 bytes).

decrypt 

decrypt(data, private_key, shared_mac_data=b'')

Decrypt data using ECIES method with the given private key.

The decryption process follows these steps: 1. Extract ephemeral public key R from message 2. Generate shared secret using ECDH: ecdhAgree(privateKey, R) 3. Derive encryption and MAC keys from shared secret 4. Verify authentication tag 5. Decrypt ciphertext using AES256-CTR

Parameters:

Name Type Description Default
data bytes

Encrypted message in ECIES format.

 required
private_key PrivateKey

Private key to decrypt the data.

 required
shared_mac_data bytes

Additional data used in MAC computation. Defaults to empty bytes.

 b''

Returns:

Type Description
bytes

Decrypted plaintext data.

Raises:

Type Description
DecryptionError

If ECIES header is invalid, tag verification fails, key exchange fails, or decryption fails.
Example 
from human_protocol_sdk.legacy_encryption import Encryption
from eth_keys import datatypes

private_key_hex = "9822f95dd945e373300f8c8459a831846eda97f314689e01f7cf5b8f1c2298b3"
encrypted_hex = "0402f48d28d29ae3d681e4cbbe499be0803c2a9d94534d0a4501ab79fd531183fbd837a021c1c117f47737e71c430b9d33915615f68c8dcb5e2f4e4dda4c9415d20a8b5fad9770b14067f2dd31a141a8a8da1f56eb2577715409dbf3c39b9bfa7b90c1acd838fe147c95f0e1ca9359a4cfd52367a73a6d6c548b492faa"

private_key = datatypes.PrivateKey(bytes.fromhex(private_key_hex))
encryption = Encryption()
decrypted = encryption.decrypt(bytes.fromhex(encrypted_hex), private_key)

encrypt 

encrypt(data, public_key, shared_mac_data=b'')

Encrypt data using ECIES method with the given public key.

The encryption process follows these steps: 1. Generate random ephemeral private key r 2. Generate shared secret using ECDH key agreement 3. Derive encryption and MAC keys from shared secret 4. Generate ephemeral public key R = r*G 5. Encrypt data using AES256-CTR 6. Generate authentication tag using HMAC-SHA256 7. Return: 0x04 || R || IV || ciphertext || tag

Parameters:

Name Type Description Default
data bytes

Data to be encrypted.

 required
public_key PublicKey

Public key to encrypt data for.

 required
shared_mac_data bytes

Additional data to include in MAC computation. Defaults to empty bytes.

 b''

Returns:

Type Description
bytes

Encrypted message in ECIES format.

Raises:

Type Description
DecryptionError

If key exchange fails or public key is invalid.
Example 
from human_protocol_sdk.legacy_encryption import Encryption
from eth_keys import datatypes

public_key_hex = "0a1d228684bc8c8c7611df3264f04ebd823651acc46b28b3574d2e69900d5e34f04a26cf13237fa42ab23245b58060c239b356b0a276f57e8de1234c7100fcf9"
public_key = datatypes.PublicKey(bytes.fromhex(public_key_hex))

encryption = Encryption()
encrypted = encryption.encrypt(b'your message', public_key)

generate_private_key 

generate_private_key()

Generate a new SECP256K1 private key.

Returns:

Type Description
PrivateKey

Newly generated SECP256K1 private key.
Example 
from human_protocol_sdk.legacy_encryption import Encryption

encryption = Encryption()
private_key = encryption.generate_private_key()

generate_public_key staticmethod 

generate_public_key(private_key)

Generate a public key from the given private key.

Parameters:

Name Type Description Default
private_key bytes

Private key bytes to derive the public key from.

 required

Returns:

Type Description
PublicKey

Public key object corresponding to the private key.
Example 
from human_protocol_sdk.legacy_encryption import Encryption

private_key_hex = "9822f95dd945e373300f8c8459a831846eda97f314689e01f7cf5b8f1c2298b3"
public_key = Encryption.generate_public_key(bytes.fromhex(private_key_hex))

is_encrypted staticmethod 

is_encrypted(data)

Check whether data is already encrypted by verifying ECIES header.

Parameters:

Name Type Description Default
data bytes

Data to be checked for encryption.

 required

Returns:

Type Description
bool

True if data has valid ECIES header (starts with 0x04), False otherwise.
Example 
from human_protocol_sdk.legacy_encryption import Encryption

encrypted_hex = "0402f48d28d29ae3d681e4cbbe499be0803c2a9d94534d0a4501ab79fd531183fbd837a021c1c117f47737e71c430b9d33915615f68c8dcb5e2f4e4dda4c9415d20a8b5fad9770b14067f2dd31a141a8a8da1f56eb2577715409dbf3c39b9bfa7b90c1acd838fe147c95f0e1ca9359a4cfd52367a73a6d6c548b492faa"
is_encrypted = Encryption.is_encrypted(bytes.fromhex(encrypted_hex))

InvalidPublicKey

Bases: Exception

Exception raised when converting bytes into an elliptic curve public key fails.