data_access_api.utils.encryption
Functions
|
Retrieve the AES key from the environment file and return it as bytes. |
|
Encrypt plaintext using AES-CBC with PKCS7 padding. Returns Base64-encoded ciphertext. |
|
Decrypt Base64-encoded ciphertext using AES-CBC with PKCS7 padding. Returns the original plaintext. |
Module Contents
- data_access_api.utils.encryption.get_aes_key() bytes
Retrieve the AES key from the environment file and return it as bytes.
- Returns:
The decoded AES key (16, 24, or 32 bytes).
- Return type:
bytes
- Raises:
ValueError – If the AES key is missing from configuration or has an invalid length.
- data_access_api.utils.encryption.encrypt(plaintext: str, key: bytes | None = None) str
Encrypt plaintext using AES-CBC with PKCS7 padding. Returns Base64-encoded ciphertext.
- Parameters:
plaintext (str) – The plaintext string to encrypt.
key (bytes | None) – The AES key to use. If None, the shared AES key is retrieved via
get_aes_key().
- Returns:
Base64-encoded ciphertext with the random 16-byte IV prepended to the ciphertext bytes before encoding.
- Return type:
str
- data_access_api.utils.encryption.decrypt(encoded_payload: str, key: bytes | None = None) str
Decrypt Base64-encoded ciphertext using AES-CBC with PKCS7 padding. Returns the original plaintext.
- Parameters:
encoded_payload (str) – Base64-encoded payload where the first 16 bytes are the IV and the remaining bytes are the ciphertext.
key (bytes | None) – The AES key to use. If None, the shared AES key is retrieved via
get_aes_key().
- Returns:
The decrypted plaintext.
- Return type:
str