trust_api.utils.encryption
AES-CBC decryption for task payloads received from the central hub.
Attributes
Functions
|
Retrieve the AES key from the environment and return it as bytes. |
|
Decrypt Base64-encoded ciphertext using AES-CBC with PKCS7 padding. |
Module Contents
- trust_api.utils.encryption._aes_key_cache: bytes | None = None
- trust_api.utils.encryption.get_aes_key() bytes
Retrieve the AES key from the environment and return it as bytes.
Cached after first call — the key does not change during the lifetime of a process.
- Returns:
The decoded AES key.
- Return type:
bytes
- trust_api.utils.encryption.decrypt(encoded_payload: str, key: bytes | None = None) str
Decrypt Base64-encoded ciphertext using AES-CBC with PKCS7 padding.
- Parameters:
encoded_payload (str) – Base64-encoded payload where the first 16 bytes are the IV and the remaining bytes are the ciphertext.
key (bytes | None) – The AES key to use. If None, the shared AES key is retrieved via
get_aes_key().
- Returns:
The decrypted plaintext.
- Return type:
str