encryption

Utilities for generating keys and encrypting/decrypting messages using the x25519 key exchange and AES-GCM encryption (formatted in the way the vLLM plugin expects).

Functions:

Name	Description
`decrypt`	Decrypt a ciphertext using AES-GCM.
`decrypt_str`	Decrypt a base64-encoded ciphertext using the decryption scheme (the decrypt function expects bytes payload).
`derive_shared_aes_key`	Derive a shared (secret) AES key from a private key and a peer's public key.
`encrypt`	Encrypt a plaintext using AES-GCM.
`encrypt_str`	Encrypt a UTF-8 string using the encryption scheme (the encrypt function expects bytes payload).
`generate_ephemeral_keypair`	Generate an ephemeral x25519 keypair.

decrypt ¶

decrypt(ciphertext: bytes, shared_aes_key: bytes) -> bytes

Decrypt a ciphertext using AES-GCM.

Parameters:

Name	Type	Description	Default
`ciphertext` ¶	`bytes`	The ciphertext to decrypt.	required
`shared_aes_key` ¶	`bytes`	The shared AES key.	required

Returns:

Type	Description
`bytes`	The plaintext.

decrypt_str ¶

decrypt_str(string: str, shared_aes_key: bytes) -> str

Decrypt a base64-encoded ciphertext using the decryption scheme (the decrypt function expects bytes payload).

Parameters:

Name	Type	Description	Default
`string` ¶	`str`	Ciphertext to decrypt.	required
`shared_aes_key` ¶	`bytes`	Shared AES key.	required

Returns:

Type	Description
`str`	The decrypted plaintext (as a utf-8 string)

derive_shared_aes_key ¶

derive_shared_aes_key(
    private_key: X25519PrivateKey,
    peer_public_key: X25519PublicKey,
) -> bytes

Derive a shared (secret) AES key from a private key and a peer's public key.

Parameters:

Name	Type	Description	Default
`private_key` ¶	`X25519PrivateKey`	The private key.	required
`peer_public_key` ¶	`X25519PublicKey`	The peer's public key.	required

Returns:

Type	Description
`bytes`	The shared AES key.

Raises:

Type	Description
`ValueError`	If the peer's public key is the same as the private key's public key.

encrypt ¶

encrypt(plaintext: bytes, shared_aes_key: bytes) -> bytes

Encrypt a plaintext using AES-GCM.

Parameters:

Name	Type	Description	Default
`plaintext` ¶	`bytes`	The plaintext to encrypt.	required
`shared_aes_key` ¶	`bytes`	The shared AES key.	required

Returns:

Type	Description
`bytes`	The ciphertext.

encrypt_str ¶

encrypt_str(string: str, shared_aes_key: bytes) -> str

Encrypt a UTF-8 string using the encryption scheme (the encrypt function expects bytes payload).

Parameters:

Name	Type	Description	Default
`string` ¶	`str`	Plaintext to encrypt.	required
`shared_aes_key` ¶	`bytes`	AES key used to encrypt the string.	required

Returns:

Type	Description
`str`	The base64-encoded, encrypted ciphertext.

generate_ephemeral_keypair ¶

generate_ephemeral_keypair() -> tuple[
    x25519.X25519PrivateKey, x25519.X25519PublicKey
]

Generate an ephemeral x25519 keypair.

Returns:

Type	Description
`tuple[x25519.X25519PrivateKey, x25519.X25519PublicKey]`	The private and public keypair.

encryption

decrypt ¶

`ciphertext` ¶

`shared_aes_key` ¶

decrypt_str ¶

`string` ¶

`shared_aes_key` ¶

derive_shared_aes_key ¶

`private_key` ¶

`peer_public_key` ¶

encrypt ¶

`plaintext` ¶

`shared_aes_key` ¶

encrypt_str ¶

`string` ¶

`shared_aes_key` ¶

generate_ephemeral_keypair ¶

encryption

decrypt ¶

ciphertext ¶

shared_aes_key ¶

decrypt_str ¶

string ¶

shared_aes_key ¶

derive_shared_aes_key ¶

private_key ¶

peer_public_key ¶

encrypt ¶

plaintext ¶

shared_aes_key ¶

encrypt_str ¶

string ¶

shared_aes_key ¶

generate_ephemeral_keypair ¶

`ciphertext` ¶

`shared_aes_key` ¶

`string` ¶

`shared_aes_key` ¶

`private_key` ¶

`peer_public_key` ¶

`plaintext` ¶

`shared_aes_key` ¶

`string` ¶

`shared_aes_key` ¶