Python Modules¶

The crypt4gh package is an implementation to handle the GA4GH cryptographic file format.

`crypt4gh.lib`	Handle the encryption of the application data.
`crypt4gh.header`	Generate and parse a Crypt4GH header.
`crypt4gh.keys`	Utility to create Crypt4GH-formatted keys.

Crypt4gh Engine¶

Handle the encryption of the application data.

Generate and parse a Crypt4GH header.

crypt4gh.header.encrypt(packet, keys)[source]¶

Computes the encrypted part, using all keys

keys is iterated and each item must be of the form (method, …).

We only support method=0.

Returns:	None if no key worked, the decrypted packet otherwise

crypt4gh.header.decrypt(encrypted_packets, keys, sender_pubkey=None)[source]¶

Partition the packets into those that we can be decrypt and the others.

Returns:	A list of decrypted packets and another list of undecryptable encrypted packets

crypt4gh.header.reencrypt(header_packets, keys, recipient_keys, trim=False)[source]¶

Re-encrypt the given header.

Returns:	new list of packets

crypt4gh.header.rearrange(header_packets, keys, offset=0, span=None, sender_pubkey=None)[source]¶

Re-arrange the edit list in accordance to the [start;end] range.

Returns:	the data_packet as-is, a new edit list packet, along with an “oracle”.

The oracle tells if the “next” segment should be kept (starting by the first).

crypt4gh.header.deconstruct(infile, keys, sender_pubkey=None)[source]¶

Retrieve the header from the infile stream, and decrypts it.

Leaves the infile stream right after the header.

Returns:	a pair with a list of session keys and a generator of lengths from an edit list (or None if there was no edit list).
Return type:	(list of bytes, int generator or None)
Raises:	ValueError if the header could not be decrypted

Utility to create Crypt4GH-formatted keys.

Usage:

crypt4gh-keygen [-hv] [–log <file>] [-f] [–pk <path>] [–sk <path>] [–nocrypt] [-C <comment>]

Options:

`-h, --help`	Prints this help and exit
`-v, --version`	Prints the version and exits
`--log <file>`	Path to the logger file (in YML format)
`--sk <keyfile>`	Curve25519-based Private key [default: ~/.c4gh/key]
`--pk <keyfile>`	Curve25519-based Public key [default: ~/.c4gh/key.pub]
`-C <comment>`	Key’s Comment
`--nocrypt`	Do not encrypt the private key. Otherwise it is encrypted in the Crypt4GH key format (See https://crypt4gh.readthedocs.io/en/latest/keys.html)
`-f`	Overwrite the destination files

Environment variables:

C4GH_LOG	If defined, it will be used as the default logger
C4GH_PUBLIC_KEY	If defined, it will be used as the default public key (ie –pk ${C4GH_PUBLIC_KEY})
C4GH_SECRET_KEY	If defined, it will be used as the default secret key (ie –sk ${C4GH_SECRET_KEY})

crypt4gh.keys.get_public_key(filepath)[source]¶: Read the public key from keyfile location.

crypt4gh.keys.get_private_key(filepath, callback)[source]¶

Read the private key from keyfile location.

If the private key is encrypted, the user will be prompted for the passphrase.