The Ubiq Security Python library provides convenient interaction with the Ubiq Platform API from applications written in the Python language. It includes a pre-defined set of classes that will provide simple interfaces to encrypt and decrypt data.
You don't need this source code unless you want to modify the package. If you just want to use the package, install from PyPi using pip3, a package manager for Python3.
pip3 install --upgrade ubiq-security
From within the cloned git repository directory. Install from source with:
git clone https://gitlab.com/ubiqsecurity/ubiq-python.git cd ubiq-python python3 setup.py install
Note: You may need to run the python3 commands above using sudo.
- Python 3.5+
import ubiq_security as ubiq
The library needs to be configured with your API Key Credentials which are available in the Ubiq Dashboard How to Use API Key Credentials. The credentials can be explicitly set, set using environment variables, loaded from an explicit file or read from the default location [~/.ubiq/credentials].
In a production deployment, it is critical to maintain the secrecy of Ubiq API Key Credentials (SECRET_CRYPTO_ACCESS_KEY and SECRET_SIGNING_KEY) and API tokens (ACCESS_KEY_ID).
These items SHOULD be stored in a secrets management server or password vault. They should NOT be stored in a standard data file, embedded in source code, committed to a source code repository, or insecurely used in environmental variables.
After API Key Credentials are obtained from the security server or vault by the client application, the Ubiq API Key Credential values can then be passed to the Credentials() function as strings.
During initial development of an application, it may be desirable to use a simpler, insecure mechanism to store Ubiq API Key Credentials. The sections below provide some examples.
# This example is for development use only - Storing Ubiq API Key Credentials in a file is not recommended credentials = ubiq.configCredentials(config_file = "some-credential-file", profile = "some-profile")
# This example is for development use only - Storing Ubiq API Key credentials in a file is not recommended credentials = ubiq.configCredentials()
# This example is for development use only - Storing Ubiq API Key Credentials in environmental variables is not generally recommended credentials = ubiq.credentials()
# This example is for development use only - Storing Ubiq API Key Credentials in source code is INSECURE! credentials = ubiq.credentials(access_key_id = "...", secret_signing_key = "...", secret_crypto_access_key = "...")
Unsuccessful requests raise exceptions. The class of the exception will reflect the sort of error that occurred. Please see the API Reference for a description of the error classes you should handle, and for information on how to inspect these errors.
Pass credentials and data into the encryption function. The encrypted data will be returned.
import ubiq_security as ubiq encrypted_data = ubiq.encrypt(credentials, plaintext_data)
Pass credentials and encrypted data into the decryption function. The plaintext data will be returned.
import ubiq_security as ubiq plaintext_data = ubiq.decrypt(credentials, encrypted_data)
- Create an encryption object using the credentials.
- Call the encryption instance begin method
- Call the encryption instance update method repeatedly until all the data is processed
- Call the encryption instance end method
import ubiq_security as ubiq # Process 1 MiB of plaintext data at a time BLOCK_SIZE = 1024 * 1024 # Rest of the program .... encryption = ubiq.encryption(credentials, 1) # Write out the header information encrypted_data = encryption.begin() # Loop until the end of the input file is reached while True: data = infile.read(BLOCK_SIZE) encrypted_data += encryption.update(data) if (len(data) != BLOCK_SIZE): break # Make sure any additional encrypted data is retrieved from encryption instance # and resources are freed encrypted_data += encryption.end()
- Create an instance of the decryption object using the credentials.
- Call the decryption instance begin method
- Call the decryption instance update method repeatedly until all the data is processed
- Call the decryption instance end method
import ubiq_security as ubiq # Process 1 MiB of encrypted data at a time BLOCK_SIZE = 1024 * 1024 # Rest of the program .... decryption = ubiq.decryption(creds) # Start the decryption and get any header information plaintext_data = decryption.begin() # Loop until the end of the input file is reached while True: data = infile.read(BLOCK_SIZE) plaintext_data += decryption.update(data) if (len(data) != BLOCK_SIZE): break # Make sure an additional plaintext data is retrieved and # release any allocated resources plaintext_data += decryption.end()
Updated 9 days ago